Internal Controls


Despite making progress in safeguarding sensitive or confidential information, the SEC still lacks consistency in implementing key data controls, the GAO said in its annual audit released in April. Information security control weaknesses identified included 13 that remained unresolved from the previous year’s audit, plus 15 new ones, the GAO said. They included insufficient testing and evaluation of controls for a major data system as required by a certification and accreditation process, as well as inconsistent implementation of policies and procedures, including parts of the SEC’s information-security program.

The SEC had corrected 58 of the 71 weaknesses identified in 2005, the GAO noted, and by the completion of its 2006 audit had taken action on 11 of the newly identified faults. But the commission had not adequately guarded identification and authentication of users of data systems, leaving critical information in some instances vulnerable to hacking or unauthorized use or modification, the GAO said. For instance, requests for new or upgraded access to the EDGAR company financial reporting system weren’t always properly reviewed, and records of user privileges didn’t always reflect current information about users’ roles within the SEC.

SPONSORED REPORT

How the election may affect taxation of business income

This report summarizes recent proposals to reform the U.S. business income tax system and considers the path to enactment of any such legislation.

VIDEO

How to Excel pivot a general ledger

The general ledger is a vast historical data archive of your company's financial activities, including revenue, expenses, adjustments, and account balances. J. Carlton Collins, CPA, shows how to prepare data for, and mine data with, PivotTables.

QUIZ

Did you follow 2016’s biggest accounting news?

CPAs will remember 2016 as a year of new standards and new faces. How well did you follow the biggest accounting events? The 7 questions in this quiz will help you find out