Legislative Post Audit Committee approves triennial audit plan and a blended IT security audit approach
Summary
The committee approved the agency's triennial audit plan and chose a hybrid approach for 2026 IT security audits (option A confidential agency security audits plus option B audits of local governments), including at least one school district and at least one city and county for local audits.
During the meeting the committee reviewed several required administrative items and voted on two formal oversight items.
Chris presented the triennial audit plan (a statutory requirement to audit state agencies at least once every three years) and the committee voted to approve the proposed plan after a motion by Senator Thompson and second by Senator Peterson; the motion carried.
Later, staff presented three options for 2026 IT security work: option A (6–8 confidential IT security audits of state agencies), option B (6–8 similar audits focused on cities/counties), and option C (3–4 public IT performance audits). The committee debated a hybrid approach. Representative Williams moved and Senator Thompson seconded approval of a blended plan adopting options A and B; the motion specified including at least one school district in option A and at least one city and one county in option B. The committee approved the motion.
Committee members noted that option A audits are confidential executive-session-style work and option C would produce public reports; a blended A/B approach preserves executive-session confidentiality while adding local-government coverage and still allows a public summary on a three-year cycle. The committee then approved the 2026 IT monitoring plan to monitor a selected DCF IT modernization project.
