US Securities and Exchange Commission ( the SEC )
I have just been reading the SEC annual report
( as one does , do I have a life or what ? ) 
and came to the Auditors report . That is the report on the internal affairs
and management of the SEC by independent Auditors . It is a scream .
I invite you to read some of the Auditors comments below .
Please note that this is not the complete list of criticisms ...... Ross
Quote:
Report of Independent Auditors
Page 63
Extract
Quote:
Furthermore, the financial reporting and analysis database SEC used to prepare its financial statements did not have electronic database logging or an audit trail, and did not have the capability to track login/logout activity and/or other securityrelated events specified by the system’s audit policy such as when records are updated, values are changed, or accounting data are inappropriately altered. Therefore, an individual could gain access and make system changes that would not be detected. During this year’s audit, we discovered a discrepancy between certain general ledger account balances obtained directly from the general ledger system and the balances in SEC’s financial reporting analysis
database. It took SEC several months to identify and fix the cause of this discrepancy.
|
Page 64
Extract
Quote:
• Unauthorized personnel can view, manipulate, or destroy data.
• The general ledger system does not protect the integrity of transmitted information.
• The general ledger system does not enforce a sufficiently restrictive set of rights/privileges or accesses needed by users for the performance of specified tasks.
• Serious unauthorized activity may remain undetected and the general ledger system security log may not be sufficient to support the investigation of a compromised system.
|
2 Billion of activity managed via a spread sheet 
Page 66
Extract
Quote:
SEC’s general ledger system does not capture detailed investment activity and disgorgement and penalty activity at the enforcement case level. SEC tracks transactions related to this activity on a large spreadsheet which is not integrated with the general ledger system. SEC uses the spreadsheet to deconstruct the summary level data in the general ledger to the case level. The ability to have the detailed data at the case level is important in order for SEC to effectively manage its investments, which at September 30, 2009, totaled $2 billion, and the cash amounts attributable to the individual enforcement cases.
However, our work identified several instances of incorrect or incomplete data in the worksheet which could affect SEC’s ability to properly manage its investments and cash balances
|
|
The full SEC report and Auditors report can be found at ....
http://www.sec.gov/about/secpar/secp...pdf#2009review
The SEC is a dogs breakfast .
Linear Mode
