A “critical flaw” in Ohio’s process for grading medical marijuana grow applications could have allowed a state employee to change scores or manipulate other documents, the state auditor’s office found.
Two Ohio Department of Commerce employees had unlimited access to the online accounts of more than 20 application reviewers and associated documents, according to Auditor Dave Yost’s office. The employees also created and managed passwords for the application reviewers, who were only granted access to certain parts of the application.
In a Feb. 6 letter to Commerce Director Jacqueline Williams, Yost wrote that the weakness could have allowed an employee to log in as a reviewer and change scores. The “weakness,” as Yost refers to it, means auditors can’t tell whether a record was revised by an application reviewer or someone else logging in as the reviewer.
“Because of this critical flaw in the procedure’s design, neither this office, nor the public, can rely upon the cultivator application results,” Yost wrote in the letter, which was obtained by cleveland.com through a public records request.
Williams disputed that sentence but did not address the password weakness in a reply letter dated Friday that the department provided in response to questions from cleveland.com.