Department of Transportation Office of Transportation Technology Services
|
|
- Christina Rodgers
- 8 years ago
- Views:
Transcription
1 Audit Report Department of Transportation Office of Transportation Technology Services October 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
2 This report and any related follow-up correspondence are available to the public through the Office of Legislative Audits at 301 West Preston Street, Room 1202, Baltimore, Maryland The Office may be contacted by telephone at , , or Electronic copies of our audit reports can be viewed or downloaded from our website at Alternate formats may be requested through the Maryland Relay Service at The Department of Legislative Services Office of the Executive Director, 90 State Circle, Annapolis, Maryland can also assist you in obtaining copies of our reports and related correspondence. The Department may be contacted by telephone at or
3 October 17, 2005 Delegate Charles E. Barkley, Co-Chair, Joint Audit Committee Senator Nathaniel J. McFadden, Co-Chair, Joint Audit Committee Members of Joint Audit Committee Annapolis, Maryland Ladies and Gentlemen: We have audited the Maryland Department of Transportation - Office of Transportation Technology Services (OTTS). Our audit included an internal control review of the OTTS data center and the network administered by OTTS that supports the Maryland Department of Transportation (MDOT) and its modal agencies. Our audit disclosed that proper internal control had not been established over several significant areas. Specifically, OTTS lacked assurance that certain critical system and database files were adequately protected. Furthermore, numerous inactive accounts existed on the mainframe computer and security software reports were not properly controlled. Finally, the MDOT internal network was not adequately protected from external exposures. Consequently, unauthorized changes could be made to critical agency data such as driver license or interstate commercial vehicle records. Systems that operate on the OTTS computing platform include the Motor Vehicle Administration s Titling and Registration Information System, the Administration s Drivers Licensing Processing System, MDOT s Financial Management Information System and MDOT s payroll system. Respectfully submitted, Bruce A. Myers, CPA Legislative Auditor
4 2
5 Table of Contents Background Information 4 Agency Responsibilities and Description 4 Current Status of Findings From Preceding Audit Report 5 Findings and Recommendations 6 Data Center Information System Security and Control Finding 1 Controls Over Operating System Files, Mainframe Inactive 6 User Accounts and Security Reports Were Not Sufficient Database Security and Control * Finding 2 Access and Recordation Controls Over a Critical 7 Database Were Not Adequate Finding 3 Data Security Controls Pertaining to a Critical OTTS 7 Database Application Were Not Adequate Network Security and Control Finding 4 The MDOT Internal Computer Network Was Not 8 Adequately Secured From External Exposures Audit Scope, Objectives, and Methodology 10 Agency Response Appendix * Denotes item repeated in full or part from preceding audit report 3
6 Background Information Agency Responsibilities and Description The Maryland Department of Transportation - Office of Transportation Technology Services (OTTS) provides computing resources to the various modal units of the Maryland Department of Transportation (MDOT) and operates as a computer service bureau for these units, which are charged for services performed. OTTS staff provides computing, networking and telecommunications services for MDOT s modal units and headquarters. Additionally, the OTTS maintains the operating system and security software with which all applications are executed. OTTS operates a mainframe computer for applications, which include the Motor Vehicle Administration s Titling and Registration Information System, the Administration s Drivers Licensing Processing System, the MDOT s Financial Management Information System and MDOT s payroll system. In addition, OTTS also operates certain server based applications, such as the Maryland International Registration Plan which processes the registration of interstate commercial vehicles and associated fees. OTTS, in conjunction with a MDOT contractor, operates a Wide Area Network (WAN) connecting computer users from the modal units and headquarters, as well as providing connections to a few State networks and to multiple external vendor networks associated with the modal units activities. The WAN performs data transmission using a large number of outlying routers and key core routers. MDOT s modal units use the WAN to connect with the aforementioned mainframe applications and to send and receive communications for these applications. The modal units also use the WAN for external Internet access, with all such transmissions being controlled by either the OTTS central Internet firewall or by a dedicated virtual private network device that authenticates and safeguards such Internet transmissions. For fiscal year 2005, OTTS had authorized positions and a budget of approximately $36 million. See below for a graphic depiction of OTTS and its components. 4
7 Overview of the OTTS Networking Environment The OTTS operates a network that includes numerous servers, a mainframe computer, and connectivity to the MDOT modals, MDOT business partners, State networks and the Internet Current Status of Findings From Preceding Audit Report Our audit included a review to determine the current status of the five findings contained in our preceding audit report dated November 19, We determined that OTTS satisfactorily addressed four of these five findings. The remaining finding is repeated in this report. 5
