University System of Maryland University of Maryland Biotechnology Institute
|
|
- Phebe Wright
- 8 years ago
- Views:
Transcription
1 Audit Report University System of Maryland University of Maryland Biotechnology Institute August 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
2 This report and any related follow-up correspondence are available to the public through the Office of Legislative Audits at 301 West Preston Street, Room 1202, Baltimore, Maryland The Office may be contacted by telephone at , , or Electronic copies of our audit reports can be viewed or downloaded from our website at Alternate formats may be requested through the Maryland Relay Service at The Department of Legislative Services Office of the Executive Director, 90 State Circle, Annapolis, Maryland can also assist you in obtaining copies of our reports and related correspondence. The Department may be contacted by telephone at or
3 August 28, 2006 Senator Nathaniel J. McFadden, Co-Chair, Joint Audit Committee Delegate Charles E. Barkley, Co-Chair, Joint Audit Committee Members of Joint Audit Committee Annapolis, Maryland Ladies and Gentlemen: We have audited the University System of Maryland University of Maryland Biotechnology Institute (UMBI) for the period beginning February 14, 2003 and ending February 2, Our audit disclosed that procedural and internal control deficiencies existed in the areas of grant receivables, computer security, and cash receipts. For example, UMBI s computer network, which supports technical research and development, was not adequately secured from external exposures. Respectfully submitted, Bruce A. Myers, CPA Legislative Auditor
4 2
5 Table of Contents Background Information 4 Agency Responsibilities 4 Current Status of Findings From Preceding Audit Report 4 Findings and Recommendations 5 Grants * Finding 1 Adequate Collection Efforts Were Not Performed for 5 Certain Delinquent Grant Reimbursement Requests Information Systems Security and Control Finding 2 Disaster Recovery Plans Did Not Exist or Were Not Sufficient 6 * Finding 3 UMBI s Network Was Not Adequately Secured 6 Finding 4 Controls For Network Authentication Were Inadequate 7 Cash Receipts Finding 5 Collections Received at Two Locations Were Not 8 Transferred Timely for Deposit Audit Scope, Objectives, and Methodology 9 Agency Response Appendix * Denotes item repeated in full or part from preceding audit report 3
6 Agency Responsibilities Background Information The University of Maryland Biotechnology Institute (UMBI) is a non-degree granting institution whose primary purpose is to foster intense scientific research of biotechnology and its application with regard to human health, marine environment, agriculture, and protein engineering/structural biology. Additionally, UMBI trains graduate and post-doctoral students from various University System of Maryland campuses. In order to accomplish its purpose, UMBI operates five independent but interactive research centers: the Center for Advanced Research in Biotechnology, located in Montgomery County; the Center for Biosystems Research, located in College Park; and the Center for Marine Biotechnology, the Institute for Human Virology, and the Medical Biotechnology Center, all located in Baltimore City. The central administrative office for UMBI is also located in Baltimore City at the Christopher Columbus Center. According to the State s accounting records, fiscal year 2005 revenues totaled approximately $55.7 million, which included a State general fund appropriation of approximately $15 million. Current Status of Findings From Preceding Audit Report Our audit included a review to determine the current status of the eight findings contained in our preceding audit report dated August 20, We determined that UMBI satisfactorily addressed six of these findings. The remaining two findings are repeated in this report. 4
7 Findings and Recommendations Grants Finding 1 UMBI did not make an adequate effort to collect delinquent accounts related to certain outstanding grant reimbursement requests. Analysis Adequate collection efforts were not performed for delinquent accounts related to certain unpaid grant reimbursement requests. Specifically, written payment demands had not been sent to the grantors at predetermined intervals for these accounts as required by the State s Central Collection Unit (CCU). Our test of 10 delinquent grant accounts totaling approximately $401,000 disclosed that UMBI sent collection notices for these accounts 37 days to 108 days later than required. CCU requires State agencies to issue collection notices for past due accounts within 30 days of the date of the original invoice. According to its records, receivables due UMBI from grantors totaled approximately $4 million as of February 17, 2006, including approximately $1.1 million that had been outstanding for more than 90 days. A similar condition was commented upon in our two preceding audit reports. Recommendation 1 We again recommend that UMBI comply with CCU regulations related to the collection efforts of unpaid accounts. Information Systems Security and Control Background UMBI was created for intensive technical research and development in biotechnology, and is composed of a headquarters unit and five research centers. Each research center is responsible for information technology acquisitions and processing in support of each center s research efforts. This environment includes an extensive wide area network that provides Internet connectivity and connections to a substantial number of servers and workstations. Firewalls and intrusion prevention systems were installed at all but one of the UMBI locations. 5
