City of Hornell – Information Technology (2017M-293)

Issued Date
March 23, 2018

Purpose of Audit

The purpose of our audit was to determine whether the City adequately secured and safeguarded its computerized data for the period April 1, 2015 through October 2, 2017.

Background

The City of Hornell is located in Steuben County and has a population of approximately 8,500. The City is governed by a 10-member City Council. Budgeted appropriations for the 2017-18 fiscal year total approximately $13 million.

Key Findings

  • The Council and City officials did not develop adequate information technology (IT) policies and procedures to address acceptable use, sanitization and disposal and breach notification.
  • City officials did not provide IT security awareness training for City employees.
  • The Council did not develop a disaster recovery plan.

Key Recommendations

  • The Council should adopt written IT policies and procedures to address acceptable use, sanitization and disposal and breach notification.
  • The Council should provide users with IT security awareness training to help ensure they understand security measures that protect the network.
  • The Council should adopt a disaster recovery plan to describe how City officials will manage potential disasters that affect the IT system.