A Performance Audit
An Audit Report on Financial Processes at the Department of Criminal Justice
June 2018
Summary Analysis
The Department of Criminal Justice (Department) established processes and related controls to help ensure that it managed Texas Correctional Industries (TCI) sales and purchases, assets, and Hurricane Harvey expenditures in accordance with applicable statutes, rules, and Department policies and procedures. However, the Department should strengthen its processes for documenting the price of TCI products.
The Department of Criminal Justice (Department) had processes and controls in place to ensure that Texas Correctional Industries (TCI) sales, purchases, and cost sheets complied with state laws and regulations and Department policies and procedures. However, the Department should strengthen its processes for recording sales transactions and documenting cost sheets.
Most of the raw material and overhead costs used to calculate the cost sheets were supported; however, auditors identified some instances in which the Department should improve its documentation. Additionally, the Department did not consistently document the review and approval of cost sheets in accordance with its policies and procedures.
The Department had processes and related controls to help ensure that all TCI sales were supported, reviewed, approved, and processed in accordance with applicable statutes, rules, and Department policies and procedures. However, the Department did not always ensure that the amount at which it sold TCI products was consistent with the product cost sheets.
The Department established processes and controls to help ensure that assets were (1) appropriately accounted for, (2) safeguarded, and (3) reported accurately in its accounting system, LONESTARS, and the State Property Accounting (SPA) system. However, the Department should ensure that it accurately accounts for interagency purchases of vehicles.
The Department established processes and controls to ensure that disaster recovery funds used for Hurricane Harvey were managed in accordance with applicable statutes, rules, and Department policies and procedures.
The Department generally had appropriate automated processes and controls over the financial data related to this audit. For example, the Department established key application controls in its procurement system, ADPICS, that were operating effectively.
However, while overall its controls were adequate, the Department should ensure that it (1) consistently restricts access to LONESTARS to current employees and (2) limits excessive access permissions to LONESTARS. Appropriately managing access to key information systems would help decrease the risk of inappropriate transactions being processed without proper review.
Graphics, Media, Supporting documents