Audit Objective
Determine whether the Town Board (Board) ensured the Town of Wolcott’s (Town) information technology (IT) assets were adequately safeguarded.
Key Findings
The Board did not ensure that IT assets were adequately safeguarded. The Board did not:
- Adopt any IT policies or a disaster recovery plan.
- Provide users with cybersecurity awareness training.
- Ensure the financial software, Town Clerk’s software and Justice Court software had the necessary controls to maintain data integrity.
Sensitive IT control weaknesses were communicated confidentially to officials.
Key Recommendations
- Adopt IT policies and a disaster recovery plan.
- Provide cybersecurity awareness training.
- Consider upgrading department software or implement compensating controls for software deficiencies.
Town officials generally agreed with our recommendations and indicated they plan to initiate corrective action.