(Bloomberg) The U.S. Securities and Exchange Commission, which polices public companies’ financial reports, lacks internal controls over its own accounting, a government watchdog said Thursday.

The SEC in fiscal 2014 didn’t have proper systems in place to account for money the regulator had seized from fraudsters or its inventory of property and equipment, James R. Dalkin, director of the GAO’s office of financial management and assurance, said in a letter to SEC Chair Mary Jo White discussing the findings of an audit.

The GAO also said that the agency—which houses reams of confidential information ranging from investigative documents to data on private funds—was vulnerable to cyberattacks. Of six SEC network devices the GAO reviewed, each had insufficient passwords that were susceptible to guessing.

“An attacker would potentially have an unlimited number of attempts to guess the password and an unlimited amount of time to use the password once it was guessed to gain unauthorized access to SEC systems and data,” Dalkin said in the letter.

As a follow-up to the audit, a report of which was issued in November, the GAO recommended that the SEC improve its systems for maintaining records and strengthen its password configuration to ward off hackers.

In an April 23 letter from White to Dalkin that was attached to the GAO’s report, the SEC chair said the agency is committed to strong financial reporting processes and is working diligently to address the findings. An e-mail to SEC spokesmen wasn’t immediately returned.

—With assistance from Jesse Hamilton in Washington.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access