********************************************************    
                         NOTICE
********************************************************

This document was converted from
WordPerfect to ASCII Text format.

Content from the original version of the document such as
headers, footers, footnotes, endnotes, graphics, and page numbers
will not show up in this text version.

All text attributes such as bold, itallic, underlining, etc. from
the original document will not show up in this text version.

Features of the orginal document layout such as columns, tables,
line and letter spacing, pagination, and margins will not be
preserved in the text version.

If you need the complete document, download the WordPerfect
version.

For information on downloading documents using File Transfer
Protocol(FTP) see the file how2ftp in the following directory
path:
/pub/Bureaus/Miscellaneous/Public_Notices/

*****************************************************************






             OFFICE OF INSPECTOR GENERAL

                                        MEMORANDUM



      DATE:     October 26, 1995 

REPLY TO
 ATTN OF: Acting Inspector General             

 SUBJECT: FY 1996 Audit Plan     

          TO:   Chairman         



The Fiscal Year (FY) 1996 Audit Plan for the Office of Inspector General (OIG) is attached. 
The plan identifies a number of Commission program and operations that have been
scheduled  for audit during FY 1996.

As you are aware, in FY 1995 this office devoted significant resources towards ensuring that
the spectrum auction program was planned and implemented in an effective and efficient
manner.  This office will continue to monitor the auction program and perform audit and
investigative analysis as may be required.

The focus of our planned audit assignments in FY 1996 will be on the highly visible Fee
Collection and Licensing Function and the  Fines and Forfeiture Program.  These programs
represent significant yet diverse functions which reside within the Commission.  With limited
audit resources, the auditors will be required to utilize survey results to select specific
components of these two programs to be subject to the full rigors of an audit.

 In  this time of fiscal constraint, the auditors will examine selected fiscal outlays the
Commission currently experiences.  Examples include telephone usage and credit card
purchases.  Specifically, the OIG will look at the integrity of billing ,validation and
disbursement policies and procedures in these and similar operational areas.  

As the Commission has focused significant resources on automation initiatives in recent
years, the OIG will continue to provide you with an independent and educated analysis as to
the security and integrity of these systems.  Specifically, in FY 1996, the OIG plans to
examine FCC disaster recovery plans and the security over remote dial-in operations as well
as physical, logical and environmental  controls over automated systems.



I would invite your comments regarding this plan.  It is in my opinion extremely ambitious,
yet realistic.  It is my hope that the OIG will continue to continue to assist you in your
efforts to streamline the Commission to best meet the mission critical needs of this agency.



     H. Walker Feaster III

Attachment

cc:  Commissioners
     Chief of Staff
     Managing Director
     Bureau and Office Chiefs    
     
FEDERAL COMMUNICATIONS
COMM                             ISSION

                       OFFICE OF INSPECTOR GENERAL





     


     




      





     ANNUAL AUDIT PLAN

     FISCAL YEAR 1996

     FISCAL YEAR 1996 AUDIT PLAN



1.   Fines and Forfeiture Program

2.   Fees Collection and Licensing Program

3.   Remote Dial-In

4.   Continuity of FCC Network Operations

5.   Physical and Environmental Security Over Automated Systems

6.   Telephone Utilization

7.   Credit Cards

8.   Anti-Lobbying

9.   Selected Components of the Spectrum Auction Program
FINES AND FORFEITURE PROGRAM


REASON FOR SELECTION

The FCC levies fines and forfeitures as stipulated under 47 Code of Federal Regulations
(CFR).  The fines and forfeiture program was last subject to OIG audit in 1991.  Since that
report was issued, significant changes have embraced the  Commission in terms of mission
and structure.  It is likely that these changes have significantly impacted upon the process by
which the Commission levies fines and  forfeitures, addresses motions for reconsideration of
amounts assessed, tracks status of outstanding balances and effects collection.  This audit will
be undertaken in the second half of the fiscal year pending the adoption by the Commission
of  the Report and Order presently being prepared for a vote on the part of  the Chairman
and Commissioners. 

AUDIT OBJECTIVES

The audit will incorporate FY 1994 and FY 1995 data and will include the objectives as
follow.

     o     Identify all categories of fines and forfeitures assessed by the Commission.
     o     Identify basis and consistency employed in determining the amount of fines.
     o     Identify internal mechanism used to track fines and forfeitures assessed and
     form an audit opinion as to system accuracy and integrity. 
     o     Examine timeliness and accuracy  of fines and forfeiture reports issued
external
     to the Commission to include FCC financial statements.
     o     Examine basis and consistency of fine and forfeiture mitigation.
     o     Examine billing and collection policy and procedures.

BENEFITS TO BE DERIVED

The audit will provide the Chairman with an independent and comprehensive analysis of the 
FCC's  fine and forfeiture program.  The FCC utilizes fines and forfeitures as a mechanism
to ensure the compliance of the public with applicable rules and regulations.
 
FEES COLLECTION AND LICENSING          


REASON FOR SELECTION

The FCC assesses, collects and processes significant amounts of fees in return for licensing
spectrum to the public.   Due to the dollars involved, and the high visibility and sensitivity of
the fee collection and related licensing program, this area warrants audit activity.  To date,
the OIG has not performed audit work in this material program area.


AUDIT OBJECTIVES 

The OIG will perform audit survey work on components of the FCC's fees and licensing
within individual Bureaus and Offices.  Survey work will be analyzed and a determination
made as to which fees and related licensing components will be subject to a full audit and the
time frame that will be encompassed.  In general, such audit effort will be directed at
identifying whether records exist which can accurately and in a timely manner match fees
collected to licenses awarded. 

