Select Application Controls Review of the Federal Bureau of Prisons's Sentry Database System

Report No. 03-25
July 2003
Office of the Inspector General

TABLE OF CONTENTS

EXECUTIVE SUMMARY

BACKGROUND
        SENTRY Database System Environment

FINDINGS AND RECOMMENDATIONS

  1. Authorization Controls (Input) Supervisory Reviews (Input Process)
    Recommendations
    Secured/Restricted Terminals (Audit Logs)
    Recommendations
    Limited Transactions (Access Controls)
    Recommendation

  2. Completeness Controls (Processing) Computer Matching of Transaction Data
    Recommendation

  3. Accuracy Controls (Output)

  4. Controls Over Integrity of Processing and Data Files

CONCLUSION

OTHER REPORTABLE MATTER

APPENDICES:

  1. OBJECTIVES, SCOPE, AND METHODOLOGY

  2. FEDERAL INFORMATION SYSTEM CONTROL AUDIT MANUAL APPLICATION CONTROL AREAS

  3. APPLICATION CONTROLS REVIEW GUIDELINES

  4. SENTRY'S AUTHORIZED USERS LIST

  5. ABBREVIATIONS

  6. DESCRIPTION OF SENTRY DATABASE MODULES

  7. APPLICATION CONTROL CRITERIA

  8. THE BOP RESPONSE TO THE DRAFT REPORT

  9. OFFICE OF THE INSPECTOR GENERAL, AUDIT DIVISION, ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT