Audit of the Office of Personnel Management’s Fiscal Year 2015 Consolidated Financial Statements

Date Issued

Friday, November 13, 2015

Submitting OIG

Office of Personnel Management OIG

Other Participating OIGs

Office of Personnel Management OIG

Agencies Reviewed/Investigated

Office of Personnel Management

Components

Other

Report Number

4A-CF-00-15-027

Report Type

Audit

Agency Wide

Yes

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2	No	$0	$0
KPMG recommends that the OCIO document and map access rights in OPM systems to personnel roles and functions, following the principle of 'least privilege'.
3	No	$0	$0
KPMG recommends that the OCIO enhance OPM’s information security control monitoring program to detect information security control weaknesses by: • Implementing and monitoring procedures to ensure system access is appropriately granted to new users, consistent with the OPM access approval process; and Monitoring the process for the identification and removal of separated users to ensure that user access is removed timely upon separation; implementing procedures to ensure that user access, including user accounts and associated roles, are reviewed on a periodic basis consistent with the nature and risk of the system, and modifying any necessary accounts identified.