8 Finding 2 Information technology disaster recovery plans did not exist or were insufficient. Analysis Four of the research centers did not have disaster recovery plans for recovering from disaster scenarios (for example, a fire). Furthermore, UMBI did not have comprehensive information technology disaster recovery plans for its headquarters unit and the Center for Advanced Research in Biotechnology. Specifically, the plans for these two locations did not adequately address certain requirements of the Department of Budget and Management s (DBM) IT Disaster Recovery Guidelines, such as employee contact information, specific assignment of staff roles and responsibilities, and equipment replacement. Without complete disaster recovery plans, a disaster could cause significant delays (for an undetermined period of time) in restoring operations above and beyond the expected delays that would exist in a planned recovery scenario. Recommendation 2 We recommend that, in accordance with the aforementioned IT Disaster Recovery Guidelines, UMBI develop and implement comprehensive information systems disaster recovery plans, which cover all critical functions, at its headquarters unit and five research centers. Finding 3 UMBI s internal computer network was not adequately secured. Analysis Adequate security measures had not been established to protect UMBI s internal computer network from external threats: Numerous publicly accessible servers were located on UMBI s internal network rather than being placed in a neutral network zone. Publicly accessible servers should be placed in a neutral network zone, separate from the internal network, to enhance protection of sensitive data and systems on the internal network. We were advised that, in some cases, UMBI employees had placed publicly accessible servers on the internal network to facilitate public access to research information without the awareness or authorization of management of UMBI s Office of Information Systems. Also, UMBI did 6
9 not have a security policy regarding the implementation of publicly accessible servers on the internal network. DBM s Information Technology Security Policy and Standards require that all publicly accessible servers be placed in a neutral network zone. The UMBI Center for Biosystems Research (CBR) is located on the University of Maryland College Park (UMCP) campus. The CBR local network was connected to both the UMBI and UMCP internal networks without use of a firewall and intrusion detection/prevention system to protect CBR and the remainder of UMBI from security risks associated with the UMCP network. For the one firewall that we reviewed, firewall rules were not configured to adequately secure connections between UMBI s internal network and the Internet. Accordingly, critical information was susceptible to attack, which could result in a loss of data integrity or the destruction of critical files. A similar situation was commented upon in our preceding audit report. UMBI did not optimally configure the intrusion prevention systems installed on its network and did not adequately monitor these systems. Intrusion prevention systems gather and analyze network traffic to identify potential network security breaches and attacks. Furthermore, such systems can block inappropriate traffic and alert network administrators to these situations. Recommendation 3 We recommend that UMBI take the necessary actions to improve network security to protect its network. We made detailed recommendations to UMBI which, if implemented, should provide adequate security over its internal network. Finding 4 Controls for network authentication were inadequate. Analysis The controls for network authentication were inadequate. For example, passwords were set to never expire and accounts were not locked out after a defined number of failed logon attempts. Accordingly, the control settings for 7
10 accounts and passwords did not comply with the University System of Maryland s (USM) Guidelines in Response to the State Information Technology Security Policy and Standards. Recommendation 4 We recommend that UMBI comply with account and password requirements of the aforementioned USM Guidelines in Response to the State Information Technology Security Policy and Standards. Cash Receipts Finding 5 Cash receipts collected at two of UMBI s locations were not transferred timely for deposit. Analysis Cash receipts collected by two UMBI s operating units were not transferred to the University of Maryland, College Park for deposit in a timely manner. Our test of 26 receipts, totaling $683,062, collected by these units disclosed that 21 receipts, totaling $440,683, were not transferred for deposit for periods ranging from 3 to 15 business days after the dates of collection. The Comptroller of the Treasury s Accounting Procedures Manual requires that cash receipts be deposited no later than the first business day after the day of receipt. Failure to transfer cash receipts for deposit in a timely manner increases the possibility of misappropriation and results in a loss of investment income. During calendar year 2005, UMBI s cash receipts totaled approximately $6 million, of which approximately $5.7 million was received by these two units. Recommendation 5 We recommend that UMBI transfer all cash receipts for deposit in a timely manner as required by the Comptroller of the Treasury. 8
