Departmental Critical Infrastructure Protection
Planning for the Protection of Physical Infrastructure

Report No. 02-01
November 2001
Office of the Inspector General

STATEMENT ON MANAGEMENT CONTROLS

In planning and performing our audit of the Department's management of its planning and assessment activities for protecting its critical physical infrastructure, we considered the Department's management controls for the purpose of determining our auditing procedures. This evaluation was not made for the purpose of providing assurance on the management control structure as a whole; however, we noted certain matters that we consider reportable conditions under generally accepted government auditing standards.

The reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operation of the management control structure that, in our judgment, could adversely affect the Department's ability to effectively manage projects in support of its critical infrastructure protection planning. During our audit, we found the following management control deficiencies.

• The Department has not adequately identified its mission essential infrastructure (see Finding I).

• The Department has not performed vulnerability assessments of its mission essential infrastructure (see Finding II).

• The Department has not developed remedial plans for those mission essential physical assets with vulnerabilities (see Finding III).

Because we are not expressing an opinion on the Department's overall management control structure, this statement is intended for the information and use of the Department in managing its critical infrastructure protection program. This restriction is not intended to limit the distribution of this report, which is a matter of public record.