KPMG, LLP evaluated selected general IT controls and business process application controls at the Federal Emergency Management Agency (FEMA). KPMG, LLP determined that FEMA took corrective actions to address certain prior-year IT control deficiencies. For example, FEMA made improvements by designing and consistently implementing certain account management and configuration management controls. However, KPMG, LLP continued to identify general IT control deficiencies related to security management, access controls, segregation of duties, configuration management, and contingency planning for FEMA’s core financial and feeder systems. Collectively, these deficiencies limited FEMA’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.