Quality Control Review of an Independent Auditor’s Report on the Surface Transportation Board’s Information Security Program and Practices

The Federal Information Security Modernization Act of 2014 (FISMA) requires agencies to implement information security programs. FISMA also requires agencies to have annual independent evaluations performed to determine the effectiveness of their programs and report the results of these reviews to the Office of Management and Budget. To meet this requirement, the Surface Transportation Board (STB) requested that the Office of Inspector General (OIG) perform its fiscal year 2018 FISMA review. OIG contracted with Williams Adley & Company DC LLP (Williams Adley), an independent public accounting firm, to conduct this audit subject to OIG oversight. The audit objective was to determine the effectiveness of STB’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover. Williams Adley found that STB’s information security program and practices were not effective. Williams Adley made seven recommendations to improve STB’s information security program and practices and STB concurred with the recommendations. OIG performed a quality control review (QCR) of Williams Adley’s report and related documentation. The QCR disclosed no instances in which Williams Adley did not comply, in all material respects, with generally accepted Government auditing standards.

• Record URL:
  https://www.oig.dot.gov/sites/default/files/QCR%20of%20Surface%20Transportation%20Board%20FISMA%5E10-24-18.pdf
• Corporate Authors:

  Department of Transportation

  Office of Inspector General, 1200 New Jersey Avenue, SE
  Washington, DC  United States  20590
• Publication Date: 2018-10-24

Language

• English

Media Info

• Media Type: Digital/other
• Features: Appendices; References; Tables;
• Pagination: 40p

Subject/Index Terms

• TRT Terms: Computer security; Data protection; Evaluation and assessment; Recommendations; Risk management
• Identifier Terms: Federal Information Security Management Act of 2002; U.S. Surface Transportation Board
• Subject Areas: Data and Information Technology; Security and Emergencies; Transportation (General);

Filing Info

• Accession Number: 01686347
• Record Type: Publication
• Report/Paper Numbers: QC2019001
• Files: TRIS, ATRI, USDOT
• Created Date: Nov 26 2018 10:03AM