Report No. 03-25
July 2003
Office of the Inspector General
TABLE OF CONTENTS
EXECUTIVE SUMMARY
BACKGROUND
SENTRY Database System Environment
FINDINGS AND RECOMMENDATIONS
- Authorization Controls (Input)
Supervisory Reviews (Input Process)
Recommendations
Secured/Restricted Terminals (Audit Logs)
Recommendations
Limited Transactions (Access Controls)
Recommendation
- Completeness Controls (Processing)
Computer Matching of Transaction Data
Recommendation
- Accuracy Controls (Output)
- Controls Over Integrity of Processing and Data Files
CONCLUSION
OTHER REPORTABLE MATTER
APPENDICES:
- OBJECTIVES, SCOPE, AND METHODOLOGY
- FEDERAL INFORMATION SYSTEM CONTROL AUDIT MANUAL APPLICATION CONTROL AREAS
- APPLICATION CONTROLS REVIEW GUIDELINES
- SENTRY'S AUTHORIZED USERS LIST
- ABBREVIATIONS
- DESCRIPTION OF SENTRY DATABASE MODULES
- APPLICATION CONTROL CRITERIA
- THE BOP RESPONSE TO THE DRAFT REPORT
- OFFICE OF THE INSPECTOR GENERAL, AUDIT DIVISION, ANALYSIS AND SUMMARY OF ACTIONS NECESSARY TO CLOSE THE REPORT