Audit Objective
Determine whether Town officials adequately safeguarded information technology (IT) resources.
Key Findings
Town officials have not:
- Established appropriate policies and procedures to safeguard IT resources.
- Implemented strong access controls over user accounts and have not disabled unnecessary accounts.
- Formalized a contract describing specific services to be provided by the Town’s third-party IT vendor.
In addition, we communicated sensitive IT control weaknesses confidentially to Town officials.
Key Recommendations
- Adopt policies and procedures for safeguarding IT resources.
- Implement strong access controls, in part, by disabling unnecessary user accounts.
- Develop a service level agreement with the third-party vendor to address the Town’s specific needs and expectations for IT services.
Town officials generally agreed with our recommendations and have initiated, or indicated they planned to initiate, corrective action.