Our audit of the Department of Accounts (Accounts) for the year ended June 30, 2025, found:

 

• • proper recording and reporting of all transactions, in all material respects, in the Commonwealth’s accounting and reporting system and attachment submitted to Accounts’ Financial Reporting Department;

 

• • no matters involving internal control and its operation necessary to bring to management’s attention; and

 

• • no instances of noncompliance with applicable laws and regulations or other matters that are required to be reported.

 

Our report includes two risk alerts that require the action and cooperation of management of Accounts and other Commonwealth agencies.  The “Financial Reporting” risk alert identifies the increased risk that the Commonwealth may not meet the deadline for the Annual Comprehensive Financial Report, which could jeopardize the Commonwealth’s bond rating, because entities have increasingly submitted inaccurate and late financial information to Accounts over the past several fiscal years.  Continued, significant turnover in key financial positions, lack of policies and procedures, and increasingly complex accounting standards have led to these issues.  The “Access to Centralized Audit Log Information” risk alert identifies the risk to Accounts’ information technology security posture because the current security information and event management (SIEM) tool does not display all necessary audit log information to allow agencies to react to and investigate suspicious system activity in a timely manner.