References: a. ETA Handbook No. 376, Guidelines for Internal Security in UI Operations. b. Unemployment Insurance Program Letter (UIPL) No. 08-97, Risk Analysis Training. c. UIPL No. 12-95, Risk Analysis Project. d. UIPL No. 34-87, Unemployment Insurance (UI) Internal Security Risk Analysis (Vulnerability Assessment). Background: Since fiscal year 1982, the Department of Labor (DOL) has allocated resources for the Internal Security (IS) program. In concert with the IS program, the Employment and Training Administration (ETA) required through UIPLs that State Employment Security Agencies (SESAs) complete a risk analysis of the UI program covering the vulnerability of all UI program operations whenever major system changes occur but not less than once every three years. Risk Analysis is a specific activity to be performed by the Internal Security Unit(ISU). Along with its other IS activities, the ISU is required to perform a risk analysis to determine an economic balance between the impact of risks and the costs of protective measures. In performing a risk analysis, the ISU must identify assets, threats to the system (both program and computer related), vulnerabilities, and cost effective safeguards. Risk Analysis Training: Six UI Risk Analysis training classes have been held. These training classes were attended by National Office and Regional Office personnel, and SESA staff including, internal auditors, information security officers, investigators, and other internal security personnel responsible for risk analysis. User Group Forums: Four two-day risk analysis forums have been scheduled to follow-up and continue the discussions of the risk analysis process, methodology, and RiskWatch software training that began during the fundamental, intermediate and advanced Risk Analysis Training courses. Personnel from SESAs and DOL, who have knowledge of and/or experience conducting risk analyses will participate in round table discussions regarding SESA specific risk analysis issues and concerns. Forum participants will establish the agenda for each forum. Possible discussion topics include: Getting Started -- Development of a Risk Analysis Team -- Risk analysis process and methodology -- RiskWatch software problems and questions -- SESAs who have conducted a risk analysis Forum participants will establish the specific agenda for each forum. -- San Diego, CA - August 17-18, 1998 -- Denver, CO - August 20-21, 1998 -- Atlanta, GA - August 24-25, 1998 -- Boston, MA - August 27-28, 1998 Action Required: All SESA Administrators are requested to: -- a. Consider who will be attending the usergroup forums based on their understanding of the risk analysis process and methodology and participation in completing a risk analysis (full and or partial). -- b. Provide the names, addresses and telephone numbers and which forum the nominee (first and second choice) wishes to attend to: Elaine Shock, 800 Capitol Mall, MIC 78, PO BOX 826880, Sacramento, California 94280, by COB July 10, 1998. -- c. Provide copies of this UIPL to appropriate IS staff and other appropriate personnel.

To preserve the formatting of this document, it has been converted to PDF (Portable Document Format) to retain its original layout.

Click on the link below to view, save, or print out the document.

To preserve the formatting of this document, it has been converted to PDF (Portable Document Format) to retain its original layout.

Click on the link below to view, save, or print out the document.

To preserve the formatting of this document, it has been converted to PDF (Portable Document Format) to retain its original layout.

To preserve the formatting of this document, it has been converted to PDF (Portable Document Format) to retain its original layout.

To preserve the formatting of this document, it has been converted to PDF (Portable Document Format) to retain its original layout.

To preserve the formatting of this document, it has been converted to PDF (Portable Document Format) to retain its original layout.

References: Welfare-to-Work (WtW) Grants Interim Final Rule, 20 CFR 645 (62 Federal Register 61588 (November 18, 1997)) and NOTICE OF OFFICE OF MANAGEMENT AND BUDGET ACTION (OMB NO. 1205-0385), dated April 2, 1998, approving Form Nos. ETA-9068 and ETA-9068-1, in accordance with the Paperwork Reduction Act of 1995. Background: The above referenced documents together with the attached reporting forms and instructions constitute the approved financial reporting requirements for WtW formula and competitive grants. These reporting requirements were approved through September 30, 1998 under OMB emergency approval procedures. OMB approval of WtW reporting requirements for the life of the WtW program will occur before September 30, 1998 under the normal OMB approval process. In order to expedite the reporting process and ease the reporting burden on grantees, ETA is working to provide all WtW grantees with the capability for electronic entry of the data requested on the attached prototype format. Reporting Process: The fields containing the required data elements for assessing the effectiveness of the WtW Program will be provided to the States via the Internet. Each State will be issued an Account/Password which must be keyed into the system to access the menu driven software containing the State's WtW Formula Grant Reporting Format. Specific instructions on the issuance of an Account/Password will be sent directly to the State contact. For each data element, there will be a prompt which will trigger an explanation of the data that is to be entered for that specific element. (The explanation will correspond to the item explanations contained in the attached instructions.) After the data has been entered into the system, it must be reviewed for completeness and accuracy. A designated individual (to be identified per instructions in this TEGL) must then enter a PIN number which will be assigned to the State by ETA. This will certify that the data accurately represents the expenditures and/or participants served for each of the required data elements for the reporting period identified. This will also trigger Regional Office accessibility to the data. After the PIN number has been entered, the data will be in a "holding mode" until the Regional Office has reviewed and released the data to the National Office. When the data is not submitted to the Regional Office by the designated due dates specified in the attached instructions, or the data submitted is incomplete or inaccurate, the Regional Office will contact the State and follow-up as necessary to correct the deficiency. The system will not allow the Regional Office to modify the data entered by the State. Thus, if changes need to be made, per discussions between the State and the Regional Office or if the State initiates a change to previously submitted data, the State will need to modify the original submittal and certify to the accuracy of the modification by entering the assigned PIN number. (When logging into the WtW Reporting System, the State will be provided with an option to enter new quarterly data or to modify data from a previous quarter.) The State is requested to designate at least two individuals who will be involved in WtW reporting. One individual should be the person who will certify that the data is complete and accurate. The other individual should be "hands-on" with data input and knowledgeable of the required data elements. ETA staff will contact the designated individual(s) to provide specific instructions concerning the establishment of an Account/Password and issuance of PIN Numbers will be provided. States are advised to use the most current version of a JAVA enabled browser. Therefore, to the extent that present software is being enhanced, the latest commercially available browser should be utilized.