Auditor Of Public Accounts
State Auditor’s Office wins National Award. “Excellence in Accountability Award” Recognizes New Automated IT Audit System
The National State Auditor’s Association (NSAA) announced yesterday that the Kentucky State Auditor’s Office won a prestigious 2006 NSAA “Excellence in Accountability Award” in the “special projects” category. The award was given for the Kentucky Auditor’s automated computer system vulnerability assessment process.
“I am very proud of the great work our professional staff does every day for the taxpayers of Kentucky. This award is a national recognition for not only Kentucky but for hard working state employees. It is very important that Kentucky has an independent watchdog that guards our resources.” State Auditor Crit Luallen said.
The project, which was completed and placed into operation in 2005, automates various information technology assessment processes. The program has resulted in an approximate 40 percent reduction in the time required for an auditor to initiate an assessment, evaluate and document the findings, and generate a report detailing specific vulnerabilities. The program has not only streamlined the vulnerability assessment process, it has proven to be an excellent tool to train new IT audit staff.
The program was developed by the Auditor’s Office Division of Examination and Information Technology under the direction of Brian Lykins. The Division’s Information Technology Audit Branch functions include auditing the processes and controls of state and local governments’ computer systems and other automated processes. The IT Audit Branch tests computer controls including physical and logical security, program change controls, segregation of duties, application processing controls, and disaster recovery. The Branch employees serve as IT Audit Specialists that also perform data extraction, reporting, and data analysis to support the financial and other audit initiatives of this office.
Recent audit releases resulting from work performed by the IT Audit Branch include:
· A review of millions of welfare records to identify potentially high-risk transactions.
· An Auditor’s Alert regarding the security of surplus computers and the disclosure of confidential information.
· A review of state employees’ voting leave use.
Employees of the IT Audit Branch are Tony Hutchins, Manager, BJ Bellamy, Veronica Bradley, Amy Fisher, Kelly Glines, Jenny Luscher, and Robert Poynter.
National State Auditors Association
FOR MORE INFORMATION CONTACT:
FOR IMMEDIATE RELEASE
Kentucky Office of the Auditor of Public Accounts Wins
“Excellence in Accountability Award”
LEXINGTON, KY – June 12, 2006 – The National State Auditors Association (NSAA) announces that the Kentucky Office of the Auditor of Public Accounts is the winner of a 2006 NSAA Excellence in Accountability Award in the “special project” category.
The Excellence in Accountability Awards are presented annually to recognize government auditing excellence. There are two award categories – performance audit and special project.
“This year’s award submissions were all excellent,” commented Kate Witek, state auditor of Nebraska and chair of the NSAA Excellence in Accountability Awards Committee. “Kentucky’s entry entitled ‘Automating a Computer System Vulnerability Process’ was clearly an outstanding special project.”
The project was implemented by the Kentucky Office of the Auditor of Public Accounts to efficiently address the growing demand by state agencies for IT vulnerability assessments. IT auditors were finding it difficult to keep training up-to-date and meet budget and time constraints for vulnerability assessments while still performing their other IT audit duties. The answer to the problem was clear – the process needed to be automated in order to more effectively use IT auditors’ time and allow the auditors to accomplish more with existing resources.
Ms. Witek continued, “Auditing excellence ensures that the public trust is held and that citizens’ tax dollars and resources are being used wisely. Projects like Kentucky’s are clear examples of the innovation going on today within states as government employees work to streamline processes to make them more efficient and effective.”
The project, which was completed and placed into operation in 2005, uses Perl scripts to automate various assessment processes. The program has resulted in an approximate 40 percent reduction in the time required for an auditor to initiate an assessment, evaluate and document the findings, and generate a report detailing specific vulnerabilities. The program has not only streamlined the vulnerability assessment process, it has proven to be an excellent tool to train new IT audit staff.
To find out more about the Kentucky Office of the Auditor of Public Accounts, visit www.auditor.ky.gov.
The National State Auditors Association (NSAA) is an organization dedicated to uniting state auditors by encouraging and providing opportunities for the free exchange of information and ideas between auditors on the state, federal and local levels. For more information about NSAA, call (859) 276-1147 or visit www.nasact.org.