INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT
|
|
- Muriel Stewart
- 8 years ago
- Views:
Transcription
1 INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT FOLLOW UP REVIEW TO AUDIT OF COURTROOM AUTOMATION Karleen F. De Blaker Clerk of the Circuit Court Ex officio County Auditor Robert W. Melton, CPA*, CIA, CFE Chief Deputy Director Internal Audit Division Prepared by: Deborah Cross-McCray, CIA Internal Auditor Supervised by: Ronald Peters, CIA, CISA Internal Audit Manager DECEMBER 4, 2003 REPORT NO *Regulated by the State of Florida
2 December 4, 2003 The Honorable Karleen F. De Blaker Clerk of the Circuit Court We have conducted a follow-up review to our audit of Courtroom Automation. The objectives of our review were to determine the implementation status of our previous recommendations. Of the 13 recommendations contained in the audit report, we determined that 6 have been implemented, 2 have been partially implemented, and 5 have not been implemented. The status of each recommendation is presented in this follow-up review. We appreciate the cooperation shown by the staff of Court Services Division during the course of our review. Respectfully Submitted, Robert W. Melton, CPA*, CIA, CFE Chief Deputy Director Internal Audit Division *Regulated by the State of Florida
3 Scope and Methodology We have conducted a follow-up review of our audit of Courtroom Automation. The purpose of our follow-up review is to determine the status of our previous recommendations for improvement. The purpose of the original audit was to: 1) review compliance with the Clerk s procurement process for the Contract, 2) evaluate the adequacy of the terms of the agreement to meet the objectives of the project, 3) determine compliance with the contract terms by the parties, 4) evaluate the effectiveness of the development methodology used by the Contractor to produce the functionality of the product to be delivered, 5) assess Court Service management s oversight of the project relating to the process ability to deliver a satisfactory product in a reasonable time frame, 6) confirm the adequacy of application testing and user training for the product. In addition, for the current production environment, 7) ascertain the appropriateness of the ongoing application maintenance, 8) determine the adequacy of the change control procedures and the application documentation to support the product, and 9) determine the appropriateness of the installation of NT Server security, In Court Docketing (ICD) and Microsoft-Sequential Query Language (MS-SQL) logical controls. To determine the current status of our previous recommendations, we conducted interviews with management to determine the actual action taken to implement the recommendations for improvement. We performed limited testing to verify the progress of the recommendations for improvement. Overall Conclusion Of the thirteen recommendations contained in the report; six have been implemented, two have been partially implemented and five have not been implemented. We encourage management to implement the remaining recommendations. Background The Clerk Of The Circuit Court (Clerk) undertook a project to develop and implement an automated solution covering the Clerk s courtroom daily activities. The objective was to improve the time in processing court documents as well as improving the efficiency and effectiveness of the Clerk s operations. The County s Information Technology Department (IT) was not staffed to undertake this type of project and recommended the use of a contractor that had the technical skills for the task. A contract with Innovative Software Solutions (Innovative) was signed in May 1997 to undertake the development project. The project team consisted of CJC operations personnel, IT staff as technical advisors as well as active participants for the mainframe interface segment, and the Contractor, as designer and programmer for the product. Using the input from the County staff, the contractor developed the Courtroom Automation Design Project Findings document that
4 encompassed development methodology, implementation plans, requirements, scope of development, technology platform and critical success factors. The information in the document was used as a blueprint for the Courtroom Automation Project. Adjustments were made when additional information was obtained, or areas of the plan were expanded as the phases were further defined. The project used Rapid Application Development techniques applying modern clientserver facilities. The ICD application was written in Visual Basic and supported by MS- SQL Server database software. The application runs in a NT-Server platform with Windows NT workstations. The deliverables for the application modules, interfaces and utilities were divided into three major phases. Required enhancements for the completed segments were incorporated in the next phase. The project was started May 1997 and completed March 2001.