11 Audit Scope, Objectives, and Methodology We have audited the University System of Maryland (USM) University of Maryland Biotechnology Institute (UMBI) for the period beginning for the period beginning February 14, 2003 and ending February 2, The audit was conducted in accordance with generally accepted government auditing standards. As prescribed by State Government Article, Section of the Annotated Code of Maryland, the objectives of this audit were to examine UMBI s financial transactions, records, and internal control, and to evaluate its compliance with applicable State laws, rules, and regulations. We also determined the current status of the findings included in our preceding audit report. In planning and conducting our audit, we focused on the major financial-related areas of operations based on assessments of materiality and risk. Our audit procedures included inquiries of appropriate personnel, inspections of documents and records, and observations of UMBI s operations. We also tested transactions and performed other auditing procedures that we considered necessary to achieve our objectives. Data provided in this report for background or informational purposes were deemed reasonable, but were not independently verified. Our audit did not include certain support services, such as processing vendor payment transmittals and depositing cash receipts, provided to UMBI by the University of Maryland, Baltimore, and University of Maryland, College Park. These support services are included within the scope of our audits of these System units. In addition, we did not audit UMBI s federal financial assistance programs for compliance with federal laws and regulations because the State of Maryland engaged an independent accounting firm to annually audit such programs administered by State agencies, including the components of the USM. Our audit scope was limited with respect to UMBI s cash transactions because the Office of the State Treasurer was unable to reconcile the State s main bank accounts during the audit period. Due to this condition, we were unable to determine, with reasonable assurance, that all UMBI cash transactions were accounted for and properly recorded on the related State accounting records as well as the banks records. UMBI s management is responsible for establishing and maintaining effective internal control. Internal control is a process designed to provide reasonable assurance that objectives pertaining to the reliability of financial records, 9
12 effectiveness and efficiency of operations including safeguarding of assets, and compliance with applicable laws, rules, and regulations are achieved. Because of inherent limitations in internal control, errors or fraud may nevertheless occur and not be detected. Also, projections of any evaluation of internal control to future periods are subject to the risk that conditions may change or compliance with policies and procedures may deteriorate. Our reports are designed to assist the Maryland General Assembly in exercising its legislative oversight function and to provide constructive recommendations for improving State operations. As a result, our reports generally do not address activities we reviewed that are functioning properly. This report includes findings relating to conditions that we consider to be significant deficiencies in the design or operation of internal control that could adversely affect UMBI s ability to maintain reliable financial records, operate effectively and efficiently, and/or comply with applicable laws, rules, and regulations. Our report also includes findings regarding significant instances of noncompliance with applicable laws, rules, or regulations. Other less significant findings were communicated to UMBI that did not warrant inclusion in this report. The response from the USM Office, on behalf of UMBI, to our findings and recommendations is included as an appendix to this report. As prescribed in the State Government Article, Section of the Annotated Code of Maryland, we will advise USM regarding the results of our review of its response. 10
13
