Summary
| Report Number: | 2010-021 |
|---|---|
| Report Title: | Department of Financial Services - Florida Accounting Information Resource Subsystem - Information Technology Operational Audit |
| Report Period: | 07/01/2008 - 06/30/2009 |
| Release Date: | 10/07/2009 |
The Florida Accounting Information Resource (FLAIR) Subsystem is the State of Florida's accounting system. Pursuant to Sections 215.93(1)(b) and 215.94(2), Florida Statutes, FLAIR is a subsystem of the Florida Financial Management Information System and the Department of Financial Services (Department) is the functional owner of FLAIR. FLAIR's functions, as provided in State law, include accounting and reporting so as to provide timely data for producing financial statements for the State in accordance with generally accepted accounting principles and for auditing and settling claims against the State.
Our audit of FLAIR focused on evaluating selected information technology (IT) controls relevant to financial reporting and applicable to the system during the period July 1, 2008, through June 30, 2009. We also determined the status of corrective actions regarding prior audit findings disclosed in our report No. 2009-053.
The results of our audit are summarized below:
Finding No. 1: We noted instances where, as similarly noted in our report No. 2009-053, the Department did not remove the access privileges of former employees in a timely manner.
Finding No. 2: The Department was unable to identify the Payroll Component user associated with a specific user identification (ID), and a Department employee who had transferred to another Department position inappropriately retained job control language access privileges.
Finding No. 3: The Department did not provide initial security awareness training for some employees or ongoing security awareness training for all employees.
Finding No. 4: In addition to the matters discussed in Finding Nos. 1, 2, and 3, certain Department security and application controls needed improvement. Our prior reports on the Department have included some of the same issues.
Finding No. 5: The Department's electronic funds transfer (EFT) authorization process needed improvement.
Management's response is included in the audit report as Exhibit A.