Homeland Security Department components continue to struggle with cybersecurity controls over their financial systems, according to annual independent auditor examination of DHS financial statements.

The audit (.pdf)--an "other accompanying information" attachment to the department's fiscal 2010 financial report  (.pdf)--finds that problems with information technology controls and system functionality collectively add up to a material weakness. The chart, taken from auditor data, identifies the major component problem areas.

Many of the problems identified by DHS's outside auditing firm--as in previous years, it's KPMG--are hold overs from previous years.

For example, the Coast Guard continues to run IT scripts to make updates to its core general ledger software without consistent testing or post-script monitoring of whether the software change was approved, KPMG auditors say. The service did implement a new script change management tool in the second half of fiscal 2010, they add. KPMG says the Coast Guard's system, first implemented seven years ago, did not incorporate adequate security controls at the time and cannot be easily reconfigured.

On the civilian side, KPMG auditors found a slew of security problems, including lack of adequate access controls and configuration management, systems operating without proper certification and accreditation and unsegregated duties.

The financial system of one component cannot be configured to prevent, detect and correct excessive refunds, the audit states. The component goes unidentified in this report, but a KPMG fiscal 2009 audit found that same problem in Customs and Border Protection.

DHS has "systematic challenges" in complying with security policies and requires a stable and centralized financial system to fully address its problems, the audit states.

Coincidentally, DHS is pressing forward with an enterprise resource planning system meant to be just that, awarding on Nov. 19 a $450 million contract to Arlington, Va.-based CACI International to implement the system.

For more:
- download the full DHS annual financial report (.pdf)
- download the "other accompanying information" section of the report (.pdf)

Related Articles:
DHS perseveres with TASC
Auditors: CBP unable to detect excessive custom refunds in fiscal 2009
Coast Guard financial system had material weakness
Auditors find material weakness in FEMA financial systems
Auditors find IT material weakness in ICE