Press "Enter" to skip to content

Report makes recommendations to strengthen management of Missouri state agencies’ information technology

Audit gives rating of “good” to Office of Administration Information Technology Services Division

JEFFERSON CITY, Mo. — A report released today by State Auditor Nicole Galloway provides recommendations to improve controls over the management of several Missouri state agencies’ information technology (IT). The audit of the Office of Administration Information Technology Services Division (ITSD) gave a rating of “good”; ITSD is responsible for coordinating and providing IT services to state agencies within the executive branch.

“Effective management of information technology is vital to government agencies providing the best level of service to taxpayers,” Auditor Galloway said. “Our audit gives recommendations to the state division with the primary role of coordinating and providing IT services, and I encourage the ITSD to implement those measures to better serve Missourians.”

The audit found that the agreements between ITSD and the state agencies to provide services are not comprehensive or up-to-date. These concerns also were noted in previous audits of the division. The report recommends that the ITSD continue developing new service level agreements with the agencies.

While the ITSD has worked with agencies to complete contingency plans for specific agency systems, the division has not formally adopted or documented an enterprise-wide contingency planning policy. The audit recommends such a policy to further guide the development of comprehensive agency plans and to guide enterprise-wide decisions, such as minimizing operational issues if multiple plans are exercised at the same time.

The audit also found that the ITSD has not developed records management and retention policies in compliance with the guidance given by the Missouri Secretary of State Records Services Division. This guidance, which was approved by the Missouri State Records Commission, recommends government entities have written policies on retention of electronic messaging. The report recommends developing written policies to comply with the guidance.

A copy of the complete audit can be found here.