State auditors' role is changing with technology

State auditors' role is changing with technology

State auditors play an important role in making sure agency information systems are secure, and their role is becoming more important as more state functions go online. A recent Maryland judiciary information system audit revealed network deficiencies that may not have been addressed without it.

But auditors' adeptness at information security reviews is limited because of their struggles to keep up with a changing technology environment. The National Association of State Auditors, Comptrollers and Treasurers has responded by publishing a guide on auditing agency information security risks.

Kinney Poytner, deputy executive director of NASACT, said the guide is a joint effort between his organization and the U.S. General Accounting Office.

'With so many federal systems talking to state systems and state systems talking to local systems, any weaknesses put all systems at risk,' he said. 'This is a quickly emerging issue across the country.'

The guide, which was issued this month at NASACT's Information Technology/Middle Management Conference in Nashville, Tenn., is aimed at raising state auditors' awareness of what makes systems secure.

Proper vision

'We are beginning to audit through the computer and not around it,' said Ralph Campbell, North Carolina state auditor. 'Just as we are aware of our financial assets, we have to begin looking at the computer system and data as assets and that means looking at security from every aspect of an audit.'

Campbell is part of the team that wrote the NASACT guide. He said many state audit agencies have made information system audits a priority. In North Carolina, Campbell has required all state auditors to take additional training to develop expertise in detecting system vulnerabilities and provides system penetration testing.

'We have seen the importance of information system audits and elevated a separate audit division,' Campbell said. 'There is a high expectation that all the information in state systems remains private and secure and, as auditors, we need to focus on the systems that keep it that way.'

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above