8 Findings and Recommendations Data Center Information System Security and Control Finding 1 Controls over critical operating system files, mainframe inactive user accounts and security reports were not sufficient. Analysis Controls over critical operating systems files, mainframe inactive user accounts and security reports were not sufficient. Specifically, we noted the following conditions: The report of changes to critical operating system files omitted several critical operating system libraries from its selection list. In addition, the parameters in a critical report could be changed, without detection by management, because such changes were not recorded for review. Furthermore, approval entries, which provide evidence that changes to operating system files were reviewed and approved by appropriate personnel, could not be located for many changes tested. Finally, critical operating system files that were renamed or replaced were not reviewed for propriety. Twenty-two activated user accounts on OTTS mainframe computer system had not been used for periods ranging from 3 months to 7 years. Furthermore, 12 of these accounts had never been used. Unused user accounts can aggravate risks associated with other security weaknesses and can provide a means for improper system access to the OTTS mainframe system. The Department of Budget and Management s Information Technology Security Policy and Standards require an automated process to ensure that user accounts are disabled after 60 days of inactivity and deleted after 90 days. OTTS central security officers, who entered security access rule and user account modifications, also directly received and distributed security monitoring reports to modal security coordinators. As a result, the central security officers could initiate unauthorized changes to access rules and user accounts and withhold the related security reports from the modal security coordinators. 6
9 Ultimately, these conditions could result in undetected and unauthorized changes to user agency data and program files. Recommendation 1 We recommend that OTTS establish adequate controls over critical operating systems files, inactive user accounts and security reports. Accordingly, we made detailed recommendations to OTTS which, if implemented, should provide adequate controls over these areas. Database Security and Controls Finding 2 Access and recordation controls over a critical database were not adequate. Analysis Fifteen data center staff had necessary but unrecorded modification access to mainframe FMIS database system files which allowed modification of the database. A similar condition was commented upon in our preceding audit report. Additionally, an old user account, that permitted full control over the FMIS database, was still assigned to a former employee. As a result of these conditions, critical production database files could be improperly modified or deleted, without detection by management. Recommendation 2 We again recommend that mainframe database system file modifications be recorded and monitored to ensure that all changes made were proper. We also recommend that OTTS delete the former employee s user account from the security system. Finding 3 Data security controls pertaining to a critical OTTS database application were not adequate. Analysis Data security controls pertaining to the Maryland International Registration Plan (MIRP) system were not adequate. Specifically, we noted the following conditions: 7
10 Password length, expiration and history and account lockout and sharing did not meet the requirements of the Department of Budget and Management s Information Technology Security Policy and Standards. For example, the database system password length was set to one character, instead of the required password length of eight characters, and the database system account lockout was not utilized (that is, accounts were not disabled after a set number of failed login attempts). MIRP database access rules inappropriately permitted five users unnecessary, direct modification access to critical MIRP database directories and associated database configuration and control files. Security monitoring for the MIRP database was inadequate because auditing capabilities for the database system were not enabled. MIRP is an application used for the registration of interstate commercial vehicles and the collection of associated fees. As a result of the above conditions, unauthorized or inappropriate changes could be made to the database without detection by management. Recommendation 3 We recommend that MIRP password and user account settings comply with the requirements of the aforementioned Policy. We also recommend that the MIRP database access rules permit modification access to only those individuals who require such access for their job responsibilities. Finally, we recommend that MIRP database auditing be enabled, and the recorded information be reported, reviewed and documented, with evidence of the reviews retained for audit verification. Network Security and Control Finding 4 The MDOT internal computer network was not adequately secured from external exposures. Analysis The MDOT internal network was not adequately secured from external exposures. Specifically, certain traffic from untrusted third party networks and two untrusted State related networks was not adequately filtered and, therefore, could access all 8
