Deputy Auditor General Matthew Tracy told the Joint Legislative Auditing Committee that recent state-agency operational audits and the annual single-audit of federal awards uncovered recurring governance, contract and information-technology control weaknesses across multiple agencies.

"We're making progress," Tracy said, but added auditors found a set of common themes: inadequate inventory and capital-asset controls, weak procurement documentation, insufficient financial-management records, and pervasive IT access-control problems, including untimely removal of access and inadequate retention of mobile-device text messages.

Tracy highlighted multiple agency examples. At the Department of Military Affairs auditors could not confirm that hard drives for 17 IT devices were sanitized before disposal. An audit of Prison Rehabilitative Industries and Diversified Enterprises — commonly known as PRIDE — found systemic inventory and procurement-control failures, questioned payments and contracts that did not appear to align with PRIDE's statutory mission. The audit identified unexplained inventory write-downs, apparently inadequate vendor selection documentation for expenses exceeding $6.3 million, and questioned excess payments to a vendor of roughly $450,000.

At Citizens Property Insurance Corporation the audit team found that authorized premiums for 2021–22 were about $2.8 billion less than the premiums that would have resulted from actuarially determined rates that include the cost of reinsurance for a 1-in-100-year storm; Tracy said the discrepancy reflected a divergence between actuarial recommendations and what Citizens actually collected and recommended legislative engagement on how reinsurance costs should be considered.

Tracy also described concern about oversight in the Office of Public and Professional Guardians at the Department of Elder Affairs: the office did not implement an effective monitoring tool to ensure private professional guardians complied with standards of practice, and the department’s public guardian profiles did not include all substantiated complaints and disciplinary actions as required by state law, reducing public transparency about guardian fitness.

On federal-awards oversight, the single-audit for the 2022–23 fiscal year had 65 findings and more than $4.6 million in questioned costs; examples included Department of Commerce unemployment-insurance eligibility testing with known questioned costs and Department of Health foster-care payments lacking documentation that led to a $73,000 known questioned cost. Tracy said the current cycle appears to have a similar number of findings and potentially higher questioned costs.

Committee members discussed remedies and the audit cadence. Tracy said the State Government Audit Division performs operational audits of each state agency at least once every three years, more often for higher-risk or high‑profile agencies, and that staff will perform follow-up work to assess corrective actions. He also noted the division has an IT audit team that focuses on mission-critical systems and that the office uses software tools, including AI-assisted review capabilities, to help process financial statements in the face of staffing shortages.

Lawmakers pressed for copies of specific reports and said oversight is urgent because many agencies request funding from the Legislature. Representative Henson asked for the Citizens and guardianship reports; Tracy said the office posts audit reports on its website and will work with committee staff to provide specific reports. Senator Wright and others expressed willingness to pursue statutory or funding changes to give auditors better tools or stronger enforcement mechanisms.

Tracy concluded that information-technology control weaknesses are widespread across state government and that targeted, coordinated remedies and improvements in agency governance and recordkeeping will be critical to reducing questioned costs and improving public accountability.