| Audit Objective: To assess the effectiveness and efficiency
of the department's automated information systems.
Conclusion: We concluded that the department's automated information
systems were generally effective in processing the department's data. However,
we noted reportable conditions that, if corrected, would increase the effectiveness
and efficiency of the automated information systems. These conditions relate to
the lack of automation of many of the deferred compensation and family care account
functions (Findings 1 and 2).
Audit Objective: To assess the effectiveness of the internal
control structure over the department's automated information systems.
Conclusion: We concluded that the department had not fully implemented
an effective internal control structure over the automated information systems.
Our assessment disclosed four material weaknesses. The department had not established:
� Access control procedures to help prevent unauthorized persons from accessing
and using the automated information systems (Finding 3).
The department agreed with the finding and has taken steps to improve access controls.
However, some weaknesses will not be addressed until software is modified.
� Data conversion control procedures to help ensure that Continued Group Insuranace
System (CGIS) applications and billings are processed in a timely manner (Finding
4).
The department agreed with the corresponding recommendation and will provide training
and coordinate efforts to ensure that applications and billings are processed in
a timely manner.
� Processing control procedures to help ensure that data was properly processed
by the CGIS and the Family Care Accounts System (Finding 5).
The department agreed with the corresponding recommendations and informed us that
it is currently auditing CGIS billing rates and will coordinate procedures for editing
input data.
� Output balancing and reconciliation control procedures to help ensure the
accuracy of information processed and produced by the automated information systems
(Finding 6).
The department agreed with the corresponding recommendation and will comply by
revising its output balancing and reconciliation procedures.
Our assessment also disclosed a reportable condition regarding the absence of
Audit Services Division reviews and evaluations of the department's data processing
function (Finding 7).
Audit Objective: To assess the effectiveness of the internal
control structure over the Network Systems Center (NSC).
Conclusion: We concluded that the internal control structure
over NSC was generally effective. However, we noted some reportable conditions
that, if corrected, could improve the internal control structure over NSC. These
conditions relate to weak controls over Local Area Network access, planning and
acquisitions, and hardware and software inventories (Findings 8 through 10).
Audit Objective: To assess the effectiveness of the internal
control structure over the Data Services Division (DSD).
Audit Conclusion: We concluded that the department's internal
control structure over DSD was generally effective. However, we noted reportable
conditions that, if corrected, could improve the internal control structure over
DSD. These conditions relate to reducing the risk of unauthorized access to the
department's data files, computer programs, and system software (Findings 11 and
12); ensuring adequate controls over security administration; involving management
in prioritizing development resources; establishing complete procedures and documentation;
and providing physical site security (Findings 13 through 16). | 
![[Up]](/images/arrw3u.gif){kind=small}
![[Previous]](/images/arrw3l.gif){kind=small}
![[Next]](/images/arrw3r.gif){kind=small}