REPORT DIGEST

ILLINOIS CRIMINAL JUSTICE INFORMATION AUTHORITY


FINANCIAL AND COMPLIANCE AUDIT
(In accordance with the Single Audit Act and OMB Circular A-128)
For the Two Years Ended:
June 30, 1997



Summary of Findings:

Total this audit 2
Total last audit 1
Repeated from last audit 1






Release Date:
March 24, 1998




State of Illinois
Office of the Auditor General

WILLIAM G. HOLLAND
AUDITOR GENERAL

Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703
(217) 782-6046













SYNOPSIS

  • The Authority has not developed a comprehensive disaster contingency plan for its computer systems. This condition has existed since 1987.









{Expenditures and Activity Measures are summarized on the reverse page.}

ILLINOIS CRIMINAL JUSTICE INFORMATION AUTHORITY
FINANCIAL AND COMPLIANCE AUDIT
For The Two Years Ended June 30, 1997

EXPENDITURE STATISTICS

FY 1997

FY 1996

FY 1995

  • Total Expenditures (All Funds)

    OPERATIONS TOTAL
    % of Total Expenditures

    Personal Services
    % of Operations Expenditures
    Average No. of Employees(1)

    Other Payroll Costs (FICA, Retirement)
    % of Operations Expenditures

    Contractual Services
    % of Operations Expenditures

    All Other Operations Items
    % of Operations Expenditures

    GRANTS TOTAL
    % of Total Expenditures


  • Cost of Property and Equipment

 

$36,180,503


$5,185,643
14%

$2,194,337
42%
57

$372,473
7%

$627,768
12%

$1,991,065
39%

$30,994,860
86%


$6,389,398

$31,785,599


$5,319,427
17%

$2,152,670
40%
57

$351,201
7%

$652,960
12%

$2,162,596
41%

$26,466,172
83%


$7,478,604

$35,461,518


$5,108,612
14%

$2,185,079
43%
59

$345,992
7%

$587,410
11%

$1,990,131
39%

$30,352,906
86%


$7,123,403
SELECTED ACTIVITY MEASURES

FY 1997

FY 1996

FY 1995

  • Police Information Management System, Area-Wide Law Enforcement Radio Terminal System, or Automated Law Enforcement Communications System:
    Users
    User fees expended
  • Correctional Institution Management Information System:
    Users
    User fees expended

 





321
$1,510,300


8
$316,800





305
$1,510,300


8
$309,300





295
$1,481,000


8
$309,600
AGENCY DIRECTOR(S)
During Audit Period: Thomas F. Baker (July 1, 1995 - December 6, 1996)
Currently: Candice Kane (Acting)

(1) Excludes contractual employees: '97 - 37; '96 - 30; '95 - 27.

 






Failure to develop a comprehensive disaster contingency plan for its computer systems

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

LACK OF DISASTER CONTINGENCY PLAN

The Authority has approximately $5,500,000 of computer equipment which maintains four critical applications but has not developed a comprehensive disaster contingency plan for these computerized applications.

The Authority has not identified key components, such as a recovery site, procurement of replacement equipment, critical applications and defined personnel assignments in the event of a disaster. Furthermore, the Authority does not have an alternative power source to safeguard against data loss in the event of a power failure. This finding has been repeated since 1987.

One of the Authority's critical system applications is to provide local law enforcement officers the ability to retrieve information relating to the current status of any driver's license or vehicle in the State of Illinois from their patrol cars. The loss of computer capabilities would disrupt these services. (Finding 1, page 25)

Authority officials agreed with our recommendation to develop a comprehensive disaster contingency plan for both the mainframe and LAN and obtain an alternative power source to provide protection against power loss and reduce the potential for loss of data. The Authority stated it will strengthen its current disaster planning and recovery efforts and request additional funding to provide a backup site and alternative power source. (For previous agency responses, see Digest Footnote 1.)

OTHER FINDINGS

The remaining finding is less significant and has been given appropriate attention by Authority management. We will review progress toward implementation of our recommendation during our next audit. Authority responses were provided by Candice Kane, Acting Executive Director.

