State Technology Audit (Draft)

forums    Fl gov't    JEB   agencies    environment    groups   regions   election '02  

Check the new WhoseFlorida for updates

The Comptroller's draft audit of the State Technology Office was made public in May 2002.  See State Technology Office

This report was submitted to WhoseFlorida along following note:

"Attached to this e-mail is a copy of the draft of the comptroller's audit of the State Technology Office, which I urge you to make available through your website.  There are many reasons why this report is important.  It documents financial improprieties by the current administration, and the misuse of state funds is particularly appalling."
... JORO,7/12/02

 

The report summary is presented first, then pp 9-43 of the report. The report offers some background and then the text of the audit's 28 findings and recommendations.  
Unfortunately, some formatting (i.e. paragraph references in the summary) was lost in posting to the web, but the originals are available as .pdf files : Report  Summary  (need Acrobat Reader)

Summary:       

Audit Report Summary

Audit of the State Technology Office within the Department of Management Services 

For the Period July 1, 2000 Through September 30, 2001 and Selected Actions Prior to July 1, 2000 

This audit report summary is intended to present the findings for our report in a condensed fashion. The entire report should be read for a comprehensive understanding of our audit findings.


SCOPE 

The scope of our audit focused primarily on State Technology Office (STO) operational functions that incurred large disbursements. The scope of the audit also focused on evaluating various other systems of internal control for the STO and other state entities with information technology expenditures. (see paragraph 2)

OBJECTIVES 

The overall objective of the audit was to evaluate the STO's accountability and financial integrity with respect to the disbursement of state funds. This included: 1) Evaluating the STO's performance in administering assigned responsibilities in accordance with applicable laws, rules and other guidelines. 2) Determining the extent to which the system of internal control promotes and encourages the achievement of management's objectives in the categories of compliance with applicable laws, administrative rules and other guidelines; the economic and efficient operations; the reliability of financial records and reports; and the safeguarding of assets. 3) Providing management with information and findings to assist in evaluating their systems of internal control relevant to the STO. (see paragraph 3)

METHODOLOGY 

Pursuant to Section 17.04, Florida Statutes, we utilized generally accepted auditing procedures to provide a reasonable basis that state funds were appropriately spent. We examined, on a test basis, evidence supporting transactions which occurred and actions taken by various members of management, performed analytical procedures, reviewed appropriate laws, rules, and other guidelines, and evaluated the pertinent systems of internal control. (see paragraphs 4 through 5)

REPORT FORMAT 

Because the STO was involved in the IT decisions of several state agencies, the audit report is divided into three major sections. Audit findings 1 through 5 discus major statewide issues involving information technology contracts and procurement. Audit findings 6 through 25 discuses STO specific issues, including budgeting, contracting and activities not authorized by law. Finally, audit findings 26 through 28 discuses specific STO IT related issues in other state agencies. 

FINDINGS IT 

Contract Amount 

There was not always adequate documentation to support how state agencies arrived at a total contracted amount when using state term contracts for Information Technology (IT) consulting services. (see paragraphs 11 through 15)

IT Contract Deliverable Provision IT consultant contracts did not always have units of deliverables, milestones or a clear definition as to what was to be produced. (see paragraphs 16 through 20)

Contract Monitoring

Our audit noted that the IT contract files did not always contain adequate documentation to support monitoring activities. (see paragraphs 24 through 26)

IT Contract Disbursements

Information Technology (IT) consulting services payments did not always have documentation sufficient in detail to support disbursement of funds. (see paragraphs 27 through 29)

Contract Authorization and Renewal

Procurement files maintained by the DMS, Division of State Purchasing did not always contain adequate documentation to support the required contract authorizations and actions taken for contract renewals as provided by Florida law. (see paragraphs 30 through 34)

STO Organizational Structure

The STO did not establish an organizational structure with clear lines of authority and responsibilities within organizational units. As a result, the internal control system was significantly compromised. (see paragraphs 35 through 38)


Delegation of Authority 

The STO did not provide a written delegation of authority to individuals who entered into contracts on behalf of the STO. As a result, some of the STO contracts were not properly executed. (see paragraphs 39 through 41)

No Written Agreement

The STO authorized the disbursement of funds to some vendors without a valid written agreement. (see paragraphs 42 through 45)

Defined Deliverables

Our audit noted STO contracts did not always have a defined deliverable. (see paragraphs 46 through 49)

Vague Contract Terms

STO employee leasing contracts with the Tallahassee Community College (TCC) had vague and missing contract terms. As a result of a contract dispute with TCC, the STO may have paid an amount greater than what was originally intended. (see paragraphs 50 through 53)

Receipt of Goods and Services 

The STO vendor invoices did not always have a documented approval for payment or an acknowledgement from the person with direct physical knowledge that goods or services were satisfactorily received. (see paragraphs 54 through 57)

STO Contract Disbursements

The STO's documentation to support payment was not always sufficient in detail to support the disbursement of funds. As a result, the propriety and level of services provided is unclear. (see paragraphs 60 through 62)

Continuing Educational Component

It is not clear as to why the STO contracted for a continuing educational component of MyFlorida.com with Information Systems of Florida, Inc. when the Accenture E-Licensing system contained a continuing education component. Documentation to support the actions and the justification for this decision appear not to exist. (see paragraphs 63 through 67)

Information Systems of Florida, Inc. 

