Traffic Ticketing information system Read full text in English
The audit included two areas of focus - the environment surrounding the Traffic Ticketing Information System - the System (designed to input, process, manage and collect payment for the traffic tickets) and also the internal environment of the System that guarantees the quality of its performance and safety.
- No documentation for the system in relation to the traffic laws that need to be applied.
- No documentation in regards to the process of traffic tickets entry into the system.
- Lack of proper internal controls, audit and review accompanies not restrictive terms of access levels and allowed permissions.
- Possible mistakes in implementing the proper processes and procedures for all types of traffic tickets (direct tickets, indirect tickets and traffic enforcement camera tickets).
- Data entry employees working on the system have no documented guidance ihow to carry out their duties in the correct way.
- Possibility to abuse the system easily without consequences.
- No policies governing user permissions and no security policy for information transfer and firewall rules.
- No periodical review of the users access lists.
- No periodical review or audit on the system reports specialized in security incidents or misuse.
- Any user is able to request any kind of permission on the system regardless of relative access level to the job description.
- Unable to identify inactive users.
- Reports are generated randomly in a less than frequently desired rate which delays taking timely actions against offending users.
- No clear and documented procedures to govern the data entry process.
- No reports that show the number and type of mistakes made by the data entry users.
- The systems allows the modification of multiple data fields of traffic ticket information.
- Tickets are entered into the system as if with no review/audit function in place.
- Opportunity to intentionally manipulate data when no periodic review/aduit.