5 This section reports our follow-up on actions taken by management on the Recommendations for Improvement in our audit of Courtroom Automation. The recommendations contained herein are those of the prior audit, followed by the current status. 1. The Deployment Of NT Server Security Is Inadequate For The ICD Production Environment, And Security Settings Do Not Meet County Standards. Our review of the functionality of the NT Server security for the Clerk s Domain, (CLKCCC) that supports the ICD Application, found non-compliance with IT and best practice standards. A. System-wide user security settings are not set at a level to provide adequate control. Noncompliance to County and best practice standards was present. We noted the following specific concerns regarding Global Account Policies: 1) The users are not required to periodically change their password ( Password Never Expires setting is active). IT standards require a password to be changed every 30 days. 2) The intruder detection security feature for the Domain has the Account Lockout-Lockout After Bad Logon Attempts option set to six attempts before the user-id is disabled by software security. The IT standard setting is three. In addition, the Account Lockout-Reset Count After option was set to 15 minutes, but the IT standard is 30 minutes. The Lockout Duration setting that tells the security software how long (in days-hours-minutes) to accumulate the incorrect login attempt count before resetting the counter to zero was set to 20 minutes. Best practice standards recommend 2-3 days for an automatic lockout duration setting. 3) Users are not required to have Unique Passwords enforced by software or by department policy. IT standards require a secure password containing both letters and numbers and, if available, enforced by software. 4) The setting User Must Log On In Order To Change Password is not active. IT standards require an active setting that limits only the user to change their password. B. Individual user security settings are not required to be set at a level to provide adequate control.
6 1) All the individual user settings are active for Password Never Expires. IT standards require a password to be changed every 30 days. 2) Most individual user settings are active for User Cannot Change Password. The setting is not in compliance with IT standards. It is essential that the user, to help protect password integrity, periodically change passwords. C. The user ID Administrator is not adequately controlled. The user-id is functioning as a Generic log-on used by the LAN-Administrator, IT product programmer, and CJC product administrator as well as Technology Development Center (TDC). There is also an increase in password confidentiality risk present and a need for manual controls when using Generic user-ids. Its use must be strictly controlled and should never be used as a Generic log-on. D. There is inadequate documentation to justify the need for seven user-ids to be members of the Administrators Group. This Group has the same rights as the powerful Administrator account and, therefore, has full access to the system. To minimize risk and enhance controls, Administrators Group members should be maintained at the smallest possible number. E. The membership structure to Groups has redundancies where user-ids are members of lower level Groups but received the same access rights from their membership in higher-level Groups. F. There were two Generic user-ids that are not required but never removed from the user list. In addition there are four System user-ids that are not currently being used. All user-ids were active at the time of the audit. IT standards require inactive user-ids to be disabled or removed. G. The directories and sub-directories access Permissions for the CLKCCC4 server have not been reviewed by management since the access Rights set-up by the Contractor during the development stage. H. One User Right Policy granted to Groups needs to be adjusted. The Right Access This Computer From Network was given to the Everyone Group by default. A new Group should replace Everyone. For this server, the access should be changed to the Domain User Group. I. CJC management has not adequately defined the responsibility for NT Network security. Consequently, TDC has not been able to implement security that would be equivalent to current Novell Network security levels.
7 Recommendation: A & B. User settings that do not comply with IT or best practice standards be changed. Other settings that will become relevant when passwords are required should also comply with the standards, i.e., Minimum Password Length and Password Uniqueness. Management should also consider obtaining a software solution that would permit an interface with the Novell user-id and password. C. Control of the Administrator user-id be turned over to TDC. Any user-ids requiring Administrator Rights should be made a member of a Group that only grants the Rights needed. If required, new Groups should be established to handle the Right assignment. D. The seven user-ids need for Administrator Rights should be evaluated, and only those Rights that are needed should be granted. E. The Group structure be reviewed and any unnecessary redundant memberships removed. F. The Generic and System user-ids not needed be removed from the NT Server user list. G. CJC management review Permissions setup for the server directories. H. The Domain User Group replace the Everyone Group. I. CJC management assign the security responsibilities for the NT Network. The document should be in writing and accepted by TDC before implementation. Status: A&B. Implemented. CJC has installed Novel Account Management software for the NT Network. The software passes through the Novel user ID and password to the NT security software. Therefore, the NT security settings are not be used to control access. There is still a minor risk if a User can gain access to the NT network without going through the Novell Network. Direct access can be obtained through the NT network and print servers maintained at CJC in the Clerks area. Management informed audit that a combination door lock controls access to this room and Management has installed to prevent unauthorized access to the hardware.