11 MDOT internal network devices. In addition, several MDOT critical servers, accessible to external parties and secured in separate zones inside MDOT s network, were improperly permitted access to all internal network devices. Access rules for critical network devices should use a least privilege security strategy which gives users only the access needed to perform assigned tasks. Recommendation 4 We recommend that adequate firewall controls be established to protect the internal network from external exposures. We made detailed recommendations to OTTS which, if implemented, should provide for adequate security over MDOT s internal network. 9
12 Audit Scope, Objectives, and Methodology We have audited the Maryland Department of Transportation (MDOT) - Office of Transportation Technology Services (OTTS). Fieldwork associated with our review of the data center was conducted during the period from June 2004 to September Additionally, fieldwork associated with our review of the network was conducted during the period from March 2005 to June The audit was conducted in accordance with generally accepted government auditing standards. As prescribed by the State Government Article, Section of the Annotated Code of Maryland, the objectives of this audit were to examine OTTS internal control over its data center and network and to evaluate its compliance with applicable State laws, rules, and regulations for the computer systems that support MDOT and modal user agencies. OTTS fiscal operations are audited separately as part of our audit of the MDOT Secretary s Office. The latest report which covered OTTS fiscal operations was issued on February 5, We also determined the current status of the findings contained in our preceding audit report on OTTS. In planning and conducting our audit, we focused on the major areas of operations based on assessments of materiality and risk. Our audit procedures included inquiries of appropriate personnel, inspections of documents and records, and observations of OTTS operations. We also tested transactions and performed other auditing procedures that we considered necessary to achieve our objectives. OTTS management is responsible for establishing and maintaining effective internal control. Internal control is a process designed to provide reasonable assurance that objectives pertaining to the reliability of financial records, effectiveness and efficiency of operations including safeguarding of assets, and compliance with applicable laws, rules, and regulations are achieved. Because of inherent limitations in internal control, errors or fraud may nevertheless occur and not be detected. Also, projections of any evaluation of internal control to future periods are subject to the risk that conditions may change or compliance with policies and procedures may deteriorate. Our reports are designed to assist the Maryland General Assembly in exercising its legislative oversight function and to provide constructive recommendations for improving State operations. As a result, our reports generally do not address activities we reviewed that are functioning properly. 10
13 This report includes findings relating to conditions that we consider to be significant deficiencies in the design or operation of internal control that could adversely affect OTTS ability to maintain reliable financial records, operate effectively and efficiently and/or comply with applicable laws, rules, and regulations. Our report includes findings regarding significant instances of noncompliance with applicable laws, rules, or regulations. Other less significant findings were communicated to OTTS that did not warrant inclusion in this report. MDOT s response, on behalf of OTTS, to our findings and recommendations is included as an appendix to this report. As prescribed in the State Government Article, Section of the Annotated Code of Maryland, we will advise MDOT regarding the results of our review of its response. 11
14
15 Maryland Department of Transportation Office of Transportation Technology Services Draft Audit Report Responses Data Center Information System Security and Control Finding #1 Controls over critical operating system files, mainframe inactive user accounts and security reports were not sufficient. Response: The Administration concurs with the auditors recommendation. OTTS will implement the recommended changes to ensure that controls over system files, inactive user accounts and security reporting are addressed by June Database Security and Controls Finding #2 Access and recordation controls over a critical database were not adequate. Response: The Administration concurs with the auditors recommendation. The old user account referenced will be removed from the security system by December The ACF2 rule for this database was changed to ensure that changes are logged. The mainframe database system file modifications will be recorded and monitored to ensure that all changes are proper. Finding #3 Data security controls pertaining to a critical OTTS database application were not adequate. Response: The Administration concurs with the auditors recommendations. Auditing shall be enabled and reports reviewed and retained to ensure database changes made are proper. The database security shall comply with the State data security policy and database access rules will be limited to only those whose job responsibilities require it. These recommendations will be implemented beginning November 2, 2005 and completed by December 2005.
