Audit Report

Baltimore City Community College

January 2002

• This report and any related follow-up correspondence are available to the public. Alternate

formats may also be requested by contacting the Office of Legislative Audits as indicated at the bottom of the next page or through the Maryland Relay Service at 1-800-735-2258.

• Please address specific inquiries regarding this report to the Audit Manager listed on the inside back cover by telephone at (410) 946-5900.

• Electronic copies of our audit reports can be viewed or downloaded from the Internet via http://www.ola.state.md.us.

• The Department of Legislative Services – Office of the Executive Director, 90 State Circle, Annapolis, Maryland 21401 can also assist you in obtaining copies of our reports and related correspondence.

January 31, 2002 Senator Nathaniel J. McFadden, Co-Chair, Joint Audit Committee Delegate Samuel I. Rosenberg, Co-Chair, Joint Audit Committee Members of the Joint Audit Committee Annapolis, Maryland Ladies and Gentlemen: We have audited the Baltimore City Community College for the period beginning July 1, 1998 and ending June 30, 2001. Our audit disclosed that the College had not established sufficient computer security controls. For example, the College had not properly restricted access to student grade files. Additionally, the College did not properly verify that all recorded collections were deposited. Procedural and internal control deficiencies also existed in a number of other critical areas, such as financial aid and student accounts receivable.

Respectfully submitted,

Bruce A. Myers, CPA Legislative Auditor

2

(This Page Intentionally Left Blank)

3

Table of Contents Executive Summary 5 Background Information 7

Agency Responsibilities 7 Audits of the College’s General Purpose Financial Statements 7 Current Status of Findings from Preceding Audit Report 7

Findings and Recommendations 9 Cash Receipts

* Finding #1 – Collections Were Not Properly Verified to Deposit 9 or Deposited Timely

Finding #2 – Certain College Income Was Improperly Deposited With 10 The Affiliated Foundation Instead of in the State Treasury as Required by Law

Computer Security

Finding #3 – Monitoring of Access to Critical Computer Resources and 10 Recovery Plans Need Improvement

* Finding #4 – Proper Controls Were Not Established Over Student 11 Grade Files

Student Financial Aid

Finding #5 – Controls Over Financial Aid Awards Were Not Adequate 12 Grants and Contracts

Finding #6 – Delinquent Accounts Receivable Were Not Forwarded to the 12 Central Collection Unit

Student Accounts Receivable

Finding #7 – Controls Over the Processing of Non-Cash Credit 13 Adjustments Were Not Sufficient

Equipment

Finding #8 – Proper Controls Were Not Established Over the College’s 13 Capital Equipment

Audit Scope, Objectives and Methodology 15 Agency Response Appendix

* Denotes item repeated in full or part from preceding audit.

4

(This Page Intentionally Left Blank)

5

Executive Summary

Legislative Audit Report on Baltimore City Community College January 2002

• Cash receipts were not properly verified to deposit or deposited timely.

The College should verify that all recorded collections are promptly deposited.

• College income totaling $26,000 was improperly deposited with the

College’s affiliated foundation instead of being deposited in the State Treasury.

The College should deposit all income in the State Treasury as required by law. The College should recover these funds from the foundation.

• Control over access to and support of critical computer resources needs

improvement. For example, network administrators did not regularly review network firewall logs and any reviews conducted were not documented. Further, the firewall software was not current.

The College should improve security over network resources by performing regular documented reviews of its firewall logs, ensure that the firewall software is the current version, and implement other recommendations.

• The College has not established adequate security over computerized

student grades.

The College should restrict the ability to update student grades to employees whose job responsibilities require such access and ensure that such access is adequately monitored. In addition, the College should ensure that recorded student grades and transcript entries are independently verified to related, authorized input documents.

• Financial aid awards, which totaled approximately $11.2 million in fiscal

year 2001, were not subject to an adequate review and approval.

The College should ensure that financial aid awards are adequately approved and verified to related supporting documentation.

6

• The College did not forward delinquent grant and contract accounts receivable to the Department of Budget and Management’s Central Collection Unit, as required.

The College should comply with the Central Collection Unit’s regulations for handling delinquent receivables.

• Sufficient controls were not established over student accounts receivable

and equipment.

The College should take the recommended corrective actions to improve controls in these areas.