The STO and the Department of Community Affairs (DCA) entered into an agreement with the Information Systems of Florida, Inc. to develop a component of MyFlorida.com. Documentation to support contract management and deliverables associated with $218,000 of payments does not exist. (see paragraphs 68 through 70)

Working Capital Trust Funds

The STO transferred certain expenses from the Electronic Data Processing (EDP) Trust Fund to the Communications Working Capital Trust Fund which were not properly supported by source documents. (see paragraphs 71 through 74)

Gartner Group Payments 

During the 2000-2001 fiscal year, the STO paid $1.16 million of the Gartner Group expenses from the Communications Working Capital Trust Fund. This is in violation of Section 216.292(1)(a), Florida Statutes, and the General Appropriations Act which required that these expenses be paid from the Electronic Data Processing (EDP) Working Capital Trust Fund. (see paragraphs 77 through 82)

The Gartner Group $1.8 Million Contract

The STO's decision to enter into a $1.8 million contract with the Gartner Group was contradicted by the STO's analysis. (see paragraphs 83 through 86)

The Gartner Group $2.3 Million Contract

STO analyses and budgets contradict the decision to enter into a $2.3 million contract with the Gartner Group. As a result, the Electronic Data Processing (EDP) Working Capital Trust Fund did not have sufficient cash flow to meet current obligations. (see paragraphs 87 through 89)

The Gartner Group Additional Concerns 

The STO contracts with the Gartner Group had several additional concerns that need to be addressed by STO management. (see paragraphs 90 through 92)

Unauthorized Activities of "ITFlorida.com" 

From at least January 2000 through March 8, 2001 agents of the IT Task Force conducted business as ITFlorida.com without a corporate charter or statutory authorization. (see paragraphs 93 through 100)

Inappropriate Use of State Funding 

The executive director of ITFlorida.com incurred unauthorized liabilities on behalf of the state. Substantial conflicts of interest were created, when state officials solicited funds from companies doing business with the state to provide sponsorship for an ITFlorida.com event. (see paragraphs 101 through 105)

STO Consultant

The STO did not maintain adequate separation of duties for an individual authorizing accounting transactions in the Florida Accounting Information Resource (FLAIR) system and obtaining custody of state disbursement warrants. (see paragraphs 106 through 110)

STO Contract Management 

During the period September 2000 through December 2001, the STO made payments to KPMG Consulting totaling $2.2 million. The STO contract manager did not maintain adequate documents and records to support contract deliverables. Additionally, the KPMG Consulting contracts did not have clear deliverables and invoices were not sufficient in detail to support payment. (see paragraphs 111 through 116)

Legal Service Contract

A STO contract for legal services does not appear to be in compliance with the Florida law. (see paragraphs 117 through 122)

STO Credits 

It is not clear as to whether the use of other agencys' appropriated federal and state funds to purchase STO assets was an allowable cost under federal and state law. (see paragraphs 123 through 127)

Conflicts of Interest

The Department of Business and Professional Regulation (DBPR) did not follow their established policies and procedures regarding potential conflicts of interest in contract procurement and management. (see paragraphs 128 through 133)

DBPR Contract Management

The Department of Business and Professional Regulation (DBPR) did not always have adequate documentation to support the contract management process. (see paragraphs 134 through 138)

DMS, Division of Retirement Contract Management

The DMS, Division of Retirement's contract management process was not always adequate to support payment. (see paragraphs 139 through 144)

Draft Audit Report (pp 9-43):

SCOPE AND OBJECTIVES

  1. Section 17.04, Florida Statutes, authorizes the Comptroller of the state to examine, audit, adjust and settle the accounts of all the officers of this state and any other person in anywise entrusted with, or who may have received any property, funds or moneys of this state. In accordance with this authority, we have performed an operational compliance audit of the State Technology Office (STO) within the Department of Management Services (DMS), and also certain technology contracts in other agencies.
  2.  
  3. The nature and diversity of the STO precluded an examination of all aspects of the STO on a timely basis. The scope of our audit focused primarily on STO operational functions that incurred large disbursements. The scope of the audit also focused on evaluating various systems of internal control for the STO and other state entities with information technology expenditures. The audit period was primarily July 1, 2000, through September 30, 2001, and also included selected actions taken prior to July 1, 2000. Our audit sample included $59 million out of $763 million information technology disbursements for eight state agencies, as follows:
  4.  
The Department of Management Services
The Department of Transportation
The Department of Revenue
The Department of Education
The Department of Business and Professional Regulation
The Department of Health
The Department of Children and Family Services
The Department of Labor and Employment Security
  1.  
  2. The overall objective of the audit was to evaluate the STO’s accountability and financial integrity with respect to the disbursement of state funds. Additionally, due to the STO being involved in procurement and contracting decisions of several state agencies, a secondary objective of the audit was to evaluate, on a statewide basis, information technology procurement and contract management. This included:
Evaluating the STO’s performance in administering assigned responsibilities in accordance with applicable laws, rules and other guidelines.
Determining the extent to which the system of internal control promotes and encourages the achievement of management’s objectives in the categories of compliance with applicable laws, administrative rules and other guidelines; economic and efficient operations; the reliability of financial records and reports; and the safeguarding of assets.
Providing management with information and findings to assist in evaluating their systems of internal control relevant to the STO.

 

METHODOLOGY
  1. Pursuant to Section 17.04, Florida Statutes, we utilized generally accepted auditing procedures to provide a reasonable basis that state funds were appropriately spent.
  2.  
  3. As a part of our audit, we examined, on a test basis, evidence supporting transactions which occurred and actions taken by various members of management, performed analytical procedures, reviewed appropriate laws, rules, and other guidelines, and evaluated the pertinent systems of internal control.

    4.  

