Summary

The Chief Financial Officer (CFO) serves as the chief fiscal officer of the State and is responsible to settle and approve accounts against the State and keep all State funds and securities.  The CFO heads the Department of Financial Services (Department) that has a wide range of constitutional and statutory responsibilities.  Within the Department, the Division of Treasury performs functions generally associated with private financial institutions, such as deposit security, funds management, and deferred compensation.  To perform the Division of Treasury’s functions, the Department maintains approximately 22 individual Division of Treasury information technology (IT) systems (Treasury systems).

Our audit focused on evaluating selected IT controls applicable to the following Treasury systems:  Bank Accounts, Investment Accounting, Chargebacks, Receipts, and Verifies during the period January 2008 through March 2008. 

The results of our audit are summarized below:

Finding No. 1:     Program change controls for the Treasury systems needed improvement.

Finding No. 2:     Some excessive and inappropriate system access privileges existed.  Additionally, terminated and reassigned employees’ access privileges were not removed in a timely manner.

Finding No. 3:     Aspects of the Department’s practices for managing access privileges needed improvement.

Finding No. 4:     In addition to the matters discussed in Finding Nos. 2 and 3, certain Department security and application controls needed improvement.  Specific details of these issues are not disclosed in this report to avoid the possibility of compromising the Department’s data and IT resources.  

The Chief Financial Officer's written response to the audit findings is included in the audit report as APPENDIX A.