Jail Management System - Maricopa County

A Report
to the
Board of
Supervisors
Maricopa County
Internal Audit
Department
Ross L. Tate
County Auditor
Jail Management System
Application Controls Need
Improvement
May 2012
Executive Summary 1
Introduction 2
IT Control Environment 7
Network Security 9
Personnel Screening and Access Reviews 10
Change Management 12
IT Strategic Planning and Project Management 13
IT Policies and Procedures 15
Sheriff’s Office Response 16

The mission of Maricopa County is to provide regional
leadership and fiscally responsible, necessary public services
so that residents can enjoy living in a healthy and safe
community.
The mission of the Internal Audit Department is to provide
objective information on the County’s system of internal controls
to the Board of Supervisors so they can make informed
decisions and protect the interests of County citizens.
The County Auditor reports directly to the Maricopa County
Board of Supervisors, with an advisory reporting relationship
to the Citizen’s Audit Advisory Committee.
Audit Team Members
Eve Murillo, CPA, MBA, CFE, ITIL, Deputy County Auditor
Patra Carroll, CPA, MSIM, CIA, ITIL, IT Audit Supervisor
Susan Adams, MBA, CISA, ITIL, CLEA, Senior IT Auditor
KPMG LLP
Maricopa County Internal Audit
301 West Jefferson Suite 660
Phoenix, AZ 85003
(602) 506-1585
www.maricopa.gov/internal_audit
“Do the Right Things Right!”

301 West Jefferson St
Suite 660
Phx, AZ 85003-2148
Phone: 602-506-1585
Fax: 602-506-8957
www.maricopa.gov
Maricopa County
Internal Audit Department
May 15, 2012
Max W. Wilson, Chairman, Board of Supervisors
Fulton Brock, Supervisor, District I
Don Stapley, Supervisor, District II
Andrew Kunasek, Supervisor, District III
Mary Rose Wilcox, Supervisor, District V
We have completed our FY 2011-12 review of the Jail Management System. The
review was originally scheduled as part of the FY 2009 Sheriff’s Office Custody
Command review. The specific areas reviewed were selected through a formal riskassessment
process.
Highlights of this report include the following:
Information technology controls generally comply with standards
Some application controls need improvement
Policies and procedures need to be formalized
Within this report you will find an executive summary, specific information on the
areas reviewed, and the Sheriff’s Office response to our recommendations. We have
reviewed this information with Sheriff’s Office management and appreciate the
excellent cooperation provided by management and staff. If you have any questions,
or wish to discuss the information presented in this report, please contact Eve
Murillo, Deputy County Auditor, at 506-7245.
Sincerely,
Ross L. Tate
County Auditor

Executive Summary
IT Control Environment (Page 7)
The Maricopa County Sheriff’s Office (MCSO) information technology (IT) control
environment generally follows industry standards in key areas.
Network Security (Page 9)
We tested network security controls in four key areas: (1) The Criminal Justice Network, (2)
password management, (3) remote access security, and (4) patch management. Strong network
security controls reduce the likelihood of system vulnerabilities and breaches. Due to the
sensitive nature of this work, we provided MCSO management with detailed findings in a
separate report.
Personnel Screening and Access Reviews (Page 10)
MCSO personnel screening, security awareness training, and account access review processes
could be improved. Incomplete personnel screening and training processes may leave MCSO
vulnerable to potential abuse of sensitive data. Undocumented user access procedures increase
the risk that unauthorized users may inappropriately access or modify criminal justice
information. MCSO should consider strengthening personnel screening policies, provide user
awareness training, and conduct user access reviews.
Change Management (Page 12)
MCSO does not have a formalized change management process for authorizing, testing, and
approving the Jail Management System (JMS) changes. JMS developers have unrestricted
access to the application. If unauthorized or untested changes are introduced into JMS, they
could create data integrity and system availability issues. MCSO should strengthen its change
management controls.
IT Strategic Planning and Project Management (Page 13)
MCSO does not have a formal IT strategic plan or project management process that effectively
aligns IT resource spending with MCSO’s core mission. A strategic plan helps ensure that
critical IT projects are completed efficiently and economically. MCSO should consider
developing an IT strategic plan and project management framework.
IT Policies and Procedures (Page 15)
MCSO does not have formal JMS security policies and procedures that should address Criminal
Justice Information Services Security Policy requirements. Formalized IT procedures can help
MCSO implement security and other control activities during personnel absences and turnover.
MCSO should develop formalized JMS IT policies and procedures.
Maricopa County Internal Audit 1 Jail Management System–May 2012

