Quality Control Review of the Independent Auditor’s Report on the Assessment of DOT’s Information Security Program and Practices

This report presents the results of the U.S. Office of Inspector General's (OIG's) quality control review (QCR) of an audit of the Department of Transportation’s (DOT) information security program and practices. The Federal Information Security Modernization Act (FISMA) requires agencies to develop, implement, and document agency–wide information security programs and practices. FISMA also requires inspectors general to conduct annual reviews of their agencies’ information security programs and report the results to the Office of Management and Budget. To meet this requirement, OIG contracted with CliftonLarsonAllen LLP (CLA) to conduct this audit subject to OIG oversight. The audit objective was to determine the effectiveness of DOT’s information security program and practices in five function areas—Identify, Protect, Detect, Respond, and Recover. OIG performed a quality control review (QCR) of CLA’s report and related documentation. The QCR disclosed no instances in which CLA did not comply, in all material respects, with generally accepted Government auditing standards. CLA found that DOT has, for the most part, formalized and documented its policies, procedures, and strategies; however, DOT continues to face significant challenges in the consistent implementation of its information security program across the Department. In addition, controls need to be applied in a comprehensive manner to information systems across DOT in order to be considered consistent and fully effective by achieving at least a rating of Level 4, Managed and Measurable. CLA made 18 recommendations to help the Department address challenges in its development of a mature and effective information security program. DOT concurs with recommendations 1, 3 through 15, and 17 and 18 and partially concurs with recommendations 2 and 16. CLA considers all 18 recommendations resolved but open pending completion of planned actions.

Language

  • English

Media Info

  • Media Type: Digital/other
  • Features: Appendices; References; Tables;
  • Pagination: 62p

Subject/Index Terms

Filing Info

  • Accession Number: 01759357
  • Record Type: Publication
  • Report/Paper Numbers: QC2021003
  • Files: TRIS, ATRI, USDOT
  • Created Date: Nov 10 2020 8:49AM