Auditors flunk state Internet agency over spending, security
Sunana Batra / Colorado News Agency
A state agency charged with serving as the middleman in providing electronic government services isn’t doing such a bang up job, state auditors say. Last week, the auditors delivered a scathing review, concluding that grossly inadequate internal controls and poor contract management have failed to protect taxpayers’ sensitive financial and personal data. They also said leadership failures have led to inappropriate expenses being paid out to the tune of thousands of dollars.
The State Internet Portal Authority, or SIPA, is a quasi-governmental entity created in 2004 to serve governmental agencies throughout Colorado. The authority is responsible for maintaining the state’s official web portal. SIPA is funded by a portion of fees paid by consumers when they purchase government services online like electronic payments for fines or permits, renewing driver’s licenses, pet registrations, and various other services. SIPA contracts with a private vendor, Colorado Interactive, for the majority of its services, and they process financial transactions on behalf of government entities and deal with sensitive information such as taxpayer-identifying and credit card information.
The Office of the State Auditor handed SIPA a list of six recommended actions that include monitoring access control to bank accounts, developing formal, written and documented contract-monitoring processes, developing a system of internal controls over expenses and segregation of financial-accounting practices in the future.
Contract management was a major deficiency at SIPA, according to auditors.
“They are not comparing the invoices that SIPA gets from the contractor against the contract and task order prior to making payments or prior to billing the government entity,” said Sarah Aurich, who helped oversee the audit.
“SIPA reported that primarily it relies on the government entity to identify any kind of billing discrepancy, and our concern with this is that it is fairly late in the process. By the time SIPA bills the government entity, they have already paid the contractor. Once the money’s out the door it’s a little bit harder to get that back if the state agency says they didn’t actually get that service,” Aurich said.
Auditors also found that SIPA’s Executive Director John Conley had issued three checks totaling $41,300 that had not even been signed before being mailed out and cashed and that Colorado Interactive’s contract with SIPA lacks appropriate mechanisms to protect sensitive consumer data and lacks proper controls over user access to the system. Conley also chairs the board of the EAGLE-Net Alliance, another independent state agency, whose federal funding recently was cut off over compliance issues. …read full story by the Colorado News Agency
The Colorado Public Advocate welcomes your views. Post comments below by logging onto Facebook, or visit our Facebook page.