A state audit has concluded that the Oregon Lottery should tighten user access to computer data and improve security at employee workstations.
The points were raised in an annual financial audit that the state Audits Division released Wednesday. The audit found no major problems for the year ending in mid-2004 but brought up a few issues that "require management's attention," the audit said.
A letter accompanying the audit said that Oregon Lottery managers should review computer-access rights when responsibilities for an employee are changed or added. This point is similar to one raised in a Nov. 15 audit of the state's computer system.
The letter also said that managers should develop ways to advise employees to secure their workstations from unauthorized access to sensitive or confidential information that they might have on their desks or computer terminals.
The Oregon Lottery runs its own computer system and is not scheduled to be part of the state's consolidated data center.
In addition to annual financial audits, the Oregon Lottery has had audits of its administrative expenses in 2002 and 2003.
The 2002 audit, which questioned more than $750,000 in expenses, led to the resignation of director Chris Lyons a few weeks afterward. The follow-up audit in 2003 concluded that 21 measures taken by Lyons' successor, Brenda Rocklin, had resolved most problems.
To view the latest audit, go to www.sos.state.or.us and click on "Audits Division" and "reports."
Editor's Note: The issue of computer security is one of the many reasons opponents of computerized lottery drawings want all states to conduct their drawings with traditional lottery ball machines. On paper, computers and their security can be made to look impenetrable, but in reality, the frailties of human nature can lead to security holes. When such a security hole is created with computerized drawings, the resulting scam could be difficult or impossible to detect. Please read the Petition for True Lottery Drawings for more information.