Florida Auditor General Annual Report Shares IT Findings

The Florida Auditor General’s office recently published its 2024 annual report, highlighting information technology operational audit findings for several state agencies, school districts and higher education institutions.

This year’s report summarizes the office’s work completed during the 2023-24 reporting year, provides details of ongoing engagements and includes projected work plans for the next two years.

In terms of IT, the office has conducted various operational and performance audits of public programs, activities, functions and IT systems.

Regarding the latter, “operational audits examine internal controls, including information technology internal controls, that are designed and placed in operation to promote and encourage the achievement of management’s control objectives in the categories of compliance, economic and efficient operations, reliability of financial records and reports, the safeguarding of assets and identifying weaknesses,” the report states.

The office said it chose not to disclose specific findings in its annual report to avoid potentially compromising sensitive entity data and IT resources. With that understanding, below are notable IT stats found by the office:

• More than 25 single audit-noted issues regarding IT internal controls were found within state government. 
• During the period of Nov. 1, 2023, through Oct. 31, 2024, the office issued 15 operational audit reports on state governmental and related entities and found 14 findings across eight entities regarding IT resources. 
• During this reporting period, the office found one notable finding for one entity among state universities and colleges. 
• The office also identified 17 findings among 10 school districts, noting that enhancements for IT internal controls were needed.
• For business process application controls, the office found three application-level general findings among three entities, plus 11 security management findings among eight entities and two contingency planning-related findings for one entity. 

As for future projected work plans, the auditor general must submit all plans to the Senate president, speaker of the House of Representatives and the legislative auditing committee by Dec. 1 each year.

However, “Because engagements may begin in one year and be completed and the report issued in a subsequent year, the Projected 2-Year Work Plan lists engagements in the year the work is planned to begin,” the report states.

That said, the office has identified the following projected work plans for IT operational audits in 2025:

• The Florida Department of Financial Services – Florida Accounting Information Resource (FLAIR) subsystem   
• Selected systems for the Florida Department of the Lottery 
• Charlotte County District School Board – “Focus Student Information System” and selected cybersecurity controls 
• Education technology services for North East Florida Educational Consortium 
• Santa Rosa County District School Board – “Focus Student Information System” and selected cybersecurity controls  

Also noted are the following projected work plans for 2026:

• Department of Financial Services – FLAIR and Florida Planning, Accounting and Ledger Management (Florida PALM)  
• Selected systems for the Florida Department of the Lottery 
• Florida Atlantic University – Workday enterprise cloud applications and selected cybersecurity controls  
• State College of Florida – Ellucian Banner Enterprise Resource Planning System and selected cybersecurity controls  
• Florida SouthWestern State College – Ellucian Banner Enterprise Resource Planning System and selected cybersecurity controls  
• Palm Beach County District School Board – Oracle PeopleSoft applications and “Focus Student Information System” and selected cybersecurity controls 

More information about the Florida Auditor General’s report can be found online.