|Financial Audit Division Report 16-12||Released May 19, 2016|
The Office of the Legislative Auditor conducted this audit to determine whether the Department of Health had adequate information technology controls, as of December 2015, to protect against unauthorized access to not public data. Specifically, we examined the information technology controls in place for the department’s Health Economics Program Research/Statistical Data and Reporting System. As part of the audit, we determined whether the department complied with state and federal legal requirements and policies relevant to the protection of not public data as it relates to the system. The audit examined the department’s controls in place used to protect not public data from May 2015 through December 2015.
The Department of Health generally had adequate information technology controls to protect unauthorized access to not public data in the department’s Health Economics Program Research/Statistical Data and Reporting System. The department also generally complied with related applicable state and federal legal requirements and policies.
However, the department had some internal control weaknesses and noncompliance related to its oversight of services provided by the Office of MN.IT Services.