    BACKGROUND
  4. Effective July 1, 2000, Chapter 2000-164, Laws of Florida, provided for the creation of the State Technology Office, administratively placed within the Department of Management Services, which is headed by a Chief Information Officer (CIO) appointed by the Governor. Additionally, effective July 1, 2001, Chapter 2001-261, Laws of Florida, provided for the STO to become a state agency.
  5.  
  6. The powers, duties and functions of the STO are enumerated under Section 282.102, Florida Statutes. Some of these duties and functions are described below:
  7.  
To publish electronically the portfolio of services available from the STO.
To coordinate the purchase, lease and use of all information technology services for state agencies.
To integrate the information technology systems and services of state agencies.
To enter into agreements for the support and use of information technology services of state agencies and political subdivisions of the state.
To purchase from or contract with information technology providers for information technology facilities or services.
To provide an integrated electronic system for deploying government products, services and information to individuals and businesses.

 

  1. Section 216.272, Florida Statutes, provides for the creation of working capital trust funds for the purpose of providing sufficient funds for the operation of data processing centers. Section 216.272(2), Florida Statutes, provides that the funds allocated shall be in an amount sufficient to finance each center’s operations. However, each agency served by a center shall contribute an amount equal to its proportionate share of cost of operating such data processing center. Each agency utilizing the services of the data processing center shall pay such moneys into the appropriate working capital trust fund on a quarterly basis or such other basis as may be determined by the Executive Office of the Governor.
  2.  
  3. The STO uses the Electronic Data Processing (EDP) and Communications Working Capital Trust Funds to account for data processing and SUNCOM services respectively. These funds are described below:
  4.  
The EDP Working Capital Trust Fund was established to recover costs associated with data processing services. Disbursements for the year ended June 30, 2001, were approximately $14 million.
The Communications Working Capital Trust Fund was established to recover costs associated with the state’s local and long distance communications providers or better known as the SUNCOM. State entities and other organizations utilize these services and are billed monthly by the STO. The STO in turn uses the revenue to pay the communications providers and the STO’s operating costs. SUNCOM related disbursements for the year ended June 30, 2001, were approximately $115 million.
  1.  
  2. Additionally, the STO receives general revenue and other trust fund revenues that are described below:
A DMS Technology General Revenue Appropriation was used to account for general operating and specific project expenditures. Expenditures for the year ended June 30, 2001, were approximately $7 million.
The State Agency Law Enforcement Radio System Trust Fund was established in the STO pursuant to Section 282.1095, Florida Statutes. This Trust Fund is used to fund the State Agency Law Enforcement Radio System. Disbursements for the year ended June 30, 2001, were approximately $55 million, of which $40 million represented an advanced contract payment to Com-Net Ericsson.

 

PRELIMINARY AND TENTATIVE FINDINGS

STATEWIDE ISSUES

 

  1. Contract Amount

  2.  
  3. FINDING NO. 1
  4. There was not always adequate documentation to support how state agencies arrived at a total contracted amount when using state term contracts for Information Technology (IT) consulting services.
  5.  
  6. State agencies generally contract with IT consultants to provide 1) routine day-to-day IT related operations, 2) information related reports, and 3) project specific services. Contracting agencies are responsible for preparing a statement of work/requirements for submission to the contractor and negotiating a contract which should include at a minimum: specific deliverables, personnel assigned, time period commitments and costs. This information should agree to the state term contract.
  7.  
  8. A memorandum issued by the DMS, Division of State Purchasing on July 25, 2000, provided that state agency purchasing officers should seek competition between IT consulting vendors. The memo further stated that the consulting vendor rates published in the contracts were ceiling rates and to the extent practicable, state agencies should negotiate lower rates depending on the complexity and duration of a project.
  9.  
  10. Our audit test indicated that 9 of 60 (15%) contracts for IT consulting services did not provide adequate detail as to how the contracted amount was determined. We noted instances where there was neither a cost breakdown of services performed by job positions with the applicable rates nor documentation to support the determination of the hours used in computing the contracted amount.

    11. RECOMMENDATION NO. 1
  11. We recommend that the DMS, Division of State Purchasing, in consultation with the STO promulgate standards which should include in detail the determination of hours required and the hourly rates utilized in computing the total contracted amount.
    12.

    Contract Deliverable Provision

    FINDING NO. 2
  12. IT consultant contracts did not always have units of deliverables, milestones or a clear definition as to what was to be produced.
  13.  
  14. The DMS, Division of State Purchasing awarded state term contracts for IT consulting services on a nonexclusive basis to qualified vendors. This is similar to having a pool of pre-qualified vendors where state agencies may select a vendor by issuing a purchase order for services. This methodology allows for very general deliverables in the state term contract and flexibility for all state agencies to procure with more specific requirements on purchase orders.
  15.  
  16. Our audit test indicated that 19 of 62 (31%) contracts for IT consulting services did not have deliverables that were measurable, quantifiable or statements as to what was supposed to be produced. This problem was further compounded when vendor invoices were submitted to the state for payment without sufficient detail to discern the services provided. In many instances, we noted vendor invoices with a statement "Please remit for professional services rendered."
  17.  
  18. As a result, the propriety of services rendered becomes questionable. It also becomes difficult to determine the vendor’s responsibility, resulting in difficulty in holding the vendor accountable for performance.

    19. RECOMMENDATION NO. 2
  19. We recommend that the DMS, Division of State Purchasing and the STO promulgate standards for state agencies to use in writing contracts that include units of deliverables, milestones or a clear definition as to what is supposed to be produced.
    20.

    STATEWIDE CONTRACT MANAGEMENT
  20. Contract management involves the administering and monitoring of contract requirements to ensure accountability and compliance with program requirements. Every organization that enters into contracts with vendors has the responsibility to establish a methodology to achieve these objectives. This is most often accomplished through the establishment of written policies and procedures.
  21. An effective contract management policy should include maintaining files and records to adequately support the performance of the contractors and provide accountability for the funds disbursed. It should also provide assurance that all activities are performed in accordance with contract terms and that the state is obtaining best value.
  22.  
  23. The monitoring of contracts should be performed according to a set of criteria and guidelines that should include, but not be limited to:
Structure and content of contract files;
Documenting monitoring activities;
Documenting and corroborating submitted reports and documents;
Maintaining adequate and complete documentation in the file to support and reconcile the disbursement of funds; and
Documenting the procedural actions taken by the contract manager in verifying and concluding contract deliverables.