16 Maryland Department of Transportation Office of Transportation Technology Services Draft Audit Report Responses Network Security and Control Finding #4 The MDOT internal computer network was not adequately secured from external exposures. Response: The Administration concurs with the auditors recommendations. OTTS will implement the necessary changes to ensure that the firewalls and internal networks are adequately secured from external exposures by June 2006.
17 AUDIT TEAM A. Jerome Sokol, CPA Information Systems Audit Manager Richard L. Carter, CISA R. Brendan Coffey, CPA Albert E. Schmidt, CPA Information Systems Senior Auditors Veronica Arze Amanda L. Trythall Information Systems Staff Auditors
Comptroller of the Treasury Information Technology Division
Audit Report Comptroller of the Treasury Information Technology Division September 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationJudiciary Judicial Information Systems
Audit Report Judiciary Judicial Information Systems February 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationJudiciary Judicial Information Systems
Audit Report Judiciary Judicial Information Systems November 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division March 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationDepartment of Transportation Financial Management Information System Centralized Operations
Audit Report Department of Transportation Financial Management Information System Centralized Operations December 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
More informationComptroller of the Treasury. Central Payroll Bureau
Audit Report Comptroller of the Treasury Central Payroll Bureau August 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by
More informationAudit Report. Comptroller of the Treasury Central Payroll Bureau. May 2009
Audit Report Comptroller of the Treasury Central Payroll Bureau May 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division January 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationFinancial Management Information System Centralized Operations
Audit Report Financial Management Information System Centralized Operations March 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested
More informationDepartment of Transportation Financial Management Information System Centralized Operations
Audit Report Department of Transportation Financial Management Information System Centralized Operations July 2001 This report and any related follow-up correspondence are available to the public and may
More informationUniversity System of Maryland University of Maryland Biotechnology Institute
Audit Report University System of Maryland University of Maryland Biotechnology Institute August 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationComptroller of Maryland Information Technology Division Annapolis Data Center Operations
Audit Report Comptroller of Maryland Information Technology Division Annapolis Data Center Operations March 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationHow To Audit The Board Of Health Of The Board
Audit Report Criminal Injuries Compensation Board May 2002 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by contacting the Office
More informationComptroller of Maryland Central Payroll Bureau
Audit Report Comptroller of Maryland Central Payroll Bureau February 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationOffice of the Register of Wills Baltimore County, Maryland
Audit Report Office of the Register of Wills Baltimore County, Maryland April 2002 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested
More informationMaryland Department of Aging
Audit Report Maryland Department of Aging March 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationMaryland Transportation Authority
Audit Report Maryland Transportation Authority March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationUniversity System of Maryland University of Baltimore
Audit Report University System of Maryland University of Baltimore May 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationUniversity of Maryland School of Nursing Governor s Wellmobile Program
Audit Report University of Maryland School of Nursing Governor s Wellmobile Program January 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may
More informationDepartment of Health and Mental Hygiene Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration July 2003 This report and any related follow-up correspondence are available to the public. Alternate formats
More informationDepartment of Juvenile Justice Youth Centers
Audit Report Department of Juvenile Justice Youth Centers September 2001 This report and any related follow-up correspondence are available to the public and may be obtained by contacting the Office of
More informationDepartment of Labor, Licensing and Regulation Division of Unemployment Insurance
Audit Report Department of Labor, Licensing and Regulation Division of Unemployment Insurance February 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This
More informationMaryland Aviation Administration Maryland Transportation Authority
