Summary
Summary
| Report Number: | 2007-027 |
| Report Title: | Department of Financial Services - Florida Accounting Information Resource Subsystem - Information Technology Audit |
| Report Period: | 07/01/2005-06/30/2006 and Selected Actions through 08/18/2006 |
| Release Date: | 10/03/2006 |
The Florida Accounting Information Resource Subsystem (FLAIR) is the State of Florida’s accounting system. Pursuant to Sections 215.93(1)(b) and 215.94(2), Florida Statutes, FLAIR is a subsystem of the Florida Financial Management Information System and the Department of Financial Services (Department) is the functional owner of FLAIR. FLAIR’s functions, as provided in Florida law, include accounting and reporting so as to provide timely data for producing financial statements for the State in accordance with generally accepted accounting principles and for auditing and settling claims against the State.
Our audit of FLAIR focused on evaluating selected information technology (IT) controls, applicable to the system during the period July 1, 2005, through June 30, 2006, including selected Department actions through August 18, 2006, and determining the status of prior audit deficiencies. In addition, we determined the status of the development of the FLAIR replacement system, Aspire. We also examined selected controls surrounding key interfaces between FLAIR and MyFloridaMarketPlace (MFMP) and People First.
The results of our audit are summarized below:
Finding No. 1: We continued to note instances where the Department did not timely remove the access privileges of terminated employees. The Department also did not timely modify the access capabilities of individuals who transferred or no longer required access to the Departmental Accounting Component of FLAIR.
Finding No. 2: We noted a weakness in the Payroll Component user identification and authentication controls.
Finding No. 3: We noted certain deficiencies in the Department’s security control features, in addition to the matters described in Findings No. 1 and 2, and in Federal law compliance.
Finding No. 4: The Department needed to expedite its review and revision of Division of Information Systems’ policies and procedures to provide current, written governance of its IT program.
The Chief Financial Officer's response is included at the end of this report as Appendix A.