Ohio auditor finds flaw in medical marijuana business license scoring process

A “critical flaw” in Ohio’s process for grading medical marijuana grow applications could have allowed a state employee to change scores or manipulate other documents, the state auditor’s office found.

Two Ohio Department of Commerce employees had unlimited access to the online accounts of more than 20 application reviewers and associated documents, according to Auditor Dave Yost’s office. The employees also created and managed passwords for the application reviewers, who were only granted access to certain parts of the application.

In a Feb. 6 letter to Commerce Director Jacqueline Williams, Yost wrote that the weakness could have allowed an employee to log in as a reviewer and change scores. The “weakness,” as Yost refers to it, means auditors can’t tell whether a record was revised by an application reviewer or someone else logging in as the reviewer.

“Because of this critical flaw in the procedure’s design, neither this office, nor the public, can rely upon the cultivator application results,” Yost wrote in the letter, which was obtained by cleveland.com through a public records request.

Williams disputed that sentence but did not address the password weakness in a reply letter dated Friday that the department provided in response to questions from cleveland.com.

Read the rest of the article here.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s