KPMG, LLP evaluated selected general IT controls and business process application controls at the Transportation Security Administration (TSA). KPMG, LLP determined that TSA made improvements over consistently implementing certain technical account security controls and audit log reviews. However, KPMG continued to identify general IT control deficiencies (GITCs) related to access controls for TSA’s core financial and feeder systems. New control deficiencies reflected weaknesses over controls for systems that were new to the scope of testing GITCs for the FY 2015 audit. The conditions supporting our findings collectively limited TSA’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability.
Information Technology Management Letter for the Transportation Security Administration Component of the FY 2015 Department of Homeland Security Financial Statement Audit