Coast Guard financial system had material weakness
Outside auditors found a material weakness in the Coast Guard financial system while auditing the military service's internal controls.
Specifically, KPMG auditors--hired by the Homeland Security Department and whose report the DHS inspector general released May 3 without opinion--say that IT scripts used to make updates to Coast Guard's core general ledger software were run without consistent testing requirements or prior approval. They also say that keeping track of what specific changes the scripts make to the core software database tables wasn't being done, because reconciling scripts to audit log table changes was too difficult. The audit examined the state of Coast Guard financial management systems as of Sept. 30, 2009.
The Coast Guard uses scripts because its core financial system can't perform some functions and has issues with data quality--it's so old at this point that it's no longer supported by the vendor that designed it.
The Coast Guard, in its official response to KPMG's findings, took issue with the firm assigning material risk status to the script process; enough compensating controls were in place to justify a rating of low risk, wrote Capt. Marshall B. Lytle III, the acting deputy assistant commandant for C4IT.
- read the KPMG audit, OIG 10-77 (.pdf)