USPTO Performance and Accountability Report - U.S. Patent and ...

More documents

Recommendations

Info

120 INDEPENDENT AUDITORS’ REPORT United States Patent and Trademark Office Independent Auditors’ Report November 7, 2012 Page 5 of 7 This report is intended solely for the information and use of the USPTO’s management, the U.S. Department of Commerce management and the U.S. Department of Commerce Office of Inspector General and is not intended to be and should not be used by anyone other than these specified parties. November November 7, 2012 PERFORMANCE AND ACCOUNTABILITY REPORT: FISCAL YEAR 2012
United States Patent and Trademark Office Independent Auditors’ Report United States Patent and Trademark Office November 7, 2012 Independent Auditors’ Report Page 6 of 7 November 7, 2012 Page 6 of 7 Exhibit I – Significant Deficiency INDEPENDENT AUDITORS’ REPORT Exhibit I – Significant Deficiency Information Technology Access and Configuration Management Controls Need Improvement Information The U.S. Technology Department of Access Commerce and Configuration (Commerce) Office Management of Inspector Controls General Need (OIG), Improvement and departmental selfassessments identified weaknesses in USPTO’s information technology (IT) and financial systems controls The U.S. for several Department years. of During Commerce fiscal (Commerce) year 2012 new Office deficiencies of Inspector were General identified (OIG), that and require departmental management’s selfassessments attention. identified weaknesses in USPTO’s information technology (IT) and financial systems controls for several years. During fiscal year 2012 new deficiencies were identified that require management’s Our fiscal year 2012 IT assessment, using the Government Accountability Office’s (GAO’s) Federal attention. Information System Controls Audit Manual (FISCAM), was focused on the IT general controls over Our USPTO’s fiscal yearmajor 2012 financial IT assessment, management usingsystems the Government and supporting Accountability network infrastructure. Office’s (GAO’s) The IT Federal general Information controls System that we Controls consider Audit collectively Manual to (FISCAM), be a significant was deficiency focused on under the the IT general standards controls issued by over the USPTO’s American major Institute financial of Certified management Public systems Accountants and are supporting as follows: network infrastructure. The IT general controls � Access that we controls. consider In collectively close concert to be with a significant an organization’s deficiency security under management, the standards access issued controls by the for American general Institute support of Certified systems Public and applications Accountants should are as provide follows: reasonable assurance that computer resources � Access such controls. as data files, In close application concert programs, with an organization’s and computer-related security facilities management, and equipment access controls are protected for general against support unauthorized systems and modification, applications disclosure, should provide loss, or reasonable impairment. assurance Access controls that computer are facilitated resources by an such organization’s as data files, entity-wide application security programs, program. and computer-related Such controls include facilities physical and equipment controls, such are protected as keeping against computers unauthorized in locked modification, rooms to disclosure, limit physical loss, access, or impairment. and logical Access controls, controls such are as facilitated security software by an organization’s programs designed entity-wide to security prevent program. or detect Such unauthorized controls access include to physical sensitive controls, files. Inadequate such as keeping access computers controls in diminish locked rooms the reliability to limit physical of computerized access, and data logical and controls, increase such the risk as security of destruction software or programs inappropriate designed disclosure to prevent of information. or detect unauthorized access to sensitive files. Inadequate access controls The objectives diminish of the limiting reliability access of are computerized to ensure that data users and have increase only the the access risk needed of destruction to perform their or inappropriate duties; that disclosure access of to information. sensitive resources, such as security software programs, is limited to few The objectives individuals; of and limiting that employees access are are to restricted ensure that from users performing have only incompatible the access functions needed to or perform duties beyond their duties; their that responsibility. access to sensitive This is reiterated resources, by Federal such as guidelines. security software For example, programs, Office is of limited Management to few and Budget (OMB) Circular No. A-130 and the supporting National Institute of Standards and Technology individuals; and that employees are restricted from performing incompatible functions or duties beyond (NIST) publications provide guidance related to the maintenance of technical access controls. In their responsibility. This is reiterated by Federal guidelines. For example, Office of Management and addition, the Commerce IT Security Program Policy contains many requirements for operating Budget (OMB) Circular No. A-130 and the supporting National Institute of Standards and Technology Commerce IT devices in a secure manner. (NIST) publications provide guidance related to the maintenance of technical access controls. In addition, During the fiscal Commerce year 2012, IT we Security noted that