14 Grants RESPONSE TO THE LEGISLATIVE AUDIT REPORT UNIVERSITY SYSTEM OF MARYLAND UNIVERSITY OF MARYLAND BIOTECHNOLOGY INSTITUTE FOR THE PERIOD FEBRUARY 14, 2003 FEBRUARY 2, 2006 Findings and Recommendations Finding 1 UMBI did not make an adequate effort to collect delinquent accounts related to certain outstanding grant reimbursement requests. Recommendation 1 We again recommend that UMBI comply with CCU regulations related to the collection efforts of unpaid accounts. Response 1 As was documented by the auditors, the sample accounts were all selected within a timeframe when our contract and grant accountant was on medical leave. This situation left us with only one staff person to handle more than $25M in grant expenditure activity for this time period. It is our procedure to issue dunning notices at 30 day intervals past the original invoice date, and this process did resume within a reasonable time of the contract and grant accountant returning to work, and continues to be followed to date. Information Systems Security and Control Finding 2 Information technology disaster recovery plans did not exist or were insufficient. Recommendation 2 We recommend that, in accordance with the aforementioned IT Disaster Recovery Guidelines, UMBI develop and implement comprehensive information systems disaster recovery plans, which cover all critical functions, at its headquarters unit and five research centers. Response 2 The OIS headquarters unit has developed and implemented a disaster recovery environment which addresses ALL of the services provided by the unit and not just critical systems. The written plan will be enhanced to
15 RESPONSE TO THE LEGISLATIVE AUDIT REPORT UNIVERSITY SYSTEM OF MARYLAND UNIVERSITY OF MARYLAND BIOTECHNOLOGY INSTITUTE FOR THE PERIOD FEBRUARY 14, 2003 FEBRUARY 2, 2006 comply with the University System of Maryland Guidelines in Response to the State IT Security Policy, dated April Centers which had no plan or had components of the plan needing improvement will develop and document plans by December, Finding 3 UMBI s internal computer network was not adequately secured. Recommendation 3 We recommend that UMBI take the necessary actions to improve network security to protect its network. We made detailed recommendations to UMBI which, if implemented, should provide adequate security over its internal network. Response 3 Publicly Accessible Servers: UMBI agrees that it s internal computer network must be protected from external threats and has in fact gone to great lengths to ensure that it is secure. However, placing publicly available information in a neutral network zone, as suggested by the auditors, will either make such information less secure or require an unnecessary, costly and burdensome level of redundant security systems. UMBI has in fact placed great emphasis on protecting all information, including that information accessible to the public, as we deem making information accessible remotely an important part of our mission. Yet we do so in a way that while not in strict accordance with State guidelines, using the flexibility explicitly allowed for per USM policy, achieves the same functional compatibility with State guidelines required by USM policies. The mere presence of information accessible to the public within UMBI s internal network does not create an unacceptable security risk. Unauthenticated access to UMBI information is only available via the Web for viewing purposes and UMBI has protection systems to prevent this information from being modified or manipulated. Access to all other data requires additional layers of security which are time-proven and state-of-theart methods to ensure an appropriate level of protection. Due to UMBI s mission as a research institution much information is required to be remotely (i.e., publicly) accessible, and we feel that all
16 RESPONSE TO THE LEGISLATIVE AUDIT REPORT UNIVERSITY SYSTEM OF MARYLAND UNIVERSITY OF MARYLAND BIOTECHNOLOGY INSTITUTE FOR THE PERIOD FEBRUARY 14, 2003 FEBRUARY 2, 2006 information requires a great degree of protection. One reason is because UMBI faculty and staff regularly need to access services from all of our servers from remote locations due to their extensive travel and collaborations with researchers. Along the same lines, often research collaborators also must be able to access data remotely. In cases where the data are of a proprietary nature, authenticated access and other appropriate methods are used to ensure that only those persons authorized to access the data can do so. UMBI has no financial, personnel, student nor patient data on any UMBI publicly accessible servers. UMBI feels that it has achieved an acceptable level of security given the mission critical need for UMBI faculty and staff to access information remotely and share research results and collaborating on research activities with researchers worldwide. We will diligently continue to enhance and add layers of security wherever appropriate. CBR Network Protection: UMBI will work with UMCP to implement firewalls and Intrusion Prevention Systems for CBR. We will strive to have such systems in place by December 2006 Firewall Rules: UMBI will continue to enhance firewall rules and monitor regularly for rules that may no longer be required. Such efforts are expected to be completed by December Intrusion Prevention System: UMBI s intrusion prevention systems not only report inappropriate traffic but also automatically blocks such intrusions, and therefore are indeed effective and do not necessarily require alerts and reporting of blocked activity. Additionally, daily monitoring of these systems are done to make sure they are operating and functional. Appropriate alerts and monitoring of reports for blocked traffic will be implemented. Such efforts are expected to be completed by December 2006.