BENEFITS TO BE DERIVED

The Chairman will be provided with an analysis as to the integrity of selected components of
the FCC's fees and licensing program.  Recommendations will be developed as warranted to
address any audit findings which may be derived during the conduct of the audit engagement.
REMOTE DIAL-IN


REASON FOR SELECTION

The FCC has established access to the internal network through remote dial-up connectivity. 
The dial-up capability allows FCC users to access the internal network from remote locations
using laptop or stand-alone personal computers.   While this capability presents the
opportunity for a significant gain in agency productivity, it also presents security issues
which must be considered.

AUDIT OBJECTIVE

This audit will examine and if necessary define an enhanced security posture for the existing
dial-in configuration for pcAnywhere, modem use, and the new GroupWise Remote
application.  An additional objective will be to develop a matrix outlining existing and
recommended system settings, configurations, and policies.

BENEFITS TO BE DERIVED

This audit will assess existing internal controls over the variety of remote dial-in capabilities
currently supported.   As warranted, the OIG will identify to Commission staff 
recommended improvements to the existing controls.CONTINUITY OF FCC NETWORK OPERATIONS 


REASON FOR SELECTION

The FCC continues to enhance and expand it's computer network.  As a result, reliance upon
network availability and the integrity of network services continues to grow.  Therefore, it is
mission critical that the Commission take appropriate steps to ensure that the agency is able
to respond effectively to disasters and other emergency scenarios.

AUDIT OBJECTIVE 

The objective of this audit will be identify whether the FCC has a  Continuity of Operations
Plan (COOP).  If a COOP is in place, the adequacy and currency of the Plan will be
evaluated.  Additionally, the OIG will assess off-site storage controls, training, plan testing
procedures, and plan maintenance procedures.

BENEFITS TO BE DERIVED

Responsible FCC managers and information management personnel will be provided with
results of the OIG's analysis.  As warranted, recommendations designed  to further address
threats to FCC continuity of network operations will be developed.
PHYSICAL AND ENVIRONMENTAL SECURITY OVER AUTOMATED SYSTEMS  


REASON FOR SELECTION

On March 30, 1994, the OIG issued the Report on the Audit of Physical Security of the
Local Area Network.  The report contained seven recommendations for corrective action 
which were developed by the OIG to increase physical and environmental security over
automated systems located at 1919 M Street.  Based upon vulnerabilities identified in this
report,  OIG staff believes that this audit area should be revisited. 

AUDIT OBJECTIVES

The OIG will conduct audit activity to (1) identify whether corrective measures were adopted
by management in response to OIG audit recommendations and, (2) to examine addition
security issues and site locations which did not fall within the scope of the previous audit. 
The overall objective of this audit will be to ensure that the Commission is talking reasonable
measures to support the integrity of FCC automated systems from a physical and
environmental perspective.

BENEFITS TO BE DERIVED

A thorough and  independent review of physical and environmental security over automated
systems will provide responsible officials with insight and potentially recommendations to
better protect network resources.
TELEPHONE UTILIZATION


REASON FOR SELECTION

The OIG has addressed telephone abuse as a component of investigative case analysis. 
However, to date no audit activity has been conducted to ascertain the controls in place to
mitigate the potential for abuse of traditional telephones, cellular phones and fax machines. 
Accordingly, the OIG will initiate audit activity in this area.

AUDIT OBJECTIVES

The OIG will evaluate FCC policy and procedures in place to mitigate the potential for abuse
in this area.  Specifically, the OIG will examine instructions to FCC staff restricting usage to
work related matters and systems in place to monitor compliance with such policy.

BENEFITS TO BE DERIVED

This audit will identify to responsible management officials whether internal controls are
adequate to reduce the risk of employees (or persons on-site but not employed by the FCC) 
abusing their phone and fax privileges.
CREDIT CARDS


REASON FOR SELECTION

The OIG has not performed audit work in this program area since its' implementation. 
Audits conducted within other Federal agencies have identified patterns of credit card abuse
on the part of card holders.  Accordingly, it is appropriate that analysis of credit card usage
be performed within this entity.

AUDIT OBJECTIVES

The objectives of this audit will be to (1) determine whether program controls are effectively
being employed to monitor usage of credit cards and, (2) whether card holders are using the
cards in an appropriate manner.

BENEFITS TO BE DERIVED

This audit will provide responsible management officials with a detailed analysis as to
whether the credit card program is being properly administered.
ANTI-LOBBYING ACT


REASON FOR SELECTION

Section 1352 of Title 31, United States Code (U.S.C.), contains language requiring the
Inspector general of an agency to "prepare and submit the annual report of the agency"
compliance with requirements contained in the Anti-Lobbying Act.  This requirement is to be
addressed on an annual basis.

AUDIT OBJECTIVES

To address the Congressional requirements as defined in 31 U.S.C.  1352, the OIG is
required to prepare an annual evaluation of the agencies compliance with the Anti-Lobbying
Act .

BENEFITS TO BE DERIVED

Compliance with requirements contained in 31 U.S.C.  1352.  Per the Act, the audit report
will be submitted along with the FCC's annual budget justification .
SELECTED COMPONENTS OF THE SPECTRUM AUCTION PROGRAM


REASON FOR SELECTION

The spectrum auction program continues to be a highly visible component of the FCCs
operations.  Spectrum auctions have generated significant revenues for the U.S. Treasury and
received national attention and scrutiny.  The OIG will maintain a presence in this important
program area as auction activity continues into FY 1996.

AUDIT OBJECTIVE

The overall objective is to provide the Chairman and Congress with an independent analysis
of auction activity.  The OIG will perform audit work related to components of the overall
program.

BENEFITS TO BE DERIVED

Through audit and special review reports the OIG will provide timely and independent
information to responsible management officials.