Audit of the Information Systems General and Application Controls at Group Health Cooperative of South Central Wisconsin

Date Issued

Monday, July 15, 2024

Submitting OIG

Office of Personnel Management OIG

Other Participating OIGs

Office of Personnel Management OIG

Agencies Reviewed/Investigated

Office of Personnel Management

Components

Information Technology

Report Number

2023-ISAG-024

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

External Entity

Group Health Cooperative of South Central Wisconsin

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
15	No	$0	$0
We recommend that GHC develop and implement policies and procedures which define how unsupported software should be handled before the end-of-life date.
11	No	$0	$0
We recommend that GHC continue to remediate the specific technical weaknesses discovered during this audit as outlined in the vulnerability scan audit inquiry.
13	No	$0	$0
We recommend that GHC implement a routine process to audit security configuration settings of its servers to ensure compliance with approved security configuration settings.