Audit of the General and Application Controls in the Financial Management Major Application System

OFFICE OF INSPECTOR GENERAL Audit Report Audit of the General and Application Controls in the Financial Management Major Application System Report No. 09-05 September 30, 2009 RAILROAD RETIREMENT BOARD TABLE OF CONTENTS Introduction Background ................................................................................................................. 1 Objective...................................................................................................................... 2 Scope .......................................................................................................................... 2 Methodology ................................................................................................................ 3 Results of Evaluation Segregation of Duties for Accounts Receivable Transactions is Not Enforced............ 5 Access Control over Dataset Rules Needs to be Improved ......................................... 6 Access Controls that Enforce Least Privilege Need Improvement............................... 8 Inconsistent Methodology Used............................................................................................8 Inaccurate Base-Line Information Provided..........................................................................9 Reauthorization Responses Not Implemented......................................................................9 Other ...