Summary

Pursuant to Section 121.1905, Florida Statutes, the mission of the Department of Management Services (Department), Division of Retirement (Division) is to provide quality and cost-effective retirement services to members participating in the Florida Retirement System (FRS).  The Division also has oversight responsibility for the Firefighter and Municipal Police Pension Plans authorized by Chapters 175 and 185, Florida Statutes, respectively.  The Integrated Retirement Information System (IRIS) is used by the Division to support the functions required to provide retirement services.

Our audit focused on evaluating selected information technology (IT) functions applicable to IRIS during the period September 2007 through January 2008, with selected actions taken from July 1, 2006, and determining the status of corrective actions regarding prior audit findings disclosed in audit report No. 2004-143.  The Retirement On-line application, an extension of IRIS that uses Internet technology to provide information and services to members, employers, and retirees, was not within the scope of this audit. 

The results of our audit are summarized below:

Finding No. 1:         The Division’s IT controls for ensuring the completeness of data received for processing in IRIS needed improvement.

Finding No. 2:        Division security controls over the IRIS application, data, and supporting IT environment needed improvement.

Finding No. 3:        The Division’s program change controls for IRIS needed improvement.

Finding No. 4:        The Division’s disaster recovery plans were not current and had not been approved by management.

Finding No. 5:        We noted instances where software patches and antivirus updates had not been applied in a timely manner.

The Secretary's response is included at the end of this report as Appendix A.