Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Minnesota State Colleges and Universities
Information Technology Security Follow-Up

 

Financial Audit Division Report 04-39 Released September 17, 2004

Key Conclusion:

MnSCU has taken steps to resolve many of the security weaknesses reported in prior audits; however, it has not developed a comprehensive security program to effectively manage security throughout the organization. Furthermore, we question whether MnSCU can develop a successful security program given the limited resources currently devoted to security.

Finding:

  • MnSCU has not resolved some outstanding security weaknesses, nor has it developed a comprehensive security program.
   Audit Scope:

Audit Period:
As of July 2004

Selected Audit Areas:
  • Prior audit findings on computer security

Background:

We have performed several information technology audits at MnSCU since 1996. These audits typically focused on selected “general controls” that help secure its Integrated Statewide Records System (ISRS). These audits found similar and often serious security concerns.

The purpose of this information technology audit was to assess and report the status of security weaknesses described in prior audit reports. We limited our scope to those weaknesses that impacted ISRS.

More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155