skip navigation
  • audit report

Executive summary: Audit of the Commission's management of computer software

March 1999

If you require the entire printed version of the audit report, contact the Office of Inspector General, Federal Election Commission, 999 E Street, NW, Washington, DC 20463 or call Dorothy Maddox-Holland, Special Assistant, phone: (202) 694-1015, fax: (202) 501-8134, or e-mail: dmaddox@fec.gov.


Executive summary

The primary objectives of our audit were to: (1) verify that Commission computer software is in compliance with applicable copyright laws and Commission policies and procedures; (2) determine that adequate policies and procedures are in place to prevent unauthorized software use by Commission employees; and (3) ensure that adequate controls are in place to detect and prevent computer viruses.

The audit field work was conducted between September 1998 and January of 1999. We performed preliminary research, and conducted our unannounced inspection of personal computers (PCs) prior to the start of our field work. In order to achieve our stated objectives, we reviewed documentation, conducted interviews with Commission staff, inspected Commission computers, and contacted external organizations for information related to the audit. Our audit was conducted in accordance with the General Accounting Office's Government Auditing Standards.

Our audit examined the management of computer software programs installed on Commission computers to ensure that software complies with applicable copyright laws and Commission policies and procedures. We generally found that the majority of the software installed on the Commission computers we inspected was in compliance with applicable software copyright laws. However, we did find that unlicensed software was installed on Commission computers. We believe the primary reason the unlicensed software existed is because the Data Systems Development Division (DSDD) does not have an adequate record keeping system to ensure that computer software installed on Commission computers complies with applicable copyright laws. We suggest that DSDD develop an adequate record keeping system to ensure that all software installed on Commission computers complies with copyright laws. The suggestion is contained in the Audit Testing and Results section of this report.

We also reviewed the Federal Election Commission’s (FEC) policies and procedures related to computer software use by employees. The purpose of the review was to determine whether adequate policies and procedures are in place to prevent unauthorized software use by Commission employees. We reviewed the FEC's Directive 58 which contains controls over computer software, and inspected the Computer User Agreements to determine if all employees have signed the agreement to abide by the Commission’s policy on computer software use. We also conducted an unannounced inspection of a sample of Commission computers to determine whether the computer software installed on the PCs was authorized in accordance with Directive 58.

Overall, we believe adequate policies and procedures are in place to prevent unauthorized software use by Commission employees. We provided management with several suggestions for improvement. These are contained in the Audit Testing and Results section of this report. In addition, we intend to provide the results of our unannounced inspection of PCs to employees and management. We will provide a listing to employees and management which includes the unidentified software programs found on the PCs, and request that employees remove any unauthorized software from their computers.

Lastly, we reviewed the FEC's anti-virus software system. In general, the purpose of the review was to verify that the current version of anti-virus software is installed on Commission personal computers (PCs) and laptop computers to prevent and detect computer viruses. We found that the majority of the Commission’s personal computers and laptops have the current version of anti-virus software installed. However, we concluded that controls need to be strengthened to ensure the Commission computers are adequately protected against computer viruses. We recommend that anti-virus software and the current virus data files are installed on all PCs and laptops, and that written procedures are issued which will provide guidelines on ensuring that the Commission's computers are adequately protected from computer viruses. [See the Audit Findings and Recommendations section of this report for more detail]

}