Information Technology General Controls - November 2010
IT General Controls Audit
Released November 2010 Download the Full Report here Download highlights here We undertook this audit because prior audits identified problems with specific information system applications. The city’s chief information officer also expressed concerns about inadequate staffing, risks to network security, and lack of disaster recovery and business continuity plans. |
We found:
- Areas where policies were inadequate
- The department lacks disaster recovery and business continuity plans
- The department lacks procedures to monitor security logs
- The department does not know what regulatory requirements it must follow
- Control for changes to city systems were not always followed
- Numerous employees who no longer work for the city retained access to Oracle and the network
- Omissions and errors in the department's staffing analysis overstated staffing needs in some areas and understated in others
- 11 of 16 previously issued recommendations had been implemented