City of Watertown – Information Technology (2017M-184)

Issued Date
December 01, 2017

Purpose of Audit

The purpose of our audit was to determine whether City officials adequately safeguarded personal, private and sensitive information on City servers and in its financial system for the period July 1, 2015 through April 5, 2017.

Background

The City of Watertown is located in Jefferson County and is governed by an elected five-member Council. General fund budgeted appropriations for the 2016-17 fiscal year totaled $42 million.

Key Findings

  • The Council did not adopt policies and City officials did not implement effective procedures for granting, revoking, modifying and monitoring access rights to the City’s network and financial system.
  • The Council has not adopted adequate information technology (IT) security policies and City officials do not have formal procedures to address disaster recovery, disposal of electronic devices, data back up and password security management.
  • The Council did not ensure cybersecurity awareness training was provided to personnel who use City IT resources.

Key Recommendations

  • Adopt written IT policies and procedures to address individual access rights, disaster recovery, backups, disposal of electronic devices and password security management.
  • Provide IT cybersecurity awareness training to personnel who use City IT resources.