Office of the Legislative Auditor - Financial Audit Division

Report Summary

Financial-Related Audit

Department of Administration - Intertechnologies Group

System-wide Access to Mainframe Data

The Department of Administration's Intertechnologies Group (Intertech) used ACF2 security features to limit most system-wide clearances to its own information system professionals and certain installed software products. However, an excessive number of these either have widespread access to data or could obtain this level of clearance through weaknesses in the security infrastructure.

Key Findings:

• ACF2 rules give many Intertech employees and installed software products widespread access to data.
• Intertech did not adequately control some powerful ACF2 privileges.
• One ACF2 exit may expose data to unauthorized access.
• Documentation of key components of the ACF2 security infrastructure is inadequate.

Financial-Related Audit Reports address internal control weaknesses and noncompliance issues found during our audits of state departments and agencies. The scope of our work at the Department of Administration was limited to a review of system-wide access to mainframe data.