Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Department of Education
Information Technology Security Controls Audit

 

Financial Audit Division Report 13-20 Released August 29, 2013

Conclusion

The Department of Education did not have adequate internal controls to ensure that it appropriately limited access to its data and protected the hardware and software that support its significant computer applications. 1

Findings

  • The Department of Education’s significant computer applications did not have comprehensive security plans.
  • The security controls for one of the Department of Education’s most important operating systems were not adequate to protect not public information.
  • The expected security settings were not documented for the Department of Education’s significant computer applications. Also, changes to the applications could occur without complying with the change management plan.
  • Servers supporting the Department of Education’s significant applications were not adequately monitored for vulnerabilities.
  • The Department of Education lacked documented processes to authorize and review access to its significant applications’ supporting hardware and software by staff from the Office of MN.IT Services.

Audit Objective and Scope

The audit objective was to determine whether the Department of Education had adequate information technology controls, as of March 2013, to protect data from unauthorized access or modification and to ensure that changes made to the department’s significant computer applications and supporting hardware and software were authorized.


1The Department of Education’s significant applications included the Integrated Department of Education Aid System (IDEAS) which processed state school aid payments; the State Educational Record View and Submission System (SERVS) which processed federal school aid payments; and versions one and two of the Cyber-linked Interactive Child Nutrition System (CLiCS1 and CLiCS2), which processed federal food and nutrition program payments.

More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155