Contract Monitoring

FINDING NO. 3

  1. Our audit noted that the IT contract files did not always contain adequate documentation to support monitoring activities.
  2. Our review of 18 IT contract files totaling $19.6 million indicated the following:
  3.  
We noted 3 (17%) agency contract files contained inconclusive evidence that the agency’s contract manager received, reviewed and analyzed submitted reports and records.
We noted 8 (44%) agency contract files did not contain adequate evidence that a determination was made of the contractor’s overall performance.
We noted 8 (44%) agency contract files contained insufficient evidence to ascertain the level of service provided.

RECOMMENDATION NO. 3
  1. We recommend that the DMS, Division of State Purchasing and the STO promulgate standards for state agencies to follow in the IT contract management process. We also recommend that the procedures include documentation to support all monitoring activities performed by the contract manager.

    2. FINDING NO. 4
  2. IT consulting services payments did not always have documentation sufficient in detail to support the disbursement of funds.
  3. Our review of 102 IT consulting services payments totaling $21.25 million indicated the following:
We noted 48 (47%) payments where the invoice provided was not sufficient in detail to clearly define the units of deliverable.
We noted 12 (12%) payments where the hourly rates on the invoice were not reconcilable to purchase orders.
We noted 8 (8%) payments did not contain signatures approving the payments to the vendor.
We noted 6 (6%) payments where services were provided by the vendors after the required delivery date.

RECOMMENDATION NO. 4

  1. We recommend that the STO promulgate standards for maintaining documentation in sufficient detail to determine that the disbursement of funds is made in accordance with contract terms. In addition, documentation should ensure goods or services are satisfactorily provided and payments are properly authorized by the contract manager.

    2. Contract Authorization and Renewal

    FINDING NO. 5
  2. Procurement files maintained by the DMS, Division of State Purchasing did not always contain adequate documentation to support the required contract authorizations and actions taken for contract renewals as provided by Florida law.
  3.  
  4. Prior to the execution of a contract, the agency’s management should review and sign the contract indicating their acceptance of the terms of the contract. Section 287.057 (18), Florida Statutes, requires that each agency establish a review and approval process for contractual services contracts costing more than $50,000 that includes program, financial and legal review and approval. In addition, Section 287.058(2), Florida Statutes, requires that written agreements be signed by the agency head and the contractor prior to the rendering of any contractual service.
  5.  
  6. For contract renewals, Section 287.057 (13), Florida Statutes, requires that contractual service contracts may be renewed in writing on a yearly basis for no more than two years or for a period no longer than the original contract, whichever period is longer. It requires that renewals be contingent upon satisfactory performance evaluations by the agency.
  7.  
  8. Our review of 17 DMS, Division of State Purchasing procurement files indicated the following:
  9.  
We noted 8 (47%) files did not contain the approval from the Office of the General Counsel as to the legality of the contract.
We noted 6 (35%) files did not contain an authorization by the agency head or the agency head’s delegated representative.
We noted 2 (12%) contracts received a third year renewal without justification for the additional year.

RECOMMENDATION NO. 5

  1. We recommend that the DMS, Division of State Purchasing obtain authorizations for contracts and renew contracts in accordance with Florida law.
  2.  

    3. STATE TECHNOLOGY OFFICE

    Organizational Structure

    FINDING NO. 6
  3. The STO did not establish an organizational structure with clear lines of authority and responsibilities within organizational units. As a result, the internal control system was significantly compromised.
  4.  
  5. As part of the internal control environment, it is important for every organization to establish an organizational structure to provide clear lines of authority and responsibilities within organizational units. Although some lines of authority carried over from DMS, the STO was a conglomeration of DMS employees, independent contractors, other state agency employees and contracted employees from the State University and Community College Systems. Our audit noted that there was no clear line of authority and responsibility.
  6.  
  7. Evidence obtained from the audit indicated miscommunication among individual employees and organizational units. In addition, operating processes and workflow were not always consistent. This contributed to the ineffectiveness and nonexistence of certain key internal controls that were essential for maintaining accountability.

    8. RECOMMENDATION NO. 6

  8. We recommend that the STO implement an official organizational structure that establishes clear lines of authority and responsibility within a system of internal control. Additionally, the clear lines of authority and responsibility should be communicated to all employees.
  9.  

    10. Delegation of Authority

    FINDING NO. 7
  10. The STO did not provide a written delegation of authority to individuals who entered into contracts on behalf of the STO. As a result, some of the STO contracts were not properly executed.
  11.  
  12. Section 282.102(10), Florida Statutes, authorizes the STO to enter into agreements for the support and use of information technology services of state agencies and political subdivisions of the state. We noted 5 contracts totaling $2.11 million where individuals within the STO entered into written agreements without a written delegation of authority from the state CIO. In 1 of the 5 instances noted, a contract employee entered into a written agreement for $1.2 million on behalf of the STO.

    13. RECOMMENDATION NO. 7

  13. We recommend that the state CIO establish a written delegation of authority clearly identifying the individuals authorized to enter into written agreements on behalf of the state CIO.

    14. No Written Agreement

     

    FINDING NO. 8
  14. The STO authorized the disbursement of funds to some vendors without a valid written agreement.
  15.  
  16. Section 287.058(1), Florida Statutes, requires contracts in excess of $25,000 to be evidenced by a written agreement. This also represents effective internal control.
  17.  
  18. Our review of 25 contracts totaling $12 million indicated the following:
We noted 4 (16%) contracts totaling $590,227 were entered into and completed based on an oral agreement.
We noted 2 (8%) payments where the contracted amounts were exceeded by $362,714 prior to issuing contract amendments and adjusting purchase orders.
We noted 3 (12%) payments totaling $273,334 where services were performed and payment was made after the contract had expired.

