Clerk & Comptroller
Audit findings · High severity
15 findings match the current filter. Sorted by severity, then dollar amount.
- highdata accessCCC · FY 2024
32 of 86 teammates held inappropriate CCIS driver license clearance permissions
The Pasco Users with DHSMV D6 Clearance County Permissions Report reflected 86 teammates had permission to reinstate suspended driver licenses in CCIS. Formal documented policies and procedures for reviewing and updating user permissions did not exist, and the CCIS Security User Agreement did not provide guidance for removing access for former or transferred teammates. As a result, 32 of the 86 teammates had permissions that were not appropriate, no longer required, or were not updated in a timely manner, spanning Administration (1), Civil (15), Criminal (9), Finance (2), IT (4), and Records (1), increasing the risk of unauthorized reinstatements.
in: CCC Driver License Reinstatements - Dated December 27, 2024 - highpolicyCCC · FY 2023
Civil Marchman Act filing type assigned incorrect public privacy level
One of 96 Civil test samples, a filing type 'Invol Asm Stab' associated with Marchman Act cases, was assigned a public privacy level in Clericus when it was required to be sealed under AO2017-064(II)(A)(9). Marchman Act case files and dockets must be sealed by the Clerk of the Circuit Court unless otherwise ordered by the court. Management immediately corrected the privacy level upon notification.
in: CCC Docket Image Privacy Follow-Up - Final Report dated February 14 2023 - highdata accessBCC · FY 2023
Accela permit report reflected unexplained gaps in sequential permit numbers
Of 43,742 permits on the Accela permit report for the audit period, the IG identified 1,113 gaps (approximately 3%) in sequential permit numbers. Explanations provided by management included 1,054 permits with file creation dates outside the audit period, 10 deleted permits (the delete function was inadvertently enabled and used in error with no supporting documentation), 48 permits attributed to a system glitch or child record creation, and one permit marked inactive without supporting documentation. No formalized procedure existed for monitoring gaps in sequential permit numbers, and documented management approvals were not required for deletions or inactivations, increasing the risk of unauthorized transactions going undetected.
in: BCC: Development Services Private Provider Refunds - Dated June 30, 2023 - highdata accessBCC · FY 2023
Accela permit report lacked complete and reliable private provider data fields
Of 41,951 permits eligible for outsourcing, approximately 77% (32,353 permits) had incomplete data fields for identifying whether inspections and/or plans reviews were outsourced to private providers. Specifically, 24,300 permits (approximately 58%) had at least two blank data fields and 8,053 permits (approximately 19%) had one blank data field. The outsourcing data fields were not mandatory in Accela, allowing permit technicians or customers to skip them, and no documented procedures required secondary review to verify accuracy and completeness of data entry.
in: BCC: Development Services Private Provider Refunds - Dated June 30, 2023 - highdata accessBCC · FY 2023
Accela outsource data fields contained frequent inaccurate permit information
Testing of 53 permits found that 27 (approximately 51%) reflected an incorrect outsourcing status or a status that could not be verified. Seventeen permits had data entry errors including 'No' recorded instead of 'Yes' or vice versa, or blank fields instead of 'No.' Three permits that had received private provider refunds were not included on the Schedule of Refunds List because inaccurate 'No' entries in Accela caused them to be missed; they were only caught because contractors self-identified. Ten permits had one blank outsource field for plans review and the IG could not independently verify whether those permits were owed a refund. No formalized policy required staff to update outsource fields when new or corrected information became available.