8 C. Partially Implemented. Management has established a Group that will have LAN- Administrator rights. The group will permit the User to use their own ID to gain access with LAN-Admin rights. Control of the Administrator User-id has not been turned over to TDC. CJC Management needs the Administrator User-id to log the print services on the network. The Users having the Administrator Userid have been instructed not to use this ID for other for any other network tasks. The risk is still present for CJC staff to use the Administrator User-id without the action being related to one User. D. Implemented. The Administrators Group Users has been reviewed and only the persons needing access are now members. E. Implemented. The Group has been reviewed. Management will keep redundancies if Users perform dual roles. Management thinks this logic will permit ease of maintenance. If a User role changes then that persons User-ID will be removed from that group. Since this was a record keeping issue not an access risk item Audit has no issue with management s resolution. F. Implemented. Unneeded Generic and system User-id s have been removed. Currently one generic User-id is needed for the daily operation. G. Partially Implemented. Management did not formally review the sub-directories located on the NT servers. Some minor changes have been made. Management will make the changes when the Development Server for the NT network application function is installed H. Not Implemented. Management has not addressed this item. I. Implemented. CJC has technically qualified persons with overall security responsibility. 2. The ICD Application Documentation Is Not Adequate To Support Effective Maintenance and Enhancement Of The Product. The ICD application does not have adequate documentation to support the users maintenance and enhancement needs. The contract with Innovative, the vendor who provided the initial software product, only required source code. The contract was deficient in the area of application documentation requirements, as discussed below. The IT department has not set minimum County standards for documentation for applications running in the network server environment. However, in order for the
9 technical support department to maintain and/or enhance the application without technical staffing risk, documentation should include: System diagrams Application flows Program narratives Data flows Data edits that are included in the application SQL data structures Server directory definitions and data content information In some cases the Contractor did supply segments of the above items, but in most cases, the information is no longer current. Recommendation: CJC management request IT to construct a plan to consolidate, evaluate and update the limited documentation supplied by Innovative. After completing the updating, documentation to support the ongoing maintenance as well as user enhancements for the application should be developed. Status: Not Implemented. CJC management has not taken action on this issue. Management informed Audit that the maintenance of the application is under IT. We continue to encourage implementation of our recommendation. 3. The Procurement Of The Innovative Software Solutions Contract Was Not Competitively Offered for Bid. The Clerk s Office granted the contract to Innovative to provide services for the Courtroom Automation Project with no advertisement to solicit bids from other vendors. CJC management stated that Innovative was under contract with the IT Department and worked on existing programs relating to courtroom applications. Since the contractor had experience with the applications and IT was satisfied with their performance, the Clerk s Office decided to offer the new project contract to Innovative. The Clerk s Office Policies and Procedures, Chapter 12, Purchasing, states that all purchases or contracts for goods or services over $20,000 be advertised for bids, and awarded to the lowest and best bid serving the best interest of Pinellas County. The Clerk s Policies offer the ability to have Noncompetitive Purchases, if the goods or services are available from only one source. No documentation was present to support exercising this exemption.
10 Recommendation: The Clerk s Office conduct and document a good faith search for potential vendors before noncompetitive contracts are awarded. Non-competitive bid justification for any contract should be formally documented. Status: Not Implemented. Management has not formally documented justification for the non-competitively bid contract for Advanced Programming Resources. Management indicated this contract was a renewal of a terminating contract under the Board of County Commissioners due to budget cuts and to obtain the original programmer of the in-court docketing application. Although this may be a justifiable reason to non-competitively bid the contract, the Clerk s policies and procedures require documented justification of non-competitively bid contracts. Management indicated in most cases some formal documentation is utilized, but did not document this contract because it was a renewal of an existing contract under the Board of County Commissioners. However, the decision to not seek competition should be justified. 4. Information Relating To Service Rendered Present On The Contractor s Invoices Did Not Comply With Contract Requirements. The Contractor billed the County for a total of 14,055 hours (6.8 man-years) for the Courtroom Automation Project. Invoices did not identify the specific elements of the ICD programs which were being worked on. The billings only contained hours worked by each contractor and their living and air travel expenses. The Innovative Contract, Section 5, Compensation, states, Payments shall be made in accordance with Florida Prompt Payment Act upon the receipt of bimonthly invoices from the Contractor which include date of service by the subcontractors, the nature of the services performed, and the number of hours per subcontractor per day. The invoices did not contain adequate information to permit Court Administration Management to relate hours billed to the status of work completed. Without the ability to relate the task performed to the hours being billed, a key control was eliminated in the oversight of the Contractor s performance and expense verification.