7

Background Information Agency Responsibilities The Baltimore City Community College (hereinafter referred to as the College) is an urban two-year institution and operates under the jurisdiction of the Board of Trustees of the College. The College primarily offers associate of arts and certificate programs in the business and health services fields as well as general studies for the purpose of continuing education at a four-year institution. The College’s spring 2001 full-time equivalent enrollment totaled 1,671. Audits of the College’s General Purpose Financial Statements An independent accounting firm was engaged by the College for the purpose of expressing an opinion on the College’s general purpose financial statements for each of the fiscal years ended June 30, 1999, June 30, 2000 and June 30, 2001. In the related audit reports, the firm stated that the general purpose financial statements presented fairly the financial position of the College and the changes in fund balances for the years then ended in conformity with generally accepted accounting principles. Current Status of Findings from Preceding Audit Report Our audit included a review to determine the current status of the five fiscal/compliance findings contained in our preceding audit report dated March 3, 1999. We determined that the College satisfactorily addressed two of these findings. The remaining three findings are repeated in this report, two of which have been combined into one item. In its response to the preceding audit report, the College generally agreed to implement the recommendations.

8

(This Page Intentionally Left Blank)

9

Findings and Recommendations Cash Receipts Finding #1 Collections were not properly verified to deposit or deposited timely. Analysis Controls over the College’s cash receipts, which totaled approximately $8.4 million during fiscal year 2001, were inadequate. Specifically, our audit disclosed the following: • Verifications were not always performed to ensure that all recorded

collections were deposited, and certain verifications were not documented. Our review of cash receipts for 4 months in fiscal year 2001 identified 18 instances totaling approximately $1.1 million for which the College did not obtain documentation from the bank to support the deposit. Also, even if documentation was received from the bank, the verifications for 40 of the daily collection reports we tested totaling approximately $3.6 million were not documented. Consequently, there was a lack of assurance that all collections received were deposited. A similar condition was commented upon in our preceding audit report.

• Our test of 40 daily collection reports totaling approximately $3.6 million

disclosed that in 19 instances totaling approximately $1 million the collections were deposited from 3 to 8 working days after receipt. The Comptroller of the Treasury’s Accounting Procedures Manual states that receipts must be deposited no later than the first working day after the day of receipt. Untimely deposits increase the possibility of loss or misappropriation and result in a loss of investment income to the State. A similar condition was commented upon in our preceding two audit reports.

Recommendation #1 We again recommend that an employee independent of the cash receipts function verify that all recorded collections are subsequently deposited. We also again recommend that such verifications be documented and retained for future verification. Additionally, we again recommend that the College deposit all cash receipts in accordance with the requirements of the Accounting Procedures Manual. We advised the College on accomplishing the needed separation of duties using existing personnel.

10

Finding #2 Certain College income was improperly deposited with the affiliated foundation instead of being deposited in the State Treasury as required by law. Analysis College revenue totaling $26,000 was improperly deposited with the College’s affiliated foundation instead of being deposited in the State Treasury as required by law. The revenue consisted of a $10,000 payment by the bookstore operator, to be used for book scholarships, and payments totaling $16,000 due to the College as a result of work performed, such as conducting training seminars. According to the Education Article 16-507 of the Annotated Code of Maryland, all income of the College should be deposited in the State Treasury. The College’s contracts with the bookstore operator and the various organizations for which they conducted training seminars did not contain provisions directing the funds to the foundation. Recommendation #2 We recommend that all College income be deposited in the State Treasury as required by law. We also recommend that the College recover all funds previously given to its affiliated foundation. Computer Security Finding #3 Control over access to and support of critical computer resources needs improvement. Analysis The College’s monitoring of access to critical computer resources and recovery plans need improvement. The College operated a network that includes a minicomputer for financial applications and student grades, Internet connectivity, a firewall, and servers for email and remote access. The firewall helps protect network resources from Internet based intrusions and risks, while logging sensitive events. Our review disclosed the following: • The College’s network administrators advised us that they did not regularly

review network firewall logs. In addition, any reviews performed were not documented. Also, the firewall software used by the College was not the most

11

current version available, and therefore did not contain the most up-to-date features. Accordingly, there were increased risks of unauthorized or malicious network activity occurring and not being detected in a timely manner.

• The College’s contingency plan for restoring information technology services

in the event of a disaster was out of date and did not address several key elements. Specifically, the plan’s alternate processing site was no longer available and the plan referenced buildings that no longer existed. In addition, the plan did not address restoring network connectivity and communication carrier concerns.

