Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Department of Revenue
GenTax
Information Technology Security Controls

 

Financial Audit Division Report 13-04 Released February 28, 2013

Conclusion

The Department of Revenue generally had adequate internal controls to ensure that it protected databases containing tax-related information from unauthorized modification and viewing and to ensure that changes made to GenTax and its supporting infrastructure were authorized. However, the department had the following internal control deficiencies:

Findings

  • The Department of Revenue had not completed some elements of a comprehensive security plan for GenTax, as required by its standard.
  • The Department of Revenue did not adequately monitor changes to GenTax and its supporting infrastructure to ensure they complied with the department’s plan.
  • The Department of Revenue had not clearly documented expectations for its review of reports that tracked changes to or viewing of data within the database or changes to the database structure.
  • The Department of Revenue had not implemented adequate controls to prevent and detect some inappropriate access to servers and databases supporting GenTax.
  • The Department of Revenue had not finalized its documentation of security configuration baseline standards for infrastructure supporting GenTax.

Audit Objective and Scope

The audit objective was to determine whether the Department of Revenue had adequate information technology controls, as of November 2012, to protect databases containing taxpayer information from unauthorized modification or viewing and to ensure that changes made to GenTax and its supporting infrastructure were authorized.

More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155