RECOMMENDATION NO. 8

  1. We recommend that the STO take actions to ensure compliance with Florida law and that all contracts in excess of $25,000 and contract extensions and amendments be in writing.

    2. Contract Provisions
  2. FINDING NO. 9
  3.  
  4. Our audit noted STO contracts did not always have a defined deliverable.
  5.  
  6. Section 287.058(1)(d), Florida Statutes, provides that each procurement of contractual services in excess of $25,000 shall contain a provision for dividing the contract into units of deliverables.
  7.  
  8. Our review of 14 contracts totaling approximately $5.44 million indicated that 5 (36%) did not expressly state deliverables that were quantifiable, measurable or had an end result. As a result, there is limited assurance that the state is obtaining substantial performance for money spent.

    9. RECOMMENDATION NO. 9
  9. We recommend that the STO write contracts which adequately detail the required deliverables.

    10. FINDING NO. 10
  10. STO employee leasing contracts with the Tallahassee Community College (TCC) had vague and missing contract terms. As a result of a contract dispute with TCC, the STO may have paid an amount greater than what was originally intended.
  11.  
  12. The STO entered into contracts with the TCC to lease two employees. Neither of these contracts contained an adequate description of the conditions and resources provided by the TCC. For one of the contracts, the STO paid $27,257 more than it had anticipated in the written cover letter. We noted the following for this contract:
The contract was for a fixed price agreement not to exceed $150,000.
The contract did not include details of the interchange of agency personnel. These terms should have included a description of position responsibilities, hourly rates or annual salary and any formulas or amounts included in the complete salary package.
The support costs were not defined.
The travel expenses did not include a reference to Section 112.061, Florida Statutes.
Contract deliverables were not clearly stated.
  1.  
  2. Without clearly stated contract terms, it is difficult to determine the requirements of the contracting parties. Disputes could arise that would be difficult to resolve. Good business practices dictate that contract terms be stated clearly and in sufficient detail.

    3. RECOMMENDATION NO. 10

  3. We recommend that all contracts entered into by the STO contain clear and concise language to adequately describe, in detail, the terms and conditions of the contract.

    4. Receipt of Goods and Services

    FINDING NO. 11
  4. The STO vendor invoices did not always have a documented approval for payment or an acknowledgement from the person with direct physical knowledge that goods or services were satisfactorily received.
  5.  
  6. The STO documents the receipt of goods or services either on a receiving report copy of the purchase order or with a signature and date on the vendor invoice. Our audit noted 22 of 45 invoices (49%) did not indicate approval for payment by a person who had direct physical knowledge that the contract deliverables were satisfactorily received. We also found 2 (4%) payments did not contain authorized signatures approving the vendor payment. Examples include:
A $1.9 million invoice for infrastructure wiring for the Miami Beach Convention Center.
A $500,580 invoice for licensing and software support.
  1. By not following this procedure, the STO greatly increases the likelihood of improper payments or payment for goods and services not satisfactorily received.

    2. RECOMMENDATION NO. 11
  2. We recommend that the STO establish written procedures requiring the approval of all goods or services for payment by individuals having direct physical knowledge that the goods or services were satisfactorily received. Additionally, these documented acknowledgements should be signed and dated.

    3. STO CONTRACT MANAGEMENT
  3. As previously stated, contract management involves the administering and monitoring of contract requirements to ensure accountability and compliance with program requirements. An effective contract management policy includes maintaining files and records that adequately document monitoring activities. This would include corroborating submitted reports and documents and the procedural actions taken to verify and conclude contract deliverables.
  4.  
  5. In addition, a contract management policy should describe the types of source documentation that is required to support the disbursement of funds. The documentation should be sufficient in detail to determine whether the payment was made in accordance with contract terms, whether the goods or services were satisfactorily provided and whether the payments were properly authorized.

    6. STO Contract Monitoring

    FINDING NO. 12
  6. The STO’s documentation to support payment was not always sufficient in detail to support the disbursement of funds. As a result, the propriety and level of services provided is unclear.
  7.  
  8. Our review of 45 STO payments totaling $4.81 million indicated the following:
We noted 11 (24%) payments where the invoices did not provide sufficient detail to define the units of deliverable or the scope of work performed.
We noted 5 (11%) payments were not supported by purchase orders to document the authorization for the purchase of services.
We noted 3 (7%) payments where the voucher file did not contain an invoice.

RECOMMENDATION NO. 12

  1. We recommend that the STO documentation be sufficient in detail to determine that the disbursement of funds is made in accordance with contract terms. In addition, sufficient documentation should ensure goods or services are satisfactorily provided and payments are properly authorized.

    2. FINDING NO. 13
  2. It is not clear why the STO contracted for a continuing educational component of MyFlorida.com with Information Systems of Florida, Inc. when the Accenture E-Licensing system contained a continuing education component. Documentation to support the actions and the justification for this decision appear not to exist.
  3.  
  4. On December 22, 2000, the STO entered into a $1.2 million contract with the Information Systems of Florida, Inc. to provide for the continuing education component of MyFlorida.com. The objective of the project was to develop a web-based, customer-focused, continuing education processing system for the Governor’s agencies.
  5.  
  6. According to the STO’s contract with Information Systems of Florida, Inc., this system appears to be a duplication of a component within Department of Business and Professional Regulation’s E-Licensing System. The STO cancelled the contract on April 17, 2001, and afterwards made payment on three invoices totaling $250,000. Other than a written agreement, invoices and a letter, the documentation to support the facts and events for this financial transaction appear not to exist. We cannot determine what services were rendered for the $250,000 paid.
  7.  
  8. In August 2001, Information Systems of Florida, Inc. sent the STO another invoice for $350,000. As of the date of this report, the invoice remains unpaid and the STO is attempting to resolve the outstanding obligation.

