We put the IT in city®

CitySmart Blog

Monday, May 15, 2017
Dave Mims, CEO

Dave MimsEven if your city is not located in Arkansas, it’s still worth noting that the state’s Senate Bill 138 was signed into law by Governor Asa Hutchinson on March 29, 2017. For a quick recap on the law, read our March 8 blog post where we summarized and tracked the law while it was going through the state’s House and Senate.

The passing of this bill is important to cities for a few reasons.

1. Arkansas cities can now lose their charter from non-compliance with IT-related accounting practices.

Arkansas already has a Municipal Accounting Law (§ 14-59) that requires compliance with accounting best practices and includes penalties for non-compliance. But now, Senate Bill 138 adds some teeth to the law by clarifying that not following specific IT-related accounting best practices also constitutes “malfeasance.”

Three key points of the law include:

§ 14-59-117 (a) (1) If the Division of Legislative Audit determines that a municipal treasurer is not substantially complying with this chapter, the division shall report the findings to the Legislative Joint Auditing Committee.
§ 14-62-102 (a)(1) If the Legislative Joint Auditing Committee concludes the process under § 14-59-117 on a municipal corporation, and in the immediately subsequent three-year period the Legislative Joint Auditing Committee concludes the process a second time, the Legislative Joint Auditing Committee may notify the Attorney General and the Governor of its actions.
§ 14-62-102 (b) Upon a finding that the conditions under subsection (a) of this section have been met, the circuit court of the Sixth Judicial Circuit shall revoke the charter of a municipal corporation under this section...

Losing one’s city charter is serious. And now ingrained within Arkansas law, a city must make it part of its accounting best practices to take information technology seriously.

2. While the law applies to application controls, it’s wise to follow all IT best practices recommended by the Arkansas Legislative Audit.

Specifically, the new law applies to application controls listed in the Arkansas Legislative Audit best practices. According to the Arkansas Legislative Audit, application controls “relate to the transactions and data for each computer-based automation system; they are, therefore, specific to each application. Application controls are designed to ensure the completeness and accuracy of accounting records and the validity of entries made.”

Application controls include areas such as data input, data processing, data output, and application-level general controls. However, it will help a city if they follow all the IT best practices listed in their document—including areas such as information systems management, contract / vendor management, network security, wireless networking security, physical access security, logical access security, and disaster recovery / business continuity.

That’s because general IT best practices create the foundation for your application systems technology. Without following general IT best practices, you are likely to create too much risk with your applications. Indirectly, you may find yourself in non-compliance with application controls if you don’t plan, invest, and proactively manage your general information technology.

3. Other states should see Arkansas as a sign of what’s to come—and prepare.

The trend for technology-related security, privacy, and best practices legislation is more, not less. Information technology now holds the crucial role of keeping citizen data private and ensuring that government remains operational even during or after a disaster.

Because government entities—including cities—often don’t spend money on implementing IT best practices even when the danger signs are obvious, laws are getting increasingly passed to ensure accountability and compliance. After Arkansas, it’s likely that other states will pass similar or parallel forms of legislation that hold local governments accountable.

In other words, if you’re not a city in Arkansas then that doesn’t mean you should rest on your laurels. Hold yourself accountable to your citizens and city operations proactively—before your state passes stricter laws like in Arkansas.

Concerned about the state of your information security or compliance with the law? Reach out to us today.