Recommendation #3 We recommend that the College improve security over network resources by performing regular documented reviews of its firewall logs and by ensuring that the firewall software used is always the current version. We also recommend that the contingency plan be updated to reflect current conditions and that it address network connectivity and communication concerns. Finding #4 Proper controls were not established over student grade files. Analysis Access to computer files containing student grades was not properly restricted and changes to these files were not adequately reviewed for propriety. Specifically, we noted that six individuals had capabilities that allowed them to modify student grade information even though such access was not necessary for these individuals to perform their job duties. Additionally, output reports of grade and transcript entries were not verified to related input documents, such as authorized grade rosters, original transcripts, and approved grade change forms. As a result of these conditions, unauthorized entries or modifications could be made to student grades without detection. Similar conditions were commented upon in our three preceding audit reports. Recommendation #4 We again recommend that the College use its security system to restrict access to critical data to individuals whose job responsibilities require such access and that all such access be recorded and monitored. Furthermore, we again recommend that employees independent of the College’s student grade

12

processing functions verify that recorded grades were authorized and accurately processed. Specifically, we recommend that recorded grades be verified to related, authorized input documents. We also again recommend that these verifications be documented. Student Financial Aid Finding #5 Financial aid awards were not adequately reviewed and approved. Analysis Financial aid awards, which totaled approximately $11.2 million in fiscal year 2001, were not subjected to an adequate review and approval process that was documented. Consequently, assurance was lacking that financial aid awarded to students was proper. Recommendation #5 We recommend that financial aid awards be reviewed and approved, at least on a test basis, by appropriate personnel other than the individual making the award. These reviews should ensure that awards agree to related support documentation. We also recommend that these verifications be documented. Grants and Contracts Finding #6 Delinquent accounts receivable were not forwarded to the Department of Budget and Management’s Central Collection Unit. Analysis The College did not forward delinquent accounts receivable to the Department of Budget and Management’s Central Collection Unit as required by the Unit’s regulations. These accounts receivable arose from expenditure reimbursement requests made by the College that related to certain grants and contracts. According to the College’s records, as of September 19, 2001, there were 29 accounts totaling approximately $320,000 that had been outstanding for 3 to 23 months that had not been forwarded to the Unit for collection. As of September 19, 2001, the College’s grant and contract receivables totaled approximately $760,000.

13

Recommendation #6 We recommend that the College comply with the regulations of the Central Collection Unit regarding the forwarding of delinquent accounts to the Unit. Student Accounts Receivable Finding #7 Internal control over the processing of non-cash credit adjustments was inadequate. Analysis Independent verifications of non-cash credit adjustments were not properly performed. Specifically, the College’s verification procedure did not ensure that all non-cash credits recorded on student accounts receivable records were subject to being verified to source documentation. In this regard, although the College selected certain non-cash credit adjustments for verification, the selection was not made from an output report of all adjustments recorded. Consequently, unauthorized adjustments could be processed without detection. During fiscal year 2001, the College processed non-cash credit adjustments totaling approximately $1 million. Recommendation #7 We recommend that the College use a procedure that ensures all non-cash credit adjustments recorded on the student accounts receivable records are subject to being independently verified, at least on a test basis, to supporting documentation. Equipment Finding #8 Proper controls were not established over the College’s capital equipment. Analysis The College’s record keeping and physical inventory procedures were not in compliance with certain provisions of the Department of General Services’ Inventory Control Manual. As of June 30, 2001, the College’s capital equipment totaled approximately $17.2 million. Our review disclosed the following:

14

• A control account was not adequately maintained to provide a continuing

summary of transactions and a total dollar value control over amounts recorded in the capital equipment detail records. Specifically, disposals were posted in the control account from a summary report of detail record transactions.

• The College did not always record capital equipment purchases in the detail

records in a timely manner. Our test of 44 capital equipment items totaling $272,013 that were purchased in fiscal years 2000 and 2001, disclosed that 8 items totaling $169,663 were not recorded in the detail records as of July 2001.

• The College did not complete an annual physical inventory of its sensitive

capital equipment for six departments in fiscal year 2000 and nine departments in fiscal year 2001. These nine departments had sensitive capital equipment that totaled approximately $5.6 million as of July 2001. Also, our test of 20 items from the detail records totaling $53,637 disclosed that 9 items totaling $22,153 could not be located.

