Summary

Our audit focused on management controls and selected information technology (IT) functions applicable to the PeopleSoft applications at the St. Petersburg College (College) for the period January 1, 2001, through December 31, 2001.

PeopleSoft Education and Government (E&G) software is being used to provide collegewide administrative support.  The College is running version 7.5 of the PeopleSoft Financials and version 7.6 of the PeopleSoft HR/Payroll System, and is implementing version 8 of the PeopleSoft Student System.

Certain deficiencies were noted in the College’s access, systems development and modifications, and general management controls.  Specifically, these deficiencies included:

•  Lack of a collegewide security program to ensure that exposures and vulnerabilities of IT resources had been sufficiently assessed by management and addressed through enforced user and system access controls;

• Lack of policies and procedures defining change management procedures regarding PeopleSoft applications;

•  Lack of formal testing of the College’s disaster recovery plan regarding the continued operations of PeopleSoft applications through the hot-site.

The College's response can be viewed in its entirety on the Auditor General Web site.