A Performance Audit
An Audit Report on Licensing and Permitting Processes of the Industrial Hemp Program at the Department of Agriculture
August 2022
Summary Analysis
The Department of Agriculture (Department) established processes and controls to ensure that the Industrial Hemp Program issued licenses and permits in accordance with applicable requirements. However, auditors identified certain weaknesses within those processes. Specifically:
- Criminal History Checks. The Department has a process to check criminal histories to determine applicants’ eligibility for licenses, as required; however, it did not always maintain documentation to support its decisions for approving or denying licenses. Additionally, the Department did not document when it reviewed updates to criminal histories or whether any new felony convictions were identified during those reviews.
- Application Review. The Department issued the majority of new licenses within 60 days of receipt of a completed application, as required by statute, and collected the required fees for licenses and permits that auditors tested. However, the Department did not always collect the correct fee amount or ensure that applicants provided accurate location information.
Additionally, the Department should strengthen security controls over users’ access to its licensing system to minimize the risk of inadvertent or deliberate alteration or deletion of data.
The Industrial Hemp Program was established by the 86th Texas Legislature with the passage of House Bill 1325, which was enacted in June 2019. That bill authorized the Department of Agriculture (Department) to oversee the production, manufacture, retail sale, and inspection of industrial hemp crops and nonconsumable products in Texas.
The Department began accepting applications for licenses and permits for the Industrial Hemp Program in March 2020. Licenses and permits allow the holder to cultivate or handle hemp within Texas or to transport hemp outside the state.
The Department properly approved 56 (93 percent) of 60 license applications tested, based on the results of applicants’ criminal history checks, as required by statute. In addition, the Department appropriately followed statute when it denied five other applications. However, while the Department was able to (1) document the date and whether an applicant “passed” or “failed” the criminal history check in its licensing system and (2) provide criminal history checks for purposes of the audit for the 56 applications tested, it could not provide documentation to support its approval of the other four applications. Specifically:
- The Department could not provide the results of the criminal history checks for three license applications.
- A criminal history check for the remaining applicant returned an undisclosed criminal charge in another state. The Department could not provide documentation to show how it verified that the criminal offense did not disqualify the applicant.
The Department uses a third-party vendor to identify updates in licensees’ criminal histories. However, the Department did not document when those updates to criminal histories were reviewed or whether any new criminal charges were identified during those reviews. In addition, the Department acknowledged that it did not consistently remove people from its monitoring list whose licenses have expired.
The Department issued the majority of new licenses within 60 days of receiving completed applications. The Department also collected the required fees for licenses and most permits issued.
While the Department's application review process generally ensured that applicants provided a completed application for issuing an industrial hemp license and permit, it did not consistently ensure that applicants provided accurate GPS coordinates for the perimeter of each location where the applicant intended to cultivate or handle hemp, as required by statute.
The Department did not ensure that access rights and security settings for the information systems used by its Industrial Hemp Program complied with its information security standards.
Graphics, Media, Supporting documents