There is an office within the state that does all the hiring for the Human Resources and Computer department without going through the controls imposed by the existing standards in public administration. This is the area of records of the National Motor Vehicle Ownership and Chattel Mortgages (DNRPA, for its acronym in Spanish), which conducts its operations through a cooperative formed by Car Dealers Association of Argentina (ACARA, for its acronym in Spanish).
According to a report by the General Audit Office (AGN, for its acronym in Spanish), the management and the entity that brings together dealerships signed an agreement in 1986 with the objective of expediting the time involved in the purchase of equipment for the Computer sector. Thus, ACARA began providing from servers and computers to smaller inputs. But the watchdog noted that, despite the intent of the agreement, operations did not meet the requirements of the State, "purchasing procedures are too slow, (what) precludes obtaining in a timely manner indispensable items for the proper functioning of the computer department”. The research, which was approved this year from 2008 and 2009 data, added that acquisitions "do not compensate the level of obsolescence and the vegetative growth of the services provided."
Furthermore, AGN detected other irregularities. For example, "in orders for internet services and data transmission, no minimum standards suggested by ONTI (National Office of Information Technologies) were adopted." The auditors also noted buying an antivirus software in 2005 that "for various administrative reasons, was completed in 2006", whose license had expired for two months-at the time of completion of the report, and yet , remained without updating, "with the risks involved."
In fact, the audit came to these conclusions after analyzing the performance of management in relation to the COBIT standards, Control Objectives for Information and related Technology. However, it should have extended its observations to the same conformation of workers. "All personnel from the IT department is employed, other than the coordinator," and these working relationships are also made through the ACARA. With this data, the watchdog concluded that in the Directorate "there is no formal policy of recruitment and promotion."
Another element missing in the DNRPA is a strategic security plan formally approved. This means that employees do not need authentication to connect to the network dependence; computers are identified on servers by their internal addresses (IP), which, in the judgment of AGN, "allows anyone using a computer to access the owner’s permission regardless of who the user actually is." The auditors added: "It is essential to solve this serious problem with a proper user management policy."
As for the IT offices, the report explains that the computer center, the stores nearby, and those located on the lower deck "have no fire protection," and lists the gateway and the closing of the stores are not fire resistant; there is no technical floor; racks have no doors; data and power cables do not have proper drainage and to top it all off, the provision of equipment complicates maintenance work. Thus, the watchdog said the information handled by the Directorate "is subject to risks that exceed acceptable values.”