OIT audit remediation discrepancy cited; JBC cut IT revolving fund by $10 million
March 19, 2026 | 2026 Legislature CO, Colorado
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
During a Joint Technology Committee oversight hearing, Office of Information Technology Executive Director David Edinger said OIT reported submitting 71 of 77 Eide Bailey audit recommendations as remediated by June 30, 2025, but that the auditor's office later verified only 15 of those items as complete.
"Only 15, not 71 of the 77 were verified by the auditor's office as complete," Edinger said, and he said committee members and OIT staff would discuss the details at a confidential session with the legislative audit committee the following week.
Edinger also told the committee the Joint Budget Committee voted earlier in the week to reduce the IT revolving fund by $10,000,000 for fiscal year 2026–27. He said OIT will report quarterly on the status of the revolving fund and monitor for ramifications, including potential interest expense if the agency must borrow from the treasury to cover accounts payable.
Jill Frasier, OIT's chief information security officer, said OIT's compliance team has been meeting regularly with technical auditors who performed prior IT resilience audits to align expectations and improve transparency going forward.
Committee members pressed OIT on the difference between OIT's reported remediation status and the auditor's verification. Edinger said the discrepancy and other matters will be addressed in detail during the joint audit review scheduled for Wednesday, March 25 at 7:15 a.m. in the old Supreme Court chambers; the meeting will use a confidential portion to discuss audit verification specifics.
The committee requested that OIT return with regular updates on remediation and related cybersecurity metrics. No formal action or vote was recorded at the JTC meeting.
"Only 15, not 71 of the 77 were verified by the auditor's office as complete," Edinger said, and he said committee members and OIT staff would discuss the details at a confidential session with the legislative audit committee the following week.
Edinger also told the committee the Joint Budget Committee voted earlier in the week to reduce the IT revolving fund by $10,000,000 for fiscal year 2026–27. He said OIT will report quarterly on the status of the revolving fund and monitor for ramifications, including potential interest expense if the agency must borrow from the treasury to cover accounts payable.
Jill Frasier, OIT's chief information security officer, said OIT's compliance team has been meeting regularly with technical auditors who performed prior IT resilience audits to align expectations and improve transparency going forward.
Committee members pressed OIT on the difference between OIT's reported remediation status and the auditor's verification. Edinger said the discrepancy and other matters will be addressed in detail during the joint audit review scheduled for Wednesday, March 25 at 7:15 a.m. in the old Supreme Court chambers; the meeting will use a confidential portion to discuss audit verification specifics.
The committee requested that OIT return with regular updates on remediation and related cybersecurity metrics. No formal action or vote was recorded at the JTC meeting.
View the Full Meeting & All Its Details
This article offers just a summary. Unlock complete video, transcripts, and insights as a Founder Member.
✓
Watch full, unedited meeting videos
✓
Search every word spoken in unlimited transcripts
✓
AI summaries & real-time alerts (all government levels)
✓
Permanent access to expanding government content
30-day money-back guarantee
