- An audit of Florida’s Department of State identified issues with IT security, data access, privacy, vehicle management, and conflicts of interest around contracts.
- Recommendations include better security controls, improved record keeping, and training for contract managers.
- The department has responded with plans to enhance security and implement new policies and procedures for conflict-of-interest reviews and vehicle log procedures.
(The Center Square) — A recent audit of Florida’s Department of State detailed several issues surrounding privacy concerns and conflicts of interest, along with discrepancies on the use of state vehicles.
The audit has highlighted a few issues that require attention, including the need for better security for the department’s IT systems, better logs kept on the use of company vehicles, and that management will take steps to ensure no conflicts of interest exist around contracts.
The first issue surrounded proper record keeping. DOS must retain specific vouchers that document the financial transactions for state financial assistance for five fiscal years. The audit found that the department needed to follow the regulations.
The auditor general requested 40 vouchers for SFA payments made between July 2020 and July 2022, worth approximately $3.5 million— six worth $1.2 million needed to be included.
In response, DOS stated that they needed a system to track vouchers. The department also said personnel was not returning them to the appropriate folder if they had used the voucher for research or reference. As a result, the department now has a better system, including a sign-out sheet if personnel want to use the vouchers for research.
Concerns around the privacy of grant system recipients and access to the department’s data were another issue identified by the audit.
The report also found that terminated employees weren’t removed from IT systems and specific security controls on department data and IT resources needed improvement.
The AG recommended that the department remove ex-employees upon their leaving and improve its user authentication to ensure the confidentiality of the department’s data. In response, DOS stated it will work incrementally over the next 12 months to enhance security due to the complexity of the grant system.
The audit also found that the department had, at times, kept a vehicle usage log that gave details on travel locations, purpose of travel and mileage. Auditors recommended better vehicle log procedures and the department stated in response that new policies, including a monthly reconciliation of vehicle expenses, had been implemented.
The report also says that contract managers have sometimes completed appropriate training, a state law requirement. The AG recommended that any managers responsible for contracts over $35,000 complete chief financial officer training for accountability in contracts and grants management.
Lastly, the audit found that some department personnel had not stated in writing that they had no conflicts of interest regarding the noncompetitive procurement of contracts. This is required by law and the department’s policies and procedures.
In response, the department’s Division of Administrative Services’ purchasing office is currently writing new procedures requiring the purchasing manager to review all competitive and noncompetitive contracts. The department stated this will ensure that the conflict-of-interest attestation form has been completed before the execution of any two-party agreements, including legal services.