in: BCC: Development Services Private Provider Refunds - Dated June 30, 2023 - highevidenceCCC · FY 2023
Unauthorized and Undocumented Evidence Deletions in TrakMan
A total of 36 items were deleted from TrakMan by Civil and Criminal teammates during the audit period. Of six Civil deletions tested, three lacked documentation supporting proper approval and two were performed by unauthorized teammates. Of three Criminal deletions tested, none had proper approval documentation and two were performed by unauthorized teammates. The Evidence Procedure Manual required director-approved deletions performed only by authorized personnel.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highevidenceCCC · FY 2023
No Procedures for Checked-Out Evidence That Cannot Be Located
Fifteen evidence items reflected as checked-out to Court Administration in TrakMan could not be located; Court Administration confirmed it did not have custody. Seven items were checked out from Criminal between July 2010 and November 2018, and eight items were checked out from Civil on February 16, 2021. As of July 2023, the seven Criminal items remained unlocated, while the eight Civil items were found and verified in the west side Evidence Room. Formal written procedures did not address steps to take when checked-out evidence cannot be located.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highevidenceCCC · FY 2023
Chain of Custody Documentation Missing for 36 of 79 Items Tested
The IG tested 79 evidence items for proper chain of custody documentation and found 36 lacked proper documentation. All nine disposed and refused items tested lacked complete or accurate chain of custody records. Of 20 returned sensitive evidence items tested, five lacked proper documentation including missing signed receipts, purged case files, and unsigned receipts. Of 50 checked-out items tested, 22 lacked proper documentation — 21 missing signed Evidence Transfer Receipts and one with a receipt where the name did not match TrakMan records.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highdata accessCCC · FY 2023
20 of 88 Teammates Have Inappropriate Physical Access to Evidence Areas
The Reader Assignments to Cardholders Report showed 88 teammates had badge access to evidence rooms and vaults. Of these, 20 had access that was not applicable to their position, was not appropriate, or was no longer needed. Formal documented policies and procedures for periodically reviewing and updating physical access did not exist, increasing the risk of unauthorized access that could compromise evidence integrity.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highdata accessCCC · FY 2023
33 of 61 TrakMan Users Have Inappropriate Evidence Deletion Permissions
There were 61 active TrakMan users with permission to delete evidence. After management review, 33 of 61 had deletion permissions that were not applicable to their position, not appropriate, or no longer needed. No formal documented policies existed for reviewing and updating TrakMan delete permissions. A system limitation in TrakMan required the delete permission profile for users who need to purge files, complicating remediation. This increased the risk of unauthorized and undetected evidence deletions.
in: CCC: Evidence Final Report - Dated December 8, 2023 - highdata accessCCC · FY 2022
Employee DAVID System Misuse Undetected by Internal Controls
During fieldwork, the IG identified one Criminal Courts user who conducted personal DAVID searches. A total of seven personal searches were identified between August 9, 2019 and December 8, 2021. The misuse was overlooked by the IT Point of Contact during the 2021 Quarter 3 User Activity Review and not escalated to management. Upon notification by the IG, management contacted the Pasco County Sheriff's Office for investigation, and the employee subsequently resigned. Timely notification was sent to DHSMV and affected individuals as required by the MOU.
in: CCC: DAVID Attestation-Admin - Dated July 12, 2022 - highpolicyCCC · FY 2022
Majority of DAVID Searches for Audit Period Could Not Be Verified
Of the 1,660 DAVID searches conducted during the audit period, 955 (58%) could not be verified as proper, authorized, business-related searches. Reasons for unverifiability included incorrect purpose codes, missing case/citation numbers, incorrect case/citation numbers, inability to locate the searched person in Clericus, impound searches using names instead of tag numbers, verbally requested searches with no documentation, and deleted email documentation. Documented policies and procedures providing guidance for conducting verifiable searches were limited, and verbal search requests were not required to be documented.
in: CCC: DAVID Attestation-Admin - Dated July 12, 2022 - highcash handlingBCC · FY 2022
Bin location changes allowed inventory to be moved without management approval
For two items (#31251 and #2424C) at the Embassy Warehouse, bin locations were changed to 'as needed' prior to year-end, excluding them from inventory count sheets. Decisions to change bin locations were made solely by lead inventory specialists without required management approval, tracking, or monitoring. This created a risk that County assets could be mismanaged or misappropriated without detection.
in: BCC: Utilities Warehouse Inventories Follow-up – Dated December 13, 2022 - highpolicyCCC · FY 2020
Segregation of duties not enforced in deposit will verification process
At the Dade City location, the same person who inputted a deposit will into Clericus was permitted to verify their own work, provided they waited 24 hours, because the documented procedures did not explicitly require a separate teammate to perform verification. Additionally, the Deposit Will Verification procedure allowed the verifier to make corrections as necessary, which effectively eliminated the segregation of duty control over data entered by the intake clerk. These gaps created risk of undetected errors or irregularities in case records.
in: CCC: 2020-05 Deposit Will Audit – Dated September 17, 2020 - highevidenceCCC · FY 2020
No documentation maintained for pre-destruction deposit will verification
Management indicated that a random 10% sample of deposited wills meeting their retention date was verified prior to destruction; however, no documentation was maintained to support that this verification requirement was actually completed. The IG team was therefore unable to confirm the verification occurred. Furthermore, the Probate division had no documented procedures providing detailed guidance on how to conduct the pre-destruction verification or how to maintain supporting documentation of the sample reviewed.
in: CCC: 2020-05 Deposit Will Audit – Dated September 17, 2020