Audit Reports
skip-to-content
Required by the Federal Information Security Modernization Act of 2014
October 26, 2020
Quality Control Review of the Independent Auditor’s Report on the Assessment of DOT’s Information Security Program and Practices
Project ID:
QC2021003
What We Looked At
This report presents the results of our quality control review (QCR) of an audit of the Department of Transportation’s (DOT) information security program and practices. The Federal Information Security Modernization Act (FISMA) requires agencies to develop, implement, and document agency–wide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget.
To meet this requirement, we contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of DOT’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover.
What We Found
We performed a QCR of CLA’s report and related documentation. Our QCR disclosed no instances in which CLA did not comply, in all material respects, with generally accepted Government auditing standards.
Recommendations
CLA made 18 recommendations. DOT concurs with recommendations 1, 3 through 15, and 17 and 18 and partially concurs with recommendations 2 and 16. CLA considers all 18 recommendations resolved but open pending completion of planned actions.
Recommendations
Open
Closed
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
2020
Closed on 09.14.2022
Related Library Items
08.11.2016
11.10.2015
11.05.2015
01.22.2015
01.15.2015
11.22.2013
11.14.2012
10.08.2008
10.23.2006
10.07.2005
10.01.2004
09.25.2003
09.27.2002
09.07.2001