REPORT DIGEST

DEPARTMENT OF CENTRAL MANAGEMENT SERVICES BUREAU OF COMMUNICATION AND COMPUTER SERVICES

 

THIRD PARTY REVIEW

For the Year Ended:
June 30, 2000

Release Date:
July 6, 2000

Logo.gif (1870 bytes)

State of Illinois
Office of the Auditor General

WILLIAM G. HOLLAND
AUDITOR GENERAL

To obtain a copy of the
Report contact:
Office of the Auditor General
Attn: Records Manager
Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703

(217) 782-6046 or TDD (217) 524-4646

This Report Digest is also available on
the worldwide web at
http://www.state.il.us/auditor

INTRODUCTION

The Department of Central Management Services’ (Department) Bureau of Communication and Computer Services carries out statutory responsibilities relating to data processing and telecommunication services (20 ILCS 405/35.3; 20 ILCS 405/35.7; 20 ILCS 405/35.7a; 20 ILCS 405/35.7c; and 20 ILCS 405/35.8). To fulfill its responsibilities, the Department operates the Central Computer Facility (CCF), the Communications Center, and its branch facility. The branch facility also serves as the primary backup site should a disaster prevent processing at the Central Computer Facility. Through its facilities, the Department provides data processing services to approximately 104 user entities.

The CCF functions as a data processing service center, providing computing and telecommunication resources for State agencies’ use. The Department and the agencies that use the Department’s computer resources share the responsibility for maintaining the integrity and security of computerized data and functions.

We reviewed data processing general controls at the Department primarily during the period from January 20 to April 14, 2000. We performed tests to determine compliance with policies and procedures, conducted interviews, performed observations, and identified specific control objectives and procedures we considered necessary to evaluate the controls.

We also reviewed application controls for systems maintained by the Department for State agencies’ use. The systems reviewed were the Central Payroll, Central Inventory, Central Time and Attendance, and Accounting Information Systems.

The Department’s control procedures and the degree of compliance with the procedures were sufficient to provide reasonable, but not absolute, assurance that relevant control objectives were achieved.

To view an online version of the complete report, go to http://www.state.il.us/auditor/special.htm

 

ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES

BUREAU OF COMMUNICATION AND COMPUTER SERVICES

 

STATISTICS

2000
Mainframes

4 Units Configured as 21 Systems
Services/Workload

82,511 Nodes Statewide (Terminals, Printers, etc.)
68.3 Million IMS Transactions per Month
3 Million Feet of Laser Printing per Month
230,000 Reel/Cartridge Tape Mounts per Month
State Agency Users

104
CCF Employees

1997 -- 126
1998 -- 125
1999 -- 131
2000 -- 136 (includes 8 vacancies)
Historical Growth Trend*

1975 --
1980 --
1990 --
1995 --
1996 --
1997 --
1998 --
1999 --
2000 --

400
1,700
14,143
34,977
44,201
47,618
75,900
96,393
133,752

 -- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
-- Base CPU Hours Billed
 

* In the month of January for each year listed

Information provided by the Department

 

AGENCY DIRECTOR AND BUREAU MANAGER
During Audit Period: Director: Michael Schwartz -- Bureau Manager: Frank Cavallaro
Currently: Director: Michael Schwartz -- Bureau Manager: Frank Cavallaro

 

 

 

 

 

 

 

 

Billing System Issues

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Procedures Not Always Observed

 

 

 

 

 

 

 

State Government Must Be Prepared

 

 

 

 

 

 

 

 

 

REPORT SUMMARY

Billing System

The Department is statutorily authorized to provide data processing services for State agencies. The Department, State agencies, and users of the Central Computer Facility share the costs of those services. Funding for the Central Computer Facility (CCF) is provided through the Statistical Services Revolving Fund (SSRF) and the Communications Revolving Fund (CRF).

The Department reported that from July 1, 1999, through February 29, 2000, $55 million and $69 million were billed from the SSRF and CRF respectively.

Overall, we found the billing process to be extremely complex and manually intensive with an over-reliance on key staff members. Some of the specific issues we identified included:

    • Of the 34 sources of monthly billing data for the SSRF, 23 are provided to billing staff in hardcopy form and manually entered into billing systems. Manual processes are needed for 15 percent ($8.3 million of the total $55 million) of the gross monthly billings.
    • We noted incorrect amounts recorded in the credit log and no documentation of an independent review of the credit log.
    • Two months’ billing for one of the four components of the Network Services were delayed for several months and estimated, due to a loss of data.
    • One agency’s monthly billing was understated by $160,908, due to a manual data entry error, and corrected on a subsequent billing.
    • The approved rate for payroll services was not increased in the Central Payroll System, resulting in an approximate loss of revenue of $14,000.

We recommend the Department institute measures to strengthen controls in the billing process to ensure its accuracy by reducing manual intervention and its reliance on key staff members.

Change Control

Although the Department has procedures for controlling changes to software, we found that the process was manually intensive and not always observed. The procedures contain guidelines for approving changes, based on the priority category of the change, and require signatures at different points in the process. However, we identified numerous instances of noncompliance with the procedures and concluded that the current procedures do not agree with the change control practices.

The Department issued a request for proposal for fully automating the change control procedures on October 13, 1999. The Department should accelerate the selection and implementation of a comprehensive change management system.

Disaster Contingency Planning

Although the Department has made progress in addressing the disaster contingency needs of the State’s Central Computer Facility, the plans and operational provisions still need to be enhanced to provide assurance that all of the State’s critical applications and network operations can be recovered within required timeframes. The State is placing great reliance on the Department’s ability to provide data processing and network services in the event of a disaster. As such, a comprehensive and thoroughly tested disaster contingency plan and sufficient backup facilities are essential components of recovery efforts.

The Department should continue its efforts to ensure that the necessary components are available to provide for continuation of critical computer operations in the event of a disaster. In addition, the Department should continue to conduct comprehensive tests of the disaster recovery plan on an annual basis.

The Department concurred with our recommendations.

AUDITORS' OPINION

Procedures were generally sufficient to provide reasonable, but not absolute, assurance that relevant general and application control objectives were achieved.

                                        

                          WILLIAM G. HOLLAND, Auditor General

WGH:WJS:ap