(Bloomberg) The U.S. Securities and Exchange Commission, which polices public companies’ financial reports, lacks internal controls over its own accounting, a government watchdog said Thursday.
The SEC in fiscal 2014 didn’t have proper systems in place to account for money the regulator had seized from fraudsters or its inventory of property and equipment, James R. Dalkin, director of the GAO’s office of financial management and assurance, said in a letter to SEC Chair Mary Jo White discussing the findings of an audit.
The GAO also said that the agency—which houses reams of confidential information ranging from investigative documents to data on private funds—was vulnerable to cyberattacks. Of six SEC network devices the GAO reviewed, each had insufficient passwords that were susceptible to guessing.
“An attacker would potentially have an unlimited number of attempts to guess the password and an unlimited amount of time to use the password once it was guessed to gain unauthorized access to SEC systems and data,” Dalkin said in the letter.
As a follow-up to the audit, a report of which was issued in November, the GAO recommended that the SEC improve its systems for maintaining records and strengthen its password configuration to ward off hackers.
In an April 23 letter from White to Dalkin that was attached to the GAO’s report, the SEC chair said the agency is committed to strong financial reporting processes and is working diligently to address the findings. An e-mail to SEC spokesmen wasn’t immediately returned.
—With assistance from Jesse Hamilton in Washington.