Summary
Summary
| Report Number: | 2007-200 |
| Report Title: | Department of Children and Family Services - Grants and Other Revenue Allocation and Tracking System - Information Technology Audits |
| Report Period: | 10/2006 - 03/2007 |
| Release Date: | 06/28/2007 |
The Department of Children and Family Services’ (Department) Grants and other Revenue Allocation and Tracking (GRANT) System captures and sorts data from the State’s accounting system, Florida’s Accounting Information Resource, (FLAIR), to allocate expenditures to funding sources, calculate federal reimbursements, and perform other financial activities. The Office of Revenue Management, organizationally within Financial Management under the Secretary of Administrative Services for the Department, utilizes the GRANT System to collect and report data for all revenue sources used by the Department and to provide detailed analysis of grant activity, cost allocation, and cash management information. Ultimately, the GRANT System supplies data used to compile Departmentwide reports required by the Federal Government, including the annual Schedule of Expenditures of Federal Awards (SEFA).
Our audit focused on evaluating the effectiveness of selected internal controls related to the GRANT System and its information technology (IT) environment for the period October 2006 through March 2007. The results of our audit are summarized below:
Finding No. 1: The Department needed a more comprehensive security program to ensure that exposures and vulnerabilities of IT resources had been sufficiently assessed by management and addressed through enforced user and system security controls.
Finding No. 2: We noted that Department staff could not provide a comprehensive and accurate listing of all terminated employees. In addition, we noted instances where Department staff did not remove access privileges of terminated employees in a timely manner.
Finding No. 3: GRANT System documentation, policies, procedures, and training needed improvement.
Finding No. 4: Improvements were needed in the GRANT System’s change management process to promote a proper segregation of duties and monitoring of change management activities.
Finding No. 5: The GRANT System did not produce transaction logs that were readily available for researching unauthorized or erroneous transaction activity.
The Secretary's response is included in the report as Appendix A