1 December 7, 1999 CLARENCE E. LEWIS, JR. CHIEF OPERATING OFFICER AND EXECUTIVE VICE PRESIDENT SUBJECT: Year 2000 Business Continuity and Contingency Planning: (Report Number ) This audit report presents the results of the Office of Inspector General s third and final review of the United States Postal Service s Year 2000 (Y2K) Business Continuity and Contingency Planning Initiative (Project Number 00PA017TR000). During this review, we noted that the Postal Service generally established an effective infrastructure and process to communicate, react to, and track resolution of potential Year 2000 failures. The Postal Service also developed a complete Day One strategy to position itself to readily identify Y2K problems and take needed corrective actions. Management agreed with our recommendations and has initiatives in progress or planned addressing the issues in this report. Management s comments and our evaluation of these responses are included in the report. We appreciate the cooperation and courtesies provided by your staff during the audit. If you have any questions, please contact, at ( or me at (703) Richard F. Chambers Assistant Inspector General for Performance Attachment cc: Norman E. Lorentz Nicholas F. Barranca Richard Weirich Sylvester Black Jim Golden John R. Gunnels
2 TABLE OF CONTENTS Part I Executive Summary i Part II Introduction Background Objective, Scope, and Methodology Prior Audit Coverage Audit Results Infrastructure and Processes Recommendations Management s Comments Evaluation of Management s Comments Appendices Appendix A. Prior Inspector General Year 2000 Reports Appendix B. Management s Comments 7 10
3 EXECUTIVE SUMMARY Introduction Results in Brief This is the Office of Inspector General s third report on the United States Postal Service s business continuity and contingency planning efforts, and one of a series of reports 1 regarding the Postal Service Year 2000 (Y2K) Initiative. This report addresses the Postal Service s (1) infrastructure and processes for communicating and reacting to Y2K disruptions, and (2) Day One strategy for managing the rollover period. The Postal Service has generally established an effective infrastructure and process to communicate, react to, and track resolution of potential Y2K failures. In accordance with the General Accounting Office (GAO) planning guidance, the Postal Service has dedicated sufficient resources and staff for Day One activities, adequately identified rollover risks, developed a Day One strategy, documented rehearsal plans, and established a process for executing rollover procedures and tests. Although the Postal Service has dedicated resources for Day One activities, it needs to further define the critical staff needed during the rollover period. If this is not done, key technical staff may not be available to handle rollover events. Further, while the Postal Service has documented its plans, it has yet to complete rehearsal of its Day One strategy. Moreover, any schedule slippage will affect the Postal Service s ability to update and revise the Day One strategy based on lessons learned. According to the Office of Management and Budget, the Postal Service s Day One strategy meets the requirements it has established for federal agency plans. We agree with the Office of Management and Budget s assessment, and believe the Postal Service's Day One strategy should help it effectively manage risks associated with the rollover period. Summary of Recommendations We recommend that the chief operating officer and executive vice president monitor Day One activities to ensure that critical employees mentioned in the staffing plan will be available during the rollover period and that all Day One activities are completed as scheduled. 1 See Appendix A for a list of these reports.
4 Summary of Management s Comments Overall Evaluation of Management s Comments Management agreed with our findings and recommendations. We have summarized management s comments in the report and included the full text of their comments in Appendix B. Management s comments are responsive to our findings and recommendations. Planned or on-going actions should further mitigate the risk of potential Y2K disruptions.
5 INTRODUCTION Background A Day One strategy comprises a comprehensive set of actions to be executed during the last days of 1999 and the first days of It must be integrated with agency business continuity and contingency plans, and should describe the key activities and responsibilities of agency component organizations and staff. The objectives of a Day One strategy are to: (1) position an organization to readily identify Year 2000-induced problems, take needed corrective actions, and minimize adverse impact on agency operations and business processes; and (2) provide information about an organization's Y2K condition to executive management, business partners, and the public. Objective, Scope, and Methodology Our objectives were to assess the Postal Service's: (1) infrastructure and processes for communicating and reacting to Y2K disruptions, and (2) Day One strategy for managing the rollover period. To address our first objective, we compared the Postal Service's infrastructure and processes to the GAO Day One Planning and Operations Guide. 2 This guide provides a structured approach to aid federal agencies in Day One planning. To evaluate the completeness of the Postal Service's Day One strategy, we compared its strategy to the Office of Management and Budget s requirements for Day One planning. 3 2 Year 2000 Computing Challenge: Day One Planning and Operations Guide (GAO/AIMD , October 1999). 3 In its September 1999 quarterly report, the Office of Management and Budget required agencies to submit Day One strategies by October 15, The Office of Management and Budget subsequently asked agencies to address seven elements in their plans: (1) a schedule of acti vities, (2) personnel on call or on duty, (3) contractor availability, (4) communications with the workforce, (5) facilities and services to support the workforce, (6) security, and (7) communications with the public.
