Financial Audit Division Report 09-23 | Released June 23, 2009 |
The Minnesota State Retirement System (MSRS) did not have adequate controls to protect the integrity, confidentiality, and availability of its computer systems and business data. Serious security weaknesses exposed them to an unacceptable risk of tampering, disclosure, and disruption. The report contains eight findings relating to internal control deficiencies.
We assessed controls as of April 2009.
MSRS administers six retirement plans, a supplemental retirement plan for Hennepin County, and health care and deferred compensation plans for state employees and other public employees. Plan membership is comprised of state employees, state law enforcement and correctional officers, constitutional officers, legislators, judges, employees of the University of Minnesota, the Metropolitan Council, and employees of various other designated public agencies. Approximately 700 employers participate in the plans whose membership includes over 250,000 active and inactive employees and their beneficiaries.