Introduction
Background
The Jail Management System (JMS) is the primary computer system used by the Maricopa
County Sheriff’s Office (MCSO) to manage jail operations and inmates. JMS includes
information on booking, fingerprinting, food services, housing, transportation, health, inmate
property, and bonding.
Jail Management System Organization
The MCSO Technology Bureau (MCSO IT) is responsible for maintaining and supporting all
MCSO business systems, including JMS. MCSO has approximately 3,500 employees and
operates 24 hours a day, 7 days a week. MCSO IT’s 65 employees are responsible for ensuring
that critical applications like JMS are available to support those operations. Below is the MCSO
IT organization chart:
Inmate Telephone
System (ITS)
Administrator
Commander
Business
Applications
Services
Jail Management System
Deputy Director
Commander
Desktop & Client
Support
Commander
Mainframe
Operations &
Technical Support
Commander
Telecom
Technology
JMS Migration Team
MCSO IT began developing JMS in 1990 and moved it into production in 1995. JMS runs on a
mainframe, a powerful computer used for critical applications and bulk data processing. MCSO
employees enter information into JMS throughout an inmate’s incarceration. JMS includes
judicial information (inmate charges, holds, court dispositions, and bond and fine amounts) and
administrative information (personal property inventory, locker assignment, housing location,
restrictions, and emergency medical information). MCSO processes approximately 105 million
transactions per year through the JMS system.
Maricopa County Internal Audit 2 Jail Management System–May 2012

JMS Interfaces
JMS communicates critical information to other justice and law enforcement agencies. Below is
a brief summary of key JMS interfaces.
ICJIS - JMS data feeds into the Integrated Criminal Justice Information System (ICJIS) which is
distributed to other County law enforcement agencies, including the Courts, County Attorney,
Clerk of the Superior Court, and Adult and Juvenile Probation. With the exception of touch-pay
kiosks and inmate telephones, all JMS information flows through the ICJIS interface. MCSO
employees also use JMS (through the ICJIS electronic data exchange) to access state and federal
criminal justice information.
ACJIS - The Arizona Criminal Justice Information System (ACJIS) acts as the central state
repository for collecting, storing, and disseminating Arizona criminal history records and related
justice information. The Department of Public Safety (DPS) maintains ACJIS and allows
Arizona law enforcement agencies to share information.
CJIS and NCIC - The Criminal Justice Information Services (CJIS) Division and the National
Crime Information Center (NCIC) are supported by the Federal Bureau of Investigation (FBI),
and are electronic crime data clearinghouses that can be accessed by most criminal justice
agencies nationwide.
The graph below illustrates how JMS interfaces with other agencies and systems:
ACJIS - Arizona Criminal
Justice Information System
DPS criminal database
CJIS - Criminal
Justice
Information
Services
NCIC - Nation
Crime
Information
Center
FBI criminal database
ICJIS - Integrated
Criminal Justice
Information System
Maricopa County Internal Audit 3 Jail Management System–May 2012
Jail
Management
System

JMS Environment
Because JMS is a mission critical application, MCSO has been assessing future system
requirements. MCSO IT reports several challenges with the current JMS environment.
Mainframe - The mainframe on which JMS is running is supported by the vendor through 2014.
The FY 2012 mainframe software license costs are $1.1 million, with an automatic annual 10
percent increase, and annual mainframe hardware costs are $95,000. MCSO intends to
renegotiate the contract during FY 2014. MCSO reports that for strategic purposes, MCSO may
replace the existing mainframe, but has not submitted a budget request.
Aging Workforce - JMS is a large and complex seventeen-year old system; its software is written
in COBOL, a programming language that is no longer being taught in many universities.
According to MCSO IT, as employees responsible for maintaining JMS retire, it may become
difficult and expensive to replace them, negatively affecting the long-term maintenance of the
system. The County’s Office of Management and Budget is completing a staffing study for
MCSO IT.
Scope and Methodology
Audit Objectives
The objectives of this audit were to determine that:
Approach
Effective general controls are in place to provide reasonable assurance that information
systems are secure and available to users.
Information technology general controls are overarching policies and procedures that
apply to the network and organization-wide information systems. Reviewing general
controls provides assurance that the controls are working as intended and that systems
are appropriately supporting operations.
Critical application controls are in place to provide reasonable assurance of the
confidentiality, integrity, and availability of data.
Application controls are specific to a single information system, such as JMS.
Application controls are activities designed to support operations, and ensure the
confidentiality, integrity and availability of application data.
To achieve the audit objectives, we:
Interviewed key employees from MCSO, the ICJIS agency, and the Office of Enterprise
Technology (OET)
Obtained and reviewed policies and procedures related to:
o IT governance
o Programs and data access (including application security, operating system
security, database security, user authentication, and segregation of duties)
Maricopa County Internal Audit 4 Jail Management System–May 2012

