NASHVILLE — A new audit by the Tennessee comptroller of the treasury finds that while Chattanooga State Community College has made strides over the past two years in addressing deficiencies identified in its 2019 examination, four of 13 unspecified problems remain.
Although no one is saying what the problems are, the secrecy provision invoked by Comptroller Jason Mumpower's office — Tennessee Code Annotated Section 10-7-504(i) — provides a major clue.
The language bars release of information that would allow a person to obtain unauthorized access to confidential information or to government property which in this case is defined to include electronic processing systems and telecommunication systems.
Statutory language also puts off-limits to the public any records involving plans, security codes and computer programs used to protect electronic information. Another exclusion is information that would identify areas of structural or operational vulnerability. That includes release of information that could be used to disrupt, interfere with or gain unauthorized access to electronic information or government property.
The comptroller's office is saying nothing about the specific issues.
'Significant deficiency' found in audit reportView
Efforts to reach Nancy Patterson, Chattanooga State's vice president over college advancement and communications, were unsuccessful Wednesday.
The college, headed by President Rebecca Ashford, took no issue with the findings in its formal audit response: "Chattanooga State Community College concurs with the findings of the four areas as reported."
In 2019, the comptroller's State Audit Division issued the audit finding regarding multiple problems in one of Chattanooga State's systems, again avoiding specifics on the areas. The audit covered fiscal years 2017 and 2018.
"Chattanooga State Community College did not design and monitor internal controls in 13 specific areas. For 12 of these areas, we found internal control deficiencies related to one of the college's systems that were in violation of campus policies or industry-accepted best practices," the 2019 audit states. "These deficiencies are considered a material weakness in internal control. We also observed another condition where adequate internal controls were not in place. This deficiency is considered a significant deficiency in internal control."
In the latest audit, which covers fiscal years 2019 and 2020, the number of internal control deficiencies were down to four and related to one of the college's systems.
"Although management has taken steps to correct these conditions, we are reporting internal control deficiencies for the second consecutive audit because corrective action was not sufficient. These deficiencies are considered a significant deficiency in internal control. The details of this finding are confidential pursuant to Section 10-7-504(i) Tennessee Code Annotated," auditors wrote.
Elsewhere in the audit, the comptroller's office noted, "Ineffective design and implementation of internal controls increase the likelihood of errors and unauthorized access to college information. Pursuant to Standard 4.40 of the U.S. Government Accountability Office's Government Auditing Standards, we omitted details from this finding because they are confidential under the provisions of Section 10-7-504(i), Tennessee Code Annotated."
State auditors have provided Chattanooga State with detailed information regarding specific conditions identified, as well as related criteria, causes and specific recommendations for improvement.
"The president should ensure that management corrects these conditions by thoroughly evaluating the details of this finding and promptly developing and consistently implementing effective internal controls in these areas," the audit adds.
Contact Andy Sher at email@example.com or 615-255-0550. Follow him on Twitter @AndySher1.