REPORT DIGEST

 

OFFICE OF THE STATE TREASURER

NONFISCAL OFFICER RESPONSIBILITIES

 

COMPLIANCE EXAMINATION

For the Two Years Ended: June 30, 2009

 

Summary of Findings:

Total this audit:  2

Total last audit:  2

Repeated from last audit:  1

 

Release Date: June 3, 2010

 

State of Illinois, Office of the Auditor General

WILLIAM G. HOLLAND, AUDITOR GENERAL

 

To obtain a copy of the Report contact:

Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703

(217)    782-6046 or TTY (888) 261-2887

 

This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov

­­­­­­­­­­­____________________________

 

SYNOPSIS

 

• The Office of the Treasurer (Office) had not established adequate controls for securing its computer resources.

 

FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

 

COMPUTER SECURITY CONTROL WEAKNESSES

 

During testing of the Office’s computer security environment the following weaknesses were identified:

 

•           Highly privileged user accounts had non-expiring passwords.

 

•           Effective mechanisms to promote security were not always activated.

 

•           Several security policies had not been updated to reflect the current environment.

 

•           Over reliance on key technical staff leading to segregation of duties issues, and potential loss of required technical skills if staff were to depart.

 

•           Servers and other computer infrastructure were not held in secure locations.

 

Effective security provides a means for safeguarding, securing, and controlling access to facilities, hardware and software, along with the information stored in the computer system.  A lack of updated security policies and lax security parameters increases the risk of unauthorized access to computerized information.  (Finding 09-2, pages 12-13)

 

            We recommended the Office review its standard security guidelines, implement and enforce a password change requirement, timely disable accounts of terminated employees and contractors, assess segregation of duties and reliance on key technical staff and review physical security controls.

 

            The Treasurer agreed with the recommendation.

 

OTHER FINDING

 

            The remaining finding pertains to conducting employee performance appraisals and compliance with ethics policies and procedures.  We will review the Office of the Treasurer’s progress toward the implementation of our recommendation in our next examination.

           

ACCOUNTANTS' REPORT

 

            Our special assistant auditors conducted a compliance examination of the Treasurer’s Nonfiscal Officer Responsibilities as required by the Illinois State Auditing Act.  The accountants’ report does not contain any scope limitations, disclosures or other significant non-standard language.

 

 

WILLIAM G. HOLLAND, Auditor General

 

WGH:RPU:pp

 

SPECIAL ASSISTANT AUDITORS

           

Our special assistant auditors on this examination were Crowe Horwath LLP.