REPORT DIGEST

DEPARTMENT OF CENTRAL MANAGEMENT SERVICES
BUREAU OF COMMUNICATION AND COMPUTER SERVICES

THIRD PARTY REVIEW

For the Year Ended:
June 30, 2003

Release Date:
July 1, 2003

logo.jpg (8630 bytes)

State of Illinois
Office of the Auditor General
WILLIAM G. HOLLAND
AUDITOR GENERAL

To obtain a copy of the
Report contact:
Office of the Auditor General
Attn: Records Manager
Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703

(217) 782-6046 or TDD (217) 524-4646
This Report Digest is also available on
the worldwide web at
http://www.state.il.us/auditor

INTRODUCTION

The Department of Central Management Services’ (Department) Bureau of Communication and Computer Services carries out statutory responsibilities relating to data processing and telecommunication services (20 ILCS 405/10; 20 ILCS 405/20; 20 ILCS 405/250; 20 ILCS 405/255; and 20 ILCS 405/260). To fulfill its responsibilities, the Department operates the Central Computer Facility (CCF), the Communications Center, and branch facilities in Springfield. A Springfield branch facility also serves as the primary backup site should a disaster prevent processing at the CCF. Through its facilities, the Department provides data processing services to approximately 106 user entities.

The CCF functions as a data processing service center, providing computing and telecommunication resources for State agencies’ use. The Department and the agencies that use the Department’s computer resources share the responsibility for maintaining the integrity and security of computerized data and functions.

We reviewed data processing general controls at the Department primarily during the period from January 13 to April 25, 2003. We performed tests to determine compliance with policies and procedures, conducted interviews, performed observations, and identified specific control objectives and procedures we considered necessary to evaluate the controls.

We also reviewed application controls for systems maintained by the Department for State agencies’ use. The systems reviewed were the Central Payroll, Central Inventory, Central Time and Attendance, and Accounting Information Systems.

The Department’s control procedures and the degree of compliance with the procedures were sufficient to provide reasonable, but not absolute, assurance that relevant control objectives were achieved.

To view an online version of the complete report, go to http://www.state.il.us/auditor/special.htm

ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES
BUREAU OF COMMUNICATION AND COMPUTER SERVICES

STATISTICS

2003
Mainframes

4 Units Configured as 15 Production Systems
Services/Workload

82,511 Nodes Statewide (Terminals, Printers, etc.)
78 Million IMS Transactions per Month
1.7 Million Feet of Laser Printing per Month
309,680 Reel/Cartridge Tape Mounts per Month
State Agency Users

106
Bureau Employees

2000 -- 377
2001 -- 380
2002 -- 387
2003 -- 307

Historical Growth Trend*

2000 --
2001 -- 2002 --2003 --

1,445
1,557
2,040
2,700

MIPS

 -- MIPS
-- MIPS
-- MIPS
-- MIPS

-- Million Instructions Per Second

* In the month of April for each year listed

Information provided by the Department

AGENCY DIRECTOR AND BUREAU MANAGER
During Audit Period: Director: Michael Schwartz (7/1/2002 to 9/30/2002), Steven Schnorf
(10/1/2002 to 12/29/2002), Nancy White (1/2/2003 to 1/17/2003), Michael Rumman (1/21/2003)
Bureau Manager: Frank Cavallaro (7/1/2002 to 2/21/2003), Paul Campbell (2/21/2003 to 3/20/2003), Alan Burgard (3/20/2003)
Currently: Director: Michael Rumman -- Bureau Manager: Alan Burgard

 

 

 

 

 

 

 

 

 

State Government Must Be Prepared

 

 

 

 

 

 

 

 

REPORT SUMMARY

Disaster Contingency Planning

In the past several years, the Department has made significant progress in addressing the disaster contingency needs of the State’s Central Computer Facility; however, the plans and operational provisions still need to be enhanced to provide assurance that all of the State’s critical applications and network operations can be recovered within required timeframes. The State is placing great reliance on the Department’s ability to provide data processing and network services in the event of a disaster. As such, comprehensive and thoroughly tested disaster contingency plans are an essential component of recovery efforts.

The Department should continue its efforts to ensure that the necessary components (plans, equipment, and facilities) are available to provide for continuation of critical computer operations in the event of a disaster. In addition, the Department should conduct comprehensive tests of the plans on an annual basis.

The Department concurred with our recommendation and stated the Department will continue to evaluate and enhance its preparations for the business continuity of the critical Information Technology assets for which it is responsible.

AUDITORS' OPINION

Procedures were generally sufficient to provide reasonable, but not absolute, assurance that relevant general and application control objectives were achieved.

____________________________________

WILLIAM G. HOLLAND, Auditor General

WGH:WJS:ap