Principal Performance Auditor Erin Laska was featured last week on TVW, highlighting the continued need for cyber security protection of the sensitive public data the state stewards. At the Office of the Washington State Auditor, we take safeguarding the public’s data from those who would seek to exploit it seriously. That’s why we regularly evaluate both state (see our most recent performance audit here) and local government cybersecurity controls for weakness, as well as make practical recommendations to help governments in Washington solve their cybersecurity challenges.
As local governments in Washington and across the United States deal with increasingly sophisticated attacks aimed at bringing down vital government services residents depend on, the need for careful controls and cyber security measures grows ever more crucial. At the Office of the Washington State Auditor, one of the resources we provide local governments with is helping them increase their cyber security in anticipation of just such events as outlined in the New York Times below. Are you interested in learning more about how we can help? Click here to read cyber security resources.
A Cyberattack Hobbles Atlanta, and Security Experts Shudder
By ALAN BLINDER and NICOLE PERLROTH
MARCH 27, 2018
ATLANTA — The City of Atlanta’s 8,000 employees got the word on Tuesday that they had been waiting for: It was O.K. to turn their computers on.
But as the city government’s desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website. Travelers at the world’s busiest airport still could not use the free Wi-Fi.
Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack — one of the most sustained and consequential cyberattacks ever mounted against a major American city.
The digital extortion aimed at Atlanta, which security experts have linked to a shadowy hacking crew known for its careful selection of targets, laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations. In a ransomware attack, malicious software cripples a victim’s computer or network and blocks access to important data until a ransom is paid to unlock it.
“We are dealing with a hostage situation,” Mayor Keisha Lance Bottoms said this week.
Your public auditors were busy in 2017. The Office of the Washington State Auditor published more than 2,000 reports covering a wide spectrum of topics.
While many people are familiar with our work in their area, fewer know the full scope of what the Office does across Washington. We are making a concerted effort to increase trust in government, and a key part of that goal is making audit work accessible and easy to understand.
This year, the annual report conveys the same detailed information in a more visual form. The Office’s teams do excellent work across the state, and we want you to know about it.
The 2017 annual report discusses the types of audits performed, our satisfied clients, training public servants and how the Office saves taxpayers money. Click here to check it out!
Part of management’s responsibility for financial reporting and safeguarding of public resources is to regularly evaluate its financial condition and develop plans to address any serious issues. For financial reporting, both the Budgeting, Accounting and Reporting System (BARS) Manual and the Governmental Accounting Standards Board (GASB) Statement No. 56 require disclosure in the notes to the financial statements regarding any situations that give rise to a substantial doubt about the government’s ability to continue to operate, along with management’s plans to address the situation.
While the BARS Manual and GASB standards address requirements for financial statement preparers, professional standards from the American Institute of Certified Public Accountants (AICPA) address requirements for auditors. These standards require the auditor to independently consider the government’s financial condition and any disclosures to determine whether the financial statements are fairly presented. This existing responsibility was underscored by the AICPA’s new Statement on Auditing Standards No. 132, which is intended to bring more consistency and greater clarity to how auditors approach this important topic. Continue reading
From left to right: Laura Marrone (Admin Tech), Rose Lauer (Assistant Office Manager), Commissioner/President Jerry Thornton, Sr., State Auditor Pat McCarthy, Commissioner John Thompson, Shane Young (General Manager) & Commissioner/Secretary, Renea Blanchette
Earlier this week, State Auditor Pat McCarthy recognized the King County Water District No. 125 for their commitment to making government work better and promoting a culture of accountability with a State Auditor’s Office Stewardship Award. Continue reading
State Auditor Pat McCarthy, County Treasurer Vickie Clelland, Financial Management Officer Heidi Penner, County Auditor Robert Waymire
State Auditor Pat McCarthy recognized Skamania County’s dedication to making government work better and its commitment to the audit process today with a State Auditor’s Office Stewardship Award. Specifically, the County Auditor’s Office, Treasurer’s Office and Office of Financial Management have worked together to improve County processes and strengthen internal controls over the past several years. Continue reading
By Jennine Griffo, Continuous Improvement Coordinator with the State Auditor’s Office
Have you ever attending a training at work only to find you are expected to adopt the new technique next week? Chances are this has happened to you — how did it go? Were you and your co-workers motivated for a while, then less so as the new way slowly faded into memory and the status quo returned? Or maybe you and your co-workers skeptically eyed one another during the training, afterward marching in line to toss your materials in the circular file. Either way, the spectacular results the training promised were dulled by the daily weight of office drudgery.
Contrast this with the enthusiasm and excitement we feel when purchasing the newest iPhone or other tech gadget—the thrill of a new car or a bigger, better TV with which to watch the newest season of that hot new show. In our personal lives, we change all the time, and what’s more, we often crave and relish that change. What’s the difference between the way change feels at work and at home? In our personal lives, marketers understand what motivates us and spend their time trying to sell us those nice new products. At work … not so much. Continue reading
The Office of the Washington State Auditor has asked the Legislature for $700,000 to pay for more accountability audits of state agencies, one of Auditor Pat McCarthy’s initiatives to increase transparency and accountability in government. You can read the full request here.
State agencies routinely are subject to audits of all kinds, including regular reviews of their financial statements. This Office issues more than 2,000 audits a year of all kinds of governments, from the smallest school districts to the largest ports to state agencies. Continue reading
As state and local governments increasingly depend on information technology (IT) systems to serve the public, the need to audit the controls in and around these systems increases. To help mitigate risk and to provide best-practice guidance to both state and local governments, the State Auditor’s Office performs IT audits. Because governments collect sensitive and confidential information from the public, it is critical to have good controls to protect that information. Continue reading
After observing that governments were reporting fiduciary activities inconsistently, in January 2017 the Governmental Accounting Standards Board (GASB) released Statement No. 84, Fiduciary Activities. The statement clarifies what constitutes fiduciary activity and how to report it. While the standard provides important guidance, the State Auditor’s Office is concerned that lack of practical examples may lead government agencies to overlook or misunderstand the new requirements. For some governments, the audit implications of incorrect implementation may be significant. Continue reading