Audit of USAID's Fiscal Year 2014 Compliance With the Federal Information Security Management Act of 2002
Sign inINSPECTOR GENERAL’S OFFICE
The Office of Inspector General conducted an audit of USAID's Fiscal Year 2014 compliance with the Federal Information Security Management Act of 2002.
2014 · 3 pages

Abstract
The audit aimed to determine whether USAID implemented selected security controls for selected information systems in support of FISMA. The audit was conducted in accordance with U.S. Government auditing standards by the independent certified public accounting firm of Cotton & Company. The audit found that USAID has developed and documented the majority of information security policies and procedures required under FISMA. However, the Agency has not established a risk management program to ensure that policies and procedures are working as intended. As a result, the audit identified several information system weaknesses that could be exploited to affect the confidentiality, integrity, and availability of USAID's data and information systems. The identified weaknesses could have a negative impact on the Agency's ability to protect the security of its information or systems. The Office of Inspector General made 18 recommendations to address the weaknesses and strengthen USAID's information security program. Management decisions were made on all of the recommendations. The audit was conducted by the Office of Inspector General, U.S. Agency for International Development, 1300 Pennsylvania Avenue NW, Washington, D.C. 20523. The audit report was issued on October 30, 2014. The contact information for the Office of Inspector General includes a telephone number of (202) 712-1150 and a fax number of (202) 215-3047. The Office of Inspector General also has a website at oig.usaid.gov.
Connected topics
Classification
USAID DEC