Chief Financial Officer's Letter
Progress in Addressing Challenges
As a Significant Entity included in the Financial Report of the United States Government andgiven the important role PBGC plays in protecting America’s pensions, PBGC is committed to accurate financial reporting and maintaining a strong internal control environment. I am very pleased to report that PBGC has again received an unqualified opinion on its financial statements and on PBGC management’s assertion that PBGC’s internal controls are effective.
As CFO, I place a strong emphasis on internal controls and accountability. The PBGC's Internal Control Committee, which I chair, continued its important role in overseeing key financial reporting controls and controls governing PBGC systems and programs. During the year, management conducted an entity-wide risk assessment, made significant progress in documenting PBGC’s control structure, and subjected key controls to logging, quarterly certification, and testing. A major emphasis for the year was the enhancement of existing documentation relating to controls that help protect the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems In addition, regular monitoring procedures are in place, especially for the recommendations relating to the three significant deficiencies discussed below.
During FY 2008, PBGC made significant progress addressing two of the three significant deficiencies in this year’s internal control report. Although significant progress has been made, additional work is needed to address: (1) developing and implementing its security program management that will enable the completion of an effective entity-wide security management program; (2) continue on its path to mitigate the systemic issues related to access control by strengthening system configurations and user account management for all of PBGC’s information systems; and (3) deficiencies in system configurations and user account management across many of PBGC’s systems.
- PBGC began to design and implement an entity-wide security management program intended to correct security control weaknesses. Plans are in place to implement and complete role-based training across PBGC to effect security policies; assignment of the roles and responsibilities for security by the business units who own the major applications and general support systems; consistent controls to restrict access to information and information systems; completion of the C&A of major applications and general support systems; and central management of plans of actions and milestones to ensure effective and efficient remediation of security issues.
- Regarding access controls, PBGC has adopted a new approach by implementing a comprehensive security management program that should protect against unauthorized modification; disclosure; loss; or impairment of information and information systems. Compared to the past approach of addressing specific access control findings, PBGC management believes the new approach will take some time to implement access controls that are designed to limit, detect, and monitor access to software programs; information; equipment; and facilities.
- Lastly, PBGC deployed the Consolidated Financial Systems (CFS) in FY 2006 that integrated three stand-alone general ledger systems into one web-based application. CFS helped address: (1) security and systems integration issues and (2) compliance with OMB Circular A-127, Financial Management Systems. In 2007, the next step was to implement a new premium system that would be integrated into CFS. Due to cost and scheduling challenges, PBGC management decided to suspend development efforts on the premium system and reevaluate its investment alternatives. To facilitate this effort, PBGC management has started financial management segment architecture programs that employ a structured methodology that will lead to identifying and planning financial technology recommendations for implementation and alternatives analysis for business cases.
Patricia Kelly
Chief Financial Officer
Back to Annual Report Index | Back to WWW.PBGC.GOV | PDF version of PBGC's 2008 Annual Report