2000 - Audit Report

U.S. Department of Labor
Office of Inspector General
Office of Audit

[ Search ]

THE OFFICE OF FEDERAL CONTRACT COMPLIANCE INFORMATION SYSTEM SECURITY NEEDS IMPROVEMENT

Information obtained from the Internet may not be in the same format as a hard copy obtained from the Office. Depending on the requester, the quantity of information provided may also vary. In order to appeal any deleted information received via the Internet, you must make a formal written request for the same material. Further, some of the audit reports issued prior to FY 1998 may no longer be available. They may have been destroyed in accordance with our records retnetion schedule. However, any request for audit reports or other audit materials should be sent to the OIG, Disclosure Officer, Room S1303, 200 Constitution Avenue, N.W., Washington, D. C. 20210.

Unless otherwise stated, the audit reports provided on this web page reflect the findings of the OIG at the time that the audit report was issued. The auditee may have more current information available as a result of audit resolution activities.

The OIG is using Adobe Acrobat 4.0 to prepare its audit reports for the internet. If you experience problems accessing the PDF files, you may want to download the latest version of the Adobe Acrobat Reader by clicking on the link provided.

[ Link to Acrobat 4.0 Reader ]

Our original audit objective was to determine whether the OFCCP Information System (OFIS) in Region IX had adequate and effective management, operational, and technical security controls in place to prevent unauthorized disclosure or modification of sensitive data, or disruption of critical services of its information systems. Based on the results of our work in Region IX, we expanded our scope to include certain computer security controls at OFCCP headquarters that impacted Region IX security controls. We found that OFCCP needs to improve its security program for the OFIS to better protect the agency's critical systems.

OFCCP had not assigned security responsibility, developed security plans for its major application or properly reauthorized application processing, as outlined in OMB Circular A-130. Although OFCCP headquarters officials told us some effort has been applied to these areas, they did not provide documentation to support the level of effort claimed. A systematically and comprehensively planned adequate, cost-effective security program for the OFIS is necessary to protect OFCCP sensitive mission data from vulnerability.

We recommended that Assistant Secretary for Employment Standards immediately (1) assign OFIS security responsibility to an OFCCP management official, and (2) require OFCCP users of the OFIS to obtain security training. In addition, we recommended that the Assistant Secretary complete the security program development for the OFIS as soon as possible.

Both ESA and OFCCP generally concurred with the recommendations and stated that corrective actions either had been or would be taken. In addition, we issued a separate letter report to the regional director recommending specific action to correct weaknesses within the regional director's purview.
Report No. 09-00-005-04-001, issued September 22, 2000

[ Get Complete Report PDF ] 7 pp. {20 k}

REPORTS BY FISCAL YEAR

[ 2000 Reports ]

[ 1999 Reports ]

[ 1998 Reports ]

[ Prior to 1998 ]

GO TO --

[ Annual Audit Plans ]

[ Audit Process ]

[ Audit Reports ]

[ FOIA ]

[ Semiannual Reports ]