    9. RECOMMENDATION NO. 13

  9. We recommend that the STO not enter into contracts that duplicate services being received pursuant to an existing contract. We also recommend that the STO document their decision process and that no payments be made for any contract until it is determined that deliverables are satisfactorily received. This finding is being referred to the Office of Financial Investigations, Office of the Comptroller.

    10. FINDING NO. 14
  10. The STO and the Department of Community Affairs (DCA) entered into an agreement with the Information Systems of Florida, Inc. to develop a component of MyFlorida.com. Documentation to support contract management and deliverables associated with $218,000 of payments does not exist.
  11.  
  12. On December 29, 2000, the STO and the DCA entered into a written agreement with the Information Systems of Florida, Inc. for $318,000 to develop a component of MyFlorida.com. It was agreed that DCA had $100,000 available for the system and would pay the first three tasks on the schedule of deliverables. Tasks 4 through 11 would be paid by the STO for $218,000. Other than the payment voucher which included invoices and a copy of the contract, it appears that the STO had no other documents available on file pertaining to this project. There appears to be no contract management by the STO.

    13. RECOMMENDATION NO. 14

  13. We recommend that the STO implement written procedures for contract procurement and contract management. This finding is being referred to the Office of Financial Investigations, Office of the Comptroller.

    14. Working Capital Trust Funds

    FINDING NO. 15
  14. The STO transferred certain expenses from the Electronic Data Processing (EDP) Trust Fund to the Communications Working Capital Trust Fund which were not properly supported by source documents.
  15.  
  16. Accountants routinely transfer or reallocate expenses from one accounting fund to another as a means of properly matching costs to an appropriated revenue source. In most instances, this is usually performed when certain expenses are common to multiple funding sources. These accounting entries should have an allocation methodology and should be properly supported by source documents.
  17.  
  18. The STO increased the cash balance of the EDP Working Capital Trust Fund by $353,000 when certain salary expenses were transferred to the Communications Working Capital Trust Fund. The documentation to support the transaction was not based on financial data representing employee time allocation from either the Communications or EDP Working Capital Trust Funds.

    19. RECOMMENDATION NO. 15

  19. We recommend that all financial transactions be based on proper financial data. If the STO performs salary allocations based on time allotments, all applicable funding sources and actual time records need to be considered in the analysis. Additionally, we recommend that the STO reimburse the Communications Working Capital Trust Fund, if it is determined that the financial transaction has no basis.

    20. ENTERPRISE-WIDE INDEPENDENT RESEARCH

    AND ADVISORY SERVICE CONTRACTS
  20. Funds provided in specific appropriations 2469A and 2711, General Appropriations Act, for the 2000-2001 and 2001-2002 fiscal years respectively, were to provide enterprise-wide independent research and advisory services regarding information technology resources. The General Appropriations Act provided an appropriation of $2.5 million for each year.
  21.  
  22. The STO entered into enterprise-wide independent research and advisory service contracts for the 2000-2001 and 2001-2002 fiscal years. The intent of these contracts was to provide a cost recovery approach where state agencies use the services provided by the contracts. In turn, the STO received payment from the state agencies in order to recover the STO’s costs. The table below indicates the amounts spent and recovered by the STO for fiscal years 1999-2000 through 2001-2002.

    23.  

    Fiscal

    State

    Contract

    Amount

    Amount

    Amount

    Year

    Appropriation

    Amount

    Spent

    Recovered

    Not Recovered

    1999/2000

    $1.50 million

    $1.45 million

    $1.45 million

    $0

    $1.45 million

    2000/2001

    $2.50 million

    $1.80 million

    1.75 million

    $644,050

    $1.11 million

    2001/2002

    $2.50 million

    $2.30 million

    1.15 million

    $834,500

    $315,500

     

    Gartner Group Contracts

    FINDING NO. 16
  23. During the 2000-2001 fiscal year, the STO paid $1.16 million of the Gartner Group expenses from the Communications Working Capital Trust Fund. This is in violation of Section 216.292(1)(a), Florida Statutes, and the General Appropriations Act, which required that these expenses be paid from the Electronic Data Processing (EDP) Working Capital Trust Fund.
  24.  
  25. With a few exceptions, Section 216.292(1)(a), Florida Statutes, provides that funds provided in the General Appropriations Act, or as otherwise expressly provided by law, shall be expended only for the purpose for which appropriated.
  26.  
  27. As a means of managing cash in the EDP Working Capital Trust Fund, the STO initially paid the Gartner Group invoices from the Communications Working Capital Trust Fund. Subsequently, the STO reallocated the respective expenses to the EDP Working Capital Trust Fund when cash balances were more manageable in covering the expenses.
  28.  
  29. During the 2000-2001 fiscal year, the STO applied this procedure with the Gartner Group expenses. However, after the STO completed a series of journal transfers, there was $1.16 million of Gartner Group expenses that were recorded to the Communications Working Capital Trust Fund.
  30.  
  31. These expenses were not in agreement with the General Appropriations Act, which required the Gartner Group expenses be paid from the EDP Working Capital Trust Fund. This situation is manifested due to the dollar value of the Gartner Group contract and insufficient cash flow to cover the contract payments.

    32. RECOMMENDATION NO. 16

  32. We recommend the STO comply with the General Appropriations Act and Florida law. In addition, the STO should reimburse the Communications Working Capital Trust Fund for all expenses incorrectly charged. This finding is being referred to the Office of Financial Investigations, Office of the Comptroller.

