Information Technology Management Letter for the United States Coast Guard Component of the FY 2015 Department of Homeland Security Financial Statement Audit

We contracted with the independent public accounting firm KPMG, LLP to perform the audit of the consolidated financial statements of the U.S. Department of Homeland Security for the year ended September 30, 2015. KPMG, LLP evaluated selected general IT controls and business process application controls at the United States Coast Guard (Coast Guard). KPMG, LLP determined that Coast Guard took corrective actions to address one prior-year IT control deficiency. Specifically, Coast Guard made improvements over implementing certain account management and audit log controls. KPMG, LLP continued to identify general IT controls deficiencies related to access controls, segregation of duties, and configuration management of Coast Guard’s core financial and feeder systems. In many cases, new control deficiencies reflected weaknesses over controls and systems that were new to the scope of the FY15 audit Such deficiencies limited Coast Guard’s ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity, and availability.