17 RESPONSE TO THE LEGISLATIVE AUDIT REPORT UNIVERSITY SYSTEM OF MARYLAND UNIVERSITY OF MARYLAND BIOTECHNOLOGY INSTITUTE FOR THE PERIOD FEBRUARY 14, 2003 FEBRUARY 2, 2006 Finding 4 Controls for network authentication were inadequate. Recommendation 4 We recommend that UMBI comply with account and password requirements of the aforementioned USM Guidelines in Response to the State Information Technology Security Policy and Standards. Response 4 UMBI will implement a stronger password mechanism that is in compliance with USM IT security guidelines. This implementation is expected to be completed by December Cash Receipts Finding 5 Cash receipts collected at two of UMBI s locations were not transferred timely for deposit. Recommendation 5 We recommend that UMBI transfer all cash receipts for deposit in a timely manner as required by the Comptroller of the Treasury. Response 5 UMBI uses the services of the Bursar at University of Maryland College Park for all cash deposits. This is necessary to ensure that deposits are recorded accurately in our accounting system as we utilize UMCP systems. Although not documented, we believe that we transferred all deposits to the UMCP Bursar s office timely as required. It is likely that deposits were either held and batched by the UMCP Bursar s office, or delayed due to the time required for them to make their way through the UMCP mail system. We will now send all deposits via overnight express directly to the UMCP Bursar s office to document our transmission of cash receipts in a timely manner.
18 AUDIT TEAM Peter J. Klemans, CPA Audit Manager Stephen P. Jersey, CPA, CISA A. Jerome Sokol, CPA Information Systems Audit Managers Heather A. Warriner Senior Auditor Albert E. Schmidt, CPA Information Systems Senior Auditor Julie R. Newton Staff Auditor Veronica Arze Information Systems Staff Auditor
Comptroller of the Treasury Information Technology Division
Audit Report Comptroller of the Treasury Information Technology Division September 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationDepartment of Transportation Office of Transportation Technology Services
Audit Report Department of Transportation Office of Transportation Technology Services October 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division March 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationDepartment of Transportation Financial Management Information System Centralized Operations
Audit Report Department of Transportation Financial Management Information System Centralized Operations December 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
More informationAudit Report. Comptroller of the Treasury Central Payroll Bureau. May 2009
Audit Report Comptroller of the Treasury Central Payroll Bureau May 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationComptroller of the Treasury. Central Payroll Bureau
Audit Report Comptroller of the Treasury Central Payroll Bureau August 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by
More informationJudiciary Judicial Information Systems
Audit Report Judiciary Judicial Information Systems February 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationJudiciary Judicial Information Systems
Audit Report Judiciary Judicial Information Systems November 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationOffice of the Register of Wills Baltimore County, Maryland
Audit Report Office of the Register of Wills Baltimore County, Maryland April 2002 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested
More informationUniversity System of Maryland University of Baltimore
Audit Report University System of Maryland University of Baltimore May 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationComptroller of Maryland Central Payroll Bureau
Audit Report Comptroller of Maryland Central Payroll Bureau February 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationOffice of the Clerk of Circuit Court Baltimore City, Maryland
Audit Report Office of the Clerk of Circuit Court Baltimore City, Maryland May 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationHow To Audit The Board Of Health Of The Board
Audit Report Criminal Injuries Compensation Board May 2002 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by contacting the Office
More informationMaryland Automobile Insurance Fund
Audit Report Maryland Automobile Insurance Fund September 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationComptroller of Maryland Motor-fuel, Alcohol and Tobacco Tax Division
Audit Report Comptroller of Maryland Motor-fuel, Alcohol and Tobacco Tax Division July 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division January 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationDepartment of Health and Mental Hygiene Thomas B. Finan Hospital Center and Joseph D. Brandenburg Center
Audit Report Department of Health and Mental Hygiene Thomas B. Finan Hospital Center and Joseph D. Brandenburg Center December 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationMaryland Transportation Authority
Audit Report Maryland Transportation Authority March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationSubsequent Injury Fund
Audit Report Subsequent Injury Fund September 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationFinancial Management Information System Centralized Operations
Audit Report Financial Management Information System Centralized Operations March 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested
More informationDepartment of Health and Mental Hygiene Community and Public Health Administration
