FDIC's Personnel Security Program
March 30, 2004
Audit Report No. 04-016
This report presents the results of a review by International Business Machines (IBM) Business Consulting Services (hereafter referred to as IBM), an independent professional services firm engaged by the Office of Inspector General (OIG) to support its efforts to satisfy reporting requirements related to the Federal Information Security Management Act of 2002.
The objective of the review was to determine whether the FDIC has established and implemented effective controls over its personnel security program. The scope of the review focused on FDICís personnel security program for employees. Audit work relating to FDICís personnel security program for contractors was limited to gaining an understanding of the program.
IBM concluded that the FDICís Division of Administration (DOA) has made improvements in the Corporationís personnel security program, but additional work is needed to strengthen controls over data used to manage the program.
IBM made multiple recommendations to the Director, DOA, to improve the accuracy of the data used to manage the FDICís personnel security program.
DOAís response adequately addressed all the conditions discussed in the report.
This report addresses issues associated with information security. Accordingly, we have not made, nor do we intend to make, public release of the specific contents of the report.