State Auditor’s Office Wins National Excellence in Accountability Award
Award recognizes new automated IT audit system
The National State Auditor’s Association (NSAA) recently announced that the Kentucky State Auditor’s Office was awarded a prestigious 2006 NSAA Excellence in Accountability Award. The award, in the special projects category, was given for the Kentucky Auditor’s automated computer system vulnerability assessment process.
“I am very proud of the great work our professional staff does every day for the taxpayers of Kentucky. This award is a national recognition for not only Kentucky but for hard working state employees. It is very important that Kentucky has an independent watchdog that guards our resources,” State Auditor Crit Luallen said.
The project, which was completed and put into operation in 2005, automates various information technology (IT) assessment processes. The program has resulted in an approximate 40 percent reduction in the time required for an auditor to initiate an assessment, evaluate and document the findings and generate a report detailing specific vulnerabilities. The program has not only streamlined the vulnerability assessment process, but has proven to be an excellent tool for training new IT audit staff.
The program was developed by the auditor’s office Division of Examination and Information Technology under the direction of Brian Lykins. The Division’s IT Audit Branch functions include auditing the processes and controls of state and local governments’ computer systems and other automated processes.
The IT Audit Branch tests computer controls including physical and logical security, program change controls, segregation of duties, application processing controls and disaster recovery. The branch employees serve as IT audit specialists that also perform data extraction, reporting and data analysis to support the financial and other audit initiatives of this office.
Recent audit releases resulting from work performed by the IT Audit Branch include:
- A review of millions of welfare records to identify potentially high-risk transactions;
- An auditor’s alert regarding the security of surplus computers and the disclosure of confidential information; and
- A review of state employees’ voting leave use.
Employees of the IT Audit Branch are Tony Hutchins, manager, BJ Bellamy, Veronica Bradley, Amy Fisher, Kelly Glines, Jenny Luscher and Robert Poynter.