Follow-up Audit Report on the Department of Education’s Oversight of Computer Hardware Purchased through the Apple Inc. and Lenovo Inc. Contracts

This audit was conducted to follow up on the New York City Comptroller’s Office’s Audit Report on the Department of Education’s Oversight of Computer Hardware Purchased through the Apple Inc. and Lenovo Inc. Contracts (Audit # FM14-057A) issued on December 1, 2014.  In that earlier audit we found that the controls and management practices of the New York City Department of Education (DOE or the Department) in relation to computer hardware inventory were insufficient to ensure that its computer hardware was properly accounted for.  DOE disagreed with the prior audit’s findings and with six of the eight recommendations.  The objective of this audit was to determine whether DOE implemented the eight recommendations made in the prior audit report.

The DOE contracts with three Original Equipment Manufacturer (OEM) vendors to purchase computer hardware for use by students, teachers, and administrative staff.  DOE entered into contracts totaling $209.9 million with Apple Inc. ($105 million), Lenovo Inc. ($81.9 million), and CDW Government LLC, for Google Chromebooks ($23 million).

In addition, DOE entered into separate contracts with Dell Marketing LP (Dell) and ASI System Integration (ASI) to act as Personal Computing Solutions (PCS) vendors.  As PCS vendors, Dell and ASI are responsible for the installation, repair, certain asset tracking and disposal of computer hardware including desktops and laptops.  (Tablets are shipped directly from the manufacturer to administrative sites and schools.)

DOE requires administrators at each of its 2,278 sites to maintain and update inventory records and implement appropriate internal controls to ensure that all inventories are accounted for and properly safeguarded.  The OEM vendors are responsible for supplying DOE with inventory information for all of the computer hardware, except the Apple tablets.  In turn, DOE uploads the information into its Asset Management System (AMS).  According to DOE, it primarily uses AMS to track hardware warranty and service data.  However, DOE also states that schools should use AMS data as the basis for creating and updating their inventory records.  

Audit Findings and Conclusions

Overall, we found that DOE has not improved its inventory controls over computer hardware because it did not agree to implement the majority of recommendations made in the Comptroller’s prior audit report.  As noted, DOE did not agree to implement six of the eight recommendations made in the prior audit report.  However, based on our review, DOE did not implement five recommendations and partially implemented the remaining three recommendations.  Although DOE spends hundreds of millions of dollars on computer hardware, it maintained that it did not implement or fully implement the prior audit report’s recommendations because they were not cost-effective or practical.

In addition to these findings, we found that DOE did not provide sites with sufficient guidance and support to ensure that decentralized inventory records were accurate and complete and that adequate controls were in place to properly safeguard computer hardware.

Since DOE did not improve its controls over computer hardware and provide sites with sufficient guidance and support, DOE’s inventory records remain inaccurate and incomplete and DOE computer hardware is at risk of being lost, stolen, and wasted.  Based on our inspections at nine sampled sites (eight schools and one administrative site), DOE’s decentralized inventory records remain inaccurate and incomplete, and a significant portion of sites’ hardware could not be accounted for, including desktops, laptops, and tablets.  Specifically, DOE did not properly account for 4,993 out of the 14,329 pieces of computer hardware in our sample, 34.9 percent, at the nine sampled sites.  Of these 4,993 items, we looked for but did not observe 1,816 pieces of computer hardware during our physical inspections and the sites did not include 3,541 pieces of computer hardware in their inventory records, as detailed in the Appendix.^[1] 

Audit Recommendations

To address these issues, we reiterate the eight recommendations that were previously made and not implemented or partially implemented.  In addition, we make 11 new recommendations to DOE.  Our combined 19 recommendations include that DOE should:

• Have a centralized inventory system for computer hardware that includes purchase and delivery information as well as current location. DOE should explore using its existing AMS system for this purpose.
• Routinely monitor recordkeeping procedures for computer hardware at DOE sites to ensure that accurate and complete inventories are maintained.
• Determine the physical locations of the 1,816 pieces of unaccounted-for computer hardware that could not be identified during our follow-up inventory inspections conducted at nine sampled sites as part of this audit.
• Conduct a system-wide inventory count and reconciliation of DOE data to determine if other computers are not properly accounted for.
• Refer evidence of misconduct in connection with the purchase, receipt and usage of computer equipment to appropriate authorities, including law enforcement in the case of evidence of potential criminal activity.
• Consider implementing and activating tracking software on computer hardware, especially those items that are most susceptible to theft and loss.
• Provide administrative site and school Inventory Officers with annual inventory training, AMS access, and other resources needed to maintain accurate and complete inventory records and adequate controls, including tracking software and/or barcode scanners and additional staffing and/or PCS vendor support.

Agency Response

In its response, as with the prior audit, DOE does not acknowledge or address the significant inventory control deficiencies identified by the audit.  Further, DOE fails to properly account for almost 5,000 pieces of computer hardware.  While DOE maintains that site location inventories collectively “account for equipment purchased system-wide,” it never explains how that could be the case when it does not compare the individual location inventories to its purchasing records.  And as with its response to the prior audit, DOE questioned the cost effectiveness of taking specific measures recommended to help ensure that the hundreds of millions of dollars in purchases of computer equipment it has made and continues to make are actually used for DOE purposes.  Instead, DOE criticizes the audit methodology as fundamentally flawed.  With regard to the 19 recommendations addressed to DOE in this audit, DOE agreed with 7 recommendations, partially agreed with 3 recommendations, and disagreed with the remaining 9.

Among its criticisms of the audit methodology, DOE states that “AMS should not be treated as a centralized inventory system. . . .  The main purpose of AMS is to support IT maintenance.  No unique designation appropriate for tracking administrative office’s inventory is available in AMS.”  However, while the DOE’s current use of AMS is recognized in the audit, we found that AMS “could be used to track hardware warranty and service data, as well as computer inventory.”  [Emphasis added.]  As noted in the report, this recommendation is based, in part, on the fact that AMS already captures key data that DOE’s Standard Operating Procedures for Inventory (the DOE Inventory SOP) requires sites to record in their inventory records, and DOE instructs schools to use AMS data as the basis for creating and updating their inventory records.  Furthermore, contrary to DOE’s assertion, AMS can track computer hardware for both schools and administrative sites.

DOE also states that “[t]he DOE’s review of the data used to formulate the Comptroller’s findings uncovered weaknesses in analysis and fieldwork methodology.  The DOE stressed these errors at multiple meetings with the Comptroller at the conclusion of the audit.  However, rather than respond to these concerns, the Comptroller has instead concluded the audit, even though, notably, requests for information are still open.”  Contrary to DOE’s assertions, however, for more than six weeks following the issuance of our preliminary report, DOE was afforded the opportunity to discuss its concerns in-person and via telephone and email, and to provide additional documentation to account for computer hardware.  As noted in this report, the audit findings and recommendations specifically take into consideration the information provided during this period, along with the other information obtained during the audit.

We note that despite its criticisms about the audit’s methodology and conclusions, DOE stated it “is planning some changes to its help desk and device management strategies” and that it would “explore additional opportunities to improve its current inventory practices, including investigating potential tools/systems and protocol changes that could support our diverse group of administrative and school sites in a cost effective and feasible manner.”

[1] The number of pieces of computer hardware that were not physically accounted for (1,816) and the number of pieces of computer hardware that were not recorded in site inventory records (3,541) do not add up to the total number of pieces of computer hardware that were not properly accounted for (4,993) because there were 364 pieces of computer hardware that were cited in both categories—not physically accounted for and not recorded in site inventory records.