Summary

The Inmate Bank System, administered by the Department of Corrections, accounts for moneys received and disbursed for an inmate’s personal use or benefit. Until October 2000, the Inmate Bank System was a Statewide application that ran independently at each of the Department’s facilities.  During October 2000, in an effort to accommodate budget restraints, according to the Department, this function was centralized, and, during our audit period, resided within the Department’s Central Office, Bureau of Finance and Accounting. 

Our audit of the Inmate Bank System for the period March 2003 through June 2003, and selected Department actions taken through July 2003, focused on evaluating selected information technology functions, and determining the effectiveness of selected general and application controls, including application system modifications, access to programs and data, user controls and controls over selected areas of input, processing, output, and manual follow-up.  We also determined management’s awareness of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) legislation and what actions, if any, had been taken concerning this legislation.  In addition, we determined whether the Department had corrected, or was in the process of correcting the access and reconciliation related deficiencies disclosed in audit report No. 03-022.

 The results of our audit are summarized as follows:

Finding No. 1:  Improvements were needed in the Department’s program change control procedures with regard to documenting program changes in the client server environment. 

Finding No. 2:  The Department needs to improve its IT risk management practices and certain security controls protecting the Inmate Bank System.

The Secretary's and Chief Information Officer’s written responses to the audit findings and recommendations are included on the Auditor General web site.