ICT Audit Report
Internal Audit Report ICT Department Audit January 1, 2007 through December 31, 2008 Issue Date: April 6, 2010 Report No. 2010-06 Internal Audit Report ICT Department Audit Audit Period: January 1, 2007 December 31, 2008 Audit Period: July 1, 2005 June 30, 2008 Table of Contents Internal Auditor's Report ...................................................................................................... 3 Executive Summary ............................................................................................................ 4 Background ......................................................................................................................... 5 Audit Objectives .................................................................................................................. 6 Audit Scope ......................................................................................................................... 6 Audit Approach .................................................................................................................... 7 Conclusion ........................................................................................................................... 7 2 Internal Audit Report ICT Department Audit Audit Period: January 1, 2007 December 31, 2008 Audit Period: July 1, 2005 June 30, 2008 Internal Auditor's Report We have completed an audit of the Information and Communication Technology's (ICT) Department. Based on our risk assessment and review of audits conducted by other outside auditors, our worked focused primarily on the Business Services and Service and Delivery work groups of the ICT Department. The main objective of the audit was to assess and determine whether management has established adequate and effective controls to reasonably ensure that: 1. Port information technology equipment is properly procured and accounted for. 2. Port information technology surplus equipment is properly disposed in accordance with Port policies and directives. We reviewed information relating to fiscal years 2007-2008. Management has the primary responsibility to establish and implement effective controls. Our audit objective was to assess and test those controls in order to establish whether the controls were adequate and operating effectively. We conducted the audit using due professional care. We planned and performed the audit to obtain reasonable assurance that department controls are adequate and operating as intended. We found no significant issues during the review; however, we identified opportunities to strengthen existing controls over accountability and disposition of Port information technology equipment. That information has been communicated to management in a separate letter. We extend our appreciation to the ICT Department for their assistance and cooperation during the audit. Joyce Kirangi, CPA Director, Internal Audit 3 Internal Audit Report ICT Department Audit Audit Period: January 1, 2007 December 31, 2008 Audit Period: July 1, 2005 June 30, 2008 Executive Summary Audit Scope and Objective The purpose of the audit was to review Information and Communication Technology's (ICT) Department. Based on our risk assessment and review of audits conducted by other outside auditors, our audit focused primarily on the Business Services and Service and Delivery work groups of the ICT Department. For these work groups, we determined that the area with the most significant risk was accountability of the ICT equipment. The main objective of the audit was to assess whether management has established adequate controls to ensure: 1. Port information technology equipment is properly procured and accounted for. 2. Port information technology surplus equipment is properly disposed in accordance with Port policies and directives. We reviewed information relating to fiscal years 2007-2008. Background The mission of the ICT Business Services and Service Delivery work unit groups is to support the business functions, solve business problems, improve Port security and promote Port transparency. Both of these work unit groups were staffed with approximately 50 full time equivalents (FTEs), and had actual operating expenses of approximately $6 million annually during the audit period. Actual operating expenses included approximately $500,000 annually in capital charges during the audit period. These work units do not generate any income, but incur a variety of expenses in delivering and maintaining the Port's IT infrastructure. Audit Result Summary We found no significant issues during the review; however, we identified opportunities to strengthen existing controls over accountability and disposition of Port information technology equipment. That information was communicated to management in a separate letter. 4 Internal Audit Report ICT Department Audit Audit Period: January 1, 2007 December 31, 2008 Audit Period: July 1, 2005 June 30, 2008 Background The mission of the Information and Communication Technology (ICT) Business Services and Service Delivery is to support the business functions, solve business problems, improve Port security, and promote Port transparency. ICT Business Services includes the following work units: The Business Analysis Team -- researches new technologies and business process, drafts business plans for technology projects and documents project processes. The Project Management unit -- administers technology projects such as Computer Aided Dispatch and Parking Garage Floor Count. The Financial Services unit -- provides asset planning for technology projects, project detail reports, and monthly labor distribution reports as well as asset management, and procurement of information technology hardware. Contract Management -- oversees information technology contracts and vendors. The Administration unit -- procures cell phones and software, processes invoices, processes travel requests and includes the support staff. ICT Service Delivery includes: The Desk Services unit -- provides help desk support by troubleshooting information technology issues over the phone. Client Services -- provides computer and desktop support such as installing software and set up of computers as part of the ICT Service Delivery service. The ICT Business Services and ICT Service Delivery work groups do not generate any income. A listing of significant expenses for 2007 and 2008 were as follows: Accounts 2007 2008 Salaries & Benefits* 5,128,627 5,702,356 Equipment Expense*** 1,296,639 819,747 Supplies & Stock 33,485 33,082 Outside Services** 4,075,925 3,851,109 Travel & Other Employee 94,862 97,769 Telecommunications 382,911 297,523 Source: PeopleSoft 5 Internal Audit Report ICT Department Audit Audit Period: January 1, 2007 December 31, 2008 *There were approximately 50 full time equivalents (FTEs) for both ICT Business Services and ICT Service Delivery during the auditAudit Period: July 1, 2005 June 30, 2008 period. Payroll for both work units consisted of mainly exempt employees, and less than half percent (1/2%) of total payroll was attributed to overtime. **Both work groups use outside services to supplement the support of various systems, projects, and services they have to deliver to the Port. Outside service is procured through the use of Master Professional Service (MPS) agreements which are competitively selected and used by ICT for a couple of years. ***Computer and telephone acquisitions comprised approximately 97% of the ICT Business Services and ICT Service Delivery equipment expense account. ICT also procures IT equipment (computers, monitors, and individual components) on behalf of other Port departments and those costs are accounted for in each respective department budget. Based on our analysis, Port-wide disbursement to IT vendors was approximately $4 million annually. These figures reflect the extent of ICT involvement (i.e., accountability). In procuring IT equipment on behalf of other departments, ICT retains physical custody of the equipment in terms of receiving, storage, and surplus of equipment no longer in use. Equipment expense decreased in 2008 when compared to 2007 because ICT suspended the purchases of computers for the ICT's computer replacement program. The computer replacement program will resume in the 2010 budget. The ICT Department maintains a roster or inventory of Port equipment that needs ICT technical support and the equipment is tracked in a system commonly referred to as DK. Per Port policy, each Port department is responsible for maintaining a comprehensive inventory of its equipment Audit Objectives The purpose of the audit was to review ICT's Business Services and Service Delivery work groups. Based on our risk assessment and analysis of these ICT work groups, we determined that the area of most significant risk was accountability of the ICT equipment. The main objective of the audit was to assess and determine whether management has established adequate and effective controls to ensure that: 1. Port information technology equipment is properly procured and accounted for. 2. Port information technology surplus equipment is properly disposed in accordance with Port policies and directives. Audit Scope The scope of the audit covered the period of January 1, 2007 through December 31, 2008. 6 Internal Audit Report ICT Department Audit Audit Period: January 1, 2007 December 31, 2008 Audit Approach Audit Period: July 1, 2005 June 30, 2008 To achieve the audit objective, we performed the following procedures: Obtained an understanding of the department operations. Reviewed department controls related to the audit area. Obtained and analyzed relevant financial and non-financial data. Performed audit procedures to achieve the audit objective. Conclusion We found no significant issues during the review; however, we identified opportunities to strengthen existing controls over accountability and disposition of Port information technology equipment. That information was communicated to management in a separate letter. 7
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.