Audit Objective
Determine whether officials ensured the Town’s information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.
Key Findings
Town officials have not:
- Implemented comprehensive procedures for managing, limiting, securing and monitoring user access.
- Monitored compliance with the acceptable use policy, or developed a formal disaster recovery plan.
In addition, sensitive IT control weaknesses were communicated confidentially to Town officials.
Key Recommendations
- Implement strong access controls, in part, by removing or disabling unnecessary local user accounts.
- Enforce the acceptable use policy and adopt a comprehensive disaster recovery plan.
Local officials agreed with our recommendations and indicated they have begun corrective action.