11 Recommendation: Future contracts require detailed invoices to ensure compliance with payment terms. Status: Not Implemented. Invoices submitted for IT services under the current Courtroom Automation project only lists hours worked with no details as to what portion of the project the contractor worked on. 5. Contract Compliance For Insurance Coverage Was Not Properly Monitored. There is no documentation to support Workers Compensation coverage for August 27, 1997 to August 31, 1998 and September 2, 1999 to August 31, In addition, General Liability insurance coverage was not documented for September 2, 1997 to August 31, 1998 and September 2, 1999 to August 31, For the remaining contract time frame, proof of insurance was received from the Contractor. The Innovative Contract, Section 5, Compensation, states, Prior to the time Contractor is entitled to commence any part of the project, work or service under this agreement, Contractor shall procure, pay for and maintain at least the following insurance coverage limits. Said insurance shall be evidenced by delivery to the County of (1) certificate of insurance executed by the insurers listing coverage s and limits, expiration date and terms of polices and all endorsements upon whether or not required by the County, and listing all carriers said policies; and (2) a certified copy of each policy including all endorsements. The Contract required Workers Compensation in at least the limits as required by Florida Law and Comprehensive General Liability. The lack of complete insurance coverage documentation represents poor monitoring of contract requirements and if coverage was not in place, increased County liability issues. Recommendation: Future contracts be closely monitored to ensure compliance with insurance terms. Status: Not Implemented. The current Courtroom Automation IT contract requires the contractor maintain Workers Compensation insurance. No insurance certificate was maintained by the management. Insurance monitoring controls require
12 management to maintain a tickler system that would alert management in advance when an insurance certificate expires and the amount of coverage required by the contract. We did not observe a tickler procedure present to ensure adequate monitoring of active insurance certificates.
PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationAUDIT REPORT 2013/024
INTERNAL AUDIT DIVISION AUDIT REPORT 2013/024 Audit of air travel activities and related practices at UNON Overall results relating to efficient and effective management of travel services were assessed
More informationDistribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr.
Distribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr. Thomas Schlenker, Director, San Antonio Metropolitan Health District Robert
More information4.06 Consulting Services
MANAGEMENT BOARD SECRETARIAT AND MINISTRIES OF THE ENVIRONMENT, FINANCE, HEALTH AND LONG-TERM CARE, NATURAL RESOURCES, AND COMMUNITY SAFETY AND CORRECTIONAL SERVICES 4.06 Consulting Services (Follow-up
More informationFOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. 08-04-107F. City of Albuquerque Office of Internal Audit and Investigations
FOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. City of Albuquerque Office of Internal Audit and Investigations City of Albuquerque Office of Internal Audit and Investigations P.O. BOX 1293 ALBUQUERQUE,
More informationINTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT
INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT FOLLOW-UP REVIEW TO AUDIT OF COLLECTIONS AND ENFORCEMENT OF COURT FINES AND COSTS Ken Burke, CPA Clerk of the Circuit Court Ex officio County Auditor
More informationWalton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure
Page 1 Walton Centre Access and Authentication (network) Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 2 Table of Contents Section
More informationDecember 2013 Report No. 14-013
John Keel, CPA State Auditor An Audit Report on Information and Communications Technology Cooperative Contracts at the Health and Human Services Commission Report No. 14-013 An Audit Report on Information
More informationDepartment of Public Utilities Customer Information System (BANNER)
REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology
More informationPeopleSoft IT General Controls
PeopleSoft IT General Controls Performance Audit December 2009 Office of the Auditor Audit Services Division City and County of Denver Dennis J. Gallagher Auditor The Auditor of the City and County of
More informationKAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls
KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller AUDIT OF Human Capital Management System (HCMS) Application Controls Audit Services Karen E. Rushing Clerk of the Circuit Court and County
More informationSeattle Public Schools The Office of Internal Audit
seaonly Seattle Public Schools The Office of Internal Audit Capital Internal Audit Report Issue Date: December 16, 2014 Executive Summary Background In accordance with the Capital Risk Assessment and Audit
More informationDecember 2014 Report No. 15-017. An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission
John Keel, CPA State Auditor An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission Report No. 15-017 An Audit Report on The Telecommunications
More informationInformation System Audit Report Office Of The State Comptroller
STATE OF CONNECTICUT Information System Audit Report Office Of The State Comptroller AUDITORS OF PUBLIC ACCOUNTS KEVIN P. JOHNSTON ROBERT G. JAEKLE TABLE OF CONTENTS EXECUTIVE SUMMARY...1 AUDIT OBJECTIVES,
