Table Of Content

s 352.44 L72REDP 1998 Legislative Audit Division StateofMontana ReporttotheLegislature June1998 EDP Follow-up Audit Report CGLUCTiO ^ATEDOCUMENTSW MOV MONTANA5**» HeJnA, Department of Revenue Thisreportprovidesthestatusofpriorrecommendationsfromanelectronic dataprocessingaudit(97DP-04)attheDepartmentofRevenue. Ofthe16 initialrecommendations,12areimplementedand4arenotimplemented. Thepriorrecommendationsnotfullyimplementedaddress: * Periodicreviewofprocessingeditadjustments. Operatingsystemsecurityprocedures. Electronicaccesscontrols. - Internalsecurityevaluations. Directcomments/inquiriesto: LegislativeAuditDivision Room135,StateCapitol POBox201705 98DP-08 HelenaMT59620-1705 MONTANASTATELIBRARY 3 0864 0014 1407 EDPAUDITS ElectronicDataProcessing(EDP)auditsconductedbytheLegislativeAuditDivisionare designedtoassesscontrolsinanEDPenvironment. EDPcontrolsprovideassuranceoverthe accuracy,reliability,andintegrityoftheinformationprocessed. Fromtheauditwork,a determinationismadeastowhethercontrolsexistandareoperatingasdesigned. Inperforming theauditwork,theauditstaffusesauditstandardssetforthbytheUnitedStatesGeneral AccountingOffice. MembersoftheEDPauditstaffholddegreesindisciplinesappropriatetotheauditprocess. Areasofexpertiseincludebusinessandpublicadministration. EDPauditsareperformedasstand-aloneauditsofEDPcontrolsorinconjunctionwith financial-complianceand/orperformanceauditsconductedbytheoffice. Theseauditsaredone undertheoversightoftheLegislativeAuditCommitteewhichisabicameralandbipartisan standingcommitteeoftheMontanaLegislature. Thecommitteeconsistsofsixmembersofthe SenateandsixmembersoftheHouseofRepresentatives. MEMBERSOFTHELEGISLATIVEAUDITCOMMITTEE LEGISLATIVE AUDIT DIVISION ScottA.Seacat,LegislativeAuditor /Sp ^_r\ DeputyLegislativeAuditors: JohnW.Northey,LegalCounsel |-Q%^5l ''mPe"egr'n*<PerformanceAudit ToriHunthausen,IT&OperationsManager r|P£pi^f§E-7 JamesGillett,Financial-ComplianceAudit June 1998 TheLegislativeAuditCommittee oftheMontanaStateLegislature: Thisisafollow-upreportofourEDPaudit(97DP-04)ofgeneralandapplication controlsattheDepartmentofRevenue. Theoriginalreportincludedrecommendations applicabletotheComputerAssistedMassAppraisalSystem(CAMAS),Revenue ControlSystem(RCS),IndividualIncomeTaxSystem(IIT),andDelinquentAccounts ReceivableSystem(DAR). Thisreportdiscussesthepriorrecommendationsnotyet fullyimplementedbythedepartment. WethanktheDepartmentofRevenuefortheircooperationandassistancethroughout thereview. Respectfullysubmittga\ ' ScottA.Seacat LegislativeAuditor Room135,StateCapitolBuildingPOBox201705 Helena,MT59620-1705 Phone(406)444-3122 FAX(406)444-9784 [email protected] TableofContents ListofTables ii ListofAppointedandAdministrativeOfficials iii ChapterI-Introduction Introduction 1 BackgroundonOriginalAudit 1 Follow-upScope 1 ChapterII-Recommenda- RecommendationStatus 3 tionStatus IncomeTaxReturnAdjustmentsShouldbeSupported 3 RestrictAccessPerJobDuties 4 DocumenttheAccessProvided 4 DisasterRecoveryPlansShouldbeCompleted 5 InternalEvaluationofSecurity 6 AgencyResponse DepartmentofRevenue 9 Page i ListofTables Table 1 ImplementationStatusofRecommendations 2 Pageii AppointedandAdministrativeOfficials DepartmentofRevenue MaryBryson,Director MikeBoyer,InformationTechnologyAdministrator JeffMiller,PolicyandPerformanceManagementManager JudyPaynter,TaxPolicyandResearchManager Pageiii Chapter I - Introduction Introduction Weperformedafollow-upreviewoftheelectronicdataprocessing audit(97DP-04)oftheDepartmentofRevenue. Theoriginalreport, issuedinDecemberof1996,contained 16recommendationsfor improvingexistingcontrolswithinthedepartment'selectronicdata processingenvironment. Thisreportoutlinesthestatusoftheprior recommendationspartiallyornotimplemented. BackgroundonOriginal Theoriginalauditreviewedgeneralcontrolsoverthedepartment's Audit AS/400computerwhichprocessespropertytaxdataforthe ComputerAssistedMassAppraisalSystem(CAMAS). Theaudit alsoevaluatedapplicationcontrolsovertheIndividualIncomeTax (IIT)system,theDelinquentAccountsReceivable(DAR)system, andCAMAS. ExceptforCAMAS,thesystemsnotedaboveprocess dataontheDepartmentofAdministration'scentralmainframe computer. Follow-upScope Theobjectiveofourfollow-upauditwastodeterminetheimple- mentationstatusoftheoriginalauditrecommendations. We intervieweddepartmentpersonnelandreviewedsupporting documentation. Listedbelowarepriorrecommendationsthe departmenthasimplementedsincetheoriginalaudit. EstablishprocedurestoensureIITaddresschangesdonotover- writeexistingDARaddressdata. DocumentIITsystemeditsformanagementandpersonnel review. DocumentandcommunicatedepartmentpolicyforadjustingIIT systemprocessingtoleranceerrors. Implementcost-effectivephysicalsecuritycontrolswithinthe computerfacility. Securebackupinformationinanoff-sitelocationawayfromthe computerfacility. EvaluateanddocumentAS/400operatingsysteminstallation parameters. DevelopsecurityproceduresovertheAS/400operatingsystem asrequiredbydepartmentpolicy. ImplementprocedurestorequireuserstochangetheirCAMAS systempasswords. ReviewemployeeaccessprivilegestoCAMASonascheduled basisandrestrictemployeeaccessinaccordancewithjobduties. Page Chapter I -Introduction Annuallyreviewemployee-ownedproperties,andproperties ownedbytheirfamilymembers,toensurecompliancewith departmentpolicy,whichprohibitsemployeesfrommaking systemchangestothosepropertiesinCAMAS. Establishprocedurestoensureinternalauditrecommendations forCAMASareimplemented. Overallauditresultsareoutlinedbelow. Table1 ImplementationStatusofRecommendations Implemented NotImplemented TotalRecommendations Page2

