REPORT DIGEST

DEPARTMENT OF STATE POLICE

FINANCIAL AND COMPLIANCE AUDIT

For the Year Ended:
June 30, 2000

Summary of Findings:

Total this audit 3
Total last audit 11
Repeated from last audit 1

Release Date:
March 29, 2001

 

 

State of Illinois
Office of the Auditor General

WILLIAM G. HOLLAND

AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General
Attn: Records Manager
Iles Park Plaza
740 E. Ash Street
Springfield, IL 62703

(217)782-6046 or TDD (217) 524-4646

This Report Digest is also available on
the worldwide web at
http://www.state.il.us/auditor

 

 

 

 

 

SYNOPSIS

 

 

  • The Department did not conduct a comprehensive test of its mainframe, minicomputer, or local area network disaster recovery capabilities.
  • The Department did not maintain adequate controls over its communication lab inventory.

 

 

 

 

 

 

 

 

(Expenditure and Activity Measures are summarized on the next page.)

 

 

 

DEPARTMENT OF STATE POLICE
FINANCIAL AND COMPLIANCE AUDIT
For The One Year Ended June 30, 2000

EXPENDITURE STATISTICS

FY 2000

FY 1999

FY 1998

Total Expenditures (All Funds)

$310,944,359

$291,446,024

$273,331,066

OPERATIONS TOTAL

% of Total Expenditures

$307,153,957

98.8%

$290,351,861

99.6%

$271,948,181

99.5%

Personal Services
% of Operations Expenditures
Average No. of Employees

$176,619,663
57.5%
3,654

$169,370,977
58.3%
3,539

$152,217,338
55.9%
3,545

Other Payroll Costs (FICA, Retirement)
% of Operations Expenditures


$30,981,178
10.1%


$29,202,451
10.1%


$20,161,024
7.4%

Contractual Services
% of Operations Expenditures

$17,357,957
5.6%

$16,744,395
5.8%

$13,480,505
5.0%

All Other Operations Items
% of Operations Expenditures

$82,195,159
26.8%

$75,052,291
25.8%

$86,089,314
31.7%

GRANTS, REFUNDS, IMPROVEMENTS, TOTAL

% of Total Expenditures


$3,790,402

1.2%


$1,075,910

.4%


$1,382,885

.5%

Cost of Property and Equipment

$218,210,085

$204,910,259

$195,065,370

SELECTED ACTIVITY MEASURES

FY 2000

FY 1999

FY 1998

Sworn Officers

2,013

1,931

1,908

IL Vehicle Code Citations

434,830

409,262

394,827

Motorist Assists

134,700

122,781

133,611

Arrests

26,610

26,334

25,582

Cases Opened

8,940

8,781

7,799

Convictions

6,550

7,471

6,396

AGENCY DIRECTOR

During Audit Period: Mr. Sam Nolen
Currently: Mr. Sam Nolen

 

 

 

 

Outdated disaster contingency plans

 

 

 

 

 

 

 

 

 

 

 

Communication Lab inventory controls lacking

FINDINGS, CONCLUSIONS, AND
RECOMMENDATIONS

DISASTER CONTINGENCY PLAN WEAKNESSES

The Department did not conduct a comprehensive test of its mainframe, minicomputer, or local area network disaster recovery capabilities, nor perform an annual test of the Enterprise Wide Disaster Recovery Plan.

We noted that three mission critical applications were not tested and a comprehensive and concurrent test of each mission critical application was not conducted. In addition, we noted that two of the mission critical applications would take considerably longer than 24 hours to recover. (Finding 5, pages 20-21). This finding has been reworded and repeated since 1986.

We recommended the Department ensure the adequacy of its disaster recovery capabilities by performing a comprehensive test of the Enterprise Wide Disaster Recovery Plan. We also recommended the Department perform a concurrent and comprehensive test of all critical applications at the alternate recovery sites.

Department officials concurred with our recommendation and stated it will continue to work aggressively to pursue adequate disaster recovery documentation, procedure development, and testing. (For previous Department responses, see Digest Footnote 1.)