More informationTHIS PAGE INTENTIONALLY BLANK
BOARD OF COUNTY COMMISSIONERS OFFICE OF THE COMMISSION AUDITOR M E M O R A N D U M TO: FROM: Honorable Chairman Jean Monestime, and Members, Board of County Commissioners Charles Anderson, CPA Commission
More informationMaryland Insurance Administration
Audit Report Maryland Insurance Administration June 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are
More informationAudit Follow-Up Status As of September 30, 2015
Audit Follow-Up Status As of September 30, 2015 Active Directory T. Bert Fletcher, CPA, CGMA City Auditor (Report #1210 issued June 19, 2012) Report #1603 January 11, 2016 Summary This is the third follow-up
More informationNETWRIX IDENTITY MANAGEMENT SUITE
NETWRIX IDENTITY MANAGEMENT SUITE FEATURES AND REQUIREMENTS Product Version: 3.3 February 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationWe would like to extend our appreciation to the staff that assisted us throughout this audit. Attachment
Date: June 25, 2014 To: Brenda S. Fischer, City Manager From: Candace MacLeod, City Auditor Subject: Audit of Glendale Fire Department s Payroll Process The City Auditor s Office has completed an audit
More informationHow To Audit A Windows Active Directory System
South Northamptonshire Council Windows Active Directory Final Internal Audit Report - September Distribution list: Mike Shaw IT & Customer Services Manager David Price Director of Community Engagement
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationREPORT 2016/035 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/035 Audit of the use of consultants and individual contractors in the United Nations Stabilization Mission in Haiti Overall results relating to the effective hiring
More informationOFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia,
More informationSEALED BID REQUEST FOR INFORMATION
Department of Buildings and General Services Purchasing & Contract Administration 10 Baldwin St. Agency of Administration Montpelier VT 05633 [phone] 802-828-2210 [Fax] 802-828-2222 www.bgs.state.vt.us
More informationMusina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-
Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page
More informationWalton County Clerk of the Court s Office Fixed Asset Review. Martha Ingle Clerk of the Courts
Walton County Clerk of the Court s Office Fixed Asset Review Martha Ingle Clerk of the Courts Internal Audit Department Johnny Street Internal Audit Manager Report 09-02 May 2009 August 3, 2009 Martha
More informationBaltimore City Community College
Audit Report Baltimore City Community College December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationInformation Technology Internal Controls Part 2
IT Controls Webinar Series Information Technology Internal Controls Part 2 Presented by the Arizona Office of the Auditor General October 23, 2014 Part I Overview of IT Controls and Best Practices Part
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More informationICT USER ACCOUNT MANAGEMENT POLICY
ICT USER ACCOUNT MANAGEMENT POLICY Version Control Version Date Author(s) Details 1.1 23/03/2015 Yaw New Policy ICT User Account Management Policy 2 Contents 1. Preamble... 4 2. Terms and definitions...
More informationKAREN E. RUSHING. Audit of Purchasing Card Program
KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller Audit of Purchasing Card Program Audit Services Jeanette L. Phillips, CPA, CGFO, CIG Director of Internal Audit and Inspector General
More informationJune 2008 Report No. 08-037. An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs
John Keel, CPA State Auditor An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs Report No. 08-037 An Audit Report on The Texas Education Agency s Oversight
More informationDepartment of Legislative Services Office of Legislative Audits. Maryland Insurance Administration
Maryland Insurance Administration Report Dated November 20, 2014 Audit Overview MIA licenses and regulates insurers, insurance agents and brokers who conduct business in the State, and monitors the financial
More informationMaryland Insurance Administration
Audit Report Maryland Insurance Administration November 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationHow To Protect Data From Attack On A Network From A Hacker (Cybersecurity)
PCI Compliance Reporting Solution Brief Automating Regulatory Compliance and IT Best Practices Reporting Automating Compliance Reporting for PCI Data Security Standard version 1.1 The PCI Data Security
More informationMecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452
Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,
More informationCompetitive Bid Request for Proposal Re-Keying Project Fairfield & Alfond Campuses
Competitive Bid Request for Proposal Re-Keying Project Fairfield & Alfond Campuses 1.0 Overview and Objectives Kennebec Valley Community College (KVCC) is requesting proposals from experienced and qualified
More informationAudit Follow-Up. Active Directory. Status As of February 28, 2015. Summary. Report #1508 April 20, 2015
Audit Follow-Up Status As of February 28, 2015 Active Directory T. Bert Fletcher, CPA, CGMA City Auditor (Report #1210 issued June 19, 2012) Report #1508 April 20, 2015 Summary This is the second follow
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationOffice of the City Auditor. Audit Report. AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS (Report No. A08-010 ) May 2, 2008.
