The Legislative Audit Bureau makes 14 recommendations in report 23-22 to the Department of Administration and 14 recommendations to UW System Administration in report 23-23.

Recommendations to the Department of Administration

Telework Policies (p. 7)

We recommend the Department of Administration:  

1. biennially obtain from each agency an alternative work pattern plan, as required by s. ER 42.03, Wis. Adm. Code; (p. 13)
2. either review and approve each alternative work pattern plan or execute written agreements with agencies to delegate this responsibility, as required by s. ER 42.05, Wis. Adm. Code, and statutes; (p. 13)
3. monitor and evaluate each agency’s progress toward achieving its alternative work pattern goals and objectives, as required by s. ER 42.06, Wis. Adm. Code; (p. 13)

Telework in Executive Branch Agencies (p. 15)

 We recommend the Department of Administration:

4. require supervisors to document in writing their reviews of all telework agreements at least annually; (p. 20)
5. require agencies either to provide written documentation to justify the travel reimbursements we question or require the employees to repay the unallowable travel reimbursements; (p. 28)
6. review the State’s expenditure data to determine whether additional employees may have been reimbursed for unallowable travel costs, and then require the repayment of any unallowable reimbursements that are identified; (p. 28)
7. create written policies requiring agencies to maintain accurate and up-to-date headquarters information in the State’s human resources system; (p. 28)

Space Management (p. 29)

We recommend the Department of Administration:  

8. require all agencies to provide it with accurate information on the extent to which employees work in the office; (p. 46)
9. ensure all agencies follow DOA’s office space standards and assign workstations only to employees who typically work in the office at least three days per week, or require agencies to document why employees who typically work in the office less frequently are assigned workstations; (p. 46)
10. independently assess information provided by agencies that are planning to consolidate their office space; (p. 46)
11. help agencies to determine the amount and types of office space to request; (p. 46)

IT Risk Management (p. 47)

We recommend the Department of Administration:  

12. comply with s. 16.971 (2) (a), Wis. Stats., by developing and executing a plan to oversee and monitor state agency compliance with the State of Wisconsin IT Security Policy Handbook and work with state agencies to achieve compliance in a timely manner when noncompliance is identified; (p. 49)
13. develop and execute plans to address the 35 specific concerns we identified related to data classification and encryption, security awareness, identification and authentication, and audit logging; (p. 49) and

Audit Follow-Up Reporting 

14. We recommend the Department of Administration report to the Joint Legislative Audit Committee by March 1, 2024, on its efforts to implement all of these recommendations.

Recommendations to UW System Administration

Telework Policies (p. 7)

We recommend the University of Wisconsin System Administration:  

1. modify its telework policies to require all University of Wisconsin institutions, except the University of Wisconsin-Madison, to consider an employee’s work performance when determining eligibility to telework; (p. 11)
2. modify its telework policies to require all University of Wisconsin institutions, except the University of Wisconsin-Madison, to consider an employee’s job characteristics when determining eligibility to telework; (p. 11)
3. modify its telework policies to specify whether University of Wisconsin employees, other than those at the University of Wisconsin-Madison, are permitted to telework outside of the U.S. and the circumstances, if any, in which such telework is permitted; (p. 13)

Telework in UW System (p. 15)

 We recommend the University of Wisconsin System Administration:

4. ensure University of Wisconsin supervisors document in writing their reviews of all telework agreements at least annually; (p. 24)
5. comply with its policies by ensuring all of its own employees who telework at least one day per month have agreements; (p. 26)
6. ensure its employees do not regularly telework more frequently than permitted by their telework agreements; (p. 27)
7. work with University of Wisconsin institutions to ensure that all University of Wisconsin employees who regularly telework have agreements that permit them to do so; (p. 33)
8. require University of Wisconsin institutions, including the University of Wisconsin-Madison, either to provide written documentation to justify the travel reimbursements we question or require the employees to repay the unallowable travel reimbursements, and it should do the same for its own employees; (p. 35)
9. review its expenditure data to determine whether additional employees may have been reimbursed for unallowable travel costs, and then require the repayment of any unallowable reimbursements that are identified; (p. 35)
10. require University of Wisconsin institutions, including the University of Wisconsin-Madison, to maintain accurate and up-to-date headquarters information in its human resources system; (p. 35)

Space Management (p. 37)

We recommend the University of Wisconsin System Administration:  

11. work with the Board of Regents to develop an office space consolidation plan; (p. 46)
12. work with the Board of Regents to require University of Wisconsin institutions, including the University of Wisconsin-Madison, to collect accurate information on the extent to which employees work in the office; (p. 46)

IT Risk Management (p. 4)

We recommend the University of Wisconsin System Administration:  

13. develop and execute plans to address the eight specific concerns we identified related to security awareness, identification and authentication, and audit logging; (p. 49) and

Audit Follow-Up Reporting 

14. We recommend the University of Wisconsin System Administration report to the Joint Legislative Audit Committee by March 1, 2024, on its efforts to implement all of these recommendations.