Audit of. Information Technology Help Desk



Similar documents
Audit of. Boca Raton Middle School's Community School Program

Audit of. Accounts Payable Procedures

Audit of Third Party Administration for Workers' Compensation

Audit of. District s Information Technology Disaster Recovery Plan

AUDITOR GENERAL WILLIAM O. MONROE, CPA

Audit of. G-Star School of the Arts For Motion Pictures and Television

March 2007 Report No

September 19, Mr. Edward Cox Chairman State University Construction Fund State University Plaza Albany, New York 12201

School District of Palm Beach County. Guidelines for Career Education Programs And District Issued Career & Technical Education Certificates

Department of Homeland Security Office of Inspector General. Immigration and Customs Enforcement Management Controls Over Detainee Telephone Services

Information Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No July 2015

M. RICHARD PORRAS CHIEF FINANCIAL OFFICER AND SENIOR VICE PRESIDENT

OFFICE FOR TECHNOLOGY ADMINISTRATION OF CONTRACT CM00664 UNISYS - ENTERPRISE HELP DESK. Report 2005-R-7 OFFICE OF THE NEW YORK STATE COMPTROLLER

FIRST AND FINAL ADDENDUM RFP FOR ROOFING SERVICES FOR DISASTER RECOVERY ASSISTANCE

A New Day: Defending People's Constitutional Rights in America

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

2016-AP-0001 Fiscal Year 2016 Annual Risk Assessment and Audit Plan

SEMINOLE COUNTY DEPARTMENT OF PUBLIC SAFETY FIRE/RESCUE DIVISION EMERGENCY MEDICAL SERVICES BILLING AND COLLECTIONS AUDIT MAY 1999

John Dew, Executive Director Florida CCOC Barrington Circle Tallahassee, Florida

Management Alert Late Payments for Highway Contract Routes Indianapolis, IN, Processing and Distribution Center (Report Number NO-MA )

U.S. Chemical Safety and Hazard Investigation Board Should Determine the Cost Effectiveness of Performing Improper Payment Recovery Audits

VA Office of Inspector General

AUDITOR GENERAL WILLIAM O. MONROE, CPA

FCMAT Chief Executive Officer Joel D. Montero

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

SEMINOLE COUNTY COURT ADMINISTRATION 18 TH JUDICIAL CIRCUIT AND SEMINOLE COUNTY ATTORNEY S OFFICE

CHIEF POSTAL INSPECTOR. Management Alert Watch Desk Notifications (Report Number HR-MA )

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236

Palm Beach County Clerk & Comptroller s Office Contracting & Purchasing Review

Department of Homeland Security

Los Angeles County Metropolitan Transportation Authority Office of the Inspector General Medicare Part B Reimbursements to Retirees

DATA CENTER OPERATIONS

East Penn School District Lehigh County, Pennsylvania

Controls Over EPA s Compass Financial System Need to Be Improved

EMPLOYEE SELF-SERVICE DIRECT DEPOSIT PROCEDURES

4. MISCELLANEOUS ITEMS TO BE RECEIVED FOR FILING

Responsibility for the Education of Exceptional Students in Residential Treatment Facilities Needs Clarification

Department of Homeland Security Office of Inspector General

Emerging Strategies for Performance Auditing

Maryland Transportation Authority

SAN MATEO COUNTY OFFICE OF EDUCATION CLASS TITLE: ADMINISTRATOR, INFORMATION TECHNOLOGY SERVICES

Department of Homeland Security

February 14, Dear Mr. John Renner and Members of the Board of Fire Commissioners:

Attorney & Financial Advisor Referral Directory

Repair services and critical job support

Transcription:

Audit of Information Technology Help Desk October 10,2003 Report 2003-15

MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation ofall our students with the knowledge, skills, and ethics required for responsible citizenship and productive employment. Arthur C. Johnson, Ph.D. * Superintendent of Schools School Board Members Tom Lynch, Chair William C. Graham Vice Chair* Paulette Burdick* Monroe Benaim, M.D. Mark Hansen Sandra Richmond Debra Robinson, M.D. Audit Committee Members Cindy Adair, Chair Richard Roberts, Vice Chair Georgette B. Carroll Max Davis Kevin James Noah Silver J uheann Rico Allison * Shelley Vana* Pam Popaca* "'Ex-Officio Audit Committee Members

