Summary

The Florida Public Assistance (FloridaPA) System is a Web-based portal used by the Division of Emergency Management (Division) to manage public assistance relating to disaster relief and recovery.  The Department of Community Affairs (Department) provides information technology (IT) infrastructure and support services, including server and network support, for the FloridaPA System.

Our audit focused on evaluating the effectiveness of selected IT controls applicable to the FloridaPA System for the period May 2008 through July 2008 and selected actions through September 2008.  The results of our audit are summarized below:

Finding No. 1:         Department and Division security policies and procedures had not been fully developed or approved and were not sufficiently comprehensive.

Finding No. 2:        Neither the Department nor the Division had an Information Systems Development Methodology (ISDM) to govern the development, maintenance, operation, and disposition of systems.  In addition, existing change management practices needed improvement.

Finding No. 3:        The Division’s management of FloridaPA System access privileges needed improvement.

Finding No. 4:        Certain Division security controls protecting the FloridaPA System data and IT resources needed improvement.

Finding No. 5:        The Division did not maintain a complete log of user activity in the FloridaPA System.

Finding No. 6:        The Division had not developed FloridaPA System nonapplicant user documentation.

Finding No. 7:         The Division did not timely address processing errors occurring during the data upload process between the National Emergency Management Information System (NEMIS) and the FloridaPA System.

Management's responses are included at the end of this report as Exhibit A.