Even though U.S. Immigration and Customs Enforcement took corrective action last year to improve its IT controls, a recent audit (pdf) found the agency still has major deficiencies regarding access controls and configuration management of its financial system.
The audit found seven deficiencies, two of which were repeat findings. The most significant weaknesses, from the auditors’ perspective, were missing user authorization documentation and improper approvals of access.