Audit of Information Technology Help Desk Table of Contents Page EXECUTIVE SUMMARY 1 PURPOSE AND AUTHORITY SCOPE AND METHODOLOGY BACKGROUND 2 2 3 CONCLUSIONS 1. No Trend Analysis Reports 4 2. First-Level Support Knowledge Base not Developed 4 3. No Procedure for Transfer of Staff Knowledge Prior to Employees' Retirement or Termination 5 4. HEAT Users with Inappropriate IDs and Access 5 APPENDIX Management's Response 7

Audit of Information Technology Help Desk Executive Summary The District purchased the HEAT system in January 1999 for $65,720 in order to track help calls, report on trends, and reduce the number of Help Desk calls by providing employees with access to HEAT's First Level Support knowledge-base through the internet. Approximately 31,000 help calls were received through the HEAT system from July 1, 2002 to June 30, 2003, an increase ofover 2,000 calls from the prior year. The Help Desk resolved about 10,000 (33%) ofthese calls through the initial phone call. The other 20,000 help calls resulted in work orders, which were completed within an average of25 workdays by designated staff. The primary objectives ofthe audit were to determine whether: The Help Desk management generated trend analysis reports for all help calls. The number offuture help calls was reduced and problems were resolved by using the HEAT knowledge-base. Staff knowledge was properly captured before employee's retirement or termination. HEAT IDs and access were appropriate for users. The audit produced the following major conclusions: I. No Trend Analysis Reports. Help Desk Management did not generate reports to analyze help call trends, which was one ofthe original justifications to purchase the HEAT system. Analysis of trends for help calls will assist IT in meeting the needs ofcallers, with accurate and timely information and data for effective and efficient management. Management's Response: Concur. 2. First Level Support Knowledge-Base not Developed. Utilizing the First Level Support (FLS) knowledge-base software tool was one ofthe primary justifications for the purchase of HEAT. This feature stores information and provides online answers to questions and solutions to some problems, thus reducing the number ofhelp calls. This tool is not in use at the District. Management's Response: Concur. 3. No Procedure for Transfer of Staff Knowledge Prior to Employees' Retirement or Termination. The district was not proactive in capturing employees' knowledge in the HEAT system prior to employees' retirement. Consequently, IT Support personnel were unable to answer specific technical questions regarding the HEAT database, reporting functions, or security. Management's Response: Concur. 4. HEAT Users with Inappropriate IDs and Access. Too many users (including contractors) had access to update all HEAT data. Management's Response: Concur. I

THE SCHOOL DISTRICT OF PALM BEACH COUNTY, FLORIDA OFFICE OF DISTRICTAUDITOR 3346 FOREST HILL BOULEVARD, SUITE 8-302 WEST PALM BEACH, FL 33406 (561) 434-7335 FAX: (561) 434-8652 MEMORANDUM LUNG CHIU, CPA DISTRICT AUDITOR ARTHUR C. JOHNSON, Ph.D. SUPERINTENDENT TO: FROM: Honorable Chair and Members of the School Board Arthur C. Johnson, Ph.D., Superintendent of Schools Chair and Members of Audit Committee klc, Lung Chiu, CPA, District Auditor DATE: October 10, 2003 SUBJECT: Audit of Information Technology Help Desk PURPOSE AND AUTHORITY Pursuant to the District's Audit Plan 0/2002-2003, we have audited the District's Help Desk. The primary objectives of the audit were to determine whether: The Help Desk management generates trend analysis reports for all help calls. The HEAT knowledge-base was developed to help resolve problems and reduce the number of future help calls. Staff knowledge was properly captured before employee's retirement or termination. HEAT users had appropriate IDs and access. SCOPE AND METHODOLOGY The audit was performed by Ellen Steinhoff, CISA, in accordance with Government Auditing Standards, during July through August 2003. This audit included interviewing staff of Information Technology and reviewing: Documentation and reports. Access to HEAT tables. Applicable School Board Policies. Back ups to HEAT data. 2 AN EQUAL OPPORTUNITY EMPLOYER

