North Dakota audit highlights missing IT inventory
BISMARCK — The North Dakota Information Technology Department didn't locate two dozen assets with potentially sensitive information during an annual inventory, state auditors said Monday, July 8.
State Auditor Josh Gallion's office said ITD was responsible for tracking 6,500 assets totaling more than $25 million from July 2016 through June 2018, but failed to find 217 of the assets, including office, network and computer equipment.
ITD uses encryption as a "safety net" for assets with sensitive information, but auditors said they found three laptops were not encrypted.
In a statement, Gallion called for a "thorough asset inventory management process."
"It’s concerning that we have assets out there which could have sensitive information on them and ITD could not find them," he added.
In a response included in the audit report, the department said it had updated policies to document the required follow-up for assets that are not located during an initial inventory process. It also made changes that would "reduce the risk of clerical errors that were the root cause of most of the 2018 inventory exceptions."