CITY OF DALLAS Dallas City Council Office of the City Auditor Audit Report Mayor Tom Leppert Mayor Pro Tem Dr. Elba Garcia Deputy Mayor Pro Tem Dwaine Caraway AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS
More informationINTERNAL AUDIT REPORT. Review of Software Change Management. Fairfax County Internal Audit Office
INTERNAL AUDIT REPORT Review of Software Change Management FAIRFAX COUNTY, VIRGINIA INTERNAL AUDIT OFFICE M E M O R A N D U M TO: Anthony H. Griffin DATE: May 2, 2002 County Executive FROM: SUBJECT: Ronald
More informationProject Management Procedures
1201 Main Street, Suite 1600 Columbia, South Carolina 29201 Project Management Procedures Start Up The grant becomes effective upon return of one copy of the grant award executed by the Chief Executive
More informationImplementation of Internal Audit Recommendations: Summary of Progress Report by Head of Finance
Financial Scrutiny and Audit Committee 11 February 2014 Agenda Item No 13 Implementation of Internal Audit : Summary of Progress Report by Finance Summary: This report updates members on progress in implementing
More informationOFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationAppendix 1 CJC CONTRACT MANAGEMENT POLICIES AND PROCEDURES. Criminal Justice Commission Contract Management Policies and Procedures
CJC CONTRACT MANAGEMENT POLICIES AND PROCEDURES SNYOPSIS: The CJC was created by a Palm Beach County ordinance in 1988. It has 21 public sector members representing local, state, and federal criminal justice
More informationPalm Beach County Clerk & Comptroller s Office Contracting & Purchasing Review
Palm Beach County Clerk & Comptroller s Office Contracting & Purchasing Review SHARON R. BOCK Clerk & Comptroller Palm Beach County Audit Services Division September 18, 2008 Report 2008 03 September 18,
More informationCOMPUTER OPERATIONS - BACKUP AND RESTORATION
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES COMPUTER OPERATIONS - BACKUP AND RESTORATION FINAL AUDIT REPORT Chief of Audits: Julie Nieminski, CPA, CIA, CFE, CISA, MPA
More informationSTATUTORY REPORT District Attorney District 26
District Attorney District 26 Bogus Check Restitution Program, Supervision Program, Restitution and Diversion Program, Property Forfeiture Program For the period July 1, 2009 through June 30, 2012 Independently
More informationA U D I T R E P O R T. Audit of Child Support Contract CD336
A U D I T R E Audit of Child Support Contract CD336 P O R T Internal Audit Department Audit Number 2013.14 August 2013 September 4, 2013 The Honorable Linda Doggett Clerk, Lee County Re: Audit of Child
More informationSoftware Licenses Managing the Asset and Related Risks
AUDITOR GENERAL S REPORT ACTION REQUIRED Software Licenses Managing the Asset and Related Risks Date: February 4, 2015 To: From: Wards: Audit Committee Auditor General All Reference Number: SUMMARY The
More informationWoodward County Emergency Medical Service District
Woodward County Emergency Medical Service District For the period July 1, 2011 through June 30, 2014 Oklahoma State Auditor & Inspector Gary A. Jones, CPA, CFE FOR THE PERIOD JULY 1, 2011 THROUGH JUNE
More informationSPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY
SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY A. ACCEPTANCE: The College shall commence Acceptance testing within five (5) days, or within such other period as agreed upon. Acceptance testing
More informationREQUEST FOR PROPOSAL. Ambulance Billing Services
REQUEST FOR PROPOSAL Ambulance Billing Services City of Calais (the City ) is requesting proposals from qualified Vendors ( Vendor ) to provide ambulance billing collection, financial reporting, and analytical
More informationATTACHMENT A ADMINISTRATIVE MEMORANDUM SELECTION OF INDEPENDENT CONTRACTORS
Environmental Consulting Services for Conducting Groundwater and Landfill Gas Monitoring at the Closed Half Moon Bay and Pescadero Landfills County of San Mateo Department of Public Works Utilities-Flood
More informationDepartment of Veterans Affairs
Audit Report Department of Veterans Affairs December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More informationREPORT NO. 2014-089 JANUARY 2014 BREVARD COUNTY DISTRICT SCHOOL BOARD. Operational Audit