The Department of General Services’ Inventory Control Manual requires the maintenance of the control account independent of the detail records, and the recordation of all capital equipment items in the detail equipment records for identification and control purposes. The Manual also requires that a complete physical inventory of sensitive capital equipment items be conducted at least annually, the results of the physical inventories be reconciled to the related detail records, and the related differences be investigated and resolved. Recommendation #8 We recommend that the College comply with the aforementioned requirements of the Inventory Control Manual. Specifically, we recommend that the College maintain an independent control account for capital equipment. We also recommend that all capital equipment acquisitions be recorded in the detail records. Finally, we recommend that a physical inventory of sensitive capital equipment items be conducted at least annually, the results of the inventories be reconciled with the related detail records, and all differences be promptly investigated and resolved.

15

Audit Scope, Objectives and Methodology We audited the Baltimore City Community College for the period beginning July 1, 1998 and ending June 30, 2001. The audit was conducted in accordance with generally accepted government auditing standards. As prescribed by the State Government Article, Section 2-1221 of the Annotated Code of Maryland, the objectives of this audit were to examine the College's financial transactions, records and internal controls, and to evaluate its compliance with applicable State laws, rules, and regulations. We also determined the current status of the findings included in our preceding audit report. In planning and conducting our audit, we focused on the major financial related areas of operations based on assessments of materiality and risk. Our audit procedures included inquiries of appropriate personnel, inspection of documents and records, and observation of the College’s operations. We also tested transactions and performed other auditing procedures that we considered necessary to achieve our objectives. We did not audit the College’s Federal financial assistance programs for compliance with Federal laws and regulations because the College engages an independent accounting firm to annually audit such programs. The College’s management is responsible for establishing and maintaining effective internal control. Internal control is a process designed to provide reasonable assurance that objectives pertaining to the reliability of financial records, effectiveness and efficiency of operations including safeguarding of assets, and compliance with applicable laws, rules and regulations are achieved. Because of inherent limitations in internal control, errors or fraud may nevertheless occur and not be detected. Also, projections of any evaluation of internal control to future periods are subject to the risk that conditions may change or compliance with policies and procedures may deteriorate. Our reports are designed to assist the Maryland General Assembly in exercising its legislative oversight function and to provide constructive recommendations for improving State operations. As a result, our reports generally do not address activities we reviewed that are functioning properly.

16

This report includes findings relating to conditions that we consider to be significant deficiencies in the design or operation of the internal control that could adversely affect the College’s ability to maintain reliable financial records, operate effectively and efficiently and/or comply with applicable laws, rules and regulations. Our report also includes findings regarding significant instances of noncompliance with applicable laws, rules and regulations. The College’s response to our findings and recommendations is included as an appendix to this report. As prescribed in the State Government Article, Section 2-1224 of the Annotated Code of Maryland, we will advise the College regarding the results of our review of its response.

Findings and Recommendations Cash Receipts Finding #1 Collections were not properly verified to deposit or deposited timely. Recommendation #1 We again recommend that an employee independent of the cash receipts function verify that all recorded collections are subsequently deposited. We also again recommend that such verifications be documented and retained for future verification. Additionally, we again recommend that the College deposit all cash receipts in accordance with the requirements of the Accounting Procedures Manual. We advised the College on accomplishing the needed separation of duties using existing personnel. Response #1

• We partially concur. The verifications of all recorded collections will be documented and retained for future verification. The incident cited is an isolated situation as the individual performing the independent verification inadvertently misfiled the deposit tickets referred to above. As a result, the College has revised its existing procedures to require the individual performing the independent verification to forward a weekly status report, including the source documentation, to the Assistant Executive Director of Accounting and Finance for review and signature.

• We concur. The College will deposit all cash receipts in accordance with

the requirements of the Accounting Procedures Manual. There are instances where the College receives checks with no supporting documentation of the appropriate account to be credited. As a result, further investigation is required that may prevent the check from making the deposit “no later than the first working day after the day of receipt”. The College has revised its existing procedures to require the receipt log to be forwarded daily to the Assistant Executive Director of Accounting and Finance. He will ensure that checks received without the appropriate account number are properly credited to a clearing account and subsequently adjusted when the correct account number is determined. This additional control will ensure that all deposits are forwarded to the Cashier’s Office daily and deposited timely.

