We audited the Virginia Information Technologies Agency’s (VITA) contract management, contract payment, centralized information technology security audit service, and right-to-use asset accounting business cycles for the fiscal year ended June 30, 2023. We found: 

• proper recording and reporting of right-to-use assets, in all material respects, in the Commonwealth’s lease accounting system and the Department of Accounts’ financial statement template, after adjustment for the misstatements noted in the finding “Improve Controls over Identifying, Tracking, Recording, and Reporting 
Right-to-Use Assets”; 

• three matters involving internal control and its operation necessary to bring to management’s attention, of which, we consider one finding to be a material weakness; 

• one instance of noncompliance with applicable laws and regulations or other matters that is required to be reported; and

• adequate corrective action with respect to a prior audit finding identified as complete in the Findings Summary included in the Appendix.

This report also includes an appendix of Risk Alerts applicable to multiple agencies that requires the action and cooperation of VITA. Our separate audit report for each agency includes the details of each risk that we identified.

In the section titled “Internal Control and Compliance Findings and Recommendations” we have included our assessment of the conditions and causes resulting in the internal control and compliance findings identified through our audits as well as recommendations for addressing those findings. Our assessment does not remove management’s responsibility to perform a thorough assessment of the conditions and causes of the findings and develop and appropriately implement adequate corrective actions to resolve the findings as required by the Department of Accounts in Topic 10205 – Agency Response to APA Audit of the Commonwealth Accounting Policies and Procedures Manual. Those corrective actions may include additional items beyond our recommendations.