REPORT NO. 2014-089 JANUARY 2014 BREVARD COUNTY DISTRICT SCHOOL BOARD Operational Audit BOARD MEMBERS AND SUPERINTENDENT Board members and the Superintendent who served during the 2012-13 fiscal year are
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationNEW HAMPSHIRE RETIREMENT SYSTEM
NEW HAMPSHIRE RETIREMENT SYSTEM Auditors Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance With Government
More informationMINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE
MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE IT SYSTEMS COMPLIANCE AND QUALITY ASSURANCE SPECIALIST
More informationSCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID
SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID State of New Jersey Department of Community Affairs Division of Local Government
More informationINFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION. Information Technology Operational Audit
REPORT NO. 2015-017 SEPTEMBER 2014 INFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION Information Technology Operational Audit CITIZENS PROPERTY
More informationAUDIT REPORT INTERNAL AUDIT DIVISION. Invoice Processing in UNAMID. Internal controls over invoice processing were inadequate and ineffective
INTERNAL AUDIT DIVISION AUDIT REPORT Invoice Processing in UNAMID Internal controls over invoice processing were inadequate and ineffective 1 June 2010 Assignment No. AP2009/634/18 INTERNAL AUDIT DIVISION
More informationOffice of the City Auditor and Clerk
Office of the City Auditor and Clerk Externally Hosted IBM iseries System Arrangement For Utility Billing System Final Executive Summary Internal Audit Report Internal Audit Project # 08-05 May 28, 2008
More informationMaryland Department of Aging
Audit Report Maryland Department of Aging March 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are available
More informationMissouri State Auditor March 2014 http://auditor.mo.gov Report No. 2014-016
Thomas A. Schweich Missouri State Auditor FOLLOW-UP REPORT ON AUDIT FINDINGS City of Marshfield March 2014 Report No. 2014-016 http://auditor.mo.gov Follow-Up Report on Audit Findings Table of Contents
More informationCommercial Real Estate. Risk Transfer Suggested Practices. For Commercial Property Owners
Commercial Real Estate Risk Transfer Suggested Practices For Commercial Property Owners Common practices, such as leasing space to tenants, contracting for maintenance, repair or other services, or even
More informationEXECUTIVE SUMMARY Audit of information and communications technology governance and security management in MINUSTAH
EXECUTIVE SUMMARY Audit of information and communications technology governance and security management in MINUSTAH OIOS conducted an audit of information and communications technology (ICT) governance
More informationDepartment of Transportation Office of Transportation Technology Services
Audit Report Department of Transportation Office of Transportation Technology Services October 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report
More informationDetailed Analysis Achieving PCI Compliance with SkyView Partners Products for Open Systems
Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for Open Systems The Payment Card Industry has a published set of Data Security Standards to which organization s accepting and
More informationNetWrix Privileged Account Manager Version 4.0 Quick Start Guide
NetWrix Privileged Account Manager Version 4.0 Quick Start Guide Table of Contents Table of Contents... 2 1. Introduction... 3 1.1. What is NetWrix Privileged Account Manager?... 3 1.2. Licensing... 3
More informationDepartment of Information Technology Software Change Control Audit - Mainframe Systems Final Report
Department of Information Technology Software Change Control Audit - Mainframe Systems Final Report March 2007 promoting efficient & effective local government Introduction Software change involves modifications
More informationServer Management-Scans & Patches
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Server Management-Scans & Patches Report No. 14-11 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West
More informationFEDERAL FAMILY EDUCATION LOAN PROGRAM (FFELP) SYSTEM
