COLUMBUS, Ohio — A “critical flaw” in Ohio’s process for grading medical marijuana grow applications could have allowed a state employee to change scores or manipulate other documents, the state auditor’s office found.
Two Ohio Department of Commerce employees had unlimited access to the online accounts of more than 20 application reviewers and associated documents, according to Auditor Dave Yost’s office. The employees also created and managed passwords for the application reviewers, who were only granted access to certain parts of the application.
In a Feb. 6 letter to Commerce Director Jacqueline Williams, Yost wrote that the weakness could have allowed an employee to log in as a reviewer and change scores. The “weakness,” as Yost refers to it, means auditors can’t tell whether a record was revised by an application reviewer or someone else logging in as the reviewer.
“Because of this critical flaw in the procedure’s design, neither this office, nor the public, can rely upon the cultivator application results,” Yost wrote in the letter, which was obtained by cleveland.com through a public records request.
Williams disputed that sentence but did not address the password weakness in a reply letter dated Friday that the department provided in response to questions from cleveland.com.
“My fear is that this statement could be misinterpreted to imply there is evidence of improper conduct in the awarding of Level I cultivator provisional licenses,” Williams wrote. “I therefore respectfully request that you take the statement out of your interim communication.”
Yost declined Monday to discuss the finding further.
The commerce department announced in November that provisional cultivator licenses would be issued to 24 companies statewide — 12 large-scale growers and 12-small scale growers.
Yost’s office began reviewing the application review process after reports that the department didn’t know one scoring consultant had a felony