Audit conclusions were brought to the attention of staff during the audit so that necessary corrective actions could be implemented immediately. The draft report was sent to Information Technology for review and comments, and the response is included in the Appendix. We would like to thank staff for their cooperation and courtesy extended to us during the audit. The final draft report was presented to the Audit Committee at its October 10, 2003 meeting. BACKGROUND When school centers and departments have computer related problems, staff finds solutions by accessing the HEAT Self Service Help Desk system through the District's HEAT web site, or by calling the Help Desk. The Help Desk is comprised ofthree employees. User IDs and passwords are provided to staff to access the web and initiate a work order. HEAT automatically routes work orders to the appropriate group (Network Services, Communications, Operations, etc.), depending on the nature ofthe problem and the source location ofthe call. Work orders are assigned to appropriate staff member based on their current tasks, location, and expertise. Parts and supplies needed for repairs are ordered prior to technicians' site visits. Technical employees assigned to resolve the reported problems have user IDs with update access to HEAT. This allows staff to update the status ofhelp calls regarding problems, enter solutions, and close out the work orders. The status ofhelp calls can be reviewed via the district's HEAT SelfService web site. As shown in the chart below, approximately 31,000 calls were received through HEAT from July 1,2002 to June 30, 2003, an increase ofover 2,000 calls from the prior year. The Help Desk resolved about 10,000 (33%) ofthese calls through the initial phone call. The other 20,000 work orders were generally completed within 25 workdays by a designated staff While the number of calls increased due to the addition ofnew schools, etc., the number ofemployees remained the same. Over the last two months alone, two full time employees retired; one ofthem was the Help Desk HEAT expert. All Calls Received between 71112002 and 0613012003 ~,--------------------------------------------------------- 4000 f---- ~3OOJ f---- '8 1 ~ 1000 712002 1!I2002 912002 10/2002 1112002 1212002 112003 212003 312003 4/2003 5/2003 612003 The District purchased the HEAT system in January 1999 for $65,720, with an annual software maintenance fee of$9,509 for 2002 and $10,001 for 2003. The original justifications to purchase this system were to track calls, report on trends, and reduce the number ofhelp Desk calls by having employees access the HEAT First Level Support knowledge-base on the web site. Ifusers 3

could not find a solution first through the District's web site knowledge-base, they could enter a work order and then track the status of it through HEAT. CONCLUSIONS (AJ Help Desk Management 1. No Trend Analysis Reports. One ofthe original justifications to purchase the HEAT system was to generate trend analysis reports of all help calls. However, Help Desk Management did not generate reports to analyze the trend for all help calls. Analysis of trends for help calls will assist IT in determining the customer demands, with essential information and data for more effective and efficient management. Help Desk should be a resource to assist IT Support in providing trends and become proactive and preventive. Turnaround Time Trend Reports were generated during the end of the audit. Management's Response: IT concurs with this conclusion. IT has completedfour reports using the HEAT System: Call volume by month, call volume by time ofday, identification of calls by nature ofproblem involving application, and software/hardware/resolution status of calls. IT will continue to develop additional reports to look at the nature ofthe problem calls. The status is complete. (Please see page 7.) 2. First Level Support Knowledge-Base not Developed. The HEAT First Level Support (FLS) knowledge-base is a software tool included in the system that can store information and provide online answers to questions and solutions to problems. When the District purchased HEAT in January 1999, a primary justification was for users to access the HEAT FLS knowledge-base and try to resolve problems themselves, instead of calling the Help Desk. However, a review of the District's HEAT Internet location: 'IHEATIHSS' confirmed that although there is a description of how to use the knowledgebase, no icon was available to use it. Apparently, some features ofthe system were not in use by District staff. Developing an action plan to gradually build the Heat knowledge-base will help IT in the long run. User Support should become more proactive and preventive in order to meet the increasing demands ofusers. District staff can also contribute their valuable know-how to the knowledge-base. Time needed for resolving similar issues in the future could be reduced. For example, some ofthe 611 calls related to document printing received through HEAT, from July 1, 2002 to June 30, 2003, could have been resolved more efficiently through the knowledge tree without going through the Help Desk. In addition, answers to common questions for Word, Excel, Access, and other PC software could be stored in the knowledgebase memory to handle future questions more efficiently. 4