Program access controls Policy should contains be improved many requirements by USPTO, for primarily operating in the Commerce areas of: IT (1) devices managing in a secure user accounts manner. to appropriately disable and recertify network, financial system, database and operating system accounts, (2) improving logical controls over financial applications and During database fiscal year system 2012, access, we noted (3) that ensuring access compliance controls should with be audit improved log review by USPTO, requirements, primarily and in the (4) areas preventing of: (1) managing the use of user shared accounts database to appropriately and operating disable system accounts and recertify and passwords. network, financial We recognize system, that database USPTO and has operating certain system compensating accounts, controls (2) improving in place to logical help reduce controls the over risk of financial the identified applications weaknesses, and database and we system have considered access, (3) such ensuring compensating compliance controls with as part audit of our log USPTO review financial requirements, statement and audit. (4) preventing the use of shared database and operating system accounts and passwords. We recognize that USPTO � Configuration has certain compensating management. controls Configuration in place management to help reduce involves the risk the of identification the identified and weaknesses, management and we of security have considered features for such all compensating hardware, software, controls and as firmware part of our components USPTO financial of an information statement system audit. at a given point and systematically controls configuration changes throughout the system’s life cycle. � Configuration Establishing management. controls over modifications Configuration to management information involves system components the identification and related and management documentation of security helps to features ensure for that all only hardware, authorized software, systems and and firmware related program components modifications of an information are implemented. system at This a given is point accomplished and systematically by instituting controls policies, configuration procedures, and changes techniques throughout to ensure the that system’s hardware, life software cycle. Establishing controls over modifications to information system components and related documentation helps to ensure that only authorized systems and related program modifications are implemented. This is accomplished by instituting policies, procedures, and techniques to ensure that hardware, software www.uspto.gov 121
Page 1 and 2:
uspto Performance and Accountabilit
Page 3:
Table of Contents Message from the
Page 6 and 7:
4 MESSAGE FROM THE UNDER SECRETARY
Page 9 and 10:
Management's Discussion and Analysi
Page 11 and 12:
the Patent Public Advisory Committe
Page 13 and 14:
America Invents Act President Obama
Page 15 and 16:
There are 11 Strategic Plan perform
Page 17 and 18:
What is a patent? A patent is an in
Page 19 and 20:
Strategic Goal 1: Optimize Patent Q
Page 21 and 22:
OBJECTIVE 2: Increase patent applic
Page 23 and 24:
FIGURE 8 Cumulative Total PPH Filin
Page 25 and 26:
measure. Note that FY 2011 was the
Page 27 and 28:
E-petitions allow applicants to obt
Page 29 and 30:
What is a trademark or service mark
Page 31 and 32:
Strategic Goal 2: Optimize Trademar
Page 33 and 34:
TABLE 13 Measure: Trademark Final C
Page 35 and 36:
was formed to work with applicants
Page 37 and 38:
What is the role of the USPTO and i
Page 39 and 40:
Strategic Goal 3: Provide Domestic
Page 41 and 42:
the number of highly-qualified pate
Page 43 and 44:
Improving Efficiency and Cooperatio
Page 45 and 46:
Providing Policy Advice and Experti
Page 47:
What is management’s focus on max
Page 50 and 51:
48 MANAGEMENT’S DISCUSSION AND AN
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
56 Management Challenges and What
Page 60 and 61:
Page 62 and 63:
60 Accompanying Information Perform
Page 64 and 65:
62 Management Assurances and Compli
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
68 Financial Discussion and Analysi
Page 72 and 73: 70 MANAGEMENT’S DISCUSSION AND AN
Page 84 and 85: 82 Message from the Chief Financial
Page 86 and 87: 84 Principal Financial Statements a
Page 88 and 89: 86 FINANCIAL SECTION United States
Page 94 and 95: 92 FINANCIAL SECTION NOTE 1. Summar
Page 96 and 97: 94 FINANCIAL SECTION NOTE 1. Summar
Page 98 and 99: 96 FINANCIAL SECTION NOTE 3. Accoun
Page 100 and 101: 98 FINANCIAL SECTION NOTE 7. Entity
Page 102 and 103: 100 FINANCIAL SECTION NOTE 10. Actu
Page 104 and 105: 102 FINANCIAL SECTION NOTE 14. Earm
Page 106 and 107: 104 FINANCIAL SECTION NOTE 15. Intr
Page 108 and 109: 106 FINANCIAL SECTION NOTE 16. Prog
Page 110 and 111: 108 FINANCIAL SECTION NOTE 17. Prog
Page 112 and 113: 110 FINANCIAL SECTION NOTE 19. Inci
Page 114 and 115: 112 FINANCIAL SECTION NOTE 21. Reco
Page 116 and 117: 114 INDEPENDENT AUDITORS’ REPORT
Page 126 and 127: 124 Inspector General’s Top Sched
Page 128 and 129: 126 OTHER ACCOMPANYING INFORMATION
Page 168 and 169: 166 Summary of Financial Statement
Page 172 and 173:
170 OTHER ACCOMPANYING INFORMATION
Page 174 and 175:
Page 176 and 177:
174 FY 2012 USPTO Workload Tables I
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
182 TABLE 9 UNITED STATES PATENT AP
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
206 Glossary of Acronyms and Abbrev
Page 210 and 211:
208 GLOSSARY OF ACRONYMS AND ABBREV
Page 212:
United States Patent and Trademark
show all

USPTO Performance and Accountability Report - U.S. Patent and ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?