Commonwealth of Virginia Single Audit Report for the Year Ended ...

More documents

Recommendations

Info

Responsible Party: Douglas Mack, DMV IT Security Director (ISO) Dave Burhop, DMV Deputy Commissioner (CIO) Estimated Completion Date: September 30, 2012 Management Plan for Corrective Action for Department of Motor Vehicles #4 The new DMV IT Security Policy will include a requirement for an annual review and assessment of the DMV IT Security Policy in light of new requirements or changes in internal/external requirements. The annual review and assessment will take place between July 1 and July 31 of each year. The new DMV IT Security Policy will also include a requirement for the DMV IT Security Director (ISO) to be aware of Commonwealth changes through active participation in Commonwealth IT security groups, etc., including the Information Security Officers Advisory Group. Responsible Party: Douglas Mack, DMV IT Security Director (ISO) Dave Burhop, DMV Deputy Commissioner (CIO) Estimated Completion Date: September 30, 2012 Management Plan for Corrective Action for Department of Motor Vehicles #5 DMV will correct the current situation identified in the previously referenced separate document containing a detailed description of the recommendations. DMV has taken the steps necessary to ensure that all but 11 employees have completed the required IT Security Awareness Training. Of those 11 employees, two are temporarily excused from the requirement due to being out on medical leave. The steps taken included the sanction of having one’s account disabled if the training was not completed by the specified deadline. The situation with contractors taking the training has not been resolved yet due to having incomplete information. This will be addressed and followed up on. Responsible Party: Douglas Mack, DMV IT Security Director (ISO) Dave Burhop, DMV Deputy Commissioner (CIO) Estimated Completion Date: Employee Training – January 31, 2012Contractor Training – August 31, 2012 17
Management Plan for Corrective Action for Department of Motor Vehicles #6 DMV will work with Human Resources to include a requirement in the Performance Plan/Evaluation of each employee of annual completion of security awareness training. DMV will communicate this requirement to all employees. Responsible Party: Douglas Mack, DMV IT Security Director (ISO) Dave Burhop, DMV Deputy Commissioner (CIO) Estimated Completion Date: May 31, 2012 Management Plan for Corrective Action for Department of Motor Vehicles #7 DMV will develop a process for actively monitoring all staff and contractors to ensure they complete the annual IT Security Awareness Training by the specified deadlines. To ensure completion of the requirement, DMV ISO will provide Management with a list of all employees who have not completed the training by August 31. Responsible Party: Douglas Mack, DMV IT Security Director (ISO) Dave Burhop, DMV Deputy Commissioner (CIO) Estimated Completion Date: August 31, 2012 Management Plan for Corrective Action for Department of Motor Vehicles #8 DMV will develop and implement role-based security awareness training for agency resources responsible for key areas of the information security program. Responsible Party: Douglas Mack, DMV IT Security Director (ISO) Dave Burhop, DMV Deputy Commissioner (CIO) Estimated Completion Date: August 31, 2012 Management Plan for Corrective Action for Department of Motor Vehicles #9 DMV will use the newly completed BIA and RA to review, assess, and update their entire Disaster Recovery and Continuity of Operations Plan. Due to budget constraints and the complexities of DMV’s identified sensitive IT systems, DMV will take a “phased approach” to the remediation the IT portion of this weakness. 18
Page 1 and 2: COMMONWEALTH OF VIRGINIA SINGLE AUD
Page 3 and 4: - T A B L E O F C O N T E N T S - P
Page 5 and 6: INDEPENDENT AUDITOR’S REPORT ON I
Page 7 and 8: REPORT ON COMPLIANCE WITH REQUIREME
Page 9 and 10: prepare the financial statements. T
Page 11 and 12: 84.318, 84.386 Educational Technolo
Page 13 and 14: We further recommend that Motor Veh
Page 15 and 16: Not including the specific access o
Page 17 and 18: ABC is required by the Commonwealth
Page 19: We recommend that Motor Vehicles de
Page 23 and 24: Management Plan for Corrective Acti
Page 25 and 26: 11-10: Improve Information Security
Page 27 and 28: We recommend that DMV dedicate the
Page 29 and 30: 11-14: Improve Microsoft SQL Server
Page 31 and 32: 11-16: Refine Estimates and Report
Page 35 and 36: ecord of the individuals receiving
Page 37 and 38: We recommend that Social Services d
Page 39 and 40: alternative solutions with the Depa
Page 41 and 42: U.S. DEPARTMENT OF EDUCATION 11-23:
Page 49 and 50: COMMONWEALTH OF VIRGINIA Resolution
Page 55 and 56: COMMONWEALTH OF VIRGINIA Schedule o
Page 71 and 72:
COMMONWEALTH OF VIRGINIA Schedule o
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
is classified as direct expenditure
Page 125 and 126:
Federal Department Detail Amount Ex
Page 127 and 128:
$205,061 are not included in the ac
Page 129 and 130:
financial assistance will be reflec
Page 131 and 132:
CFDA # Federal Program Name Amount
Page 133 and 134:
Page 135 and 136:
Page 137:
COMMONWEALTH OF VIRGINIA CONTACT LI
show all

Commonwealth of Virginia Single Audit Report for the Year Ended ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?