top of page



Inventories, computer security and data: The big three in audits land

We read lots of audits from state and local governments. These audits cover multiple governments and topics as diverse as children’s health, police-community relations, building construction, wastewater, tree maintenance, public pool safety, park management, contract oversight, etc.

We find that whatever the topic, a number of the same audit complaints emerge.

Poor inventory control. A couple of years ago, we focused one of our Governing columns on this issue in a piece titled “How Does a City Lose a Back Hoe?”. There has been no slowdown of  findings for audits on inventory weakness since then.

For example, a Board of Regents audit of the University of Iowa athletic department this month found televisions, tablets, and  Apple watches “were either poorly tracked or not tracked at all,” according to an AP report last week. What’s more, the audit found that employees with state-purchased equipment routinely were permitted to keep the goods after leaving their jobs.

Another inventory control problems that we’ve seen recently turned up in an Oklahoma County sheriff’s office audit where 3,041 of the 7,844 items listed in inventory records couldn’t be located, including pistols, shotguns and Tasers. Scary.

Lax access to computers. Last week, a Maryland audit on the judiciary pointed out that monitoring of the court computer systems wasn’t sufficient to spot or prevent inappropriate activity by users who had no reason to have access.  “Numerous individuals were granted system access capabilities to the Judiciary’s financial management system, allowing them to unilaterally perform critical purchasing and/or payment functions,” it said.

In April a Jacksonville, FL, audit of workers compensation had a similar criticism, noting that “A number of users” had “inappropriate access rights to the workers compensation claim administration system.” One danger? Users who had the ability “to issue an unlimited number of checks through the system for unlimited amounts.”

Poor quality data. We could go on and on. About two years ago, we wrote a cover story for Governing about bad data, looking at the constant complaints from auditors’ offices about a wide variety of data issues. Problems included inconsistent definitions, sloppy data collection, incomplete data and wild guesses posing as data. A few more recent audit examples:

In April, a Kansas audit cited numerous data problems, including out-of-date information on licensed foster homes, and a lack of adequate information about physical and mental health needs of children. It also reported that a high percentage of children were placed more than 100 miles away from their original homes, although closer placements may have been available. “Disparate data systems maintained by the two contractors and the child placing agencies may have contributed to long-distance placements,” the audit said.

Late last year, an Illinois audit criticized the accuracy and completeness of child placement data from the Department of Children and Family Services and a Nevada audit of the Office of the Military questioned the accuracy of performance measurement data.

Also worth mentioning is California’s biennial rundown of data problems it encounters in its auditing work. The most recent version of this report came out in September. (One example from that report: its finding that 11,000 employee records in the state’s leave accounting system had errors.)


bottom of page