ebook img

Department of Revenue : EDP follow-up audit report PDF

22 Pages·1998·0.4 MB·English
by  Montana. Legislature. Legislative Audit Division
#americana #MontanaStateLibrary
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Department of Revenue : EDP follow-up audit report

s 352.44 L72REDP 1998 Legislative Audit Division StateofMontana ReporttotheLegislature June1998 EDP Follow-up Audit Report CGLUCTiO ^ATEDOCUMENTSW MOV MONTANA5**» HeJnA, Department of Revenue Thisreportprovidesthestatusofpriorrecommendationsfromanelectronic dataprocessingaudit(97DP-04)attheDepartmentofRevenue. Ofthe16 initialrecommendations,12areimplementedand4arenotimplemented. Thepriorrecommendationsnotfullyimplementedaddress: * Periodicreviewofprocessingeditadjustments. Operatingsystemsecurityprocedures. Electronicaccesscontrols. - Internalsecurityevaluations. Directcomments/inquiriesto: LegislativeAuditDivision Room135,StateCapitol POBox201705 98DP-08 HelenaMT59620-1705 MONTANASTATELIBRARY 3 0864 0014 1407 EDPAUDITS ElectronicDataProcessing(EDP)auditsconductedbytheLegislativeAuditDivisionare designedtoassesscontrolsinanEDPenvironment. EDPcontrolsprovideassuranceoverthe accuracy,reliability,andintegrityoftheinformationprocessed. Fromtheauditwork,a determinationismadeastowhethercontrolsexistandareoperatingasdesigned. Inperforming theauditwork,theauditstaffusesauditstandardssetforthbytheUnitedStatesGeneral AccountingOffice. MembersoftheEDPauditstaffholddegreesindisciplinesappropriatetotheauditprocess. Areasofexpertiseincludebusinessandpublicadministration. EDPauditsareperformedasstand-aloneauditsofEDPcontrolsorinconjunctionwith financial-complianceand/orperformanceauditsconductedbytheoffice. Theseauditsaredone undertheoversightoftheLegislativeAuditCommitteewhichisabicameralandbipartisan standingcommitteeoftheMontanaLegislature. Thecommitteeconsistsofsixmembersofthe SenateandsixmembersoftheHouseofRepresentatives. MEMBERSOFTHELEGISLATIVEAUDITCOMMITTEE LEGISLATIVE AUDIT DIVISION ScottA.Seacat,LegislativeAuditor /Sp ^_r\ DeputyLegislativeAuditors: JohnW.Northey,LegalCounsel |-Q%^5l ''mPe"egr'n*<PerformanceAudit ToriHunthausen,IT&OperationsManager r|P£pi^f§E-7 JamesGillett,Financial-ComplianceAudit June 1998 TheLegislativeAuditCommittee oftheMontanaStateLegislature: Thisisafollow-upreportofourEDPaudit(97DP-04)ofgeneralandapplication controlsattheDepartmentofRevenue. Theoriginalreportincludedrecommendations applicabletotheComputerAssistedMassAppraisalSystem(CAMAS),Revenue ControlSystem(RCS),IndividualIncomeTaxSystem(IIT),andDelinquentAccounts ReceivableSystem(DAR). Thisreportdiscussesthepriorrecommendationsnotyet fullyimplementedbythedepartment. WethanktheDepartmentofRevenuefortheircooperationandassistancethroughout thereview. Respectfullysubmittga\ ' ScottA.Seacat LegislativeAuditor Room135,StateCapitolBuildingPOBox201705 Helena,MT59620-1705 Phone(406)444-3122 FAX(406)444-9784 [email protected] TableofContents ListofTables