Audit proposes culture changes at Oregon Dept. of Revenue
SALEM, Ore. (AP) – A state audit has recommended changes to workplace culture at the Oregon Department of Revenue after employees reported low morale and unclear direction.
The Statesman Journal reports the Oregon Secretary of State’s Office released the audit Wednesday, recommending the agency works to improve internal communications and create an accountability framework with clear expectations and feedback about employee performance.
Auditors surveyed employees, who said they felt undervalued and had frustrations about an “increased emphasis on outcome metrics.”
According to the audit, employees also reported episodes of “demeaning comments and yelling” between management and workers.
Department deputy director Satish Upadhyay says the agency agrees with the recommendations and will look for the “best ways to communicate with staff and appropriately involve them in decisions.”
The department employs about 933 full-time workers.
—
It was one of two audits on the dpartment released Wednesday by Secretary of State Dennis Richardson. Here’s the first of two news releases:
Audit of Organizational Culture and Customer Service at the Department of Revenue SALEM, OR — Today, Secretary of State Dennis Richardson released an audit of the Department of Revenue’s (DOR) organizational culture and customer service efforts. The audit found that the agency could improve its performance by incorporating values of a collaborative culture, including robust internal communications, an effective accountability framework, and a comprehensive feedback process. Auditors also found the agency has taken positive steps to address customer service challenges.
The full findings are outlined in the Secretary of State’s report entitled: “Enhancing Organizational Culture and Addressing Customer Service Challenges Will Optimize Agency Performance.”
Organizational culture is key to shaping how DOR employees interact with one another and how they achieve the agency’s mission and objectives. DOR staff and management identified a desire to shift towards a more collaborative agency culture and shared perspectives on how the culture can be enhanced to meet their needs. This shift would have a positive impact on the agency’s customer service work.
Organizational culture is difficult to assess and measure, but generally includes the basic assumptions and beliefs that are shared by members of an organization. Auditors pioneered a new audit methodology to assess culture using an internationally-recognized survey tool and focus groups. As a result of this work, auditors found employees want clear communications about significant changes in their work and the agency’s vision and direction. Employees also would like more accountability among all levels; a better relationship between management and staff; a comprehensive feedback process that informs staff of the status of their submitted ideas; and respectful, professional and supportive relationships in the workplace.
“As the agency responsible for handling our tax dollars, it is crucial that DOR be able to perform to the best of its ability,” said Secretary of State Dennis Richardson. “This audit provides a roadmap for DOR to bring its culture into better alignment, which in turn will optimize the agency’s performance.”
DOR went through major changes in the last few years, including several changes in leadership and the implementation of an essential and expansive information technology system. This audit was one of several reviews and assessments directed by the legislature.
Auditors used the Organizational Culture Assessment Instrument to survey DOR employees about the agency’s current and preferred culture. This instrument has been used by 10,000 companies and non-profit organizations worldwide in order to better understand their current culture and determine how to make changes that will result in improved employee and organizational performance. Auditors supplemented the survey with 17 focus group sessions comprised of 137 employees at different levels within the agency, from line staff to executive leadership.
Auditors also gathered extensive research that supported the theory behind the survey tool –that when an organization’s culture reflects the one preferred by its employees, performance is optimized in the form of quality products, customer satisfaction, reduced error rates, reduced turnover, improved employee morale, and increased employee engagement.
Auditors also found a dramatic decline in DOR’s overall customer service satisfaction, from a high of 79% in 2013 to a low of 13% in 2016. Some of this decline can be attributed to agency changes and the way in which customer service satisfaction data was gathered. DOR leadership has identified other deficiencies in their customer service work and has started to make improvements. As a result of these efforts, customer satisfaction increased in 2017 and 2018 to 65% and 81% respectively.
Auditors made five recommendations to DOR. These include improving DOR’s internal communications and accountability practices, completing the agency’s employee feedback process, improving the relationship between management and staff, and completing efforts already underway to address customer service challenges.
“DOR leadership was receptive and engaged with the audit team throughout the audit process,” said Audits Director Kip Memmott. “We appreciate their engagement and willingness to use the survey tool in the spirit it was intended, as an opportunity to enhance organizational culture and performance within DOR.”
Read the full audit on the Secretary of State website.
—
Audit of Department of Revenue Cybersecurity Controls SALEM, OR — The Oregon Department of Revenue (DOR) should take steps to improve its information security controls, according to an audit released today by the Secretary of State. The findings are outlined in the report entitled: “Oregon Department of Revenue: Cybersecurity Controls Assessment.”
Recognizing cybersecurity as a growing concern for both the private and the public sector, the Secretary of State’s Audits Division has developed a repeatable audit program to evaluate cybersecurity risks and provide a high-level view of the current state of an agency’s cybersecurity environment. The evaluation measures an agency’s level of implementation for the six basic controls defined by the Center for Internet Security, otherwise known as CIS Controls™, as well as a high-level evaluation of the agency’s security management program. According to the Center for Internet Security, these six basic controls should be implemented in every organization for essential cyber defense readiness.
The assessment of DOR’s controls found that the agency should update its security management program and strengthen controls in all six CIS Control areas. Under the state’s newly centralized security model, DOR plans to work with the Office of the State Chief Information Security Officer to strengthen areas such as hardware and software inventory controls, policies for scanning server and workstation configurations, and security and event logging and monitoring.
“Cybersecurity is an important topic in today’s information landscape,” said Secretary of State Dennis Richardson. “All state agencies need to ensure every reasonable action is being taken to protect private information from unauthorized access.”
The report provides assessment results as a series of graphs depicting whether a particular control is not implemented, partially implemented, or fully implemented. DOR has at least partially implemented the controls in most areas assessed.
Specifically, auditors found:
DOR has implemented an appropriate security management program, but associated plans and procedures need to be updated to reflect current staffing levels and reorganization of statewide security. DOR lacks specific policies and fully automated controls for inventory management, vulnerability management, control of administrative accounts, configuration change management, and audit logging processes.
The audit recommended improvements in these areas, mainly focused on updating policy statements and improving automation of the controls.
Read the full audit on the Secretary of State website.