Finding #2 Certain College income was improperly deposited with the affiliated foundation instead of being deposited in the State Treasury as required by law. Recommendation #2 We recommend that the all College income be deposited in the State Treasury as required by law. We also recommend that the College recover all funds previously given to its affiliated foundation. Response #2 We do not concur. In the first instance, the $10,000 payment by the bookstore operator to the Foundation accurately reflects the original intent of the parties with regard to book scholarship funds for the benefit of the students. To further clarify the intent, the bookstore issued a Supplemental Agreement with regard to the contribution of scholarship funds and the use of those funds. The Supplemental Agreement states that the bookstore operator “will provide for the benefit of students of the College, through a contribution to the Baltimore City Community College Foundation, a donation of $10,000 to be used as textbook scholarships during the year.” The College will not recover these funds, as the College did not intend them for use. In the second instance, a vendor and long time donor to the BCCC Foundation, made three checks payable to “The BCCC Foundation, Inc.” in FY 2001. In reconciling the Foundation account, it was determined that the vendor mistakenly issued checks totaling $16,000 to the Foundation when they should have been issued to BCCC for services performed by the Business and Continuing Education Center (BCEC). The Foundation created an accrual in FY 2001 and subsequently transferred the funds to BCCC.

Computer Security Finding #3 Control over access to and support of critical computer resources needs improvement. Recommendation #3 We recommend that the College improve security over network resources by performing regular documented reviews of its firewall logs and by ensuring that the firewall software used is always the current version. We also recommend that the contingency plan be updated to reflect current conditions and that it address network connectivity and communication concerns. Response #3 We partially concur. The firewall logs were not being reviewed regularly because the new web server, based on the Linux operating system, was creating logs that monitored unauthorized access to the system. Since this report, the firewall solution has changed and the network engineers are back to regular maintenance and monitoring of the firewall logs. The College will ensure that regular documented reviews of the firewall logs occur. The College will ensure that the firewall software used is the current version provided a cost/benefit analysis proves optimal. We concur. The College will update the contingency plan to reflect current conditions and it will address network connectivity and communication concerns.

Finding #4 Proper controls were not established over student grade files. Recommendation #4 We again recommend that the College use its security system to restrict access to critical data to individuals whose job responsibilities require such access and that all such access be recorded and monitored. Furthermore, we again recommend that employees independent of the College’s student grade processing functions verify that recorded grades were authorized and accurately processed. Specifically, we recommend that recorded grades be verified to related, authorized input documents. We also again recommend that these verifications be documented. Response #4 We concur. The College’s security system has been modified to restrict access to critical data consistent with individual’s job responsibilities. Additionally, a quarterly report will be generated to review, verify and document user access compliance. This access compliance issue will have ongoing oversight through the existing SIMS committee chaired by the College’s Registrar, who will also be the final signature for the approval path for access requests to critical data and transactions. The College has modified the request documents to all college computer systems. Each request for new or modified access must include a statement that the access is required to fulfill the individual’s primary job function and identify why the access is needed. All requests for data access or modification of access rights will be reviewed, approved and verified by the Executive Director of CITS. Employees independent of the College’s student grade processing functions will verify that recorded grades are authorized and accurately processed. The grade change request process and forms will be modified to clearly identify that the request has been submitted from an authorized individual. The recorded grades will be verified to related, authorized input documents and these verifications will be documented.

Student Financial Aid Finding #5 Financial aid awards were not adequately reviewed and approved. Recommendation #5 We recommend that financial aid awards be reviewed and approved, at least on a test basis, by appropriate personnel other than the individual making the award. These reviews should ensure that awards agree to related support documentation. We also recommend that these verifications be documented. Response #5 We do not concur. The College contends that the manner in which the finding is stated is misleading. First, the $11.2 million in financial aid represents aid that is not awarded by BCCC. The staff does not award State scholarships or Pell Grants. The College only certifies the students’ eligibility for these two programs. The College awards Supplemental Educational Opportunity Grant (SEOG) $817,857, Federal Work-study (FWS) $943,614 and Board of Estimates Funds $500,000 for a total of $2,261,471. The vast majority of the $11.2 million represents aid over which financial aid staff has no control. It is important to point out the fact that very little of the financial aid provided to students is subject to manipulation on the part of an individual. The overwhelming majority of the aid is awarded through an automated packaging program. Separation of duties prevails in the process leading to the determination of eligibility. It would be difficult for any one individual to orchestrate an award without the assistance of many other staff. The College has always had a process for reviewing awards made to students. In fact, the State Legislative auditors approved this process during the last audit review. Because there were no concerns raised by previous audit teams, we continued that process. An individual who was independent of the awarding process conducted the reviews. Although he did not review all of the supporting documentation, he did have on-line access to the most important information. Most of the College’s student eligibility information is maintained electronically, not in the students’ files. In addition to that review, during the 97, 98, and 99 award years the College had an independent consultant conduct a review of the files each semester to assure that awards were made properly. This was an expensive proposition, so for award years ’99, ’00 and ’01, the College used its own staff to perform the file review. During this time, the file review was expanded to include a review of more than 500 student files. Every aspect of the student’s file was closely scrutinized. All of the supporting documentation was reviewed for agreement with the award amount and other eligibility criteria. This review was performed to provide