AUDITORS' OPINION

Our auditors state that the financial statements of the Illinois Criminal Justice Information Authority for the years ended June 30, 1997 and 1996 are presented fairly.

____________________________________
WILLIAM G. HOLLAND, Auditor General

WGH:ROQ:ak

SPECIAL ASSISTANT AUDITORS

Friedman, Eisenstein, Raemer & Schwartz, LLP were our special assistant auditors for this audit.

 

 

DIGEST FOOTNOTES

#1 FAILURE TO DEVELOP A COMPREHENSIVE DISASTER CONTINGENCY PLAN - Previous Agency Responses

1995: "Accepted. This finding has been included in every audit of the Authority since 1987, and funds have likewise been requested to address the issue in every fiscal year since then. However, such funding has not been approved.

The Authority agrees to strengthen its current disaster planning and recovery efforts in every area that does not require expenditure of additional new funds. Furthermore, the Authority will, to the best of its ability, develop contingency plans, personnel assignments and a recovery strategy to be used in the event of a disaster. However, provisions for such items as a backup site and alternative power source cannot be accommodated without the appropriation of sufficient funds to implement a comprehensive disaster plan.

Given the inability to obtain funds for such a large undertaking, and in order to provide an updated assessment of the scope and cost of such a system, the Authority has included a modest request in their fiscal year 1997 budget submission, to cover the cost of hiring an environmental systems design company, who would investigate and document requirements for implementation of a disaster recovery system. This updated knowledge will enable the Authority to once again request sufficient funding (in today's dollars) to address this finding."

1993: "The Authority accepts the recommendation and has developed a written plan addressing this issue. However, without specific funding for installation of an uninterruptable power supply, the plan cannot be implemented or tested.

Funds for implementation of a disaster recovery plan were requested in the Authority's FY95 budget and have been denied by the Administration. This represents the Authority's eighth budget request for funds to implement a disaster recovery plan, all of which have been denied.

During calendar year 1994, the Authority will fully investigate the viability of short-term rental of a generator. We will thus be able to make an informed decision as to whether, in the event of an emergency, resources can be dedicated to this albeit stop-gap measure."

1991: "Accepted. The Authority is presently developing a written disaster recovery plan. This plan will specify the critical systems, responsible individuals and a schedule of events to perform in the event of a partial or total system failure. The timetable for completion of this plan is November, 1992.

In addition, the Authority will investigate the costs for the recommendation of installing an uninterruptable power supply (UPS) and short-term rental of a generator, for use in the event of an emergency.

Funds will continue to be requested, as they have for the past 7 years, in the Authority's FY94 budget submission to implement the written plan."

1989: "The Authority accepts the recommendation and acknowledges the need for a complete disaster recovery plan and system. Funding for a backup power supply has been requested and denied for the past five fiscal years. Funding for such a system was again requested in the FY92 budget submission. The Authority has obtained a disaster recovery planning kit, and the Associate Director, ITU, has received information from vendors on their currently available consulting assistance in developing a disaster recovery plan. Developing and testing such a plan would require additional funding. If funding is made available, the Authority will develop and test a disaster recovery plan."

1987: "The Authority is fully cognizant of the need for a disaster recovery plan (as required by law), and has requested funding for such a system during each of the previous three fiscal years. On each occasion, such funding has been denied. During FY89, preliminary planning will be carried out to examine the areas required in the Authority's Disaster Recovery efforts. Various policies and procedures will be put into place which do not require additional funding.

Funding for an extensive survey will again be requested in FY90 for an experienced consultant who can understand the Authority's network and needs in this area. Such a consulting company could then design a Disaster Recovery plan for the Authority's network of computer systems. If funded, items specified in the plan would be implemented and installed. Disaster Recovery items might include uninterruptable power supplies (UPS), setup of a remote "hot site" with additional equipment and telecommunications equipment to duplicate the Authority's equipment. Copies of the Disaster Recovery plan, programs, and manuals will be stored off-site."