Summary
| Report Number: | 2010-011 |
|---|---|
| Report Title: | Agency for Workforce Innovation - Unemployment Insurance Program - Information Technology Operational Audit |
| Report Period: | 07/2008 - 06/2009 and Selected Actions From 07/2007 |
| Release Date: | 09/08/2009 |
The Agency for Workforce Innovation (Agency) is responsible for administering the State's Unemployment Insurance (UI) Program. The Unemployment Compensation (UC) System is the system used by the Agency to determine eligibility and calculate benefit amounts for individuals seeking unemployment compensation. The Southwood Shared Resource Center (SSRC) provides support services for the Agency's computer operations and mainframe applications, including the UC System.
Within the Agency, the Appeals application (Appeals) is used by the Office of Appeals to manage unemployment benefit appeals cases. The Benefit Overpayment Screening System (BOSS) is used by the Benefit Payment Control (BPC) section to manage payments of unemployment benefits to help ensure the integrity of the UI Program.
Our audit focused on evaluating the effectiveness of selected information technology (IT) controls applicable to Appeals and BOSS during the period July 1, 2008, through June 30, 2009. Our audit also focused on determining the status of corrective actions regarding prior audit findings disclosed in audit report No. 2009-070, relating to Agency and SSRC IT controls over the UC System. Additionally, our audit focused on Agency activities related to the issuance of UC appeals decisions and the establishment of UC benefit overpayment determinations and redeterminations during the period July 2007 through January 2009.
The results of our audit are summarized below:
Appeals and BOSS
Finding No. 1: Various access controls relating to Appeals and BOSS needed improvement.
Finding No. 2: Certain Agency security controls were deficient in the areas of telecommuting and protecting confidential and sensitive information. Additionally, certain Agency and SSRC security controls relating to user authentication needed improvement.
Finding No. 3: Editing of input data in Appeals needed improvement to provide increased assurance of the validity of data within the system.
Follow-Up on Prior Audit Findings
Finding No. 4: As also noted in our audit report No. 2009-070, Federal background checks were not performed for some IT contractors.
Finding No. 5: The Agency did not ensure the appropriateness of some UC Claims and Benefits access privileges and did not monitor for unauthorized attempts to access the Highway Safety and Motor Vehicle (HSMV) cross‑match application. These issues were also disclosed in our audit report No. 2009-070.
The Managements' written response to the audit findings is included in the audit report as Exhibit A.