Internal controls for the IT systems the Postal Service uses for financial reporting are properly designed and generally operating effectively, but certain controls could be strengthened to reduce the risk of resources being compromised, the USPS inspector general has said in a redacted report covering fiscal 2013 IT controls.
The IG concluded that database software controls worked well when tested for password security settings and updates. However, opportunities were identified to improve how control owners manage change management policies and job scheduling procedures, and to strengthen administrator access controls for workload scheduling software.
Postal management took action to address eight additional issues identified during the audit, which largely focused on the IT system-level environment processes needed to administer, secure, and monitor key financial systems.
Management agreed to properly document changes to computer command lists and require a password expiration setting for the workload automation software.It also agreed to reiterate to administrators the need to follow control policies in managing critical jobs and script versions; Implement a job scheduling procedure for that documents critical jobs; and, Direct the IT Compliance Management Office to require USPS internal reviewers to directly obtain evidence of password settings.