OPIC Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2019

Audit Report
Report Number
A-OPC-20-003-C

We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to conduct an audit of the Overseas Private Investment Corporation’s (OPIC) information security program for fiscal year 2019, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that OPIC generally implemented an effective information security program by implementing 58 of 71 selected security controls for selected information systems, but it also identified some weaknesses. We made four recommendations to further strengthen OPIC’s information security program.

Recommendations

Recommendation 1

Document and implement a process to maintain current and up-to-date
agreements for backup telecommunications.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 2

Implement asset management procedures to include processes for
ensuring information system assets are inventoried on an organization-defined frequency.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 3

Complete the enterprise architecture strategy to be in line with the
Federal enterprise architecture and risk management framework.

Questioned Cost:
$0
Funds For Better Use:
$0
Recommendation 4

Document and implement a process to verify oversight of information
technology-related contractor roles and responsibilities.

Questioned Cost:
$0
Funds For Better Use:
$0