6 Additionally, we attended Day One strategy meetings, reviewed related planning documents, interviewed postal officials responsible for planning, and observed Day One rehearsals. This audit was conducted from October 1999 through November 1999 in accordance with generally accepted government auditing standards and included tests of internal controls as were considered necessary under the circumstances. We discussed our findings with appropriate management officials and included their comments, where appropriate. Prior Audit Coverage During our continuing coverage of the Postal Service Year 2000 Initiative, we issued a series of reports 4 covering remediation, validation, reporting quality, budgeting, contracting, and business continuity planning. In our previous audits of business contingency and continuity planning, we noted several areas where management needed to strengthen its strategy, business impact analysis, plan development, and testing. Management was responsive to our six recommendations to strengthen its strategy and business impacts and our five recommendations to further strengthen its business continuity and contingency plans and testing efforts. 4 See Appendix A for a listing of reports.
7 AUDIT RESULTS Infrastructure and Processes Day One strategies are necessary to reduce the risk to facilities, systems, programs, and services during the weekend of the critical rollover period. According to guidance provided by the GAO, effective Day One planning comprises the following four phases supported by executive oversight: Our review disclosed that the Postal Service generally has an effective infrastructure and process to communicate, react to, and track resolution of potential Y2K disruptions. Postal executives have dedicated sufficient resources and staff for this task and have ensured that senior managers support this effort. The Postal Service has established a Day One team that reports to executive management and works closely with the business continuity and contingency planning group. The agency has also documented a high level Day One planning strategy and established a schedule and milestones for the planning effort. Under its business continuity and contingency initiatives, the Postal Service identified high-risk areas, including facilities, critical infrastructure components, and systems supporting
8 core business processes that should be addressed by the Day One plan. The Postal Service has also established command centers to coordinate and report on agency-wide rollover activities. Further, it has developed plans for both internal and external communications and a process for monitoring external events, including communications with the President s Council on Year 2000 Conversion s Information Coordination Center. However, although the Postal Service has adequately addressed the rollover risk requirements, it needs to further define the critical staff to execute Day One activities. Because the Postal Service has yet to reconcile its staffing plan to employee leave schedules, employees identified in staffing plans may have scheduled leave during the rollover period. If this does not happen, key technical staff may not be available to handle rollover events. With respect to rehearsals, the Postal Service has planned a web-based exercise to ensure that the Day One strategy is executable. This exercise will serve as a mechanism for making sure that field organizations are aware of both contingency and continuity plans, know how to access information from the plans, and are prepared to properly react to potential problems. However, while the Postal Service has documented its plans, it has yet to complete rehearsal of its Day One strategy. Any schedule slippage will affect the Postal Service s ability to update and revise the Day One strategy based on lessons learned. Finally, the Postal Service has taken steps to ensure it can execute rollover procedures and tests. More specifically, the Postal Service has: Established command centers and designated Day One sites. Developed operational inspections and readiness checks. Established a schedule to implement planned risk prevention and reduction measures. Developed a process to generally address post-rollover events or disruptions.
9 These actions should facilitate the gathering of information on the status of mission critical systems and the viability of the agency s core business processes. Recommendations We recommend that the chief operating officer and executive vice president monitor Day One activities to ensure that: 1. Employees critical to implementing the Day One strategy will be available during rollover. 2. All Day One activities are completed as scheduled. Management s Comments Evaluation of Management s Comments Management agreed with our findings and recommendations to ensure that critical employees mentioned in the staffing plan will be available during the rollover period and that all Day One activities are completed as scheduled. They stated that detailed Day One schedules have been developed for the National Operations Center, the Area Postal Operations Centers, the Information Systems Command and Control Center, the Engineering Command Center, the Inspection Service Command Center, as well as Network Operations Management, Communications, and Business Service Network. In addition, two internal oversight bodies will oversee project completion as scheduled. Management s comments are responsive to our findings and recommendations. Planned or on-going actions should further mitigate the risk of potential Y2K disruptions.
