Department Critical Infrastructure Protection Implementing Plans to Protect Cyber-Based Infrastructure
Report No. 04-05
Office of the Inspector General
In planning and performing our audit of the Department's management of its planning and assessment activities for protecting its critical infrastructure, we considered the Department's management controls for the purpose of determining our auditing procedures. This evaluation was not made for the purpose of providing assurance on the management control structure as a whole; however, we noted certain matters that we consider reportable conditions under Government Auditing Standards.
Reportable conditions involve matters coming to our attention relating to significant deficiencies in the design or operation of the management control structure that, in our judgment, could adversely affect the Department's ability to effectively manage projects in support of its CIP planning. During our audit, we found the following management control deficiencies.
Because we are not expressing an opinion on the Department's overall management control structure, this statement is intended for the information and use of the Department in managing its CIP program. This restriction is not intended to limit the distribution of this report, which is a matter of public record.