MISSOURI (KFVS) - State Auditor Nicole Galloway released an audit of the Statewide Advantage for Missouri (SAM II) system.
The system handles billions of dollars in financial transactions each year for the state.
“In fiscal year 2019, the state used SAM II to process about $40 billion in transactions,” Auditor Galloway said. “Appropriate security measures are vital in safeguarding the taxpayer dollars that go through this system. I encourage OA officials to follow through on the recommendations in the audit to ensure those safeguards are in place.”
In the report, Galloway said security control weaknesses were found. The weaknesses could leave the system vulnerable to unauthorized or inappropriate transactions.
Full report here.
The system is managed by the Office of Administration (OA) and has more than 4,500 user accounts, the auditor’s office said.
The audit also covered MissouriBUYS. This system uses SAM II for financial processing and has more than 1,300 accounts.
One of the vulnerabilities found in the audit was that user accounts of terminated employees are not always removed timely.
Galloway said this means former employees could still access the system.
The audit found that 30 days or more after their termination, 21 former employees still had access to SAM II and 41 former employees still had access to MissouriBUYS.
Another weakness could allow two users to approve their own transactions without review or additional approval from an independent party.
Galloway’s audit also found that there were inadequate controls for the system security administrators. This increases the risk of improper activity in SAM II and that OA management has not developed policies and procedures for the system administration.