Thursday, May 8, 2003 | 9:56 a.m.
CARSON CITY -- Secretary of State Dean Heller and his staff were lax in their supervision of the development of a $2.3 million computer system, a legislative audit says.
The job's completion was late by nearly one year and some of it still isn't finished, according to the audit, which was released Wednesday.
But the auditors said Heller's office has "recognized its initial weaknesses" and instituted more consistent oversight of the project.
"Weaknesses in planning and controls over security and disaster recovery place at risk the systems and information maintained by the Office of Secretary of State," said the examination, which was conducted from November 2001 to October 2002.
Heller, in his reply to the report, said he generally agrees with the findings of the audit, which centered on the computer system for the Uniform Commercial Code and accounting systems.
When completed this project will "allow citizens and businesses to take advantage of our high volume services, via a self-service online system," Heller said.
The auditors said Heller's office, as a service to customers, allows payment by credit card. But the credit card information of the customers was not adequately protected.
"In four of the five locations within the agency that we observed, papers with credit card numbers were stored in unlocked drawers or on employees' desk," according to the audit.
Heller disagreed, saying there has not been a single instance of credit card impropriety since the system was started in 1995.
The agency has not developed a written disaster recovery plan in case of a major disruption. Heller agreed the system is "vulnerable to some type of disaster occurring" and his office is working on a recovery plan.
The secretary of state's office did adopt a formal, written security plan. One employee who had left the agency still had access to the system two months after departure. Some employees did not have to use a password to get access to the network.
Heller said corrective action is being taken.
archive