10 The Postal Service s Day One strategy contained all seven elements required by the Office of Management and Budget: (1) a schedule of activities, (2) personnel on call or on duty, (3) contractor availability, (4) communications with the workforce, (5) facilities and services to support the workforce, (6) security, and (7) communications with the public. According to the Office of Management and Budget, the Postal Service Day One strategy was a very thorough and well thought-out plan. For example, the Postal Service s risk management and prioritization was appropriate, and the extent of disruption to the supply chain and potential changes in mail volume and compositions were taken into account. Further, the Postal Service has assigned responsibility for providing information on status and any recovery or response activities to employees, contractors, customers, and public, as necessary. We agree with the Office of Management and Budget s assessment of the Postal Service s Day One strategy. As a result, we believe the Postal Service's strategy should help it effectively manage risks associated with the rollover period and better position itself to address any disruptions that may occur.
11 APPENDIX A PRIOR INSPECTOR GENERAL Y2K REPORTS The Office of Inspector General and GAO established a joint partnership in the fall of 1998 to work on Y2K issues which led to February 1999 testimony before three House subcommittees. The Inspector General s (IG) testimony on the Postal Service Year 2000 Initiative (Report No. IS-TR dated February 23, 1999), addressed major challenges facing the Postal Service. These included: developing and implementing a business continuity and contingency plan; determining whether external suppliers and Postal facilities are Y2K ready; deploying solutions and testing mail processing equipment; and reviewing, correcting, and testing information systems, data exchanges, information technology infrastructure. The GAO delivered testimony entitled Year 2000 Computing Crisis: Challenges Still Facing the U.S. Postal Service (GAO/T-AMID-99-86, dated February 23, 1999) which addressed Y2K operational issues similar to those presented in the IG testimony. In December 1999, we issued two Y2K reports. The first report is entitled Year 2000 Initiative: Status of Postal Service Year 2000 Readiness (Report Number IS-AR , dated December 3, 1999). In that report we provided the September 1999 status of Postal Service Y2K initiatives relating to the readiness of information systems, data exchanges, contingency plans, mail processing equipment, suppliers, facilities, business continuity plans and testing. The second report entitled Year 2000 Business Contingency and Continuity Planning: Plan Development and Testing (Report No. TR-AR dated December 3, 1999) noted that it may not be practical to refine all contingency and continuity plans by the end of the year, but the Postal Service should concentrate on those of highest impact to its operations. We recommended that the Postal Service expand testing to those areas where plans are not fully developed. We also recommended management ensure that proposed quality assurance steps be taken to ensure that plans are adequately integrated with other supporting plans and organizational initiatives, and are properly tested. In short, comprehensive plans for all severe or critical systems and for all highimpact failure scenarios should be pursued. In November 1999, we issued a Y2K report entitled Year 2000 Initiative: Suppliers, Mail Processing Equipment, Facilities, and Embedded Chips (Report No. IS-AR dated November 30, 1999) noted the Postal Service needed to place more emphasis on the issue of alternative supplier arrangements. Specifically, we recommended that the Postal Service needed to develop supplier contingency plans and establish a no-laterthan date when it will look to these alternative suppliers to take over for its at-risk critical suppliers, i.e., suppliers who may not be Y2K ready or who have already reported their inability to become Y2K ready. We also recommended that the Postal Service closely monitor and spot check mail processing equipment software deployment actions in the field to ensure installation of the proper, Y2K compliant software.
