Members of the Legislative Audit Committee December 17, 2001 Page 2



Similar documents
September 2011 Report No

Texas Criminal Justice Information System Audit

Overview of the Criminal Justice Policy Council Criminal Justice Information System Audit

February 2006 Report No

Senate Bill 9 Background Checks for Education A Reference Guide January 1, 2008

IMMIGRATION AND NATURALIZATION SERVICE REPORTING PLAN FOR THE STATE OF TEXAS

How To Improve The Criminal History Record Check Program

The following states were recommended and awarded grants:

Three Year Recidivism Tracking of Offenders Participating in Substance Abuse Treatment Programs

CRIMINAL JUSTICE INFORMATION SYSTEM. Shelia Bledsoe CJIS Field Support Unit (O) (F)

Criminal Justice Institute 2013 August 27, Gary Kalstabakken Product Manager: BCA-MNJIS

August 2012 Report No

The Substance Abuse Felony Punishment Program: Evaluation and Recommendations

May 2007 Report No

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

Assessing Completeness and Accuracy of Criminal History Record Systems: Audit Guide

Office of Justice Programs (OJP), Bureau of Justice Assistance (BJA) National Governors Association Center for Best Practices (NGAC)

The State Projects. GAH:Revised 12/19/03

DEPARTMENT OF STATE POLICE CRIMINAL RECORDS DIVISION CRIMINAL JUSTICE INFORMATION SYSTEMS

January 31, Members of the Legislative Audit Committee:

Evaluation of the Performance of the Texas Department of Criminal Justice Rehabilitation Tier Programs

Livescan cards, when received, apply electronically to the DCI & FBI records

Criminal Justice 101. The Criminal Justice System in Colorado and the Impact on Individuals with Mental Illness. April 2009

April 2005 Report No

The Rights of Crime Victims in Texas

John Keel, CPA State Auditor Medicaid Fraud Control Activities at the Office of the Attorney General

June 2008 Report No An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

For MINNESOTA January 2009

2011 ANNUAL REPORT ON INTEROPERABILITY. Submitted by: THE CRIMINAL JUSTICE INFORMATION ADVISORY BOARD

June 29, Members of the Legislative Audit Committee:

Department of State Health Services Human Resources - A Review

John Keel, CPA State Auditor. An Audit Report on The Dam Safety Program at the Commission on Environmental Quality. May 2008 Report No.

October 2008 Report No

Next Generation Identification Program (NGI) Rap Back Service

OFFICE OF THE STATE AUDITOR TWO COMMODORE PLAZA 206 EAST NINTH STREET, SUITE 1900 LAWRENCE F. ALWIN, CPA

STATE EDUCATION DEPARTMENT CRIMINAL HISTORY BACKGROUND CHECKS FOR SCHOOL EMPLOYEES. Report 2007-S-119 OFFICE OF THE NEW YORK STATE COMPTROLLER

An Audit Report on the Child Support Enforcement Program at the Office of the Attorney General

STATUTORY REPORT District Attorney District 26

Austin Travis County Integral Care Jail Diversion Programs and Strategies

Information System Audit Report Office Of The State Comptroller

NASA Financial Management

MONROE COUNTY PUBLIC DEFENDER MONROE COUNTY COURTHOUSE 610 MONROE STREET, SUITE 21 STROUDSBURG, PENNSYLVANIA 18360

Maricopa County Attorney s Office Adult Criminal Case Process

Probation is a penalty ordered by the court that permits the offender to

Program Narrative - Attachment 2. The Community Law Enforcement and Recovery (CLEAR) Program began in 1997 as an

2014 ANNUAL REPORT DISTRICT ATTORNEY WASHINGTON COUNTY

John Keel, CPA State Auditor. An Audit Report on The Division of Workers' Compensation at the Department of Insurance. July 2010 Report No.

TEXAS ETHICS COMMISSION

MINNESOTA S EXPERIENCE IN REVISING ITS JUVENILE CODE AND PROSECUTOR INPUT IN THE PROCESS September 1997

September 2005 Report No

AUDITOR GENERAL DAVID W. MARTIN, CPA

COMPUTER- LINKED TRANSACTIONAL RECORDS FOR CRIMINAL JUSTICE STATISTICS. Steve E. Kolodney and Paul K. Wormeli Public Systems incorporated

Sample audit on Pain Management Clinic Certification and Regulation Requirements at Texas Medical Board

JUVENILE JUSTICE SYSTEM

February 22, Dear Ms. Kastrin:

