Summary
Summary
| Report Number: | 2007-006 |
| Report Title: | Florida International University PeopleSoft Financials System - Information Technology Audit |
| Report Period: | 08/2005-01/2006 and Selected Actions through 06/2006 |
| Release Date: | 07/26/2006 |
Florida International University (University) utilized the PeopleSoft financials and student administration application suites as its enterprise resource planning (ERP) solution. The applications operated within an Internet-based environment supported by the Division of Information Technology. The University Technology Services (UTS) department provided a central computer facility for the University, including support for the campuswide network backbone, computer operations, and telephone service. Although UTS provided computing services, various individual colleges and departments also maintained their own networks and computing facilities and connected to the overall FIU network through UTS-maintained routers. UTS was responsible only for the network backbone and did not assume maintenance of any equipment outside of the core network.
Our audit focused on evaluating selected information technology (IT) controls applicable to the PeopleSoft financials system, as implemented and administered by the University, and selected internal controls related to the University’s overall IT environment, for the period August 2005 through January 2006, and selected actions taken through May 2006.
As described below, we noted that improvements were needed in certain controls related to the University’s IT functions and practices.
Finding No. 1: There was a need for improved University-level governance of the PeopleSoft financials system and the enterprise data contained therein.
Finding No. 2: Improvements were needed in certain security controls within the overall operations of the application and the supporting network environment at the University.
Finding No. 3: Deficiencies were noted in the University’s procedures for restricting access to appropriate users.
Finding No. 4: Improvements were needed in the change management process.
Finding No. 5: Deficiencies were noted in the disaster recovery plan and process.
Finding No. 6: Environmental control improvements were needed at the University’s Data Center.
The President’s response is included at the end of this report as Appendix A.