[ GRAPHIC ]
[
Search
]
LIMITED SCOPE AUDIT OF CONTROLS OVER THE OFFICE OF WORKFORCE SECURITY UI WEEKLY CLAIMS PRESS RELEASE
Information obtained from the Internet may not be in the same format as a hard
copy obtained from the Office. Depending on the requester, the quantity of
information provided may also vary. In order to appeal any deleted information
received via the Internet, you must make a formal written request for the same
material. Further, some of the audit reports issued prior to FY 1998 may no longer
be available. They may have been destroyed in accordance with our records
retnetion schedule. However, any request for audit reports or other audit materials
should be sent to the OIG, Disclosure Officer, Room S1303, 200 Constitution
Avenue, N.W., Washington, D. C. 20210.
Unless otherwise stated, the audit reports provided on this web page reflect the
findings of the OIG at the time that the audit report was issued. The auditee may
have more current information available as a result of audit resolution activities.
The OIG is using Adobe Acrobat 4.0 to prepare its audit reports for the internet. If
you experience problems accessing the PDF files, you may want to download the latest
version of the Adobe Acrobat Reader by clicking on the link provided.
[
Link to Acrobat 4.0 Reader
]
The Unemployment Insurance (UI) Weekly Claims Press Release is issued
by the U.S. Department of Labor (DOL) every Thursday morning at 8:30 a.m.
The UI Weekly Claims Press Release contains the National total of initial
claims for UI and is one of the leading economic indicators that may
affect the financial and monetary markets. Therefore, there is a need to
protect the data and the UI Weekly Claims Press Release from unauthorized
use and release while it is in embargoed status.
The Office of Inspector General (OIG) performed a limited scope audit
to assess (1) the internal controls used to ensure the accuracy and
completeness of the data used to produce the UI Weekly Claims Press
Release, and (2) the internal controls over issuing the UI Weekly Claims
Press Release and safeguarding the embargoed information against
unauthorized use or early release to the public (prerelease). Our audit
covered all aspects of the UI Weekly Claims Press Release process, from
the compiling of the data by DRR to the release of the UI Weekly Claims
Press Release by OIPA.
We found there were several significant control weaknesses that must be
corrected to adequately safeguard the information against unauthorized use
or prerelease to the public. In the area of data processing and report
production we found (1) that the embargoed data and UI Weekly Claims Press
Release are processed and produced in an unsecured office environment; (2)
there are security vulnerabilities in the procedures used to deliver
advance copies of the UI Weekly Claims Press Release package to the four
high-level DOL officials the day before the UI Weekly Claims Press Release
is officially released; (3) a library management system is not used to
track multiple versions of software production programs used to compile
the data; (4) there is no security clearance policy for individuals with
access to embargoed data; (5) situations can occur where one person
controls the entire UI Weekly Claims Press Release process; and (6) there
are no formal procedures for responding to security incidents.
We also found that the ETA LAN server used to store the UI Weekly Claim
Press Release and supporting documents has several weaknesses that
compromise the security level needed for embargoed documents. An excessive
number of network administrators have access to the server containing the
embargoed documents and the embargoed documents are not encrypted while
stored on the server. Additionally, periodic security evaluations using a
security software package are not performed.
We recommended that ETA promptly correct the internal control
weaknesses. Our major recommendations to ETA were to (1) create a
restricted access office area for processing the embargoed data and
producing the UI Weekly Claims Press Release; (2) strengthen the
procedures used to deliver the advance copies of the UI Weekly Claims
Press Release package; (3) develop and implement a security clearance
policy for individuals with access to embargoed data; and (4) use a use a
stand-alone computer located in a secure area to store the embargoed UI
Weekly Claims Press Release and supporting documents before the official
release time.
Overall, ETA responded that it did not consider the findings in the
report as significant control weaknesses. ETA has already taken action on
some of the report recommendations. However, in referring to the
recommendation for restricted office space, ETA stated that although it
would be desirable, at the current time there are severe limitations on
space availability. ETA further stated that the space where the embargoed
data and the UI Weekly Claims Press Release are processed and produced is
scheduled to be reconfigured in 2002 and the current space plans will be
reviewed to see if alterations can be made to isolate the area. Concerning
security clearances, ETA stated that the Federal staff currently working
on the UI Weekly Claims Press Release Process have been doing so for a
long time. Therefore, ETA does not believe that a security clearance
investigation is warranted for them. However, ETA will implement a policy
to require a background investigation for any new employee who has access
to the embargoed data.
We disagree
with ETA s conclusion that the findings
in the report are not significant control weaknesses. Because the UI
Weekly Claims Press Release contains embargoed data, it is critical that
the data be protected until it is released at the prescribed time. ETA
must recognize that in managing security of sensitive information, the risks
associated with the UI Weekly Claims Press Release process should be identified
and reduced. Unauthorized use and disclosure of the embargoed data
and the UI Weekly Claims Press Release can affect the financial markets
and damage DOL s reputation for managing sensitive information.
Therefore, it is necessary that ETA take appropriate measures to protect
the embargoed data and press release and minimize the risk against
unauthorized use and disclosure. By failing to recognize the significance
of the report findings and the need for timely corrective action, ETA is
accepting more risk than is necessary under the circumstances. We believe
that ETA must take immediate corrective action, as recommended in this
report, to improve the security over the UI Weekly Claims Press Release
process.
Report
No. 03-00-011-03-315 (August 21, 2000)
[
Get Complete Report
PDF
] 26 pp. {51
k}
REPORTS BY FISCAL YEAR
[
2000 Reports
]
[ 1999 Reports ]
[ 1998 Reports ]
[ Prior to 1998 ]
GO TO --
[ Audit Process ]
[ Audit Reports ]
[ FOIA ]
[ Staff Listings ]
[
OIG Hotline
]
[ Privacy and Security Statement ]
[ DISCLAIMER ]
Send technical comments to: [ Webmaster@oig.dol.gov. ]
Comments relating to policy, content or style should be directed to:
[
rpts-coordinator@oig.dol.gov
]
[ OA Home Page ]
[ DOL Home Page ]
[ OIG Home Page ]
[
Top of Document
]