$3.5 MILLION IN COMPUTERS DISTRIBUTED WITHOUT PRECAUTIONS

AUDITOR’S REPORT


RALEIGH — The Department of Public Safety (Department) distributed $3.5 million worth of computers without taking reasonable precautions to account for them, which increased the risk of loss and theft. The failure to properly account for the computers resulted from management override of Department policy.

Computers Distributed Without Proper Accountability
Between June 2014 and October 2015, the Department purchased and received 8,638
computers valued at $3,539,618.

Computer Type     Cost Incurred      Quantity Received
Desktops                $2,527,587………. 7,036
Laptops                  $1,012,031………. 1,602
Total                       $3,539,618………. 8,638
The computers were shipped to a Raleigh warehouse, and the Department distributed the computers to users.

However, the Department did not perform the procedures necessary to properly track and account for the computers. Specifically, the Department’s Information Technology Division (IT Division) did not:
• Attach inventory tags to the computers
• Record the computers in the inventory module within the North Carolina Accounting
System (NCAS)
• Perform inventory counts of information technology fixed assets (servers, desktops,
laptops, etc.) after July 2012

According to the IT Division, it began efforts to locate the computers and account for them in February 2016. The IT Division:
• Contacted Department offices throughout the State in an effort to determine if any of
the computers were there
• Relied on help desk tickets submitted by users containing information such as model
number, serial number, etc. to locate the computers
• Relied on individuals who received the computers to contact the IT Division and
provide the asset’s location

If the computer’s location was identified, asset tags were attached to the units (if on-site) or mailed to the IT personnel at the remote locations to attach to the computers.

FINDING AND RECOMMENDATIONS
However, these methods were not always successful. Some users did not volunteer
information, locations did not respond to requests, or users did not experience problems with the computer that required IT Division attention.

Investigators could not inspect the computers to determine exactly how many did not have asset tags because the IT Division did not know where all 8,638 computers were located.
However, a comparison of fixed asset information within the NCAS Fixed Asset Module to the list of computers received in June 2014 and October 2015 showed that 1,924 (22%) computers were unaccounted1 for two-and-a-half years later.

Computer Type… Amount not recorded in NCAS …Quantity not recorded in NCAS
Desktops $689,395 … 1,912
Laptops $7,581 … 12
Total $696,976 … 1,924

Investigators identified that 46 of the computers (valued at $19,097) were already sent to State Surplus Property for disposal.

Resulted in Increased Risk of Loss and Theft
Because the Department distributed computers without tagging, recording, or inventorying them, there was an increased risk that loss or theft could occur and not be detected.

Computers can easily be converted to personal use, and failure to take reasonable precautions against such an occurrence increases the risk that taxpayer dollars used to payfor state computers could be wasted.

Caused by Management Override of Department Policy
Although IT Division personnel were aware of the Department policy that required computers to be tagged, recorded in the inventory module within NCAS, and included within the annual physical inventory, IT Division personnel overrode the policy for various reasons.

IT Division personnel cited the unusually large shipment as the primary reason for the
decision not to tag and record the inventory in the inventory module within NCAS. IT Division/personnel explained that the large shipment was necessary to replace computers without dated operating systems. The IT Director stated, “The volume we were dealing with is something this agency has never done before.” The Chief Information Officer (CIO) said, “We knew at the time that we were taking on some risk,” and “The administrative cleanup…became an afterthought.”

The CIO noted asset tags were not attached to inventory in an effort to send the inventory out to users as quickly as possible. The IT Director stated IT Technicians, from variouslocations, would request equipment from the IT Division. IT Division personnel would quickly for purposes of this report, we define the term “unaccounted” as items which were not tagged, counted, and entered into NCAS by IT Division personnel.

FINDING AND RECOMMENDATIONS
Provide the IT Technicians with the equipment, without ensuring the computers were properly tagged.

When asked why, after two-and-a-half years, some items had not been entered into NCAS,the IT Director stated, “Unfortunately, we didn’t realize this until we had our most recentinternal audit.” The IT Director also cited a lack of internal communication as a cause.

Additional management override resulted in the failure to conduct physical inventories. When asked why the IT Division did not conduct annual physical inventory counts, the CIO stated, “I didn’t commission that done.” The CIO’s failure to enforce physical inventories resulted in no performance of a physical inventory of IT fixed assets for more than five years.

Department Policy Required Proper Accountability
The Department’s Fixed Assets Policy required Department personnel to take reasonable precautions to account for computers and prevent their loss or theft. Specifically, the policy required that:
• “Items… defined as… inventoried assets2
, listed in the NCAS Fixed Asset Module
shall receive an Asset Identification Label.”
• “Inventoried assets are recorded in NCAS…”
• “Each individual location shall conduct a physical inventory of all fixed assets at least
once annually around April of each year, which shall correspond to the receipt of the
Annual Fixed Asset Inventory Report sent from the Controller’s Office.”

RECOMMENDATIONS
Department management should enforce its Fixed Assets Policy and ensure that:
• Asset tags are attached to all fixed assets
• Computers and related equipment are recorded in the inventory module within NCAS
• Inventory counts of all IT fixed assets are performed annually