March 2010 Report No

Nebraska Impaired Driver Tracking and Criminal Data System

July 2012 Report No An Audit Report on The ReHabWorks System at the Department of Assistive and Rehabilitative Services

South Carolina Law Enforcement Division Criminal Justice Information System (CJIS)

U.S. Department of the Interior Office of Inspector General AUDIT REPORT

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

May 2011 Report No An Audit Report on Substance Abuse Program Contract Monitoring at the Department of State Health Services

Internal Controls and Compliance Audit. July 2011 through June 2013

June 2008 Report No An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs

At A Glance. Contact. Two Year State Budget: $122 million - General Fund

September 2010 Report No An Audit Report on The Charitable Bingo Operations Division at the Texas Lottery Commission

November 2009 Report No

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

August 2009 Report No

Use and Management of Criminal History Record Information: A Comprehensive Report. (outside cover)

San Francisco Sex Offender Management Alliance (SFSOMA)

Federal Compliance Audit Year Ended June 30, 2008

CLERK OF THE COURT OF COMMON PLEAS/ PUBLIC DEFENDER S OFFICE/JUVENILE SERVICES DIVISION

March 2007 Report No

Orange County, Texas Adult Criminal Justice Data Sheet

Oversight of Private Career Schools. State Education Department

COMMONWEALTH COURT COLLECTIONS REVIEW APRIL 2013

Cost-Benefit Analysis of Pima County s. Drug Treatment Alternative to Prison (DTAP) Program. Final Report

December 2013 Report No

August 2014 Report No

SPECIAL AND DEDICATED FUNDS 2014

Use and Management of Criminal History Record Information:

The criminal justice system: landscape review

Statistics on Women in the Justice System. January, 2014

DEPARTMENT OF PUBLIC SAFETY RESPONSE TO SENATE CONCURRENT RESOLUTION NO. 62 TWENTY-FIRST LEGISLATURE, 2001

Office of Inspector General

Personal Record Review Suppressed: This response does not include sealed or suppressed information, as detailed above.

Department of Public Safety and Correctional Services Criminal Injuries Compensation Board

August 2006 Report No

April 2007 Report No An Audit Report on Residential Child Care Contract Management at the Department of Family and Protective Services

Colorado Integrated Criminal Justice Information System (CICJIS) Program CHARTER and BYLAWS

Community Supervision in Texas

Texas Civil Commitment-Outpatient Sexually Violent Predator Treatment Program (OSVPTP) Health & Safety Code, Chapter 841

CIVIL TRIAL RULES. of the COURTS OF ORANGE COUNTY, TEXAS. Table of Contents GENERAL MATTERS. Rule 1.10 Time Standards for the Disposition of Cases...

AMENDED ADMINISTRATIVE ORDER GOVERNING A COLLECTIONS COURT PROGRAM IN ORANGE COUNTY

Office of Program Policy Analysis And Government Accountability

CRIME VICTIM ASSISTANCE STANDARDS

An Overview Of The Windham School District

Offender Screening. Oklahoma Department of Mental health and Substance Abuse Services

WHEN THE 80TH SESSION

Transcription:

Lawrence F. Alwin, CPA State Auditor An Audit Report on The Accuracy of Criminal Justice Information System Data at the Department of Public Safety and the Department of Criminal Justice December 17, 2001 Members of the Legislative Audit Committee: Based on our review of the Criminal Justice Information System (CJIS), we believe that, overall, controls to ensure the completeness and accuracy of CJIS data are stronger today than they were five years ago. However, the Department of Public Safety (DPS) must make additional improvements to further enhance the completeness and accuracy of its portion of CJIS. In addition, the Department of Criminal Justice (TDCJ) must make agencywide technology improvements to correct weaknesses affecting its portion of CJIS. For example: Our prior CJIS audit (An Audit Report on the Assessment of the Criminal Justice Information System, SAO Report No. 96-058, April 1996) identified numerous control weaknesses at DPS that had an impact on the reliability of CJIS data. DPS improved controls over the accuracy, completeness, and timeliness of data in its Computerized What is CJIS? CJIS is made up of two parts: the Computerized Criminal History system maintained by the Department of Public Safety and the Corrections Tracking System maintained by the Department of Criminal Justice. Criminal History system and has worked toward correcting past weaknesses that negatively affected CJIS data. Additional improvements in identifying incomplete and duplicate records, strengthening information technology controls, and bolstering disaster recovery planning will further improve the completeness and accuracy of CJIS data. Our previous audit work at TDCJ revealed that many basic controls needed to ensure the reliability of CJIS data were missing. These missing controls related to project management and the capture of statutorily required data elements. During this audit, we found that TDCJ had corrected some of the prior weaknesses. However, the Corrections Tracking System as a whole still lacks some basic controls to capture and store reliable data. TDCJ should continue working to address all requirements of the Texas Code of Criminal Procedure, Chapter 60, and should continue to strengthen information technology controls that will improve CJIS data. TDCJ is currently reengineering its offender management business processes. This reengineering affects systems that house CJIS data. The original completion date for this effort was August 2005. However, the final phase of reengineering has been postponed for two years and has not yet been funded. SAO Report No. 02-013 Robert E. Johnson Building Phone: (512) 936-9500 1501 North Congress Avenue P.O. Box 12067 Fax: (512) 936-9400 Austin, Texas 78701 Austin, Texas 78711-2067 Internet: www.sao.state.tx.us

