Summary

Pursuant to Section 121.1905, Florida Statutes, the mission of the Department of Management Services (Department), Division of Retirement (Division), is to provide quality and cost-effective retirement services to members participating in the Florida Retirement System (FRS).  The Division also has oversight responsibility for the Firefighter and Municipal Police Pension Plans authorized by Chapters 175 and 185, Florida Statutes, respectively.  The Integrated Retirement Information System (IRIS) is used by the Division to support the functions required to provide retirement services.

Our audit focused on determining the Department’s corrective actions regarding prior audit findings relating to IRIS that were disclosed in our report No. 2008-172.  Our audit included the period December 2008 through February 2009.

The results of our follow-up audit are summarized below:

Finding No. 1:         The Division improved its IT controls for ensuring the completeness of data received for processing in IRIS by implementing the use of control totals to verify the completeness of Department of Financial Services retiree payroll information.

Finding No. 2:        The Division addressed many of the security control issues from the prior audit.  However, improvements were still needed in the areas of logging changes to access privileges and authenticating the identity of file transfer protocol (FTP) server users.

Finding No. 3:        The Division addressed most of the program change control issues from the prior audit.  However, its Software Development Plan still needed updating to accurately reflect the current roles and identity of BearingPoint staff.

Finding No. 4:        The Technology Support Center (TSC) Disaster Recovery Plan needed updating to reflect current staffing and current backup procedures.

Finding No. 5:        Department policy needed updating to reflect current Division operating system security patch procedures.

Management's response is included in the report as Exhibit - A.