o Program development (including project management, authorization, technical
and user testing, user training, and developer/production segregation of duties)
o Program change management (changes to existing applications – including
emergency changes and monitoring, developer segregation of duties, and testing
of requested changes)
o Computer operations (including disaster recovery, system backups, job
scheduling, data conversion, system interfaces, and problem management)
Observed MCSO personnel using JMS
Identified key IT and application controls
MCSO data center IT general controls were not considered during the course of this review.
Internal Audit conducted a separate MCSO Data Center Audit where applicable IT general
controls were considered; the report was issued March 15, 2012.
Due to the sensitive nature of network security issues, the results of our network security testing
were detailed in a separate memo to management.
Audit Timeframe
Our audit included data from July 2010 through October 2011.
Auditing Standards
We conducted this performance audit in accordance with generally accepted government
auditing standards. These standards require the following:
An independent audit staff and audit organization
An objective audit staff performing the work
A competent staff, current with continuing education requirements
A system of quality control procedures
Sufficient and appropriate evidence based on audit objectives
Maricopa County Internal Audit 5 Jail Management System–May 2012

(Blank Page)
Maricopa County Internal Audit 6 Jail Management System–May 2012

Issue 1 IT Control Environment
Summary
The Maricopa County Sheriff’s Office (MCSO) information technology (IT) control
environment generally follows industry standards in key areas.
Criteria
COBIT, an international, generally–accepted, IT control framework, gives guidance about
control requirements, technical issues, and business risks. Internal Audit uses COBIT as an
authority for good IT control practices. The COBIT framework recommends:
Defining and implementing a technology infrastructure plan, architecture, and standards
that leverage technology opportunities
Establishing transparent, flexible, and responsive IT organizational structures, and
defining and implementing IT processes
Segregating responsibilities throughout the enterprise
Establishing preventative and detective controls to protect information systems and
technology from malware (e.g., viruses, worms, spyware, and spam)
Implementing automated solutions to support source code management and change
migration between production environments
Meeting operational service levels for scheduled data processing, protecting sensitive
output, and monitoring and maintaining infrastructure
Establishing interface controls to ensure the accuracy and completeness of data transfers
Establishing backup controls to ensure data availability
Establishing procedures to identify, resolve, and document system and application issues
Maricopa County Internal Audit 7 Jail Management System–May 2012

Condition
Through observation, limited testing, and interviews, we determined that the following key IT
controls generally followed the COBIT framework.
Information
Architecture
Roles and
Responsibilities
IT Controls Reviewed that Appear to be Adequate
Area Description
MCSO uses the National Crime Information Center (NCIC) and the
Arizona Criminal Justice Information System (ACJIS) for
developing applications to interface with state and federal systems.
MCSO has defined roles and responsibilities for supporting IT and
information security responsibilities.
Super User Access JMS super user access appears appropriate.
Computer Virus
Protection
Version Control
Software
Batch Processing and
Job Scheduling
MCSO maintains computer virus protection software for
workstations and servers. During the testing period, virus
definitions were updated daily.
MCSO uses version control software to help manage and control
the development and migration of software and configuration
changes.
MCSO batch and job scheduling procedures are in place and
appear adequate.
System Interfaces MCSO system interfaces appear adequately controlled through the
Integrated Criminal Justice Information System (ICJIS).
Tape Backups MCSO performs regular backups and rotates its backups between
its primary data centers.
Problem Management MCSO tracks, responds, and documents help desk activity.
Recommendation
None, for information only.
Maricopa County Internal Audit 8 Jail Management System–May 2012

Issue 2 Network Security
Summary
We tested network security controls in four key areas: (1) The Criminal Justice Network, (2)
password management, (3) remote access security, and (4) patch management. Strong network
security controls reduce the likelihood of system vulnerabilities and breaches.
We used COBIT standards and ACJIS requirements governing these areas in our review. Due to
the sensitive nature of this work, we provided MCSO management with detailed findings in a
separate report.
Maricopa County Internal Audit 9 Jail Management System–May 2012