Members of the Legislative Audit Committee December 17, 2001 Page 2 CJIS data is important because it is used to solve crimes and track offenders. The Criminal Justice Policy Council also relies on this data to provide population projections and other information on the criminal justice system to the Legislature. The attachment to this letter contains additional details on the results of our audit. We provided specific recommendations to DPS and TDCJ in separate management letters sent to each agency. Both agencies agreed with our recommendations and have committed to implementing corrective measures to improve data completeness and accuracy. We would like to thank both DPS and TDCJ for their assistance and cooperation during our audit. If you have any questions, please contact Julie Ivie, Audit Manager, at (512) 936-9500. Sincerely, Lawrence F. Alwin, CPA State Auditor amh/tgc Attachment cc: Department of Public Safety Chair and Members of the Board Colonel Thomas A. Davis, Jr., Director Department of Criminal Justice Chair and Members of the Board Mr. Gary L. Johnson, Executive Director Criminal Justice Policy Council Tony Fabelo, Ph.D., Executive Director

Section 1: DPS Should Strengthen Controls That Ensure the Completeness and Accuracy of CCH Data The Department of Public Safety (DPS) has made technological advances in the Computerized Criminal History system (CCH), its portion of the Criminal Justice Information System (CJIS). However, DPS must address CJIS Progress at DPS Our prior CJIS audit (An Audit Report on the Assessment of the Criminal Justice Information System, SAO Report No. 96-058, April 1996) identified numerous control weaknesses relating to the capture and storage of CJIS data at DPS. DPS has resolved the majority of these weaknesses and continues to improve the processes surrounding CCH data. However, disaster recovery planning at DPS continues to have general control weaknesses as previously reported. additional improvements that will further improve the completeness and accuracy of CCH, and therefore CJIS, data. Section 1-A: DPS Should Implement Procedures to Better Match Court Dispositions With Arresting Events Information in CCH is incomplete because DPS is not always able to match court dispositions with arresting events and complete the criminal history records. There are approximately 50,000 manual records and 60,000 automated records in suspense files because DPS is unable to match arrest records with disposition records. These records do not match because: The county has not yet submitted arrest information. Specific disposition information does not match specific arrest information. DPS does not properly track Incident Tracking Numbers (TRNs) that are assigned to arresting events. There are duplicate TRNs in DPS Automated Fingerprint Identification System (AFIS) and LiveScan system. House Bill 776 (77th Legislature, Regular Session) charged DPS with creating a name-based, searchable database to house unmatched court disposition records. DPS must rewrite or alter its current CCH system to accomplish this task. Section 1-B: DPS Should Address Problems That Lead to the Assignment of Multiple State Identification Numbers to a Single Offender CCH information is incomplete because some offenders have more than one state identification number (SID). Although each offender in the CCH system should have one unique SID, for various reasons arrest fingerprints of persons with prior criminal histories do not always match against the fingerprints already on file. This causes some offender criminal history files to be incomplete. DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 1

When a fingerprint search erroneously fails to match an existing record and a new SID is created, it is referred to as a misrap. Currently, there are approximately 3,300 manually identified misraps. Section 1-C: DPS Should Strengthen Certain Controls Over Information Technology DPS should strengthen password controls within CCH and improve the management of planning and purchasing to ensure that data is protected, users are held accountable, and expenditures are appropriate to accomplish goals. Specifically: DPS should strengthen the protection of user passwords for AFIS. The lack of adequate password management controls increases the risk of poor data integrity. DPS information technology division should improve its overall management of the information technology (IT) planning and purchasing. A centralized planning process could help ensure the successful development and management of IT initiatives and purchases. Section 1-D: DPS Should Improve Disaster Recovery Planning for Its IT Systems DPS needs to develop a comprehensive plan for disaster recovery and contingency planning and ensure that the plan encompasses all of DPS automated systems. The lack of a realistic, testable plan could affect public and officer safety. DPS existing plan is not based on a current business impact analysis. Therefore, DPS does not know exactly how the failure of its IT systems could affect the citizens of Texas and its own operations. DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 2

