Minnesota Office of the Legislative Auditor
Financial Audit Division

Menu

Minnesota Office of the Legislative Auditor Menu

Report Summary
Department of Health
Information Technology Controls Over Not Public Data

 

Financial Audit Division Report 16-12 Released May 19, 2016

The Office of the Legislative Auditor conducted this audit to determine whether the Department of Health had adequate information technology controls, as of December 2015, to protect against unauthorized access to not public data. Specifically, we examined the information technology controls in place for the department’s Health Economics Program Research/Statistical Data and Reporting System. As part of the audit, we determined whether the department complied with state and federal legal requirements and policies relevant to the protection of not public data as it relates to the system. The audit examined the department’s controls in place used to protect not public data from May 2015 through December 2015.

Conclusion

The Department of Health generally had adequate information technology controls to protect unauthorized access to not public data in the department’s Health Economics Program Research/Statistical Data and Reporting System. The department also generally complied with related applicable state and federal legal requirements and policies.

However, the department had some internal control weaknesses and noncompliance related to its oversight of services provided by the Office of MN.IT Services.

Audit Finding

  • The Department of Health and the Office of MN.IT Services did not ensure that the department’s information technology environment complied with all department and MN.IT policies.
More Information

Office of the Legislative Auditor ♦ Room 140, 658 Cedar St., St. Paul, MN 55155