Special Review Maryland Aviation Administration Maryland Transportation Authority Improper Use of State Computer Resources Certain Employees Used State Issued Computers to Access Sexually Oriented Websites
More informationDepartment of Health and Mental Hygiene. Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration July 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Health and Mental Hygiene Thomas B. Finan Hospital Center and Joseph D. Brandenburg Center
Audit Report Department of Health and Mental Hygiene Thomas B. Finan Hospital Center and Joseph D. Brandenburg Center December 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationMedical Mutual Liability Insurance Society of Maryland
Audit Report Medical Mutual Liability Insurance Society of Maryland February 2008 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationComptroller of Maryland Motor-fuel, Alcohol and Tobacco Tax Division
Audit Report Comptroller of Maryland Motor-fuel, Alcohol and Tobacco Tax Division July 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any
More informationDepartment of Health and Mental Hygiene Crownsville Hospital Center
Audit Report Department of Health and Mental Hygiene Crownsville Hospital Center November 2004 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and
More informationMaryland Insurance Administration
Audit Report Maryland Insurance Administration June 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationDepartment of Health and Mental Hygiene Alcohol and Drug Abuse Administration
Audit Report Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDepartment of Veterans Affairs
Audit Report Department of Veterans Affairs December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Health and Mental Hygiene Infectious Disease and Environmental Health Administration
Audit Report Department of Health and Mental Hygiene Infectious Disease and Environmental Health Administration December 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL
More informationDepartment of Health and Mental Hygiene Community and Public Health Administration
Audit Report Department of Health and Mental Hygiene Community and Public Health Administration January 2002 This report and any related follow-up correspondence are available to the public. Alternate
More informationMaryland Automobile Insurance Fund
Audit Report Maryland Automobile Insurance Fund September 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationWorkers Compensation Commission
Audit Report Workers Compensation Commission March 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationOffice of the Clerk of Circuit Court Baltimore City, Maryland
Audit Report Office of the Clerk of Circuit Court Baltimore City, Maryland May 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationDepartment of Labor, Licensing and Regulation Division of Unemployment Insurance Division of Workforce Development
Audit Report Department of Labor, Licensing and Regulation Division of Unemployment Insurance Division of Workforce Development April 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES
More informationDepartment of Transportation Maryland Port Administration
Audit Report Department of Transportation Maryland Port Administration October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationSubsequent Injury Fund
Audit Report Subsequent Injury Fund September 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationUniversity System of Maryland University of Baltimore
Audit Report University System of Maryland University of Baltimore October 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationMaryland Automobile Insurance Fund
Audit Report Maryland Automobile Insurance Fund November 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Health and Mental Hygiene Family Health Administration
Audit Report Department of Health and Mental Hygiene Family Health Administration November 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and
More informationUniversity System of Maryland University of Maryland University College
Audit Report University System of Maryland University of Maryland University College February 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationBaltimore City Community College
Audit Report Baltimore City Community College December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationMaryland Health Insurance Plan
Audit Report Maryland Health Insurance Plan April 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationDepartment of Health and Mental Hygiene. Health Professional Boards and Commission State Board of Physicians State Board of Nursing
Audit Report Department of Health and Mental Hygiene Health Professional Boards and Commission State Board of Physicians State Board of Nursing January 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE
More informationComptroller of Maryland Compliance Division
Audit Report Comptroller of Maryland Compliance Division January 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Health and Mental Hygiene Regulatory Services
Audit Report Department of Health and Mental Hygiene Regulatory Services November 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationWorkers Compensation Commission
Audit Report Workers Compensation Commission March 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationDepartment of Health and Mental Hygiene Family Health Administration
