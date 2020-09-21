(The Center Square) – State auditors in Madison say the Department of Administration and the University of Wisconsin system both came up short in keeping track of information technology security and complying with the state’s rules.
The audit released last week found 12 issues at the Department of Administration and 13 issues at the UW system.
“We found that DOA and other state agencies did not consistently comply with various statutes and policies pertaining to IT projects, including large, high-risk IT projects,” State Auditor John Chrisman wrote in a letter to lawmakers. “In addition, we found that DOA and other agencies did not consistently follow best practices for data security when completing projects involving cloud computing services provided by firms.”
Chrisman added that lawmakers may want to follow-up.
“We also identified concerns with IT security at five state agencies and have conveyed our specific concerns to DOA, which should take action to address them,” Chrisman said.
Many of the issues at DOA were small in comparison. Auditors found the agency “did not submit statewide IT strategic plans to the Joint Committee on Information Policy and Technology in recent years,” and “did not submit the statutorily required semiannual reports to the Joint Committee on Information Policy and Technology from March 2014 through September 2019.”
The audit concluded the DOA also “did not review and approve eight contracts, which totaled an estimated $93.5 million that were executed from August 2013 through August 2018, for five large, high-risk IT projects.”
The audit also found DOA lacking in cloud computer security.
“Agencies did not consistently follow best practices for data security when completing projects involving cloud computing services provided by firms,” the auditors wrote.
Many of the issues at DOA are problems at the UW system.
Auditors also dinged the UW system for failing to “include all statutorily required information in the IT strategic plan it provided to the Board of Regents for March 2020,” and “did not consistently comply with Board of Regents policies because they did not include all required information in the planning documents for large, high-risk IT projects.”
The auditors did, however, find some concerns regarding how the UW system spends money on IT projects, and how much.
“UW System Administration did not comply with statutes that require it to report each quarter to the Board of Regents on the expenditures of projects with open-ended contracts, the auditors found. “UW institutions did not comply with statutes that require them to include in contracts for large, high-risk IT projects a stipulation that the Board of Regents must approve any order or amendment that would change the contract scope and increase the contract price.”
Chrisman said lawmakers may want to change some state laws to make it easier for both the DOA and the UW system to comply with state laws and state policies.