Audit Objective
Determine whether Town of Ulysses (Town) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.
Key Findings
Town officials did not ensure IT systems were adequately secured and protected against unauthorized use, access and loss.
- The Board did not adopt adequate written IT policies or a written IT contingency plan.
- Officials did not adequately manage local user accounts.
- The Board did not enter into a written service level agreement with the Town’s IT service provider. Sensitive IT control weaknesses were communicated confidentially to officials.
Key Recommendations
- Adopt comprehensive written IT policies, including a written IT contingency plan.
- Regularly review local user accounts and disable those that are unnecessary.
- Enter into a written service level agreement with the Town’s IT service provider.
Town officials agreed with our recommendations and indicated they planned to initiate corrective action.