Audit Report 6-08: Audit of SBA’s Information Systems Controls for FY 2005
On December 22, 2005, the OIG issued the Independent Public Accountant or IPA’s report regarding their review in Audit Report 6-08, Audit of SBA’s Information Systems Controls for FY 2005. This audit was one element in their audit of the SBA’s FY 2005 financial statements. The IPA found that the SBA continued to improve internal control over its information system environment during FY 2005, specifically, the SBA: (1) upgraded the JAAMS database and application to include stronger logical access controls and auditing capabilities, and (2) enhanced controls over its network by adding additional Intrusion Detection system sensors to the internal network.
The accomplishments, however, were overshadowed by the following identified weaknesses: (1) management did not take appropriate action to correct known prior weaknesses in a timely manner, (2) controls over administering network accounts remained weak, and (3) controls over logging and monitoring activities at the network and application levels remained weak.