Summary

Our operational audit of the Department of State (Department) for the period July 2006, through February 2008, and selected Department actions through June 2008, focused on the processes and controls established by the Division of Corporations (Division) related to revenues and cash receipts and selected information technology (IT) functions relating to change management and access controls.  Our audit also included a follow-up on selected prior audit findings.   Our audit disclosed the following deficiencies:

Change Management Controls

Finding No. 1:   Division change management controls need improvement.

Access Controls

Finding No. 2:   Division access controls need enhancement. 

Provider Contracts

Finding No. 3:   The Division did not include penalty and dispute resolution provisions within one of its provider agreements.  In addition, the Division did not adequately monitor and enforce provider contract terms and conditions.

Contract Monitoring

Finding No. 4:    The Division’s contract with its document management service provider did not require an independent auditor’s report describing the effectiveness of the provider’s relevant internal controls.

Reconciliation Process

Finding No. 5:   The Division did not perform reconciliations between the State’s accounting system and the Division’s revenue records.

Revenue Collection Controls

Finding No. 6:   The Division did not, in some instances, adequately resolve prior audit findings related to the apostille revenue collection process.

The Secretary’s response is included in its entirety at the end of this report as APPENDIX A.