12 In September 1999, we issued a Y2K report entitled Year 2000 Business Continuity and Contingency Planning: Initiation and Business Impacts (Report Number TR-AR , dated September 29, 1999). This report addressed the overall progress the Postal Service made, the effectiveness of the management structure and strategy for business continuity planning, and the adequacy of the Postal Service s assessment of the potential business impacts resulting from Y2K disruptions. We made several recommendations, which will help the Postal Service strengthen its strategy for reducing potential Y2K disruptions. In September 1999, we issued a Y2K report entitled Year 2000 Initiative Review of Administration: Status Report on Postal Service Year 2000 Readiness (Report Number IS-AR , dated September 20, 1999). In that report we provided the May 1999 status of Postal Service Y2K initiatives relating to the readiness of information systems, data exchanges, contingency plans, mail processing equipment, suppliers, facilities, business continuity plans and testing. We noted that the Postal Service had made varying levels of progress in the area of component contingency plans and limited progress in the areas of facilities, business continuity plans and recovery management planning, external suppliers and information systems readiness testing. We reported that the Postal Service is actively engaged in accomplishing these Y2K tasks. In July 1999, we issued a Y2K report entitled "Year 2000 Initiative: Review of Administration Management" (Management Advisory Report No. FR-MA , dated July 7, 1999). Among the more significant issues, we noted were that adequate controls were not always in place to monitor contractor activities, information had not always been provided to Integrated Business Systems Solutions Center personnel to help in controlling Y2K resources, and work products provided by contractor personnel were not always timely or adequate. We also noted issues with unnecessary layers of contractor management, numbers or expertise of contractor personnel, security clearances, and deviations from the Postal Service travel regulations granted to one contractor. The Postal Service management concurred with seven of our eight suggestions for opportunities to save resources. In February 1999, we issued a Y2K report entitled Year 2000 Initiative: Program Management Reporting (Report No. IS-AR , dated February 18, 1999) that addressed quality and reliability of Y2K information reported to senior managers. We found that Y2K briefings and reports to senior management were not always complete, consistent, or clear. Y2K briefings did not include a standard report on the overall status of Y2K progress and were not provided at regularly scheduled intervals. As a result, senior managers were not always able to use the information to monitor Y2K progress and make timely and informed decisions. The Postal Service management concurred with our findings and recommendations.
13 In September 1998, we issued a Y2K report entitled "Year 2000 Initiative: Post Implementation Verification" (Report No. IS-AR , dated September 29, 1998), that involved an assessment of the efficiency and effectiveness of the process implemented as an independent check on the Postal service remediation efforts. This report recommended the Postal Service modify its system certification and post implementation verification procedures to improve the quality of systems sent to verification as well as the process itself. The Postal Service management concurred with our findings and recommendations. In July 1998, we issued a Y2K report, entitled "Year 2000 Initiative: Status of the Renovation, Validation, and Implementation Phases" (Report No. IS-AR , dated July 21, 1998), that involved a preliminary assessment of the renovation, validation, and implementation phases of the Postal Service Year 2000 Initiative. It contained recommendations for improvement in several areas including accurately reporting the compliance status of systems applications. The Postal Service s management concurred with our findings and recommendations. Our first Y2K report entitled "Year 2000 Initiative" (Report No. IS-AR dated March 31, 1998) examined the awareness and assessment phases of the Postal Service Y2K Initiative and made recommendations for improvement in several areas including assigning accountability to responsible managers. The Postal Service s management concurred with our findings and recommendations. We also issued a letter report, entitled "Y2K Contract Indemnification Advisory Letter" (Report No. CA-LA , dated July 7, 1998). That letter addressed negotiations between the Postal Service and a consulting firm regarding the Y2K program management contract's indemnification clause. That letter contained suggestions to the Postal Service s management regarding the indemnification issue.
December 3, 1999 CLARENCE E. LEWIS, JR. CHIEF OPERATING OFFICER AND EXECUTIVE VICE PRESIDENT NORMAN E. LORENTZ SENIOR VICE PRESIDENT, CHIEF TECHNOLOGY OFFICER SUBJECT: Year 2000 Business Contingency and
SEPTEMBER 16, 2010 AUDIT REPORT OFFICE OF AUDITS REVIEW OF NASA S MANAGEMENT AND OVERSIGHT OF ITS INFORMATION TECHNOLOGY SECURITY PROGRAM OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration
March 31, 1999 M. RICHARD PORRAS CHIEF FINANCIAL OFFICER AND SENIOR VICE PRESIDENT JOHN F. KELLY VICE PRESIDENT, EXPEDITED AND PACKAGE SERVICES JAMES F. GRUBIAK VICE PRESIDENT, INTERNATIONAL BUSINESS UNIT
