Upbeat GERS Audit Offers Light Recommendations

GERS auditors found some cybersecurity concerns in an otherwise largely upbeat appraisal. (Screenshot of slide presentation from SBC and Company)

An independent audit firm found no fraud or significant systemic weaknesses in the U.S. Virgin Islands Government Employees’ Retirement System but did make a few soft recommendations Monday.

Representatives of the Maryland-based auditing firm SBC and Company told the GERS board that, while ferreting out fraud or managerial misrepresentations was not the purpose of their inquiry of 2021 activity, it was not uncommon for such issues to arise during a deep dive into the books.

They suggested GERS invest in cybersecurity and resiliency in case the program’s systems were compromised.

“Lack of a disaster recovery plan may lead to inefficient or ineffective recovery if a disaster should occur and cause a disruption of operations,” the auditors reported. “… Appropriate cyber security preparedness will help to mitigate risk associated with a breach in the network, disruption to operations, or loss/theft of data.”

The auditors also recommended developing procedures to periodically scan for vulnerabilities and timelines for fixes based on their severity. GERS should consider cybersecurity insurance, conduct frequent analysis of potential cyber weaknesses, and require annual cybersecurity trainings for all employees with systems access.

Austin Nibbs, the GERS administrator, said cybersecurity trainings were underway.

Elsewhere, the auditors found the long-troubled retirement system to be on positive systemic footing. Cash management, investment accounting and monitoring, risk assessment, communications, billing, and contributions were all looking good, they said.

The audit did recommend improving how revenue from Havensight Mall rentals was recorded in accounting ledgers, as well as more frequent reconciliations of the system’s various books — mortgage and personal loans, financial reporting, and more.