Return to the USDOJ/OIG Home Page
Return to the Table of Contents

Review of the United States Marshals Service's Prisoner Tracking System

Report No. 04-29
August 2004
Office of the Inspector General

Appendix 3
Federal Information System Controls Audit Manual

Entity-wide Security Program Planning & Management  
Assess risks periodically  
Document an entity-wide security program plan  
Establish a security management structure and clearly assign security responsibilities X
Implement effective security-related personnel policies X
Monitor the security programís effectiveness and make changes as needed  
Access Controls  
Classify information resources according to their criticality and sensitivity  
Maintain a current list of authorized users and ensure that their access is authorized X
Establish physical and logical controls to prevent and detect unauthorized access X
Monitor access, investigate apparent security violations, and take appropriate remedial action  
Application Software Development & Change Control  
Authorize processing features and modifications X
Test and approve all new and revised software  
Control software libraries  
System Software  
Limit access to system software  
Monitor access to and use of system software  
Control system software changes X
Segregation of Duties  
Segregate incompatible duties and establish related policies X
Establish access controls to enforce segregation of duties  
Control personnel activities through formal operating procedures and supervision and review X
Service Continuity  
Assess the criticality and sensitivity of computerized operations and identify supporting resources X
Take steps to prevent and minimize potential damage and interruption X
Develop and document a comprehensive contingency plan  
Test the contingency plan periodically and adjust it as appropriate X

Authorization Controls  
All data are authorized before entering the application system X
Restrict data entry terminals to authorized users for authorized purposes X
Master files and exception reporting help ensure all data are processed and are authorized  
Completeness Controls  
All authorized transactions are entered into and processed by the computer X
Reconciliations are performed to verify data completeness  
Accuracy Controls  
Data entry design features contribute to data accuracy  
Data validation and editing are performed to identify erroneous data  
Erroneous data are captured, reported, investigated, and corrected X
Output reports are reviewed to help maintain data accuracy and validity X
Controls Over Integrity of Processing and Data Files  
Procedures ensure that the current version of production programs and data files are used during processing  
Programs include routines to verify that the proper version of the computer files is used during processing  
Programs include routines for checking internal file header labels before processing  
Mechanisms within the application protect against concurrent file updates X