<%@ Language=VBScript %> <% Source=Request.QueryString("Source") If Source = "OIGnet" Then Response.Write Source %>
FDIC Office of Inspector General, 3501 Fairfax Dr., VS-E9068, Arlinton, VA 22226


Search Accessibility Privacy Information Quality Contact Us
<% End if %>

Computer Equipment and Software Inventories

(Audit Report No. 98-078, August 28, 1998)

Summary

The Office of Inspector General (OIG) completed an audit of computer equipment and software inventories in the Dallas office of the Federal Deposit Insurance Corporation's Division of Information Resources Management (DIRM). The objective of the audit was to determine whether Dallas DIRM's controls over computer equipment and software were adequate.

We concluded that, generally, Dallas DIRM's controls over software inventories were adequate. However, its controls over computer equipment needed improvement. Specifically, we found that physical security controls related to removing computer equipment from FDIC buildings and ensuring that computer equipment is returned by departing employees, as well as controls over physical inventories, bar coding, equipment relocations, and segregating duties needed improvement.

On October 21, 1997, the OIG issued a report entitled Audit Safeguards over EDP Equipment (audit report no. 97-103). This audit focused on safeguarding equipment in the Washington, DC area. In this report, we concluded that safeguards over EDP equipment needed improvement.

Recommendations

The OIG recommended that the Regional Manager, Dallas DIRM, take the following actions:


(1) Develop and implement, in coordination with Washington DIRM and
Dallas DOA, physical security controls over laptops.
(2) Direct the DIRM security officer to verify with the CITS administrator that
departing employees return all assigned computer equipment.
(3) Segregate the duties of DIRM staffers so that they perform only one of the
three functions of purchasing computer related property, taking physical
inventories, and maintaining the database, or establish compensating controls
sufficient to negate the need for segregation.
(4) Establish a listing, through coordination with DIRM headquarters, of items
that should be included in the Dallas DIRM inventory.

Management Response

On August 10, 1998, FDIC's Director of DIRM in headquarters provided a written response to a draft of this report. Generally, the Director agreed with the report's findings and recommendations. The response indicated that DIRM has initiated new procedures to improve security over laptops and to ensure that departing employees return all computer equipment. Further, the Director agreed to enact compensating controls to take the place of the total segregation of duties including (1) performing future inventories with two-person teams with at least one member without edit capability to the ITAMS database, (2) limiting Dallas DIRM's credit card purchases, and (3) performing tests scheduled in the Management Control Plan. Finally, DIRM headquarters issued a listing of items that should be included in the inventory. The Director's response contained the requisite elements of a management decision for the recommendations.
Last Updated 03/27/01 contact the OIG
Search | Accessibility | Privacy | Information Quality | Contact Us | Site Map | Home