We audited the adequacy of the Department of State Police’s (State Police) corrective actions for the 26 prior audit findings which State Police identified as complete as of June 30, 2022. Specifically, we tested corrective actions within the divisions of: Property and Finance (21); Information Technology (3); and Human Resources (2). Our audit found adequate corrective action for the 26 prior audit findings tested, which we classify as “completed” within the Findings Summary table in the Appendix.

Our audit scope was limited to those areas described above in the first paragraph and in the Audit Scope Overview section. The corrective actions for the 18 prior audit findings not included in the scope of this audit are classified as “ongoing” within the Findings Summary table in the Appendix. We will follow up on these findings in a future audit. However, given the significance of the inherent risks associated with information technology and the controls required by the Commonwealth’s Information Security Standard, SEC 501 (Security Standard), we provide status updates on State Police’s ongoing corrective actions related to the four findings under the Information Technology division. These updates are within the section titled “Status of Information Technology’s Corrective Actions.”