A Performance Audit
An Audit Report on the Department of Public Safety’s Driver License Division
December 2018
Summary Analysis
The Department of Public Safety (Department) does not have sufficient controls over its processes for issuing driver licenses and identification cards.
The Department complied with transfer requirements related to driver license funds outlined in the General Appropriations Act.
Missing required documentation. The Department did not have sufficient controls to ensure that it consistently collected or retained all required documentation to support its verification of applicants’ eligibility.
Lack of effective oversight over the issuance processes. The Department relies on reviews conducted by its regional offices, as well as secondary reviews performed by headquarter employees of all commercial driver licenses issued. However, the Department had not (1) documented procedures for how those reviews should be performed, (2) monitored to verify that those reviews were occurring, or (3) ensured that identified issues, such as those related to missing documentation or incorrect information, were appropriately resolved.
User Access to Driver License System Data. Auditors also identified significant weaknesses in the Department’s controls over access to the information in its Driver License System. In addition, the Department did not have a sufficient process in place to detect employee misuse of the driver license information. The identified weaknesses place driver license data at risk of unauthorized and/or inappropriate access, use, and modification.
The Department of Public Safety (Department) did not have sufficient controls over its processes for issuing driver licenses and identification cards to ensure that it collects, retains, and verifies all required information to prevent the issuance of driver licenses and identification cards to ineligible applicants.
The Department’s monitoring processes are not sufficient to prevent the issuance of driver licenses and identification cards to ineligible applicants or adequately identify and address instances in which driver licenses and identification cards were issued to ineligible applicants.
For commercial driver licenses, the Department implemented a federally mandated secondary review prior to the issuance of those licenses; however, the Department’s processes for performing the secondary reviews are not sufficient to verify that applicants meet all requirements. In addition, it has not developed documented policies and procedures for performing those reviews and it does not monitor to ensure that the secondary reviews of commercial driver licenses are occurring.
Auditors identified significant weaknesses in the Department’s controls over access to the information in its Driver License System. In addition, the Department did not have a sufficient process in place to detect employee misuse of the driver license information. To minimize security risks, auditors communicated details about the identified weaknesses related to access, employee use of driver license data, and other sensitive information technology issues separately to the Department in writing.
The Department complied with transfer requirements related to driver license funds outlined in the General Appropriations Act. In addition, the Department submitted its annual report on the effectiveness of the Driver License Improvement Plan, as required by the General Appropriations Act. However, the Department did not document its process for determining which expenditures should be included in that annual report.
Graphics, Media, Supporting documents