Audit Report Department of Health and Mental Hygiene Community and Public Health Administration January 2002 This report and any related follow-up correspondence are available to the public. Alternate
More informationDepartment of Transportation Maryland Port Administration
Audit Report Department of Transportation Maryland Port Administration October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationDepartment of Health and Mental Hygiene. Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration July 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Juvenile Justice Youth Centers
Audit Report Department of Juvenile Justice Youth Centers September 2001 This report and any related follow-up correspondence are available to the public and may be obtained by contacting the Office of
More informationWorkers Compensation Commission
Audit Report Workers Compensation Commission March 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationDepartment of Health and Mental Hygiene Crownsville Hospital Center
Audit Report Department of Health and Mental Hygiene Crownsville Hospital Center November 2004 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and
More informationComptroller of Maryland Information Technology Division Annapolis Data Center Operations
Audit Report Comptroller of Maryland Information Technology Division Annapolis Data Center Operations March 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
More informationDepartment of Veterans Affairs
Audit Report Department of Veterans Affairs December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationUniversity of Maryland School of Nursing Governor s Wellmobile Program
Audit Report University of Maryland School of Nursing Governor s Wellmobile Program January 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may
More informationDepartment of Health and Mental Hygiene Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration July 2003 This report and any related follow-up correspondence are available to the public. Alternate formats
More informationDepartment of Labor, Licensing and Regulation Division of Unemployment Insurance
Audit Report Department of Labor, Licensing and Regulation Division of Unemployment Insurance February 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This
More informationDepartment of Health and Mental Hygiene Regulatory Services
Audit Report Department of Health and Mental Hygiene Regulatory Services November 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationMaryland Department of Aging
Audit Report Maryland Department of Aging March 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationMaryland Automobile Insurance Fund
Audit Report Maryland Automobile Insurance Fund November 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Health and Mental Hygiene Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Health and Mental Hygiene Infectious Disease and Environmental Health Administration
Audit Report Department of Health and Mental Hygiene Infectious Disease and Environmental Health Administration December 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL
More informationMedical Mutual Liability Insurance Society of Maryland
Audit Report Medical Mutual Liability Insurance Society of Maryland February 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationUniversity System of Maryland University of Baltimore
Audit Report University System of Maryland University of Baltimore October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationMaryland Insurance Administration
Audit Report Maryland Insurance Administration June 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationDepartment of Labor, Licensing and Regulation Division of Unemployment Insurance Division of Workforce Development
Audit Report Department of Labor, Licensing and Regulation Division of Unemployment Insurance Division of Workforce Development April 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES
More informationMaryland Public Broadcasting Commission
Audit Report Maryland Public Broadcasting Commission November 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by contacting
More informationUniversity System of Maryland University of Maryland University College
Audit Report University System of Maryland University of Maryland University College February 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Transportation Financial Management Information System Centralized Operations
Audit Report Department of Transportation Financial Management Information System Centralized Operations July 2001 This report and any related follow-up correspondence are available to the public and may
More informationDepartment of Public Safety and Correctional Services Criminal Injuries Compensation Board
Audit Report Department of Public Safety and Correctional Services Criminal Injuries Compensation Board February 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
More informationWorkers Compensation Commission
Audit Report Workers Compensation Commission March 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationBaltimore City Community College
Audit Report Baltimore City Community College December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationWorkers Compensation Commission
Audit Report Workers Compensation Commission June 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report contact:
More informationMaryland State Department of Education
Audit Report Maryland State Department of Education February 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationMaryland Health Insurance Plan
