Clerk & Comptroller
Audit findings · High severity · data access
7 findings match the current filter. Sorted by severity, then dollar amount.
- highdata accessCCC · FY 2024
32 of 86 teammates held inappropriate CCIS driver license clearance permissions
The Pasco Users with DHSMV D6 Clearance County Permissions Report reflected 86 teammates had permission to reinstate suspended driver licenses in CCIS. Formal documented policies and procedures for reviewing and updating user permissions did not exist, and the CCIS Security User Agreement did not provide guidance for removing access for former or transferred teammates. As a result, 32 of the 86 teammates had permissions that were not appropriate, no longer required, or were not updated in a timely manner, spanning Administration (1), Civil (15), Criminal (9), Finance (2), IT (4), and Records (1), increasing the risk of unauthorized reinstatements.
in: CCC Driver License Reinstatements - Dated December 27, 2024 - highdata accessBCC · FY 2023
Accela permit report reflected unexplained gaps in sequential permit numbers
Of 43,742 permits on the Accela permit report for the audit period, the IG identified 1,113 gaps (approximately 3%) in sequential permit numbers. Explanations provided by management included 1,054 permits with file creation dates outside the audit period, 10 deleted permits (the delete function was inadvertently enabled and used in error with no supporting documentation), 48 permits attributed to a system glitch or child record creation, and one permit marked inactive without supporting documentation. No formalized procedure existed for monitoring gaps in sequential permit numbers, and documented management approvals were not required for deletions or inactivations, increasing the risk of unauthorized transactions going undetected.
in: BCC: Development Services Private Provider Refunds - Dated June 30, 2023 - highdata accessBCC · FY 2023
Accela permit report lacked complete and reliable private provider data fields
Of 41,951 permits eligible for outsourcing, approximately 77% (32,353 permits) had incomplete data fields for identifying whether inspections and/or plans reviews were outsourced to private providers. Specifically, 24,300 permits (approximately 58%) had at least two blank data fields and 8,053 permits (approximately 19%) had one blank data field. The outsourcing data fields were not mandatory in Accela, allowing permit technicians or customers to skip them, and no documented procedures required secondary review to verify accuracy and completeness of data entry.
in: BCC: Development Services Private Provider Refunds - Dated June 30, 2023 - highdata accessBCC · FY 2023
Accela outsource data fields contained frequent inaccurate permit information
Testing of 53 permits found that 27 (approximately 51%) reflected an incorrect outsourcing status or a status that could not be verified. Seventeen permits had data entry errors including 'No' recorded instead of 'Yes' or vice versa, or blank fields instead of 'No.' Three permits that had received private provider refunds were not included on the Schedule of Refunds List because inaccurate 'No' entries in Accela caused them to be missed; they were only caught because contractors self-identified. Ten permits had one blank outsource field for plans review and the IG could not independently verify whether those permits were owed a refund. No formalized policy required staff to update outsource fields when new or corrected information became available.
in: BCC: Development Services Private Provider Refunds - Dated June 30, 2023 - highdata accessCCC · FY 2023
20 of 88 Teammates Have Inappropriate Physical Access to Evidence Areas
The Reader Assignments to Cardholders Report showed 88 teammates had badge access to evidence rooms and vaults. Of these, 20 had access that was not applicable to their position, was not appropriate, or was no longer needed. Formal documented policies and procedures for periodically reviewing and updating physical access did not exist, increasing the risk of unauthorized access that could compromise evidence integrity.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highdata accessCCC · FY 2023
33 of 61 TrakMan Users Have Inappropriate Evidence Deletion Permissions
There were 61 active TrakMan users with permission to delete evidence. After management review, 33 of 61 had deletion permissions that were not applicable to their position, not appropriate, or no longer needed. No formal documented policies existed for reviewing and updating TrakMan delete permissions. A system limitation in TrakMan required the delete permission profile for users who need to purge files, complicating remediation. This increased the risk of unauthorized and undetected evidence deletions.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highdata accessCCC · FY 2022
Employee DAVID System Misuse Undetected by Internal Controls
During fieldwork, the IG identified one Criminal Courts user who conducted personal DAVID searches. A total of seven personal searches were identified between August 9, 2019 and December 8, 2021. The misuse was overlooked by the IT Point of Contact during the 2021 Quarter 3 User Activity Review and not escalated to management. Upon notification by the IG, management contacted the Pasco County Sheriff's Office for investigation, and the employee subsequently resigned. Timely notification was sent to DHSMV and affected individuals as required by the MOU.
in: CCC: DAVID Attestation-Admin - Dated July 12, 2022