Virginia Lottery for the year ended June 30, 2022

Applicable Fiscal Year: 2022

Report Category: Internal Control and Compliance

Organization: Lottery Department


Virginia Lottery for the year ended June 30, 2022


The Virginia Lottery’s (Lottery’s) management needs to strengthen system access controls over its financial accounting and reporting system to ensure individuals’ access adheres to the principle of least privilege.  Additionally, Lottery should dedicate the necessary resources to implement security controls for its Virtual Private Network that meet the requirements of the Security Standard and industry best practices.  Lottery should also update its policies and procedures and implement a process that ensures the consistent tracking and reconciliation of all information technology (IT) assets from purchase to surplus and disposal.  Lastly, Lottery should develop and implement a formal framework for gaining appropriate assurance over outsourced operations that affect its IT environment, sensitive data, or mission-critical processes.