Quality Control Review of the Report on Controls Over the Enterprise Services Center
On September 22, we issued our final report on the general, application, and operational controls over the DOT Enterprise Services Center. OIG hired a CPA firm to perform this review in accordance with the Statement of Auditing Standard No. 70, which is required by OMB for agencies designated as Federal Service Providers to provide cross–agency services. The audit covered Delphi Financial Management System operations, which are used by multiple Federal agencies; and the Consolidated Automation System for Time and Labor Entry (CASTLE), which is used to support DOT operations only. The audit concluded that management’s description of controls presents fairly, in all material respects, the controls that have been placed in operation as of June 30, 2008. In addition, controls are suitably designed and were operating effectively except in the areas of logical access and segregation of duties concerning CASTLE system operations. Specifically, the CASTLE Database Administrators had access to develop, test, and release system changes into production without any independent review and approval. The Acting Deputy Chief Financial Officer has committed to implementing corrective actions.