INADEQUATE CONTROLS OVER INVENTORY

The Department did not maintain adequate controls over the Communications Lab inventory. We noted the following:

  • The physical count did not match the inventory records.
  • Items were not properly recorded or removed from inventory records as necessary.
  • Supervisory approval was not required prior to adjustments being made.
  • An audit trail of revisions of inventory records does not exist.
  • Obsolete inventory was not disposed of timely.
  • A proper segregation of duties does not exist between the custody and record keeping of inventory.

We recommended the Department strengthen its internal and accounting controls over inventory. We further recommended the Department implement procedures to ensure maintenance of accurate inventory records, supervisory approval before adjustments are made to the system and timely disposition of outdated or obsolete inventory.

Department officials concurred with our recommendation and stated access to the stockroom has been restricted, monthly spot checks are being conducted, and it is developing a new data system to provide an audit trail of adjustments.

OTHER FINDING

The remaining finding was less significant and is being given attention by the Department. We will review its progress toward implementing these recommendations in our next audit.

AUDITORS’ OPINION

Our auditors state that the Department’s financial statements as of and for the year ended June 30, 2000 are fairly presented in all material respects.

____________________________________

WILLIAM G. HOLLAND, Auditor General

WGH:JSC:pp

SPECIAL ASSISTANT AUDITORS

Our special assistant auditors for this audit were Pandolfi, Topolski, Weiss & Co., LTD.

DIGEST FOOTNOTES

#1: DISASTER CONTINGENCY PLAN WEAKNESSES - Previous Department Responses

1999: "We concur. The revised plan will be completed June 30, 2000. The process to purchase additional peripheral equipment for the current disaster recovery site to support ISP requirements has begun. Exploratory meetings will be scheduled with DCMS to determine their compatibility as an alternative processing site. Other operations will be considered…."

1998: "…We concur in part with the analysis of the LAN disaster plan. Every LAN application has back-up hardware and software in the event of a disaster. Application staff and Network staff know what needs to be done to recover all of the ISP LAN based applications in the event of a disaster. However, the process for recovery needs to be formalized and committed to policy. ISP will make the necessary changes and additions to the Disaster recover Plan."

1996: "We concur. Due to the pending plan to renovate the Armory, improved fire protection will be included in this effort, contingent upon adequate funding."

1994: "We concur. A written disaster recovery plan is in process. ISP will continue to work toward a more complete Armory fire suppression system as funds allow."

1992: "ISP concurs that an alternate processing site should be established. To this end, ISP and CMS are in the process of implementing the capability for ISP to use CMS facilities in the event of a disaster. This capability will include the ability to switch critical communications lines so that processing of officer safety functions will be protected. ISP anticipates conducting a test of this capability by the beginning of FY 94.

The intent of ISP is to address the inadequacies of fire protection in three phases as funding becomes available. The first phase will encompass an Armory-wide fire detection system that will alert the fire department when a fire is detected. The second phase will provide for fire suppression in areas that are unmanned in off-hours. The third phase will provide for fire suppression in critical areas that are manned twenty-four hours per day. The greatest risk to the computer facility is a fire that ignites in the Armory and is not detected until too late. In areas that are manned, the risk is less and staff would be able to call for the fire department in a timely fashion. To minimize total risk, fire detection and suppression is needed in all areas of the Armory to protect critical functions."

1990: "We concur with the findings concerning lack of a backup site and inadequate fire suppression in the Data Center. We will continue to seek funding to correct these deficiencies."

1988: "We concur."

1986: "We concur. A formal recovery plan is under development. A Failure Impact Analysis has been completed and recommendations are being prepared, for the Director’s approval, on priority for restoring all applications. Funds have been requested in FY90 from the Capital Development Board for FY90 to build a primary data center which would then allow the Armory as a backup site.

A complete fire protection system has not been installed due to lack of adequate funds. However, some alternative fire suppression efforts have been made. Since 1984, we have utilized very limited funds to expand heat sensors/fire detectors in the data center, which are monitored by the ISP Command Center. We have also obtained fire-retardant trash containers, and plastic covers to prevent water damage to equipment due to burst pipes."