Report Summary
State Board of Investment
Information Technology Audit
Financial Audit Division Report 09-26 |
Released August 13, 2009 |
Conclusion
The State Board of Investment (SBI) generally had adequate controls to protect the confidentiality, integrity, and availability of its computer systems and data. However, we found two weaknesses in internal controls.
Findings
- SBI lacked important security documentation.
- SBI did not sufficiently maintain or monitor some aspects of its computer network.
Audit Objective and Scope
The audit objective was to answer the following question:
- Did SBI have adequate controls to protect the confidentiality, integrity, and availability of its computer systems and business data?
We assessed controls as of July 2009.