| Financial Audit Division | September 2022 |
In the event of a disaster, Minnesota IT Services (MNIT) and state agencies are generally prepared to restore three of the four information technology systems that we reviewed. MNIT has developed disaster recovery plans for each system and has demonstrated its preparedness to recover three of the systems through various forms of plan testing and exercises. We believe that, in the event of a disaster, MNIT and its partnering agencies are prepared to recover the Medicaid Management Information System (MMIS), the Minnesota Eligibility Technology System (METS), and the Integrated Tax System (GenTax). However, we found one priority system in which the disaster recovery planning efforts did not follow best practices. Inadequate plans, combined with a lack of testing, led us to conclude that MNIT and its partnering agency are not prepared to restore this system within the desired timeframe.
We further concluded that MNIT has centralized policies and procedures to provide effective oversight and management of disaster recovery planning efforts. However, we noted that some of MNIT’s manual oversight processes are prone to human error and inefficiencies.
The results of our audit apply only to the four systems that we reviewed and do not indicate the overall status of disaster recovery for MNIT’s broad portfolio of nearly 2,800 information systems and applications.
Finding 1. MNIT’s manual disaster recovery tracking process is prone to human error and lacks functionality. (p. 14)
Finding 2. MNIT and its partnering agency are not adequately prepared to restore one priority system within the desired timeframe. (p. 17)
