Town of Washington – Information Technology (2013M-164)

Issued Date
August 16, 2013

Purpose of Audit

The purpose of our audit was to examine the Town’s internal controls over information technology (IT) for the period January 1, 2012, to December 31, 2012.

Background

The Town of Washington is located in Dutchess County and has a population of approximately 4,800. The Town Board is comprised of the Town Supervisor and four Board members. The 2013 budget for the general fund was approximately $1.17 million.

Key Findings

  • The Board did not adopt a comprehensive IT security plan or a disaster recovery plan. Without a proper IT security plan and a disaster recovery plan in place there is an increased risk that Town data, hardware and software systems may be lost or damaged by unauthorized access and use, or disaster.
  • The Board has not adopted a breach notification policy. By failing to adopt an information breach notification policy, in the event that private information is compromised, Town officials and employees may not understand or be prepared to fulfill their legal obligation to notify affected individuals.

Key Recommendations

  • Develop a comprehensive IT security plan and update it as necessary. Develop a disaster recovery plan to ensure that in the event of a disaster, the Town will be able to perform essential operations.
  • Adopt a breach notification policy.