    33. FINDING NO. 17
  33. The STO’s decision to enter into a $1.8 million contract with the Gartner Group was contradicted by the STO’s analysis.
  34.  
  35. In accordance with proviso to item 2469A, General Appropriations Act, the STO entered into a contract with the Gartner Group on June 29, 2000, for $1.8 million. It is not clear why the STO entered into this contract when the STO’s documents and records indicated that recovering $1.8 million was questionable.
  36.  
  37. During the 2000-2001 fiscal year, the STO paid $1.75 million of the $1.8 million contract to the Gartner Group. Of the $1.75 million, $1.1 million of the cost was not recovered by the STO.

    38. RECOMMENDATION NO. 17

  38. We recommend that for all material IT contracts that could affect working capital cash flow, the STO should only enter into such agreements after sufficient analysis has been performed to determine whether the trust fund could pay the obligations incurred. This finding is being referred to the Office of Financial Investigations, Office of the Comptroller.

    39. FINDING NO. 18
  39. STO analyses and budgets contradict the decision to enter into a $2.3 million contract with the Gartner Group. As a result, the Electronic Data Processing (EDP) Working Capital Trust Fund did not have sufficient cash flow to meet current obligations.
  40.  
  41. Proviso to item 2711 General Appropriations Act for the 2001-2002 fiscal year provided a specific appropriation of $2.5 million from the EDP Working Capital Trust Fund to continue enterprise-wide independent research and advisory services. In June 2001, the STO entered into a contract for $2.3 million with the Gartner Group to provide for these services. It is not clear as to the STO’s justification for entering into another contract with the Gartner Group when the contract from the prior year resulted in $1.1 million that was not cost recovered.

    42. RECOMMENDATION NO. 18

  42. We recommend that for all material IT contracts which could affect working capital cash flow, the STO should only enter into such agreements after performing sufficient analysis to determine whether the trust fund could pay the obligations incurred. This finding is being referred to the Office of Financial Investigations, Office of the Comptroller.

    43. FINDING NO. 19
  43. The STO contracts with the Gartner Group had several additional concerns that need to be addressed by STO management.
  44.  
  45. There were several other issues relating to these contracts that were problematic and need to be addressed.
These contracts provide for a package of services for a single flat rate of $1.8 million and $2.3 million for the 1999-2000 and 2000-2001 fiscal years respectively. The Gartner Group has not provided usage detail in support of invoice pricing and cost recovery from other state agencies. In addition, usage detail needs to be presented in a manner which allows the STO contract manager to quantify the level of benefit received by the state.
Compared to data processing services, state agencies were not appropriated specific spending authority for the use of such services.
Proviso to item 2469A, General Appropriations Act, for the 2000-2001 fiscal year provided that the DMS shall provide summary information regarding usage of these services and resulting cost savings in a report to the Governor’s Office of Policy and Budget, the House Fiscal Responsibility Council, and the Senate Appropriations Committee by February 1, 2001. The STO provided this report on February 28, 2001. The cost savings in the report appears to be inflated. The report indicates a potential cost savings to the state of $6.01 million. This is based on the assumption that all state agencies are using the services when in reality only 28 agencies are using this service. Additionally, the report does not account for the extent of usage for those agencies utilizing this service.

RECOMMENDATION NO. 19

  1. We recommend that the STO enter into a contract that can work within the constraints of the EDP Working Capital Trust Fund.
  2.  

    3. Unauthorized Activities of "ITFlorida.com"

    FINDING NO. 20

  3. From at least January 2000 through March 8, 2001 agents of the IT Task Force conducted business as "ITFlorida.com" without a corporate charter or statutory authorization.
  4.  
  5. Chapter 99-354, Section 11(1), Laws of Florida, created a 34 member Information Technology Development Task Force (IT Task Force) charged with issuing reports on technology issues relevant to the state. The IT Task Force was in existence from July 1, 1999 through June 30, 2001 and Florida law provided specific general revenue appropriations, totaling $450,000, to fund four positions. During the life of the Task Force, lawyers occupied three of these four positions.
  6.  
  7. Employees of the IT Task Force also functioned as agents of ITFlorida.com. This entity, neither created by statute nor chartered as a corporation, operated out of the Carlton Building, occupied office space provided by the STO and utilized state resources for support. It appears that ITFlorida.com functioned as an unauthorized state supported direct support organization.
  8.  
  9. During the period January 2000, and possibly earlier, through June 30, 2001, IT Task Force employees, acting on behalf of ITFlorida.com, participated in business-like activities. These activities included, soliciting funds, sponsoring events, booking hotel rooms, receiving correspondence and incurring liabilities on behalf of the state without legal authorization. The latter issue is discussed more comprehensively in Finding No 21.
  10.  
  11. The STO apparently provided state resources for the operating costs of ITFlorida.com. Because there was no clear audit trail, however, the full extent of state resources that went into ITFlorida.com is not readily determinable. Individual general ledger and purchasing card transactions for the STO and possibly other state entities would have to be examined to quantify the costs. We do know that the IT Task Force leased its four employees from FSU and paid for equipment, office rent, and travel.
  12.  
  13. On March 9, 2001, ITFlorida.com registered with the Department of State as a private non-profit corporation. This registration listed six officers which included three individuals from the private sector and three individuals from state government. The three individuals from state government included the former state CIO, The IT Task Force Chairperson and the Director of Office of Tourism, Trade and Economic Development.
  14.  
  15. ITFlorida.com continued to operate within the STO until September 2001. According to the 2001 Annual Report of the IT Task Force, the IT Task Force and ITFlorida.com coexisted until the IT Task Force came to an end on June 30, 2001. Additionally, the annual report acknowledges that the STO provided state resources to capitalize ITFlorida.com.

