[ GRAPHIC ]
[
Search
]
PWBA EFAST GENERAL CONTROLS
Information obtained from the Internet may not be in the same format as a hard
copy obtained from the Office. Depending on the requester, the quantity of
information provided may also vary. In order to appeal any deleted information
received via the Internet, you must make a formal written request for the same
material. Further, some of the audit reports issued prior to FY 1998 may no longer
be available. They may have been destroyed in accordance with our records
retnetion schedule. However, any request for audit reports or other audit materials
should be sent to the OIG, Disclosure Officer, Room S1303, 200 Constitution
Avenue, N.W., Washington, D. C. 20210.
Unless otherwise stated, the audit reports provided on this web page reflect the
findings of the OIG at the time that the audit report was issued. The auditee may
have more current information available as a result of audit resolution activities.
The OIG is using Adobe Acrobat 4.0 to prepare its audit reports for the internet. If
you experience problems accessing the PDF files, you may want to download the latest
version of the Adobe Acrobat Reader by clicking on the link provided.
[
Link to Acrobat 4.0 Reader
] The Employee Retirement Income Security Act of 1974 (ERISA) and
provisions of the Internal Revenue Code assign oversight responsibility for
employee benefit plans to the DOL Pension and Welfare Benefits Administration
(PWBA). These laws also require the plans to submit specific information which
certain Federal agencies utilize to meet their specific oversight and
enforcement responsibilities. The benefit plans meet this reporting requirement
by annually submitting the Form 5500 Series. ERISA plan filers cover 150
million participants and employee benefit plan assets of $4.3 trillion. In
August 2000, PWBA implemented an Electronic Filing Acceptance System (EFAST) to
process the paper and electronic Form 5500 Series filings into
computer-readable format for the purpose of providing the Federal agencies with
accurate and timely data. The OIG conducted an audit to determine if EFAST has general controls to
physically protect filings, prevent unauthorized modification or disclosure of
data, and prevent disruption or denial of critical services. Overall, we
concluded that PWBA management had devoted substantial resources and made
significant progress in developing the necessary security plans, performing
risk assessments and security reviews, and coordinating complex security
requirements. However, EFAST does have security weaknesses which require PWBA
management action. We found improvement is needed in both the implementation and testing of
the EFAST Risk Assessment procedures. The procedures do not cover unprocessed
filings, planned controls were not implemented, and some of those implemented
were not tested. We also found the EFAST Continuity of Operations Plan was not
fully developed and implemented. Accordingly, EFAST lacks an emergency
processing site and does not provide adequate protection for unprocessed Form
5500 Series reports. The fact that the EFAST Information Security Officer has
not received formal training is compounded by the lack of a job description and
written security procedures. As a result of these weaknesses, the EFAST is
operating above the maximum acceptable risk level established by PWBA. PWBA generally concurred with the findings and recommendations. PWBA has
requested and received an engineering change proposal that addressed the
implementation and testing of the EFAST security controls. PWBA also stated it
was on track to strengthen the ISO position and overhaul and test the
Continuity of Operations Plan. (OA Report No. 09-01-001-12-001, issued March 27, 2001)
[ Get Complete Report PDF ]
REPORTS BY FISCAL YEAR
[ 2001 Reports ]
[ 2000 Reports ]
[ 1999 Reports ]
[ 1998 Reports ]
[ Prior to 1998 ]
GO TO --
[ Audit Reports ]
[ FOIA ]
[ Staff Listings ]
[
OIG Hotline
]
[ Privacy and Security Statement ]
[ DISCLAIMER ]
Send technical comments to: [ Webmaster@oig.dol.gov. ]
Comments relating to policy, content or style should be directed to:
[
rpts-coordinator@oig.dol.gov
]
[ OA Home Page ]
[ DOL Home Page ]
[ OIG Home Page ]
[
Top of Document
]