March 31, 2009 THOMAS G. DAY SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY PRITHA N. MEHRA VICE PRESIDENT, BUSINESS MAIL ENTRY AND PAYMENT TECHNOLOGIES GEORGE W. WRIGHT VICE PRESIDENT, INFORMATION
June 28, 1999 WILLIAM J. DOWLING VICE PRESIDENT, ENGINEERING Subject: Tray Management System Software Management () As part of an ongoing audit of the Tray Management System, the Office of Inspector General
September 27, 2002 THOMAS G. DAY VICE PRESIDENT, ENGINEERING CHARLES E. BRAVO SENIOR VICE PRESIDENT, CHIEF TECHNOLOGY OFFICER JOHN A. RAPP SENIOR VICE PRESIDENT, OPERATIONS SUBJECT: Audit Report Integrated
OFFICE OF INSPECTOR GENERAL UNITED STATES POSTAL SERVICE Trends and Systemic Issues in Defense Contract Audit Agency Audit Work for Fiscal Years 2009-2012 Management Advisory Report Report Number March
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment Information Security Series: Security Practices Integrated Contract Management System Report No. 2006-P-00010 January 31,
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
Testimony of James W. Runcie Chief Operating Officer Federal Student Aid U.S. Department of Education Before the Subcommittee on Higher Education and Workforce Training, House Education and the Workforce
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Management of Cloud Computing Activities DOE/IG-0918 September 2014 Department
March 12, 2002 PATRICK R. DONAHOE CHIEF OPERATING OFFICER AND EXECUTIVE VICE PRESIDENT KEITH STRANGE VICE PRESIDENT, PURCHASING AND MATERIALS SUBJECT: Management Advisory Review of Decontamination Activities
OFFICE OF INSPECTOR GENERAL UNITED STATES POSTAL SERVICE Funnel Management Program Management Advisory Report March 20, 2013 Report Number March 20, 2013 Funnel Management Program Report Number BACKGROUND:
July 31, 2000 WILLIAM J. HENDERSON POSTMASTER GENERAL, CHIEF EXECUTIVE OFFICER SUBJECT: Interim Report - Economic Value Added (Report Number ) This interim report is issued as part of our overall review
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL SECURITY OF THE NCUA DATA CENTER Report # August 12, 2013 James Hagen Inspector General W. Marvin Stith, CISA Senior IT Auditor Table of
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Taxpayer Data Used at Contractor Facilities May Be at Risk for Unauthorized Access or Disclosure May 18, 2010 Reference Number: 2010-20-051 This report
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938
MARCH 28, 2011 AUDIT REPORT OFFICE OF AUDITS INADEQUATE SECURITY PRACTICES EXPOSE KEY NASA NETWORK TO CYBER ATTACK OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration REPORT NO. IG-11-017
Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security
FINAL AUDIT REPORT WITH RECOMMENDATIONS Internal Operations No. 12-001 SUBJECT: Review of Contract CQ 7068 Safety Management Assessment and Enhancement Program DATE: February 14, 2012 FROM: OIG Helen Lew
it ort YEAR 2000 COMPLIANCE OF THE STANDARD ARMY MAINTENANCE SYSTEM-REHOST Report Number 99-165 May 24, 1999 Office of the Inspector General Department of Defense Additional Copies To obtain additional
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Insufficient Attention Has Been Given to Ensure States August 31, 2007 Reference Number: 2007-20-134 This report has cleared the Treasury Inspector General
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
Office of Inspector General Evaluation of the Consumer Financial Protection Bureau s Consumer Response Unit Consumer Financial Protection Bureau September 2012 September 28, 2012 MEMORANDUM TO: FROM: SUBJECT:
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Management of Western Area Power Administration's Cyber Security Program DOE/IG-0873 October 2012 Department
U.S. Department of Energy Office of Inspector General Office of Audit Services Audit Report National Nuclear Security Administration's Construction of a Radiological/Nuclear Complex for Homeland Security
OFFICE OF INSPECTOR GENERAL Report of Audit Information Technology Infrastructure Project Management A-07-02 Tammy Rapp Auditor-in-Charge FARM CREDIT ADMINISTRATION Memorandum Office of Inspector General
AUDIT REPORT REPORT NUMBER 14 08 Information Technology Professional Services Oracle Software March 25, 2014 Date March 25, 2014 To Chief Information Officer Director, Acquisition Services From Inspector
NATIONAL CREDIT UNION ADMINISTRATION NATIONAL CREDIT UNION SHARE INSURANCE FUND LETTER LETTER NO.: 98-CU-12 TO CREDIT UNIONS DATE: June 10, 1998 SUBJECT: Business Resumption Contingency Planning Letter
U.S. Department of Agriculture Office of Inspector General Western Region Audit Report Natural Resources Conservation Service Water and Climate Information System Review of Application Controls Portland,
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Naval Reactors' Cyber Security Program DOE/IG-0884 April 2013 Department of Energy Washington,
February 25, 2003 ANITA J. BIZZOTTO SENIOR VICE PRESIDENT, CHIEF MARKETING OFFICER CHARLES E. BRAVO SENIOR VICE PRESIDENT, INTELLIGENT MAIL AND ADDRESS QUALITY HENRY A. PANKEY, VICE PRESIDENT, DELIVERY
DOE/IG-0471 INSPECTION REPORT SUMMARY REPORT ON INSPECTION OF ALLEGATIONS RELATING TO THE ALBUQUERQUE OPERATIONS OFFICE SECURITY SURVEY PROCESS AND THE SECURITY OPERATIONS SELF-ASSESSMENTS AT LOS ALAMOS
