REPORT DIGEST DEPARTMENT OF STATE POLICE FINANCIAL AND COMPLIANCE AUDIT For the Year Ended: Summary of Findings: Total this audit 3 Release Date:
State of Illinois WILLIAM G. HOLLAND AUDITOR GENERAL To obtain a copy of the Report contact: (217)782-6046 or TDD (217) 524-4646 This Report Digest is also available on |
SYNOPSIS
(Expenditure and Activity Measures are summarized on the next page.) |
DEPARTMENT OF STATE POLICE
FINANCIAL AND COMPLIANCE AUDIT
For The One Year Ended June 30, 2000
| EXPENDITURE STATISTICS | FY 2000 |
FY 1999 |
FY 1998 |
$310,944,359 |
$291,446,024 |
$273,331,066 |
|
OPERATIONS TOTAL % of Total Expenditures |
$307,153,957 98.8% |
$290,351,861 99.6% |
$271,948,181 99.5% |
Personal Services |
$176,619,663 |
$169,370,977 |
$152,217,338 |
Other Payroll Costs (FICA, Retirement) |
|
|
|
Contractual Services |
$17,357,957 |
$16,744,395 |
$13,480,505 |
All Other Operations Items |
$82,195,159 |
$75,052,291 |
$86,089,314 |
GRANTS, REFUNDS, IMPROVEMENTS, TOTAL % of Total Expenditures |
1.2% |
.4% |
.5% |
$218,210,085 |
$204,910,259 |
$195,065,370 |
| SELECTED ACTIVITY MEASURES | FY 2000 |
FY 1999 |
FY 1998 |
2,013 |
1,931 |
1,908 |
|
434,830 |
409,262 |
394,827 |
|
134,700 |
122,781 |
133,611 |
|
26,610 |
26,334 |
25,582 |
|
8,940 |
8,781 |
7,799 |
|
6,550 |
7,471 |
6,396 |
| AGENCY DIRECTOR |
During Audit Period: Mr. Sam Nolen |
|
Outdated disaster contingency plans
Communication Lab inventory controls lacking |
FINDINGS, CONCLUSIONS, AND DISASTER CONTINGENCY PLAN WEAKNESSES The Department did not conduct a comprehensive test of its mainframe, minicomputer, or local area network disaster recovery capabilities, nor perform an annual test of the Enterprise Wide Disaster Recovery Plan. We noted that three mission critical applications were not tested and a comprehensive and concurrent test of each mission critical application was not conducted. In addition, we noted that two of the mission critical applications would take considerably longer than 24 hours to recover. (Finding 5, pages 20-21). This finding has been reworded and repeated since 1986. We recommended the Department ensure the adequacy of its disaster recovery capabilities by performing a comprehensive test of the Enterprise Wide Disaster Recovery Plan. We also recommended the Department perform a concurrent and comprehensive test of all critical applications at the alternate recovery sites. Department officials concurred with our recommendation and stated it will continue to work aggressively to pursue adequate disaster recovery documentation, procedure development, and testing. (For previous Department responses, see Digest Footnote 1.) INADEQUATE CONTROLS OVER INVENTORY The Department did not maintain adequate controls over the Communications Lab inventory. We noted the following:
We recommended the Department strengthen its internal and accounting controls over inventory. We further recommended the Department implement procedures to ensure maintenance of accurate inventory records, supervisory approval before adjustments are made to the system and timely disposition of outdated or obsolete inventory. Department officials concurred with our recommendation and stated access to the stockroom has been restricted, monthly spot checks are being conducted, and it is developing a new data system to provide an audit trail of adjustments. OTHER FINDING The remaining finding was less significant and is being given attention by the Department. We will review its progress toward implementing these recommendations in our next audit. AUDITORS’ OPINION Our auditors state that the Department’s financial statements as of and for the year ended June 30, 2000 are fairly presented in all material respects. ____________________________________ WILLIAM G. HOLLAND, Auditor General WGH:JSC:pp SPECIAL ASSISTANT AUDITORS Our special assistant auditors for this audit were Pandolfi, Topolski, Weiss & Co., LTD. DIGEST FOOTNOTES #1: DISASTER CONTINGENCY PLAN WEAKNESSES - Previous Department Responses 1999: "We concur. The revised plan will be completed June 30, 2000. The process to purchase additional peripheral equipment for the current disaster recovery site to support ISP requirements has begun. Exploratory meetings will be scheduled with DCMS to determine their compatibility as an alternative processing site. Other operations will be considered…." 1998: "…We concur in part with the analysis of the LAN disaster plan. Every LAN application has back-up hardware and software in the event of a disaster. Application staff and Network staff know what needs to be done to recover all of the ISP LAN based applications in the event of a disaster. However, the process for recovery needs to be formalized and committed to policy. ISP will make the necessary changes and additions to the Disaster recover Plan." 1996: "We concur. Due to the pending plan to renovate the Armory, improved fire protection will be included in this effort, contingent upon adequate funding." 1994: "We concur. A written disaster recovery plan is in process. ISP will continue to work toward a more complete Armory fire suppression system as funds allow." 1992: "ISP concurs that an alternate processing site should be established. To this end, ISP and CMS are in the process of implementing the capability for ISP to use CMS facilities in the event of a disaster. This capability will include the ability to switch critical communications lines so that processing of officer safety functions will be protected. ISP anticipates conducting a test of this capability by the beginning of FY 94. The intent of ISP is to address the inadequacies of fire protection in three phases as funding becomes available. The first phase will encompass an Armory-wide fire detection system that will alert the fire department when a fire is detected. The second phase will provide for fire suppression in areas that are unmanned in off-hours. The third phase will provide for fire suppression in critical areas that are manned twenty-four hours per day. The greatest risk to the computer facility is a fire that ignites in the Armory and is not detected until too late. In areas that are manned, the risk is less and staff would be able to call for the fire department in a timely fashion. To minimize total risk, fire detection and suppression is needed in all areas of the Armory to protect critical functions." 1990: "We concur with the findings concerning lack of a backup site and inadequate fire suppression in the Data Center. We will continue to seek funding to correct these deficiencies." 1988: "We concur." 1986: "We concur. A formal recovery plan is under development. A Failure Impact Analysis has been completed and recommendations are being prepared, for the Director’s approval, on priority for restoring all applications. Funds have been requested in FY90 from the Capital Development Board for FY90 to build a primary data center which would then allow the Armory as a backup site. A complete fire protection system has not been installed due to lack of adequate funds. However, some alternative fire suppression efforts have been made. Since 1984, we have utilized very limited funds to expand heat sensors/fire detectors in the data center, which are monitored by the ISP Command Center. We have also obtained fire-retardant trash containers, and plastic covers to prevent water damage to equipment due to burst pipes." |