Monday, December 30, 2019

Audit shows security control weaknesses in state's financial and human resources management system

(From State Auditor Nicole Galloway)

State Auditor Nicole Galloway has released an audit of the Statewide Advantage for Missouri (SAM II) system, which handles billions of dollars in financial transactions each year for the state of Missouri. The report found security control weaknesses that could leave the system vulnerable to unauthorized or inappropriate transactions.

SAM II is managed by the Office of Administration (OA) and has more than 4,500 system user accounts. The audit also covered MissouriBUYS, the state's eProcurement system that uses SAM II for financial processing and has more than 1,300 user accounts.

"In fiscal year 2019, the state used SAM II to process about $40 billion in transactions," Auditor Galloway said. "Appropriate security measures are vital in safeguarding the taxpayer dollars that go through this system. I encourage OA officials to follow through on the recommendations in the audit to ensure those safeguards are in place."








One of the vulnerabilities found in the audit was that user accounts of terminated employees are not always removed timely, meaning former employees could still access the system. The audit found that 30 days or more after their termination, 21 former employees still had access to SAM II and 41 former employees still had access to MissouriBUYS.

Another weakness in the financial system security settings also could allow two users to approve their own transactions without review or additional approval from an independent party. The audit also found that inadequate controls for system security administrators increased the risk of improper activity in SAM II, and that OA management has not fully developed policies and procedures for SAM II administration.

Audit recommendations include performing periodic reviews of user accounts to ensure access is more promptly terminated for former employees and that the access given to security administrators is appropriate.

A complete copy of the audit, which gave a rating of fair, is available here.

1 comment:

  1. Anonymous3:06 PM

    No No No She does not get it. The system works perfect for republicans to misuse the system and now she wants to oversee the graft and corruption of the patriarchs of the system. Imagine what would happen if she is elected governor of Missouri. The whole apple cart could be turned over and become accountable to the citizens. We need to rise up and fight this form of oversight to remain a mirror image of our corrupt Wash DC crowd.
    Seriously folks, this gal is above reproach and should be installed as a person to bring Missouri out of the sticks and do something good for the working class versus the elite corporations.

    ReplyDelete