Purpose of Audit
The purpose of our audit was to review the Town’s internal controls over information technology (IT) for the period January 1, 2011, to March 31, 2013.
Background
The Town of Salina is located in Onondaga County and has a population of 33,710. The Town is governed by an elected five-member Town Board which comprises the Town Supervisor and four Board members. The Town’s budgeted operating expenditures for the 2013 fiscal year were approximately $14 million.
Key Findings
- The Board has not established policies and procedures related to personal, private and sensitive information (PPSI) and sanitizing computer equipment onsite before disposal.
- The Board has not instituted policies and procedures to protect data resources.
- Town officials do not maintain a complete and accurate computer inventory and have not developed an IT disaster recovery plan.
Key Recommendations
- Adopt formal written policies and procedures to ensure a sound IT environment and to protect PPSI. Establish written policies and procedures to ensure removal of all PPSI data from computers and other electronic equipment prior to reuse or disposal.
- Implement physical security over the unlocked room containing the server and any other rooms with network access.
- Establish a comprehensive inventory policy that clearly defines its objectives concerning the duties, records and procedures required for protecting the Town’s inventory of electronic equipment. Establish a formal disaster recovery plan.