Audit Report Maryland Health Insurance Plan April 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationDepartment of Health and Mental Hygiene Family Health Administration
Audit Report Department of Health and Mental Hygiene Family Health Administration November 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and
More informationDepartment of Health and Mental Hygiene Family Health Administration
Audit Report Department of Health and Mental Hygiene Family Health Administration August 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any
More informationCollege Savings Plans of Maryland
Audit Report College Savings Plans of Maryland June 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report contact:
More informationComptroller of Maryland Compliance Division
Audit Report Comptroller of Maryland Compliance Division January 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Health and Mental Hygiene. Health Professional Boards and Commission State Board of Physicians State Board of Nursing
Audit Report Department of Health and Mental Hygiene Health Professional Boards and Commission State Board of Physicians State Board of Nursing January 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE
More informationDepartment of Health and Mental Hygiene. Eastern Shore Hospital Center and Upper Shore Community Mental Health Center
Audit Report Department of Health and Mental Hygiene Eastern Shore Hospital Center and Upper Shore Community Mental Health Center September 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES
More informationDepartment of Budget and Management Central Collection Unit
Audit Report Department of Budget and Management Central Collection Unit April 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationState Department of Assessments and Taxation
Audit Report State Department of Assessments and Taxation December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationUniversity System of Maryland University of Maryland, Baltimore
Audit Report University System of Maryland University of Maryland, Baltimore November 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be
More informationState Corporate Purchasing Card Program
Performance Audit Report State Corporate Purchasing Card Program Oversight Responsibilities Were Not Formally Established User Agencies Were Not Closely Monitoring Card Purchases September 2003 This report
More informationMaryland Legal Services Corporation
Audit Report Maryland Legal Services Corporation July 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationComptroller of Maryland Central Payroll Bureau
Audit Report Comptroller of Maryland Central Payroll Bureau September 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this
More informationPerformance Audit Report. Department of Human Resources The Maryland Energy Assistance Program and the Electric Universal Service Program
Performance Audit Report Department of Human Resources The Maryland Energy Assistance Program and the Electric Universal Service Program Accounting Records Cannot Be Relied Upon to Provide Accurate Expenditure
More informationMaryland Aviation Administration Maryland Transportation Authority
Special Review Maryland Aviation Administration Maryland Transportation Authority Improper Use of State Computer Resources Certain Employees Used State Issued Computers to Access Sexually Oriented Websites
More informationReview of Community College Audit Reports. Fiscal Year Ending June 30, 2001
Review of Community College Audit Reports Fiscal Year Ending June 30, 2001 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by contacting
More informationDepartment of Health and Mental Hygiene Office of the Secretary and Other Units
Audit Report Department of Health and Mental Hygiene Office of the Secretary and Other Units August 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationSample Budget Review For Annual Audits of Maryland Community College Professions
Review of Community College Audit Reports Fiscal Year Ending June 30, 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationMaryland Insurance Administration
Audit Report Maryland Insurance Administration November 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationFrederick County Public Schools
Financial Management Practices Audit Report Frederick County Public Schools April 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information
More informationVideo Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account
Performance Audit Report Video Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account October 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL
More informationUniversity System of Maryland University of Maryland University College
Audit Report University System of Maryland University of Maryland University College June 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information
More informationMaryland State Department of Education
Audit Report Maryland State Department of Education June 2016 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report contact:
More informationPrince George s County Public Schools
Financial Management Practices Audit Report Prince George s County Public Schools February 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and
More informationWicomico County Public Schools
Financial Management Practices Audit Report Wicomico County Public Schools March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationState Cell Phone Usage
