Current through Register Vol. 48, No. 34, August 23, 2024
Section 73-27 - Audit ProceduresSLED/CJIS must institute audit procedures to ensure that criminal history record information is accurate. SLED/CJIS has the right to suspend services to any user agency that knowingly and willfully violates any federal or state law or regulation pertaining to the use, collection, storage, or dissemination of criminal history record information.
A. Field audits of user agencies must be performed by personnel designated by the Assistant Director for SLED/CJIS. The Assistant Director for SLED/CJIS or his or her designee will act as liaison between user agencies and auditors, and must review the findings of audits to determine what assistance, remedies, or other action may be required, or whether a user agency may be re-audited after a period sufficient to correct any deficiencies that may have been discovered. Auditors must perform audits in accordance with a schedule approved by the Assistant Director for SLED/CJIS, and must regularly report their findings and recommendations. In addition to auditing user agencies for compliance with the contents of this chapter and State statutes, the auditors must review the agencies' compliance with all Federal Bureau of Investigation/National Crime Information Center regulations, and federal regulations and statutes governing criminal justice information and communications.B. Field audits must have two basic components:(1) A procedural audit must examine the procedures that are necessary for compliance with State and federal statutes and regulations. Auditors must inspect written procedures and manuals, and must interview personnel to evaluate methods of compliance and levels of understanding. Sites must be examined to determine levels of access restraint and security. The audit must include, but not be limited to, reviews of record and disposition reporting procedures, dissemination procedures, individual's right of inspection, and security.(2) An audit of a user agency's activity logs must examine an agency's activity tracking mechanisms. Dissemination logs, site access logs, computer terminal records, and record correction logs for criminal history record information will be examined. The auditor must review logging procedures and interview personnel who handle or process records.C. The regulations also require systematic internal auditing as a means of guaranteeing the completeness and accuracy of computerized criminal history record information. The Criminal Records Department and the Computerized Criminal History Department must verify the completeness and accuracy of the data by comparing Criminal History Record Information with the source documents. These source documents include the original and subsequent fingerprint cards, arrest reports, disposition reports, court, corrections, probation, and parole records. SLED/CJIS must maintain computer audits that assure the entry of valid data. Records found to contain errors must be forwarded to the Criminal Records Department and, if necessary, to the originating agency for correction. Errors must be corrected as soon as practicable in both the manual and automated files.Amended by State Register Volume 14, Issue No. 3, eff March 23, 1990; State Register Volume 25, Issue No. 9, eff September 28, 2001.