Skip to main content
Report File
Title Full
FINANCIAL MANAGEMENT: Management Letter for the Audit of the Department of the Treasury's Consolidated Financial Statements for Fiscal Years 2024 and 2023
Date Issued
Submitting OIG
Department of the Treasury OIG
Agencies Reviewed/Investigated
Department of the Treasury
Components
Departmental Offices
Report Number
OIG-25-012
Report Type
Audit
Agency Wide
Yes
Number of Recommendations
4
Questioned Costs
$0
Funds for Better Use
$0
Report updated under NDAA 5274
No

Open Recommendations

This report has 4 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
1-1 Yes $0 $0

The IPA recommended that Departmental Offices (DO) management review DO-910 and FARS SSP password setting requirements to determine if they apply to all layers of system technologies (e.g., application, database, and operating system). If necessary, consider specifying distinct password setting requirements for the different layer.

1-2 Yes $0 $0

The IPA recommended that DO management implement password authentication controls at the FARS database in accordance with the minimum requirements set by DO-910 and the FARS SSP, to include the number of failed login attempts allowed.

2-1 Yes $0 $0

The IPA recommended that DO management: Develop policies and procedures for performing the quarterly review and reauthorization of privileged OS access, which specify: How to document the review of user access for continued appropriateness and the resulting determinations. Assignment of individual(s) responsible for performing the review(s) across the various privileged OS domains/groups/accounts, who are independent of the access they review and are of the appropriate authority. Identification/Inventory of the privileged OS domains/groups/accounts that are subject to review, to include any privileged OS service groups/accounts.

2-2 Yes $0 $0

The IPA recommended that DO management disseminate said policies and procedures to control performers and re-perform a review and reauthorization of privileged OS access that enforces independence from an individual reviewing their own access, includes OS service groups/accounts, and is documented/retained, in accordance with the established policies and procedures.

Department of the Treasury OIG

United States