Audit Report on Development and Implementation of the Omniform System by the New York City Police Department
Audit Report In Brief
We performed an audit on the development and implementation of the Omniform System (Omniform) by the New York City Police Department (Department). The system stores information on arrests and complaints in a centralized database, allows the Department to eliminate duplicate data entry, and provides better access to data.
Omniform meets the initial business and system requirements and the overall goals as stated in the system justification. In addition, Omniform’s system design allows for future enhancements and upgrades, and the Department followed a formal methodology when developing the system. Also, the Department complied with PPB rules when it procured the equipment and software for the system.
The Department, however, has not resolved certain “critical” issues that it identified in 2001. In addition, acceptance certificates for each deliverable were not in the Department’s files even though the Department approved the final project. Further, certain system users indicated that they would like to see changes made to the system; and, when developing the system, the Department did not hire a quality-assurance consultant. Moreover, the Department has no formal disaster recovery plan to enable the timely resumption of agency operations. Other issues identified during this audit included weaknesses in system-access and change-control procedures as well as problems with system screens.
To address these issues, we recommend that the Department:
- Resolve the three remaining problems that were identified by the 2001 tests. Specifically, the Department should ensure that Omniform should includes:
- a drop-down box on the Vehicle Screen to permit the user to select the license plate type;
- a time stamp on the printed complaint report and a field in which to record the date when the complaint was last updated; and
- the capability to enter information about a weapon in the box for “weapon,” even though the report indicates that a weapon was not used.
- Obtain acceptance certificates for all deliverables on all future system development projects.
- Ensure that the user concerns identified in the report are addressed. In this regard, the Department should make Omniform more accessible and user friendly. In addition, the Department should provide training to those individuals who stated that they had not received training and additional training to those individuals who felt they needed it. Finally, the Department should ensure that all data in the system is correct.
- Engage an independent quality-assurance consultant to monitor and review development work and any system enhancements or subsequent work on Omniform and on all future system development projects.
- Develop and complete a formal disaster recovery plan for Omniform. Periodically test it and document the test results to ensure that the plan functions as intended and is adequate to quickly resume computer operations without material loss of data.
- Develop written policies and procedures for terminating inactive user-IDs. Also, the Department should review the status of the inactive users and terminate access, as appropriate.
- Establish written program-change control procedures and policies to ensure that only appropriate and authorized changes are made to its application and system software.
- Identify all fields that compel the entry of inaccurate information. Review, analyze, and correct all the inaccurate information found in these fields.