management with information regarding the quality of the work that was being performed by staff and to identify any possible problematic trends. The Legislative auditors have always told us that the review had to be conducted by someone independent of the award process. Therefore, we never expected that the auditors would want to see the results of our review. Every year the College has a private accounting firm perform an A-133 audit as required by the Federal Department of Education. Again, a review of the student file is compared to the supporting documentation. In successive years, there have been no findings of non-compliance. Likewise, the audit just performed in this review by the Legislative audit team found no incidences of non-compliance with federal regulations. Therefore, we do not believe that it is fair or accurate to find that “assurance was lacking that financial aid awarded to students was proper.” The College will modify the current award review process to include verification to the related source document and the review will be documented and retained.

Grants and Contracts Finding #6 Delinquent accounts receivable were not forwarded to the Department of Budget and Management’s Central Collection Unit. Recommendation #6 We recommend that the College comply with the regulations of the Central Collection Unit regarding the forwarding of delinquent accounts to the Unit. Response #6 We concur. The College will comply with the regulations of the Central Collection Unit regarding the forwarding of delinquent accounts to the Unit.

Student Accounts Receivable Finding #7 Internal control over the processing of non-cash credit adjustments was inadequate. Recommendation #7 We recommend that the College use a procedure that ensures all non-cash credit adjustments recorded on the student accounts receivable records are subject to being independently verified, at least on a test basis, to supporting documentation. Response #7 We do not concur. The existing procedure is a 100% test to the supporting documentation of the manual non-cash credit adjustments posted to the student accounts receivable system. There were computer-generated items, such as transactions produced by the telephone registration system that do not require a manual adjustment, reflected in the non-cash credit report. The computer program that generates this report has been modified so that only manual non-cash credit adjustments are shown.

Equipment Finding #8 Proper controls were not established over the College’s capital equipment. Recommendation #8 We recommend that the College comply with the aforementioned requirements of the Inventory Control Manual. Specifically, we recommend that the College maintain an independent control account for capital equipment. We also recommend that all capital equipment acquisitions be recorded in the detail records. Finally, we recommend that a physical inventory of sensitive capital equipment items be conducted at least annually, the results of the inventories be reconciled with the related detail records, and all differences be promptly investigated and resolved. Response #8

We partially concur. The College agrees to post disposals from the source documents used to update the detail records of the fixed asset system, rather than from the summary report of the detail records of transactions. However, the College has maintained an independent control account for capital equipment, which has been subject to two previous legislative audits without findings.

We concur. The College will record all capital equipment purchases in the detail records in a timely manner. All items noted have been recorded in the detail records.

We concur. Physical inventory of sensitive capital equipment items will be

conducted at least annually, the results of the inventories will be reconciled with the related detail records, and all differences will be promptly investigated and resolved. Of the nine items not located, seven are central processing units that have been un-located for two successive inventories; item eight is a printer that has been reported as stolen and item nine is a workstation that was subsequently located. The College received full compliance from all departments for fiscal year 2001. The College recently hired an Information Technology (IT) Inventory Specialist who will catalog all IT-based equipment at BCCC and reconcile to the fixed asset system. Additionally, new procedures are in development that will strengthen identification of unrecorded assets.

I:\Budget Office\State Legislative Audit\FY 99, 00, 01 audit\Final Response2.doc

AUDIT TEAM

Alan I. Weiner, CPA Audit Manager

Stephen P. Jersey, CPA, CISA

Information Systems Audit Manager

Laura R. Morgan, CPA Senior Auditor

Matthew T. Williams

Information Systems Senior Auditor

Keonna M. Carter Dante C. Gizzi

Matthew P. Petito, CPA Brian K. Roberts Joseph E. Walzog

Staff Auditors