We contracted with the independent certified public accounting firm of CliftonLarsonAllen LLP (CLA) to conduct an audit of the Overseas Private Investment Corporation’s (OPIC) information security program for fiscal year 2019, as required by the Federal Information Security Modernization Act of 2014 (FISMA). The audit firm concluded that OPIC generally implemented an effective information security program by implementing 58 of 71 selected security controls for selected information systems, but it also identified some weaknesses. We made four recommendations to further strengthen OPIC’s information security program.
OPIC Has Generally Implemented Controls in Support of FISMA for Fiscal Year 2019
Document and implement a process to maintain current and up-to-date
agreements for backup telecommunications.
Implement asset management procedures to include processes for
ensuring information system assets are inventoried on an organization-defined frequency.
Complete the enterprise architecture strategy to be in line with the
Federal enterprise architecture and risk management framework.
Document and implement a process to verify oversight of information
technology-related contractor roles and responsibilities.