Audit Reports
skip-to-content
Required by the Federal Information Security Modernization Act of 2014
October 4, 2021
Quality Control Review of an Independent Auditor’s Report on the Surface Transportation Board’s Information Security Program and Practices
Project ID:
QC2022001
What We Looked At
The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to implement information security programs. FISMA also requires agencies to have annual independent evaluations performed to determine the effectiveness of their programs and report the results of these reviews to the Office of Management and Budget (OMB). To meet this requirement, the Surface Transportation Board (STB) requested that we perform its fiscal year 2021 FISMA review. We contracted with Williams Adley & Company-DC LLP (Williams Adley), an independent public accounting firm, to conduct this audit subject to our oversight. The audit objective was to determine the effectiveness of STB’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover.
What We Found
We performed a quality control review (QCR) of Williams Adley’s report and related documentation. Our QCR disclosed no instances in which Williams Adley did not comply, in all material respects, with generally accepted Government auditing standards.
Recommendations
STB concurs with Williams Adley’s 27 recommendations.
Recommendations
Open
Closed
2021
2021
Closed on 04.14.2022
2021
Closed on 06.15.2022
2021
Closed on 03.28.2022
2021
2021
Closed on 04.14.2022
2021
Closed on 06.15.2022
2021
2021
Closed on 04.14.2022
2021
Closed on 04.11.2022
2021
Closed on 04.11.2022
2021
Closed on 03.28.2022
2021
Closed on 06.15.2022
2021
Closed on 05.02.2022
2021
2021
Closed on 06.15.2022
2021
2021
2021
2021
Closed on 03.28.2022
2021
Closed on 03.28.2022
2021
Closed on 03.28.2022
2021
Closed on 03.28.2022
2021
Closed on 03.28.2022
2021
Closed on 03.28.2022
2021
Closed on 06.15.2022
2021
Closed on 05.09.2023