Summary

The Department of Transportation (Department) is responsible for the development and maintenance of Florida’s transportation system.  Among the application systems used by the Department for project and financial management purposes are the SiteManager module of the TRNS*PORT System (SiteManager), the Laboratory Information Management System (LIMS), and the Consultant Invoice Transmittal System (CITS).  The Department uses these systems as follows:

• SiteManager – to generate and approve payments for construction and maintenance projects.

•  LIMS – to record and report construction material sampling results to ensure that materials used met contract specifications.

• CITS – to approve related payments for consultants who submitted invoices via the Internet.

Our audit focused on evaluating selected information technology (IT) controls applicable to SiteManager, LIMS, and CITS during the period April 2008 through June 2008 and selected actions through August 1, 2008.  Specifically, the audit included selected application IT controls and selected general IT controls over systems modification and logical access to programs and data.

The results of our audit are summarized below:

Finding No. 1:     The LIMS program change controls were deficient and did not follow the Department’s information systems development methodology (ISDM).

Finding No. 2:     Certain security controls related to SiteManager, LIMS, and CITS and the supporting computer environment at the Central Office, Turnpike Enterprise, and Districts needed improvement.  We are not disclosing specific details of the issues in this report to avoid the possibility of compromising the Department’s data and IT resources. 

Finding No. 3:     The Department’s Electronic Security for Public Records Exemptions Policy was outdated. 

The Secretary's response is included at the end of this report as APPENDIX A.