REPORT NO. 2015-007 AUGUST 2014 DEPARTMENT OF EDUCATION FEDERAL FAMILY EDUCATION LOAN PROGRAM (FFELP) SYSTEM Information Technology Operational Audit DEPARTMENT OF EDUCATION Pursuant to Article IX, Section
More informationApril 2010. promoting efficient & effective local government
Department of Public Works and Environmental Services Department of Information Technology Fairfax Inspections Database Online (FIDO) Application Audit Final Report April 2010 promoting efficient & effective
More informationData Stored on a Windows Server Connected to a Network
Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to
More informationVital Statistics audit of the Birth and Death Certificate Imaging System
OFFICE OF THE CITY AUDITOR AUDIT OF THE VITAL STATISTICS BIRTH AND DEATH CERTIFICATE IMAGING SYSTEM Paul T. Garner Assistant City Auditor Prepared by: Tony Aguilar, CISA Sr. IT Auditor Bill Steer, CPA,
More informationSTEVEN W. MONTEITH EXECUTIVE DIRECTOR, HUMAN CAPITAL ENTERPRISE
Office of Inspector General September 15, 2005 STEVEN W. MONTEITH EXECUTIVE DIRECTOR, HUMAN CAPITAL ENTERPRISE SUBJECT: Audit Report Human Capital Enterprise (Report Number ) This report presents the interim
More informationHANDBOOK for INDIVIDUAL SERVICE PROVIDERS
HANDBOOK for INDIVIDUAL SERVICE PROVIDERS (Revised 02/13) 2/28/2013 ISP Handbook INDIVIDUAL SERVICE PROVIDERS... 3 Welcome... 3 What Is an ISP?... 3 What Services Can an ISP Provide?... 4 APPLICATION /
More informationFairfax Circuit Court
COMMONWEALTH OF VIRGINIA Fairfax Circuit Court JOHN T. FREY Clerk Of Circuit Court 4110 Chain Bridge Road Fairfax, Virginia 22030-4048 703-246-2770 TDD 703-352-4139 GERARDA M. CULIPHER Chief Deputy Electronic
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationJune 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers
John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More informationLarry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program
DATE: TO: FROM: SUBJECT: Larry Laine, Deputy Land Commissioner and Chief Clerk Tracey Hall, Deputy Commissioner of Internal Audit Annual Report on the Internal Audit The following report is presented in
More informationQ Are the current Digital Court Reporters employees of the Court?
Listed below are the 13 th Judicial Circuit s responses to questions submitted by potential respondents to the ITN for Digital Court Reporting Monitoring and Transcription Service. All follow-up questions
More informationAugust 2006 Report No. 06-062
John Keel, CPA State Auditor An Audit Report on Procurement at the Texas Lottery Commission Report No. 06-062 An Audit Report on Procurement at the Texas Lottery Commission Overall Conclusion The Texas
More informationSTATE OF MINNESOTA GRANT CONTRACT
STATE OF MINNESOTA GRANT CONTRACT This grant contract is between the State of Minnesota, acting through its Department of Labor and Industry, Apprenticeship Unit ("State") and [FULL NAME AND ADDRESS OF
More informationAGENDA HIP Ho AA w i rivacy d The B reach Happen? I P nc AA Secu dent R rit esp y o nse Corrective Action Plan What We Learned ACRONYMS USED
Michael Almvig Skagit County Information Services Director 1 AGENDA 1 2 HIPAA How Did Privacy The Breach Happen? HIPAA Incident Security Response 3 Corrective Action Plan 4 What We Learned Questions? ACRONYMS
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationOFFICE OF THE CITY CONTROLLER
OFFICE OF THE CITY CONTROLLER INFORMATION TECHNOLOGY DEPARTMENT ENTERPRISE RESOURE PLANNING (SAP) SECURITY LIMITED REVIEW PERFORMANCE AUDIT Ronald C. Green, City Controller David A. Schroeder, City Auditor
More informationSTATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE
STATEMENT OF JOHN E. MCCOY II DEPUTY ASSISTANT INSPECTOR GENERAL FOR AUDITS U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT ORGANIZATION,
More informationDEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE
2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA PERFORMANCE AUDIT NORTH CAROLINA INDUSTRIAL COMMISSION WORKERS COMPENSATION PROGRAM FEBRUARY 2013 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR PERFORMANCE AUDIT NORTH
More informationReport 6c. Final Internal Audit Report Network and Communications. April 2008
Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More information