Besides NAVSEA, the assessment includes two shipyards and two other activities that provide support services to the command. GAO found inadequate controls over several functions at NAVSEA, the shipyards, and the supporting activities. Specific weaknesses included inadequate controls over payroll at the Navy Regional Finance Center Washington, D.C., and at the Norfolk, Va., and Charleston, S.C., shipyards; poor security over computer facilities and equipment at the Navy Regional Data Automation Center, Washington, D.C., and at the Norfolk and Charleston shipyards; and circumvention of procurement regulations at NAVSEA resulting in over $122,000 spent for unauthorized purchases and leases. GAO believes that a lack of emphasis on internal controls makes the activities of NAVSEA and its supporting facilities vulnerable to fraud, waste, and abuse, and immediate corrective action is required to reduce the risk. GAO recommends that the Secretary of the Navy more vigorously enforce requirements for adequate systems of internal control by (1) emphasizing to managers at all levels the importance of controlling tasks and functions for which managers are responsible and accountable; (2) establishing a central internal control officer to oversee these controls and ensure that each command and major location establish its own officer to see that improvements are made to correct the problems GAO found; and (3) directing all installations to assign an automated data processing security officer, implement a security training program, and restrict access to computer equipment. Agency comments, additional recommendations, tables, footnotes, a list of abbreviations, and a checklist of internal control weaknesses are supplied.