Section 2: TDCJ Should Improve the Corrections Tracking System to Meet Statutory Requirements and Enhance Basic IT Controls CJIS Progress at TDCJ Our previous audit (An Audit Report on the Assessment of the Criminal Justice Information System, SAO Report No. 96-058, April 1996) identified the lack of documented plans to resolve a history of automation problems at TDCJ. These problems included the lack of an adequate System Development Life Cycle and the lack of adequate reporting of project delays for implementing the requirements of Texas Code of Criminal Procedure, Chapter 60. Specifically, statutorily required information systems on probationers were not complete and were not operating as part of the Corrections Tracking System. Some of these weakness have been addressed; however, the IT environment as a whole still lacks basic controls to capture and store reliable data. TDCJ is still working to improve its systems to provide an automated environment that can capture and store Corrections Tracking System (CTS) data. CTS is TDCJ s portion of CJIS. TDCJ has corrected some of the previously reported findings and others are no longer relevant. However, additional agencywide technology improvements should be implemented to correct newly identified weaknesses affecting the completeness and accuracy of CJIS data. Section 2-A: TDCJ Should Ensure That CTS Meets Statutory Requirements TDCJ is continuing to work toward ensuring that CTS meets all the requirements of the Texas Code of Criminal Procedure, Chapter 60. It is important to address these requirements in the CTS and in the reengineered Reengineering of Business Processes at TDCJ TDCJ is currently working on an initiative to reengineer its offender management business processes. This project began in early 1995 and is still under way. The goal of the reengineering process is to develop automated systems to support the offender management process. According to TDCJ, the reengineering effort will streamline and automate business processes at TDCJ. The total estimated cost of the entire reengineering project is $96 million. The reengineering project has moved into Phase III (implementation) and has cost $11.5 million to date. The current phase of the reengineering project addresses building, testing, and implementing systems that will support the redesigned and improved processes. Initial areas of implementation for this phase focus on parole. The rest of Phase III, which will focus on inmate applications, has not yet been funded and has been postponed for two years. The reengineering of processes and systems is important because, once complete, the new systems will house CTS and CJIS data. processes. Two tasks that are part of the effort will require cooperation between TDCJ and DPS. Specifically: It is critical that TDCJ comply with the Texas Code of Criminal Procedures requirement to add TRNs to CTS. When TRN information is unavailable, there is a risk that TDCJ will not be able to ensure that complete and accurate offender information is reported from the time an offender is arrested until the time the offender is released. TDCJ must ensure that its Community Supervision Tracking System (CSTS), which is used for offenders on probation, is expanded to include the functionality it was intended to offer. Currently, CSTS does not contain state identification numbers (SIDs) for all individuals in the system. Since notifications concerning arrests of probationers or parolees are flagged and sent out using SIDs, it is impossible for the DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 3

notification feature to work properly until each individual in the CSTS has been assigned a SID. The notification system also is impaired because the process for removing information on individuals released from parole and probation is not working as intended. Section 2-B: TDCJ Should Enhance Basic Information Technology Controls TDCJ needs to strengthen basic IT controls to provide a more effective and accountable IT environment. This is especially important considering TDCJ s ongoing reengineering effort. The completeness and accuracy of CJIS data maintained by TDCJ will be affected by the completion of TDCJ s reengineering process. The reengineering process will ultimately replace the way TDCJ s current CTS captures and stores data. The CTS is a collection of mainframe-based databases that house offender information. Business processes surrounding CTS are manual, and data are entered into the databases after manual processes are complete. The reengineering process will automate the manual offender management processes and capture data in Webbased relational databases. TDCJ should: Prohibit system programmers from having access to the production environment. This is one of the most basic IT controls over system development, enhancement, and maintenance. Follow its own change management procedures for system enhancements or maintenance. Not following change management procedures increases the risk of unauthorized changes to production data, inadequate monitoring or removal of changes to production data, and inadequate documentation for future system enhancements. Improve the planning and rollout of AFIS/LiveScan to fully benefit from this system s features. Specifically, TDCJ does not have the telecommunications infrastructure in place to electronically transmit offender fingerprints and demographic information to DPS. In addition, TDCJ has not purchased software that would allow its mainframe computer to transmit demographic information to AFIS/LiveScan equipment. As a result, TDCJ must enter demographic information twice: once in its mainframe system and once in the AFIS/LiveScan system. Plan for the implementation and rollout of its newly reengineered parole system. At several district parole offices computer equipment is sitting in boxes awaiting the rollout of this system. This means that the equipment will be almost one year old before its installation. Warranties could expire before the equipment is installed. Additional expenses may be incurred for software licenses and other maintenance contracts. DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 4

