Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Office of MN.IT Services
Mainframe Security Controls

 

Financial Audit Division Report 14-14 Released May 1, 2014

Conclusion

The Office of MN.IT Services (MN.IT) generally had adequate internal controls to ensure that it appropriately limited access to its data and protected the mainframe’s operating system. MN.IT established expectations for the security controls operating on the mainframe and developed a formal process to evaluate and implement changes. However, MN.IT had some inconsistencies with its internal policies, as noted in the findings in this report.

Key Finding

  • The Office of MN.IT Services did not periodically compare its documented mainframe security configuration baseline to the actual mainframe configurations to ensure that any unauthorized variances were resolved.

Audit Objective and Scope

The audit objective was to determine whether, as of September 2013, the Office of MN.IT Services had adequate internal controls to: 1) limit the ability to see or modify sensitive mainframe operating system settings and data to appropriate personnel and, 2) to ensure that all modifications to the mainframe operating system were authorized.

More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155