Utilization of Marketing and Sales Data for Executives Audit Report Report Number MS-AR-15-002 March 4, 2015 Highlights The CMSO effectively uses available data to manage business activities and mitigate
Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy
GAO United States Government Accountability Office Report to Congressional Requesters October 2012 INFORMATION TECHNOLOGY DASHBOARD Opportunities Exist to Improve Transparency and Oversight of Investment
NOAA repurposed the JPSS ground system from its original role of supporting a research and prototyping project under the National Polar-orbiting Operational Environmental Satellite System (NPOESS) 5 to
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
U.S. DEPARTMENT OF THE INTERIOR OFFICE OF INSPECTOR GENERAL Verification of Previous Office of Inspector General Recommendations September 2009 ISD-EV-MOA-0002-2009 Contents Acronyms and Other Reference
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Briefing Report: Improvements Needed in EPA s Information Security Program Report No. 13-P-0257 May 13, 2013 Scan this mobile code to learn
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department of Energy's Management and Use of Mobile Computing Devices and Services DOE/IG-0908 April
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
STATEMENT OF PATRICIA A. DALTON DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF LABOR BEFORE THE SUBCOMMITTEE ON OVERSIGHT AND INVESTIGATIONS EDUCATION AND THE WORKFORCE COMMITTEE U.S. HOUSE OF REPRESENTATIVES
Management of Detail Assignments Follow-Up Audit Report Report Number DP-AR-14-007 September 26, 2014 Highlights From June through December 2013 the Postal Service spent about $17.8 million on travel related
OFFICE OF INSPECTOR GENERAL UNITED STATES POSTAL SERVICE Corporate Succession Planning Program Management Advisory Report April 23, 2014 Report Number April 23, 2014 Corporate Succession Planning Program
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment EPA Could Improve Processes for Managing Contractor Systems and Reporting Incidents Report No. 2007-P-00007 January 11, 2007
SENTINEL AUDIT V: STATUS OF THE FEDERAL BUREAU OF INVESTIGATION S CASE MANAGEMENT SYSTEM U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 10-03 November 2009 Redacted
O F F I C E O F IN S P E C TO R G E N E R A L Audit Report 2014-IT-B-002 Audit of the Board s Data Center Relocation February 7, 2014 B O A R D O F G O V E R N O R S O F T H E F E D E R A L R E S E R V
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment EPA Could Improve Its Information Security by Strengthening Verification and Validation Processes Report No. 2006-P-00002
Audit of Management of the Government Purchase Card Program, Number A-13-04 Smithsonian Needs to Improve Preventative Controls for the Purchase Card Program Office of the Inspector General Report Number
Office of Inspector General September 15, 2005 STEVEN W. MONTEITH EXECUTIVE DIRECTOR, HUMAN CAPITAL ENTERPRISE SUBJECT: Audit Report Human Capital Enterprise (Report Number ) This report presents the interim
OFFICE OF INSPECTOR GENERAL UNITED STATES POSTAL SERVICE Metro Post Same Day Delivery Pilot Management Advisory Report Report Number February 5, 2014 February 5, 2014 Metro Post Same Day Delivery Pilot
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Improvements Are Needed to the Information Security Program March 11, 2008 Reference Number: 2008-20-076 This report has cleared the Treasury Inspector
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Controls Over EPA s Compass Financial System Need to Be Improved Report No. 13-P-0359 August 23, 2013 Scan this mobile code to learn more
Report No. DODIG-2014-006 I nspec tor Ge ne ral U.S. Department of Defense OCTOBER 25, 2013 Program Management Office Provided Adequate Oversight of Two Contracts Supporting the Defense Enterprise Accounting
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Evaluation Report The Department's Unclassified Cyber Security Program 2011 DOE/IG-0856 October 2011 Department of
UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL 400 MARYLAND AVENUE, S.W. WASHINGTON, DC 20202-1500 February 1, 2006 Michell Clark, Designee Assistant Secretary for Management and Acting
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Evaluation Report Catalyst for Improving the Environment EPA Needs to Improve Continuity of Operations Planning Report No. 10-P-0017 October
Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Follow-up Audit of the Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment Project Delays Prevent EPA from Implementing an Agency-wide Information Security Vulnerability
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment EPA Needs to Strengthen Its Privacy Program Management Controls Report No. 2007-P-00035 September 17, 2007 Report Contributors:
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General INFORMATION TECHNOLOGY: Final Obstacles Removed To Eliminate Customs Disaster Recovery Material Weakness Office of Information Technology OIG-IT-03-01
April 19, 2006 Human Capital DoD Security Clearance Process at Requesting Activities (D-2006-077) Department of Defense Office of Inspector General Quality Integrity Accountability Additional Copies To
IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL JANUARY 2013 TABLE OF CONTENTS Introduction... 1 Before the Three Lines: Risk Management Oversight and Strategy-Setting...