    16. RECOMMENDATION NO. 20
  16. We recommend that all state officials operate within the constraints of Florida law. Additionally, ITFlorida.com was not authorized as a direct support organization by Florida law. State officials also conducted ITFlorida.com business which included soliciting funds from vendors. We will refer this finding to the Florida Commission on Ethics and the Office of Financial Investigations, Office of the Comptroller.

    17. Governor’s State of Technology Address

    FINDING NO. 21
  17. The executive director of ITFlorida.com incurred unauthorized liabilities on behalf of the state. Substantial conflicts of interest were created, when state officials solicited funds from companies doing business with the state to provide sponsorship for an ITFlorida.com event.
  18.  
  19. Section 112.313(7)(a), Florida Statutes, provides that no public officer or employee of an agency shall have or hold any employment or contractual relationship with any business entity or any agency which is doing business with the state. It appears that agents of ITFlorida.com violated this law when they solicited and processed payments from vendors during an ITFlorida.com sponsored event.
  20.  
  21. On October 11, 2000, the executive director of ITFlorida.com issued a general letter of intent to Ronald L. Polito to employ him as executive producer of the Governor’s State of Technology Address, held in the Leon County Civic Center on November 15, 2000. For the period October 4th through November 16th, 2000, Ronald L. Polito billed ITFlorida.com $191,764 for his services.
  22.  
  23. Documents indicate that at least $249,381 was spent on the event. We noted the following:
The executive director of ITFlorida.com incurred a $12,426 obligation for renting the Leon County Civic Center. The obligation was paid on June 1, 2001, when the STO’s Chief Financial Officer made payment through the use of a state purchasing card.
The executive director of ITFlorida.com incurred an obligation with AVI Rental Services for $45,191. The obligation was paid on May 22, 2001 through the use of the STO Chief Financial Officer’s state purchasing card.
For the period November 2000 through April 2001, the executive director of ITFlorida.com and other state employees solicited $110,000 in sponsorships from companies who have IT contracts with the state. Checks were collected and transmitted to Enterprise Florida, Inc. (EFI) where they were deposited in EFI’s bank account. Subsequently, EFI disbursed payments totaling $110,000 to Ronald L. Polito.
On January 18, 2001, the executive director of ITFlorida.com was hired by the Legislature to serve as staff director for the newly formed House Committee on Information Technology. Documentation indicated that this individual also continued to hold himself out as the executive director of ITFlorida.com after his employment by the Florida Legislature.
On May 21, 2001, the STO entered into a settlement agreement with Ronald L. Polito for $81,764. The settlement agreement provided false and misleading statements and was used to provide authorization to disburse state funds. On May 23, 2001, the state disbursed $81,764 to Ronald L. Polito.

RECOMMENDATION NO. 21

  1. We recommend that state officials comply with Florida law and obligate the state only for disbursements authorized by Florida law and the General Appropriations Act. Additionally, we will also refer this finding to the Florida Commission on Ethics and the Office of Financial Investigations, Office of the Comptroller.

    2. KPMG Consulting

    FINDING NO. 22

  2. The STO did not maintain adequate separation of duties for an individual authorizing accounting transactions in the Florida Accounting Information Resource (FLAIR) system and obtaining custody of state disbursement warrants.
  3.  
  4. In order to maintain effective internal control, it is important for every organization to maintain separation of duties for certain functions either through manual internal controls or through information access controls.
  5.  
  6. The STO permitted an on-site employee of KPMG Consulting to authorize and direct accounting transactions in FLAIR via e-mail messages to the DMS Bureau of Financial Management. Additionally, the KPMG Consulting on-site employee was signing for the custody of state disbursement warrants on behalf of the KPMG Consulting.
  7.  
  8. The internal control weakness was further augmented when KPMG Consulting invoices were submitted via e-mail to the KPMG Consulting on-site employee. The KPMG Consulting on-site employee then sent the invoices to the STO chief financial officer to obtain approval for payment.

    9. RECOMMENDATION NO. 22
  9. We recommend the STO management establish proper segregation of duties for authorizing transactions in FLAIR and obtaining custody of payment warrants.

    10. FINDING NO. 23
  10. During the period September 2000 through December 2001, the STO made payments to KPMG Consulting totaling $2.2 million. The STO contract manager did not maintain adequate documents and records to support contract deliverables. Additionally, the KPMG Consulting contracts did not have clear deliverables and invoices were not sufficient in detail to support payment.
  11.  
  12. KPMG Consulting’s statement of work provided that they would augment STO staff on a task order basis to review and develop policies and procedures related to budget, personnel and procurement. Additional tasks were determined by the STO. However, these contracts were not written with clear deliverables including outcomes that could be quantified or measured.
  13.  
  14. On January 4, 2002, we sent a letter to the STO requesting documentary evidence to support KPMG Consulting deliverables. In the STO’s response, we received a series of KPMG Consulting prepared status reports, e-mails, correspondence, some draft policies and procedures and a draft strategic plan.
  15.  
  16. Additionally, the STO did not evaluate the cost effectiveness of KPMG Consulting for augmenting or providing an extension of STO Staff. We noted that a KPMG Consulting staff person was performing functions that are typically performed by lower to medium level accounting personnel.
  17.  
  18. As a result, it cannot be determined how much benefit was received from the $2.2 million spent. In addition, besides guiding and directing accounting transactions in FLAIR, preparing draft operating procedures and a draft strategic plan, we are unsure as to exactly what was produced in relation to the money spent.

    19. RECOMMENDATION NO. 23
  19. We recommend that STO contracts with consultants provide deliverables which can be objectively measured or evaluated. Additionally, the STO should implement written policies and procedures for contract management. This finding is being referred to the Office of Financial Investigations, Office of the Comptroller.

    20.  

    Legal Servic