Section 3: CJIS User Survey Results Indicate There Are Opportunities to Improve Overall Satisfaction With CJIS We surveyed CJIS users to gain insight on their perception of the operational status of CJIS. Results of this survey suggest that there are a number of different opportunities The CJIS Survey Our CJIS user survey consisted of 31 questions regarding user perceptions, access to the system, and demographics. We sent the survey to 748 CJIS users and received 270 completed responses (a return rate of 36 percent). We received responses from 117 arresting agencies, 94 trial courts, 36 prosecutors, 16 probation offices, and 7 parole offices. to improve users overall satisfaction with CJIS. We shared the results of the survey with DPS, TDCJ, and the Criminal Justice Policy Counsel (CJPC). CJPC will use this information in completing its portion of the CJIS audit to examine data accuracy. DPS reviewed the draft survey and requested additional information that would assist in identifying opportunities to improve user satisfaction. Section 3-A: What CJIS Users Think About the System Completeness We asked respondents whether critical data has been identified and captured within the CJIS system. Critical data would be different for each user group and would be data considered critical for that group to perform its duties. More than 63 percent of arresting agencies and 61 percent of prosecutor s offices believe that critical data is captured in CJIS. However, less than half of the courts and parole and probation departments feel that critical data has not been identified and, therefore, is not being captured. Accuracy More than 67 percent of arresting, parole, and prosecution agencies believe that CJIS information is accurate. Fifteen percent of respondents identified fields or categories of information they would classify as inaccurate. Arresting agencies and probation departments most commonly identified duplicate and multiple SIDs. Arresting agencies, prosecutors, and courts identified incomplete arrest, prosecution, and disposition information as information that is commonly inaccurate. Arresting agencies and parole offices cited poor demographic information, while courts cited offense codes as commonly incorrect. Timeliness Most respondents either considered the information in CJIS to be up-to-date or did not know if it was up-to-date. Thirty-six percent of prosecutors who responded did not consider CJIS information to be up-to-date. DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 5

Figure 1 Eight percent of arresting agencies reported that they have a backlog of data that needs to be entered into CJIS. More than 11 percent of probation departments, prosecutors, and courts also reported that they have backlogs. As Figure 1 shows, missing SIDs and staff shortages were the most Reasons for Data Backlogs common reasons cited for backlogs. Shortage of staff 36% Lack of SIDS 30% Electronic Reporting When asked what prevented them from moving forward with electronic reporting provided by DPS, 17 percent of arresting agencies cited lack of funding as the primary barrier. More than 50 percent of all respondents reported that their agencies would consider using an Internet-based data entry system. Section 3-B: CJIS Enhancements Recommended By Survey Respondents Survey responses showed that: Other 17% Lack of information/ errors from other agencies 17% Source: Survey of CJIS users performed by the State Auditor s Office. Arresting agencies commonly reported increased access and complete reporting of CJIS data is needed. Parole offices suggested access to the system, training, and implementation of TDCJ s planned reengineering upgrades would add the most value. Probation departments and prosecutors commonly identified a need for better reporting on the part of participating agencies. Courts and court clerks cited a need to enhance CJIS training. DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 6

Summary of Objective, Scope, and Methodology Our objective was to audit the accuracy of the Criminal Justice Information System s data. We reviewed controls over completeness, accuracy, and timeliness of the Criminal Justice Information System data at both the Department of Public Safety and the Department of Criminal Justice. We also followed up on previous State Auditor s Office recommendations and assessed new risks as they were identified. Texas Code of Criminal Procedure, Chapter 60, requires that the State Auditor s Office conduct this audit in conjunction with the Criminal Justice Policy Council. The State Auditor s Office portion of the audit involved examining the Criminal Justice Information System s business process control structure and identifying strengths and weaknesses. The Criminal Justice Policy Council will use this information to test the accuracy of data within the Criminal Justice Information System. The Criminal Justice Policy Council began its portion of the audit in October 2001. Our work was performed between April and September 2001. This audit was conducted in accordance with generally accepted government auditing standards. DECEMBER 2001 DEPARTMENT OF PUBLIC SAFETY AND THE DEPARTMENT OF CRIMINAL JUSTICE PAGE 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information