ii ListofAppointedandAdministrativeOfficials iii ChapterI-Introduction Introduction 1 BackgroundonOriginalAudit 1 Follow-upScope 1 ChapterII-Recommenda- RecommendationStatus 3 tionStatus IncomeTaxReturnAdjustmentsShouldbeSupported 3 RestrictAccessPerJobDuties 4 DocumenttheAccessProvided 4 DisasterRecoveryPlansShouldbeCompleted 5 InternalEvaluationofSecurity 6 AgencyResponse DepartmentofRevenue 9 Page i ListofTables Table 1 ImplementationStatusofRecommendations 2 Pageii AppointedandAdministrativeOfficials DepartmentofRevenue MaryBryson,Director MikeBoyer,InformationTechnologyAdministrator JeffMiller,PolicyandPerformanceManagementManager JudyPaynter,TaxPolicyandResearchManager Pageiii Chapter I - Introduction Introduction Weperformedafollow-upreviewoftheelectronicdataprocessing audit(97DP-04)oftheDepartmentofRevenue. Theoriginalreport, issuedinDecemberof1996,contained 16recommendationsfor improvingexistingcontrolswithinthedepartment'selectronicdata processingenvironment. Thisreportoutlinesthestatusoftheprior recommendationspartiallyornotimplemented. BackgroundonOriginal Theoriginalauditreviewedgeneralcontrolsoverthedepartment's Audit AS/400computerwhichprocessespropertytaxdataforthe ComputerAssistedMassAppraisalSystem(CAMAS). Theaudit alsoevaluatedapplicationcontrolsovertheIndividualIncomeTax (IIT)system,theDelinquentAccountsReceivable(DAR)system, andCAMAS. ExceptforCAMAS,thesystemsnotedaboveprocess dataontheDepartmentofAdministration'scentralmainframe computer. Follow-upScope Theobjectiveofourfollow-upauditwastodeterminetheimple- mentationstatusoftheoriginalauditrecommendations. We intervieweddepartmentpersonnelandreviewedsupporting documentation. Listedbelowarepriorrecommendationsthe departmenthasimplementedsincetheoriginalaudit. EstablishprocedurestoensureIITaddresschangesdonotover- writeexistingDARaddressdata. DocumentIITsystemeditsformanagementandpersonnel review. DocumentandcommunicatedepartmentpolicyforadjustingIIT systemprocessingtoleranceerrors. Implementcost-effectivephysicalsecuritycontrolswithinthe computerfacility. Securebackupinformationinanoff-sitelocationawayfromthe computerfacility. EvaluateanddocumentAS/400operatingsysteminstallation parameters. DevelopsecurityproceduresovertheAS/400operatingsystem asrequiredbydepartmentpolicy. ImplementprocedurestorequireuserstochangetheirCAMAS systempasswords. ReviewemployeeaccessprivilegestoCAMASonascheduled basisandrestrictemployeeaccessinaccordancewithjobduties. Page Chapter I -Introduction Annuallyreviewemployee-ownedproperties,andproperties ownedbytheirfamilymembers,toensurecompliancewith departmentpolicy,whichprohibitsemployeesfrommaking systemchangestothosepropertiesinCAMAS. Establishprocedurestoensureinternalauditrecommendations forCAMASareimplemented. Overallauditresultsareoutlinedbelow. Table1 ImplementationStatusofRecommendations Implemented NotImplemented TotalRecommendations Page2

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users