The information technology (IT) used by the AGLC is specialized and has to constantly evolve to stay current in the gaming industry. A cost-effective way to keep pace is to contract out some IT services. As a result, the AGLC uses many external IT vendors that require direct access into its gaming systems and corporate network. It is critical for the AGLC to have effective systems to manage its vendor IT support activities.
Objective and Scope
In 2016, we audited the AGLC’s systems to manage its external vendors. We recommended that the AGLC improve its systems to provide oversight of and monitor its vendors’ access to its internal systems. Because our findings dealt with IT security matters, reporting on detailed audit findings could have further exposed the AGLC’s systems. We therefore did not publicly report with the results of that audit.
In 2017, we conducted a follow-up audit.
The AGLC has implemented our recommendation by improving its systems to manage external IT vendors’ access to its critical gaming and liquor systems.