Issue 3 Personnel Screening and Access
Reviews
Summary
MCSO personnel screening, security awareness training, and account access review processes
could be improved. Incomplete personnel screening and training processes may leave MCSO
vulnerable to potential abuse of sensitive data. Undocumented user access procedures increase
the risk that unauthorized users may inappropriately access or modify criminal justice
information. MCSO should consider strengthening personnel screening policies, provide user
awareness training, and conduct user access reviews.
Criteria
The Arizona Criminal Justice Information System (ACJIS) Operating Manual requires that
MCSO conduct criminal justice employment background checks, including a fingerprint check,
for all ACJIS terminal operators. All terminal operators and technical personnel who access the
ACJIS system must be certified through the Terminal Operator Certification (TOC) Program.
The Federal Criminal Justice Information System (CJIS) Security Policy requires that MCSO
conduct security policy training for employees based on their job duties. Key training areas
include the handling of criminal justice information, social engineering, media protection,
malware prevention, and patch management. CJIS has established training guidelines for
different employee groups.
COBIT recommends:
Condition
Recruiting and training a competent workforce, and conducting background checks
Educating and training users according to business requirements
Documenting procedures for requesting, establishing, issuing, modifying, and closing
user accounts
Personnel Screening
MCSO’s procedures appear to be in compliance with state (ACJIS) background check policies.
A small number of employees from the Office of Public Defender, Office of Management and
Budget, and the Department of Finance, access JMS detention and booking information that is
not part of the state criminal database (ACJIS). Currently, individuals from these agencies do
not go through the required background check, and the required training (TOC and security
awareness).
Maricopa County Internal Audit 10 Jail Management System–May 2012

Security Awareness Training
MCSO’s TOC training focuses on authorized access and dissemination of criminal justice
information, but does not include all of the security awareness areas required in CJIS policy.
CJIS mandates specific training topics regarding the proper handling of criminal justice
information, based on a user’s exposure to and involvement with the criminal justice
information.
Account Access Reviews
Although MCSO validates TOC identification numbers through a semi-annual, Arizona
Department of Public Safety (DPS) review and reconciliation process, it does not have a
formalized process for validating all JMS and operating system user accounts and their
associated access permissions.
Effect
Personnel Screening - Incomplete personnel screening processes may leave MCSO vulnerable to
potential abuse of sensitive law enforcement data.
Security Awareness Training - JMS users that do not receive the mandated CJIS training may
inadvertently mishandle criminal justice information.
Account Access Reviews - Informally managed user permissions increases the risk that
unauthorized users may inappropriately access or modify criminal justice information.
Cause
Personnel Screening - MCSO has not developed a formalized background check policy for JMS
users without ACJIS database permissions.
Security Awareness Training - Although MCSO’s TOC training program aligns with DPS
guidance, these requirements do not meet the minimum CJIS Security Policy standards.
Account Access Reviews - MCSO has relied on the extensive hands-on experience of longtenured
employees to compensate for formalized procedures, and has invested its resources on
day-to-day functions rather than documenting its operations.
Recommendations
MCSO should consider:
A. Developing a personnel screening policy that covers JMS users who do not access ACJIS
data.
B. Enhancing the security awareness training program to align with the CJIS Security Policy
requirements.
C. Developing formalized policies and procedures to periodically review and validate JMS
access accounts and permissions. Leading practices suggest user access reviews be
conducted at least annually.
Maricopa County Internal Audit 11 Jail Management System–May 2012

