Oregon’s cannabis market has been scrutinized over the past year and with the recent release of a state cannabis audit, scrutiny of the state’s cannabis tracking and licensing systems has intensified.
On Feb. 7, 2018, Oregon Secretary of State Dennis Richardson released a 22-page audit of the Oregon Liquor Control Commission. The audit, titled “Cannabis Information Systems Properly Functioning but Monitoring and Security Enhancements are Needed,” focuses on the potential for compliance violations, issues with cannabis vendors and application management, weaknesses in the IT Security Management Program and the need for disaster recovery planning and backup media testing.
“We identified several weaknesses associated with OLCC’s new IT systems used for marijuana licensing and tracking. They include data integrity and maturity issues, and insufficient processes for managing marijuana computer programs and vendors,” the auditors wrote in the report. “Until these issues are resolved, the agency may not be able to detect noncompliance or illegal activity occurring in the recreational marijuana program.”
According to the auditors, self-reported data from cannabis businesses, irregular weight measurement systems, permitting untracked cannabis inventory within a business’s first 90 days of operation, inadequate data quality in the Cannabis Tracking System and a lack of trained inspectors for on-site inspections have all combined to increase the odds that the OLCC may not identify possible compliance violations or illegal actions.
Upon the report’s release, the OLCC issued a response, acknowledging the accuracy of the report and how it plans to fix the issues identified by the auditors.
“We are constantly evaluating ways to improve our systems, and are taking prompt action to prioritize the staff time and resources necessary to move us into better compliance with audit recommendations and state protocols,” said Steve Marks, OLCC Executive Director, in a press release.
“Bringing in high level IT management and addressing IT security protocols will do more than just stabilize the agency’s IT infrastructure, it will enable us to better maximize the value of longer term IT modernization initiatives,” Marks added.
The OLCC expects to have a majority of the security issues resolved by August 2018.