Date: 02/06/2015

Final
Presentation by the Office of the State Auditor

COMMITTEE ON JOINT TECHNOLOGY COMMITTEE

Votes: View--> Action Taken:
<none><none>




01:35 PM

Senator Neville, Chair, called the committee to order. A quorum was present.

01:37 PM -- Presentation by the Office of the State Auditor

 Matt Devlin, Deputy State Auditor, Reed Larsen, Legislative Auditor, and Bryan Becker, IT Audit Supervisor, came to the table to present to the committee on the Office of the State Auditor's (OSA) Annual Report of Audit Recommendations Not Fully Implemented (Attachment A). Mr. Devlin provided a background on the OSA, and explained that the report covers a period of five years through June 30, 2014. He noted that the OSA only tracks the implementation status of recommendations that agencies agree to implement or partially implement, and that there are two types of audit: financial audits and performance and information technology (IT) audits. Mr. Becker explained that financial audit recommendations are classified by their severity, and provided an overview of the number of financial audit recommendations outstanding for departments by severity level. Mr. Becker highlighted the recommendations OSA made specifically for the Governor's Office. He explained the purpose of performance and IT audits performed by OSA, and summarized the outstanding numbers of these audits for state agencies. OSA responded to committee questions on the metrics used to perform an audit.

150206 AttachA.pdf150206 AttachA.pdf

01:51 PM

Mr. Larsen walked the committee through audit recommendations for the Governor's Office, which received 530 recommendations during the five-year period. He explained how these recommendations were broken down by type of audit and the specific office of the Governor. He spoke specifically to financial audit recommendations made for the Colorado State Titling and Registration System, Columbia Ultimate Business Solution system, and Kronos IT system. Mr. Larsen said the Governor's Office received 342 performance and IT audit recommendations, with the majority of these being made to the Office of Information Technology (OIT). He described OSA's high-priority recommendation items for the Governor's Office, which are the Colorado Department of Transportation's (CDOT) financial system and information systems security items for the Office of Cyber Security (OCS). OSA responded to committee questions on what CDOT had done to address the IT audit recommendation, what CDOT's disaster recovery policy is, the cost of compliance for CDOT to meet the state's IT security policy, and the asset inventory and management procedures of OCS. Mr. Larsen discussed OSA's recommendations made to the Statewide Internet Portal Authority, and noted that it had implemented all recommendations. OSA responded to committee questions on what the Joint Technology Committee (JTC) should be concerned about in regards to outstanding financial, performance, and IT audit recommendations that had not been fully implemented by state agencies. Discussion ensued.