Skip to main content

"Serious deficiencies" in County information security

The County Auditor informed the Board of "serious deficiencies" in information security. The CAO acknowledged deficiencies and agreed with the Auditor's recommendations. The report was delayed by the County's seizure of confidential Auditor files.
Media release

County Auditor John Hutzler informed the Board of County Commissioners on December 6 of "serious deficiencies" in County information security controls. County Administrator Tanya Ange acknowledged those deficiencies and promised to implement the Auditor's recommendations by November 2023. To protect County information systems, the Auditor omitted details of control weaknesses from his public report, including them instead in confidential reports provided through County Counsel.

Release of the Auditor's report was significantly delayed by the County's seizure of the Auditor's confidential files. After seven months, and only under threat of litigation from its independent, elected County Auditor, the County Administrator returned control of those files to the Auditor, making it possible for him to present his findings to the Board and the public. "I can only hope that County Administration took advantage of its delay to address the serious deficiencies we found during our 2021 examination," Auditor Hutzler said.

The report "Auditor Review of Information Security" and the text of the Auditor's comments to the County Commissioners are available on the Auditor's webpage at

Back to top