Issue 4 Change Management
Summary
MCSO does not have a formalized change management process for authorizing, testing, and
approving the Jail Management System (JMS) changes. JMS developers have unrestricted
access to the application. If unauthorized or untested changes are introduced into JMS, they
could create data integrity and system availability issues. MCSO should strengthen its change
management controls.
Criteria
COBIT recommends the following change management practices:
Condition
Ensuring applications are aligned with business requirements
Managing IT changes in a formal, documented, and controlled fashion
MCSO has not formalized its change management policy and procedures. Change management
procedures standardize the system change processes. Currently, the MCSO Technology Bureau
receives and coordinates requested changes via email with the agency requestor. Approvals are
handled informally and are not consistently documented before being moved into production
(where “live” transaction processing occurs). Developer access to the JMS production
environment is not appropriately restricted.
Effect
Formal change management procedures introduce system changes in a controlled and
coordinated manner and prevent unplanned, unauthorized, and untested changes to JMS.
Effective change management procedures also reduce the risk of service disruption and
associated costs.
Cause
MCSO Technology Bureau staff report that resource constraints have prevented them from
documenting change management procedures. Instead, they have relied on their extensive JMS
experience to compensate for this control weakness.
Recommendations
MCSO should:
A. Develop a formalized process for authorizing, testing, and approving JMS changes.
B. Limit developers’ access to JMS and/or implement system monitoring controls to identify
and review the appropriateness of system changes.
Maricopa County Internal Audit 12 Jail Management System–May 2012

Issue 5 IT Strategic Planning and Project
Management
Summary
MCSO does not have a formal IT strategic plan or project management process that effectively
aligns IT resource spending with MCSO’s core mission. A strategic plan helps ensure that
critical IT projects are completed efficiently and economically. MCSO should consider
developing an IT strategic plan and project management framework.
Criteria
COBIT recommends establishing an IT strategic plan, an IT steering committee, and a program
and project management framework for IT projects.
Condition
IT Strategic Planning
MCSO does not have a formalized IT strategic plan. Instead, MCSO IT relies on a Systems
Aging Report to classify applications by their estimated useful life and to prioritize future IT
needs. MCSO IT prepares this report bi-annually and reviews it with other MCSO bureaus for
reasonableness. Recently, MCSO issued a Request for Proposal to upgrade integrated Computer
Aided Dispatch, Records Management, Civil Process, and Mobile Systems resulting, in part from
its review of the Systems Aging Report.
IT Project Management
MCSO IT does not use a formalized project management process to oversee large or critical
systems and does not use a steering committee to oversee key project decisions. Instead,
developmental projects are tracked in a spreadsheet and managed informally. The MCSO IT
Deputy Director receives weekly project status reports from various MCSO bureaus and uses this
information to update other MCSO management team members on a monthly basis. A formal
project management methodology could enhance future JMS upgrades.
Effect
MCSO may not be effectively investing financial resources in IT and may be investing in
unsuitable or underperforming IT systems. Also, MCSO IT projects may not: 1) meet desired
functionality requirements, 2) meet completion deadlines, 3) meet established budgets, and 4)
align with MCSO’s strategic direction.
Cause
MCSO does not have a formalized IT governance process that includes the implementation of an
IT strategic plan and project management methodology. MCSO IT’s resource allocation has
been devoted to operating activities (technical, financial, and scheduling).
Maricopa County Internal Audit 13 Jail Management System–May 2012

Recommendations
MCSO should consider:
A. Developing an IT strategic plan that supports the overall MCSO strategy.
B. Developing a formalized project management methodology to help manage and control
IT-related projects.
Maricopa County Internal Audit 14 Jail Management System–May 2012

Issue 6 IT Policies and Procedures
Summary
MCSO does not have formal JMS security policies and procedures that should address Criminal
Justice Information Services Security Policy requirements. Formalized IT procedures can help
MCSO implement security and other control activities during personnel absences and turnover.
MCSO should develop formalized JMS IT policies and procedures.
Criteria
The Federal Criminal Justice Information System (CJIS) Security Policy requires that MCSO
develop formal, documented procedures to facilitate the implementation of both federal and local
security policies.
COBIT recommends that IT organizations develop and communicate IT policies throughout the
organization.
Condition
MCSO’s policies and procedures do not include formalized information security policies and
procedures over the following key IT processes:
Effect
JMS and remote user account management
JMS security log reviews
Change management and program development
Patch management
Disaster recovery
Without formalized IT policies and procedures, MCSO may not be able to perform security and
control activities during employee absences and staffing changes. Also, ACJIS (Arizona
Criminal Justice Information System) and NCIC (National Crime Information Center) may
remove MCSO from their networks because of incomplete security guideline compliance.
Cause
MCSO IT personnel rely on their extensive hands-on experience in operating JMS in lieu of
formal policies and procedures and have focused their limited resources on day-to-day operations
rather than documenting IT operations.
Recommendation
MCSO should develop formalized JMS IT policies and procedures.
Maricopa County Internal Audit 15 Jail Management System–May 2012

Sheriff’s Office Response
Maricopa County Internal Audit 16 Jail Management System–May 2012