Management's Response: IT concurs with this conclusion. IT is building the Knowledge Base to populate with data. This will allow for more accurate and immediate user assistance. The estimated completion date for building the Knowledge Base is June, 2004. Populating the knowledge base is an ongoing activity. (Please see page 7.) 3. No Procedure for Transfer of Staff Knowledge Prior to Employees' Retirement or Termination. IT Support personnel were unable to answer specific technical questions regarding the HEAT database, reporting functions, or security. This was due to a lack ofa procedure to formally transfer knowledge from the previous HEAT expert, who retired June 30,2003, after 35 years with the District. The district should be more proactive in capturing this employee's knowledge in the HEAT system. We recommend that a procedure be established to ensure that key technical employees who plan to leave the school district cross-train other staff members in their job duties, when possible. This should provide for a smooth transition and decrease the loss oftheir knowledge-base. Management's Response: IT concurs with this conclusion. A written procedure addressing technical staffleaving the school district will be developed for implementation by January, 2004. (Please see page 7.) (B) HEAT Security 4. HEAT Users with Inappropriate IDs and Access. IT User Support staff (1) assign, (2) acknowledge, and (3) update solutions to work orders. 92 users had access to request these functions as ofjuly 21, 2003. The following issues were identified: 92 users had access to update all HEAT tables. With that many users having access to update the information, the HEAT system data could be inadvertently or purposely destroyed or corrupted. Access to update the tables should be restricted to only the HEAT System Administrator. Users with access to update all HEAT tables included: Seven contractors Two teachers One food service employee The prior HEAT system administrator who retired June 30, 2003. Eight generic user IDs did not have employee names defined to the ID. No Exception Reports were generated that would highlight any inappropriate changes made to the HEAT system tables. 5

To preserve the integrity ofthe HEAT work order system, management has agreed to: Limit HEAT user IDs to access only the tasks required to perform the employees' jobs (respond to and update work orders). Restrict HEAT access to only current employees, on an as-needed basis. Create unique HEAT user IDs for each employee, for accountability purposes. Research HEAT Exception Reports for use in tracking changes to critical system tables. Management's Response: IT concurs with this conclusion. We are using the built in security ofthe HEAT system to define levels ofaccess and to protect the integrity ofthe data tables. Security procedures are now in place for assigning users and security levels. (Please see page 7.) 6

Appendix A Management's Response THE SCHOOL DISTRICT JIM SHEEHAN ARTHUR C. JOHNSON. Ph.D. OF PALM BEACH COUNlY. FLORIDA CHIEF INFORMATION OFFICER SUPERINTENDENT INFORMATION TECHNOLOGY 3348 FOREST HIll. BOUlEYARD WEST PALM BEACH. FL 33406-5869 (561) 434-8830 October 3, 2003 TO: ~~~!' LungChiu District Auditor J FROM: Bamara King, Manage!rev DISTRICT AUDITOR Infonnation Technology SUBJECT: IT Response for the Audit ofinfonnation Technology Help Desk The IT responses for the Audit ofinfonnation Technology Help Desk are listed below. (A) Help Desk Management 1. No Trend Analysis Reports. IT concurs with this conclusion. IT has completed four reports using the HEAT System: Call volume by month, call volume by time of day, identification of calls by nature of problem involving application, and softwarelhardwarelresolution status of calls. IT will continue to. develop additional reports to look at the nature ofthe problem calls. The status is complete. 2. First Level Support Knowledge-Base not Developed. IT concurs with this conclusion. IT is building the Knowledge Base to populate with data. This will allow for more accurate and immediate user assistance. The estimated completion date for building the Knowledge Base is June, 2004. Populating the knowledge base is an ongoing activity. 3. No Procedures for Transfer of Staff Knowledge Prior to Employees' Retirement or Termination. IT concurs with this conclusion. A written procedure addressing technical staff leaving the school district will be developed for implementation by January, 2004. (8) HEAT Security 4. HEAT Users with Inappropriate IDs and Access. IT concurs with this conclusion. We are using the built in security of the HEAT system to define levels of access and to protect the integrity of the data tables. Security procedures are now in place for assigning users and security levels. CC: Trevor Campbell Ken Meltzer Rich Contartesi Larry Padgett Marion Wei! 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information