Performance Audit Report State Cell Phone Usage Effective Statewide Oversight of Cellular Communication Services and Expenses Was Lacking Cell Phone Vendors Did Not Comply With Certain Contractual Requirements
More informationDepartment of Health and Mental Hygiene Medical Care Programs Administration
Audit Report Department of Health and Mental Hygiene Medical Care Programs Administration December 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationVideo Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account
Performance Audit Report Video Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL
More informationDepartment of Business and Economic Development
Audit Report Department of Business and Economic Development August 2001 This report and any related follow-up correspondence are available to the public and may be obtained by contacting the Office of
More informationHarford County Public Schools
Financial Management Practices Audit Report Harford County Public Schools January 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationReview of Community College Audit Reports
Review of Community College Audit Reports Fiscal Year Ending June 30, 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationBaltimore City Public School System
Financial Management Practices Performance Audit Report Baltimore City Public School System January 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Health and Mental Hygiene Department of Human Resources. Medical Assistance Program
Performance Audit Report Department of Health and Mental Hygiene Department of Human Resources Medical Assistance Program Using the Federal Death Master File to Detect and Prevent Medicaid Payments Attributable
More informationDepartment of Consumer Affairs Cash Disbursements by Agency Checks
Internal Control Audit of the Department of Consumer Affairs Cash Disbursements by Agency Checks January 2008 Audit No. 2007-102 Internal Audit Office TABLE OF CONTENTS Report Summary Auditor s Report
More informationMaryland Thoroughbred and Harness Horse Racing Tracks
Audit Report Maryland Thoroughbred and Harness Horse Racing Tracks September 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationReview of Community College Audit Reports
Review of Community College Audit Reports Fiscal Year Ending June 30, 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationInformation Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No. 2016-002 July 2015
July 2015 Information Technology Operational Audit DEPARTMENT OF STATE Florida Voter Registration System (FVRS) Sherrill F. Norman, CPA Auditor General Secretary of State Section 20.10, Florida Statutes,
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationHUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE
PERFORMANCE AUDIT OF HUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE DEPARTMENT OF CIVIL SERVICE July 2004 ...The auditor general shall conduct post audits of financial transactions and accounts
More informationArizona State Real Estate Department
A REPORT TO THE ARIZONA LEGISLATURE Financial Audit Division Procedural Review Arizona State Real Estate Department As of May 16, 2006 Debra K. Davenport Auditor General The Auditor General is appointed
More informationDepartment of Legislative Services Office of Legislative Audits. Maryland Insurance Administration
Maryland Insurance Administration Report Dated November 20, 2014 Audit Overview MIA licenses and regulates insurers, insurance agents and brokers who conduct business in the State, and monitors the financial
More informationBaltimore County Public Schools
Financial Management Practices Audit Report Baltimore County Public Schools July 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationAudit Report. Division of Mental Health and Developmental Services Substance Abuse Prevention and Treatment Agency
LA12-15 STATE OF NEVADA Audit Report Division of Mental Health and Developmental Services Substance Abuse Prevention and Treatment Agency 2012 Legislative Auditor Carson City, Nevada Audit Highlights Highlights
More informationPolicy on the Security of Informational Assets
Policy on the Security of Informational Assets Policy on the Security of Informational Assets 1 1. Context Canam Group Inc. recognizes that it depends on a certain number of strategic information resources
More informationOklahoma Workers Compensation Commission
OPERATIONAL AUDIT Oklahoma Workers Compensation Commission For the period February 1, 2014 through June 30, 2015 Oklahoma State Auditor & Inspector Gary A. Jones, CPA, CFE Audit Report of the Oklahoma
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL ...The auditor general shall conduct post audits of financial transactions and accounts of the state and of
More informationCity of Miami, Florida Management Letter in Accordance With Chapter 10.550, Rules of the Florida Auditor General
Management Letter in Accordance With Chapter 10.550, Rules of the Florida Auditor General For the Year Ended September 30, 2014 Contents Management Letter in Accordance with Chapter 10.550 of the Rules
More informationMANAGEMENT LETTER. Noncompliance Findings
MANAGEMENT LETTER Springfield Township 7617 Angola Road Holland, Ohio 43528-8602 To the Board of Trustees: We have audited the financial statements of Springfield Township,, (the Township) in accordance
More informationREPORT NO. 2009-087 JANUARY 2009 FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSITY. Operational Audit
REPORT NO. 2009-087 JANUARY 2009 FLORIDA AGRICULTURAL AND MECHANICAL UNIVERSITY Operational Audit For the Fiscal Year Ended June 30, 2008 BOARD OF TRUSTEES AND PRESIDENT Members of the Board of Trustees
More information