GAO United States General Accounting Office Report to the Chairman, Committee on Government Reform, House of Representatives February 2004 CONTINUITY OF OPERATIONS Improved Planning Needed to Ensure Delivery
Department NeighborWorks America Audit Review of the Business Continuity Plan (BCP) and Documentation Project Number: ADMN.BCP.2013 Audit Review of of BCP Table of Contents Project Completion Letter...
U.S. DEPARTMENT OF ENERGY OFFICE OF INSPECTOR GENERAL AUDIT OF DEPARTMENTAL INTEGRATED STANDARDIZED CORE ACCOUNTING SYSTEM (DISCAS) OPERATIONS AT SELECTED FIELD SITES The Office of Inspector General wants
Best Practices in Supplier Management Benchmarking Study Carlos Mena Sr. Supplier Development Manager Thoratec Corporation 1 1 Supplier Relationship Benchmarking and Best Practices Thoratec Corporation
Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction The purpose of this paper is to help financial institutions, in particular their senior management, address business
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
U.S. ENVIRONMENTAL PROTECTION AGENCY OFFICE OF INSPECTOR GENERAL Information Technology Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program Report.
U.S. DEPARTMENT OF ENERGY Internal Control Evaluations Fiscal Year 2014 Guidance Issued February 10, 2014 Table of Contents I. Introduction... 4 A. Background... 4 B. Purpose... 4 C. Benefits of Performing
seaonly Seattle Public Schools The Office of Internal Audit Capital Internal Audit Report Issue Date: December 16, 2014 Executive Summary Background In accordance with the Capital Risk Assessment and Audit
United States Government Accountability Office Report to Congressional Committees March 2014 MAJOR AUTOMATED INFORMATION SYSTEMS Selected Defense Programs Need to Implement Key Acquisition Practices GAO-14-309
CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) PURPOSE: The purpose of this procedure is to establish the roles, responsibilities, and communication procedures for the Computer Security Incident
Federal Housing Finance Agency Office of Inspector General Action Needed to Strengthen FHFA Oversight of Enterprise Information Security and Privacy Programs Audit Report AUD-2013-009 August 30, 2013 Action
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
AUDIT REPORT 12-1 8 Audit of Controls over GPO s Fleet Credit Card Program September 28, 2012 Date September 28, 2012 To Director, Acquisition Services From Inspector General Subject Audit Report Audit
GAO United States General Accounting Office Accounting and Financial Management Division September 1991 The Chief Financial Officers Act A Mandate for Federal Financial Management Reform GAO/AFMD-12.19.4
OFFICE OF INSPECTOR GENERAL Catalyst for Improving the Environment Audit Report EPA s Computer Security Self-Assessment Process Needs Improvement Report No. 2003-P-00017 September 30, 2003 Report Contributors:
Appendix D Year 2000: Credit Risk Assessment Worksheet Y2K Credit Risk Assessment Worksheet Page 1 Information The purpose of this worksheet is to help credit officers assess the level of a business borrower
Performance Audit Concurrent Review: ERP Pre-Solicitation April 2002 City Auditor s Office City of Kansas City, Missouri 24-2001 April 10, 2002 Honorable Mayor and Members of the City Council: We conducted