Issue #1:
For Information. No response required.
Issue #2:
Jail Management System (JMS)
Sheriff's Office- JMS Report
February 2012
Audit Response - April 25, 2012
MCSO network security controls could be strengthened in four key areas: (1) the
Criminal Justice Network, (2) password parameters, (3) remote access security, and (4)
patch management. Stronger network security controls reduce the likelihood of system
vulnerabilities and breaches. MCSO should strengthen network security controls in
these areas.
Response requested for Agency Memo only. See Agency memo (separate).
Issue #3:
MCSO personnel screening, security awareness training, and account access review
processes could be improved. Incomplete personnel screening and training processes
may leave MeSO vulnerable to potential abuse of sensitive data. Undocumented user
access procedures increase the risk that unauthorized users may inappropriately
access or modify criminal justice information. MCSO should consider strengthening
personnel screening policies, provide user awareness training, and conduct user access
reviews.
Recommendation A: MCSO should consider developing a personnel screening policy
that covers JMS users who do not access ACJIS data.
Response: Management accepts the risk of this issue. This recommendation applies to a
very small number of Maricopa County Office of Public Defender, Office of Management
and Budget and Department of Finance employees. These users access limited data that
is not criminal history information.
Target Completion Date: N/A
Benefits/Costs: Increased accountability and control.
Recommendation B: MCSO should consider enhancing the security awareness training
program to align with the CJIS Security Policy requirements.
Response: Completed. Security awareness training has been automated by the Arizona
Department of Public Safety. County employees will complete the computer-based
Page 1 of 4

Jail Management System (JMS)
Sheriff's Office- JMS Report
February 2012
Audit Response - April 25, 2012
training and the test for TOC certification electronically. MCSO will no longer be
conducting security awareness training.
Completion Date: 4/13/12
Benefits/Costs: Increased accountability and control.
Recommendation C: MCSO should consider developing formalized policies and
procedures to periodically review and validate JMS access accounts and permissions.
Leading practices suggest users access reviews be conducted at least annually.
Response: Concur. JMS access accounts and permissions will be reviewed annually
corresponding with a TOC review that is conducted.
Target Completion Date: 6/30/12
Benefits/Costs: Increased accountability and control.
Issue #4:
MCSO does not have a formalized change management process for authorizing,
testing, and approving the Jail Management System (JMS) changes. JMS developers
have unrestricted access to the application. If unauthorized or untested changes are
introduced into JMS, they could create data integrity and system availability issues.
MCSO should strengthen its change management controls.
Recommendation A: MCSO should develop a formalized process for authorizing,
testing, and approving ...IMS changes.
Response: Concur. Changes to JMS "base" programming are rare (five or six annually)
and MCSO's limited technology staff has allowed this process to be very informal.
However, as technology staff increases and the Office moves forward with this and other
systems, this process will have to be formalized.
Target Completion Date: 1/31/13
Benefits/Costs: Increased accountability and control.
Page 2 of 4

Jail Management System (JMS)
Sheriff's Office- JMS Report
February 2012
Audit Response - April 25, 2012
Recommendation B: MCSO should limit developers' access to JMS and/or implement
system monitoring controls to identify and review the appropriateness of system changes.
Response: Concur. This issue will be addressed in the formal change management
process referenced above.
Target Completion Date: 1/31/13
Benefits/Costs: Increased accountability and control.
Issue #5:
MCSO does not have a formal IT strategic plan or project management process that
effectively aligns IT resource spending with MCSO's core mission. A strategic plan
helps ensure that critical IT projects are completed efficiently and economically.
Recommendation A: MCSO should consider developing an IT strategic plan that
supports the overall MCSO strategy.
Response: Concur. As a requirement of the Board of Supervisors' Resolution dated June
20,2011, MCSO and OET are reviewing current systems and future requirements to
develop a strategic technology roadmap for MCSO. This comprehensive plan will closely
align technology initiatives with MCSO core business functions.
Target Completion Date: 12/31/12
Benefits/Costs: Increased accountability and control.
Recommendation B: MCSO should consider developing a formalized project
management methodology to help manage and control IT-related projects.
Response: Concur. MCSO recognizes the importance of a formalized project
management methodology. As additional personnel are employed based upon the
staffing study currently in process, resources will be applied to formalizing the project
management process.
Target Completion Date: 4/30/13
Benefits/Costs: Increased accountability and control.
Page 3 of 4