Audit Report Department of Health and Mental Hygiene Family Health Administration August 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any
More informationMaryland Legal Services Corporation
Audit Report Maryland Legal Services Corporation July 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationDepartment of Public Safety and Correctional Services Criminal Injuries Compensation Board
Audit Report Department of Public Safety and Correctional Services Criminal Injuries Compensation Board February 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY
More informationMaryland Public Broadcasting Commission
Audit Report Maryland Public Broadcasting Commission November 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by contacting
More informationComptroller of Maryland Central Payroll Bureau
Audit Report Comptroller of Maryland Central Payroll Bureau September 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this
More informationDepartment of Budget and Management Central Collection Unit
Audit Report Department of Budget and Management Central Collection Unit April 2009 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationDepartment of Health and Mental Hygiene. Eastern Shore Hospital Center and Upper Shore Community Mental Health Center
Audit Report Department of Health and Mental Hygiene Eastern Shore Hospital Center and Upper Shore Community Mental Health Center September 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES
More informationWorkers Compensation Commission
Audit Report Workers Compensation Commission June 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report contact:
More informationMaryland State Department of Education
Audit Report Maryland State Department of Education February 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationFrederick County Public Schools
Financial Management Practices Audit Report Frederick County Public Schools April 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information
More informationPerformance Audit Report. Department of Human Resources The Maryland Energy Assistance Program and the Electric Universal Service Program
Performance Audit Report Department of Human Resources The Maryland Energy Assistance Program and the Electric Universal Service Program Accounting Records Cannot Be Relied Upon to Provide Accurate Expenditure
More informationState Corporate Purchasing Card Program
Performance Audit Report State Corporate Purchasing Card Program Oversight Responsibilities Were Not Formally Established User Agencies Were Not Closely Monitoring Card Purchases September 2003 This report
More informationReview of Community College Audit Reports. Fiscal Year Ending June 30, 2001
Review of Community College Audit Reports Fiscal Year Ending June 30, 2001 This report and any related follow-up correspondence are available to the public. Alternate formats may also be requested by contacting
More informationCollege Savings Plans of Maryland
Audit Report College Savings Plans of Maryland June 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning this report contact:
More informationState Department of Assessments and Taxation
Audit Report State Department of Assessments and Taxation December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationMaryland Insurance Administration
Audit Report Maryland Insurance Administration November 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationSample Budget Review For Annual Audits of Maryland Community College Professions
Review of Community College Audit Reports Fiscal Year Ending June 30, 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationState Cell Phone Usage
Performance Audit Report State Cell Phone Usage Effective Statewide Oversight of Cellular Communication Services and Expenses Was Lacking Cell Phone Vendors Did Not Comply With Certain Contractual Requirements
More informationDepartment of Business and Economic Development
Audit Report Department of Business and Economic Development August 2001 This report and any related follow-up correspondence are available to the public and may be obtained by contacting the Office of
More informationUniversity System of Maryland University of Maryland, Baltimore
Audit Report University System of Maryland University of Maryland, Baltimore November 2003 This report and any related follow-up correspondence are available to the public. Alternate formats may also be
More informationBaltimore City Public School System
Financial Management Practices Performance Audit Report Baltimore City Public School System January 2006 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationMaryland Thoroughbred and Harness Horse Racing Tracks
Audit Report Maryland Thoroughbred and Harness Horse Racing Tracks September 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationUniversity System of Maryland University of Maryland University College
Audit Report University System of Maryland University of Maryland University College June 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information
More informationBaltimore County Public Schools
