Auditor General mini logo    Summary

Report Number:

2006-087

Report Title:

Selected State Agencies’ Public Web Sites - Information Technology Audit

Report Period:

07/2004-06/2005 and Selected Actions through 10/2005

Release Date:

01/24/2006

State of Florida agencies increasingly rely on electronic government (e-Gov) services for the delivery of government services to citizens; dissemination of information; enhanced interaction with vendors conducting business with the State; and more efficient government management.  E-Gov utilizes information technology (IT), including the Internet and internal State networks (Intranets), to interact with citizens, State employees, and those conducting business with the State. 

Our audit focused on evaluating certain general IT controls applicable to selected public Web sites, on-line applications, and supporting networks during the period July 2004 through June 2005, with selected actions taken through October 2005, at the following State agencies:  Department of Agriculture and Consumer Services (DACS); Department of Financial Services (DFS); Fish and Wildlife Conservation Commission (FWC); Department of Health (DOH); Department of Highway Safety and Motor Vehicles (DHSMV); State Technology Office (STO)[1]; and Department of Transportation (DOT).  Our audit also included an evaluation of the agencies’ progress in making their e-Gov services accessible to people with disabilities.  This portion of our audit was extended to include the MyFloridaMarketPlace and People First applications of the Department of Management Services (DMS).  Appendix A lists the Internet addresses of the agency Web sites and on-line applications included within the scope of our audit. 

Certain deficiencies were noted relating to various agencies’ Web sites, on-line applications, and supporting networks.  Specifically, we noted that:

Finding No. 1:    Agencies could not demonstrate that certain Web sites and e-Gov services were accessible to people with disabilities.

Finding No. 2:         Certain STO enterprise standards for coding and design of Web sites were not consistently followed.

Finding No. 3:         Agencies lacked written Web content management strategies for ensuring the integrity of Web site content. 

Finding No. 4:         The six agencies within the scope of audit that had e-Gov applications either had not established written procedures, or had incomplete procedures, for response strategies to be followed if personal identification information was compromised in a security breach. 

Finding No. 5:         We noted deficiencies in hyperlinks within the agencies’ Web sites. 

Finding No. 6:         Current written procedures for managing Web domain names were not maintained by all agencies.

Finding No. 7:         Written procedures had not been fully developed by several agencies for maintaining Web site availability during periods of high demand created by emergency events, such as hurricanes.  Additionally, not all agencies addressed the recovery of e-Gov services in their IT disaster recovery plans. 

Finding No. 8:         Certain deficiencies were noted in security-related controls at DHSMV. 

 

[1]Effective July 1, 2005, the responsibilities of the STO were assumed by the Department of Management Services.

The heads of the applicable agencies provided responses which are included at the end of this report as Appendix B.