Auditor General
Thomas H. McTavish, C.P.A.
Auditor General
|
Auditor General Thomas H. McTavish, C.P.A. Auditor General |
|
![[Up]](/images/arrw3u.gif){kind=small}
| ![[Left]](/images/arrw3l.gif)
![[Next]](/images/arrw3r.gif){kind=small}
|
| INTRODUCTION | This report contains the results of our performance audit of the Division of Management and Information Systems (DMIS) and Selected Automated Information Systems, Department of Public Health, for the period August 1, 1992 through July 31, 1995. |
|---|---|
| AUDIT PURPOSE | This performance audit was conducted as part of the constitutional responsibility of the Office of the Auditor General. Performance audits are conducted on a priority basis related to the potential for improving effectiveness and efficiency. |
| BACKGROUND | DMIS is responsible for providing information processing services to the
Department. DMIS's mission is to develop, implement, and operate the
automated information systems for the Department, including the Special
Supplemental Food Program for Women, Infants, and Children (WIC)
Automated Information System (M-TRACX). The WIC Division uses this
system for participant enrollment, on-line coupon issuance, coupon
redemption, vendor payment and monitoring, and administrative reporting
and recordkeeping. During fiscal year 1993-94, M-TRACX contained
information for 239,791 participants at 259 clinics, issued approximately
8 million WIC coupons, and processed vendor payments of $114.6 million.
DMIS also designed and developed the Noncommunity Water Supply Type 2 system (T2) for the Division of Water Supply (DWS). T2 is a local area network-based system that tracks bacteriological monitoring of noncommunity water supply systems and processes annual fee invoices for each system. During fiscal year 1993-94, DWS collected approximately $1.2 million in annual fees from 10,800 noncommunity water supply system owners. For fiscal year 1993-94, DMIS expenditures totaled approximately $6.4 million. As of July 31, 1995, DMIS had 61 employees. |
| AUDIT OBJECTIVES AND CONCLUSIONS |
Audit Objective: To assess the effectiveness of the M-TRACX
application controls in processing only authorized data promptly,
accurately, and completely and in aiding compliance with federal
laws and regulations.
Conclusion: M-TRACX application controls over on-line coupon issuance, coupon redemption, vendor payments and monitoring, and administrative reporting and recordkeeping were reasonably effective in processing authorized data promptly, accurately, and completely and in aiding compliance with federal laws and regulations. However, we did identify the following material conditions relating to application controls over participant enrollment:
The Department responded that it agreed with the finding and that it would monitor the issues during management evaluations of the WIC clinics. The Department responded that it agreed with the recommendation as it relates to parts a. and c. of the finding. However, the Department did not fully agree with the recommendation as it relates to part b. of the finding. The Department feels that the use of automatic terminations could result in the inappropriate and unnecessary termination of participants. The Department responded that it agreed with the recommendations and were taking action to comply. The Department responded that it agreed with the recommendation and will comply. Audit Objective: To assess the effectiveness of the Department's local area networks (LAN's) and T2 in providing reliable and secure information. Conclusion: The Department's LAN's and T2 were not effective in providing reliable and secure information. Our assessment disclosed two material conditions:
The Department responded that it has complied with the recommendation. The Department responded that it agreed with the recommendation and was developing standards and policies to address LAN security. Audit Objective: To assess the effectiveness of DMIS general controls in providing reliable and secure information. Conclusion: DMIS general controls were reasonably effective in providing reliable and secure information. However, we noted reportable conditions involving access controls and certain general controls that, if corrected, could improve the control structure over DMIS (Findings 12 and 13). |
| AUDIT SCOPE AND METHODOLOGY | Our audit scope was to examine the information processing and other
records of the Division of Management and Information Systems and
selected automated information systems for the period August 1, 1992
through July 31, 1995. Our audit was conducted in accordance with
Government Auditing Standards issued by the Comptroller General of the
United States and, accordingly, included such tests of the records and
such other auditing procedures as we considered necessary in the
circumstances.
Our methodology included developing a preliminary assessment of DMIS and the automated information systems. We then reviewed the information and determined where to concentrate our detailed analysis and testing. We designed tests of the control structure and performed those tests to meet our audit objectives. We evaluated the results of our testing and reported our findings. |
| AGENCY RESPONSES AND PRIOR AUDIT FOLLOW-UP | Our audit report contains 13 findings and 17 corresponding recommendations.
The agency preliminary response indicated that it agreed with all of our
recommendations.
The Department had complied with 18 of the 25 prior audit recommendations included within our current scope of audit. We repeated 3 prior audit recommendations in this report. |
|
|
|