Financial Management Practices Audit Report Baltimore County Public Schools July 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY For further information concerning
More informationDepartment of Health and Mental Hygiene Office of the Secretary and Other Units
Audit Report Department of Health and Mental Hygiene Office of the Secretary and Other Units August 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationReview of Community College Audit Reports
Review of Community College Audit Reports Fiscal Year Ending June 30, 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationPrince George s County Public Schools
Financial Management Practices Audit Report Prince George s County Public Schools February 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and
More informationWicomico County Public Schools
Financial Management Practices Audit Report Wicomico County Public Schools March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationDepartment of Health and Mental Hygiene Department of Human Resources. Medical Assistance Program
Performance Audit Report Department of Health and Mental Hygiene Department of Human Resources Medical Assistance Program Using the Federal Death Master File to Detect and Prevent Medicaid Payments Attributable
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department
More informationDepartment of Health and Mental Hygiene Medical Care Programs Administration
Audit Report Department of Health and Mental Hygiene Medical Care Programs Administration December 2010 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationVideo Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account
Performance Audit Report Video Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account October 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationInformation Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No. 2016-002 July 2015
July 2015 Information Technology Operational Audit DEPARTMENT OF STATE Florida Voter Registration System (FVRS) Sherrill F. Norman, CPA Auditor General Secretary of State Section 20.10, Florida Statutes,
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationAUDIT REPORT PERFORMANCE AUDIT OF COMMUNITY HEALTH AUTOMATED MEDICAID PROCESSING SYSTEM (CHAMPS) CLAIMS EDITS
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF COMMUNITY HEALTH AUTOMATED MEDICAID PROCESSING SYSTEM (CHAMPS) CLAIMS EDITS DEPARTMENT OF COMMUNITY HEALTH AND DEPARTMENT OF TECHNOLOGY,
More informationNew York City Budget -audit
Audit Report on User Access Controls at the Department of Finance 7A03-133 June 26, 2003 THE CITY OF NEW YORK OFFICE OF THE COMPTROLLER 1 CENTRE STREET NEW YORK, N.Y. 10007-2341 ------------- WILLIAM C.
More informationVideo Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account
Performance Audit Report Video Lottery Operations Revenue Small, Minority, and Women-Owned Businesses Account December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL
More informationGAO INFORMATION SYSTEMS. The Status of Computer Security at the Department of Veterans Affairs. Report to the Secretary of Veterans Affairs
GAO United States General Accounting Office Report to the Secretary of Veterans Affairs October 1999 INFORMATION SYSTEMS The Status of Computer Security at the Department of Veterans Affairs GAO/AIMD-00-5
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationHUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE
PERFORMANCE AUDIT OF HUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE DEPARTMENT OF CIVIL SERVICE July 2004 ...The auditor general shall conduct post audits of financial transactions and accounts
More informationReview of Community College Audit Reports
Review of Community College Audit Reports Fiscal Year Ending June 30, 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up
More informationU.S. Department of the Interior Office of Inspector General AUDIT REPORT
U.S. Department of the Interior Office of Inspector General AUDIT REPORT GENERAL CONTROL ENVIRONMENT OF THE FEDERAL FINANCIAL SYSTEM AT THE RESTON GENERAL PURPOSE COMPUTER CENTER, U.S. GEOLOGICAL SURVEY
More informationPCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.
PCI Compliance Can Make Your Organization Stronger and Fitter Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc. Today s Agenda PCI DSS What Is It? The Regulation 6 Controls 12 Requirements
More informationSubsequent Injury Fund
Subsequent Injury Fund Report dated April 9, 2009 Presentation to the Joint Audit Committee Timothy R. Brooks, CPA, CFE Alexandra E. Zouras, CPA July 14, 2009 Audit Overview Audit report, which covered
More informationFederal Communications Commission Office of Inspector General. FY 2003 Follow-up on the Audit of Web Presence Security
Federal Communications Commission Office of Inspector General FY 2003 Follow-up on the Audit of Web Presence Security Audit Report No. 03-AUD-09-21 October 20, 2004 TABLE OF CONTENTS Page EXECUTIVE SUMMARY
More informationHarford County Public Schools
Financial Management Practices Audit Report Harford County Public Schools January 2015 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationNEW HAMPSHIRE RETIREMENT SYSTEM
NEW HAMPSHIRE RETIREMENT SYSTEM Auditors Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government
More information