KPMG, LLP determined that CBP made improvements by designing and implementing certain account management, audit logging, and configuration management controls. However, KPMG continued to identify financial system functionality and general information technology control deficiencies related to access controls and configuration management for CBP’s core financial, feeder, and General Support Systems environments. The deficiencies collectively limited CBP’s ability to ensure that critical financial and operational data were maintained in such a manner as to ensure their confidentiality, integrity, and availability. We recommend that CBP, in coordination with the DHS Chief Information Officer and Chief Financial Officer, make improvements to CBP’s financial management systems and associated information technology security program.
Information Technology Management Letter for the FY 2016 U.S. Customs and Border Protection Financial Statement Audit