Summary

The Department of Business and Professional Regulation (Department) provides licensure and regulation for specific industries and professionals, and oversees and administers many professional boards, councils, and commissions.  The Single Licensing System (SLS) project established a shared services environment that includes the Customer Contact Center, Central Intake, and Education and Testing facilities.  The Department contracted with Accenture LTD (Accenture) to implement the SLS, a web-based, customer interactive licensing system.  Under the multiple year contract, Accenture was assigned the responsibility for application management services for the SLS, including system support and modification, technical support, hosting services, and project management and administration.

Our audit focused on management controls and selected information technology (IT) functions applicable to the SLS, the Department’s efforts to manage its application contract with Accenture, and the general user satisfaction with the SLS during the period August 2003 through November 2003.

As described below, we noted deficiencies in the general and application controls related to the SLS:

Finding No. 1:     Aspects of the Department’s monitoring of Accenture’s application management services needed improvement.

Finding No. 2:     The Department had not conducted operational and technical training for Department staff with regard to the SLS.

Finding No. 3:     Individual Department and contractor IT personnel were assigned incompatible duties and access privileges.

Finding No. 4:     Deficiencies were noted in LicenseEase data input edits that affected the completeness and accuracy of data within the system.

Finding No. 5:     The Department had not consistently performed background checks for individuals in positions of special trust and had not ensured that fingerprinting had been completed when background checks were conducted.  Furthermore, the Department did not have a provision in its contract with Accenture that provided for background checks, including fingerprinting, for contract and subcontract personnel.

Finding No. 6:     The Department and the State Technology Office (STO) did not have a signed agreement for the use of the Technology Resource Center. 

Finding No. 7:      Issues were noted regarding security controls related to the SLS.

The Chief Information Officer’s and Secretary's written responses to the audit findings and recommendations are included in their entirety in the report and can be viewed on the Auditor General web site.