Broadcasting Board of Governors lacks ‘effective information security,’ OIG finds

BBG Watch Commentary

In yet another devastating report, the Office of Inspector General (OIG) for the Broadcasting Board of Governors (BBG) identified the most serious management and performance challenges facing BBG and concluded that:

OIG ON BBG (FY 2017): “In particular, during FY 2017, an external auditor performing the audit on OIG’s behalf and under OIG’s direction found that BBG did not have an effective information security program.”

OIG ON BBG (FY 2017): Additionally, OIG found deficiencies related to information security and management in its inspections of MBN and RFE/RL. OIG’s review of MBN’s IT operating procedures showed they did not contain standards or establish responsibility for any IT operations, nor did they include version control or any evidence that senior management had approved the procedures.11 RFE/RL also lacked formal policy governance for its IT Division.12 Without policy documents establishing standards for IT operations, MBN and RFE/RL effectively had no criteria for measuring success, which creates risks of waste, mismanagement, and inefficiencies in IT operations.

Here are some comments and questions from BBG Watch contributors and readers:

“Shameful.”
 
“Was the IT program the responsibility of Chief Information Officer/Chief Technology Officer, André Mendes?”
 
“Why is he now down at Radio and TV Marti right now in the Office of Cuba Broadcasting (OCB)?”
 
“And the … reply from the BBG CEO John F. Lansing…. Words fail me….”
 
“No accountability. Anywhere. A boat drifting on the sea.”
 
“When will this nightmare end?”

ALSO SEE: Broadcasting Board of Governors Has Significant Cyber Security Deficiencies Year After Year, BBG Watch, November 16, 2017.

 
“Without an effective information security program, BBG is vulnerable to IT-centered attacks and threats. Information security program weaknesses can affect the integrity of financial applications, which increases the risk that sensitive financial information could be accessed by unauthorized individuals or that financial transactions could be altered either accidentally or intentionally. Information security program weaknesses increase the risk that BBG will be unable to report financial data accurately. We have reported weaknesses in IT security controls each year since our audit of BBG’s FY 2013 financial statements.”
 
From: INDEPENDENT AUDITOR’S REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING
To: The Board of Governors and the Inspector General of the Broadcasting Board of Governors, Kearney & Company, November 13, 2017.

 

 
 
 

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Leave a Comment

Your email address will not be published.