Town of Lancaster - Information Technology (2018M-114)

Issued Date
August 17, 2018

[read complete report - pdf]

Audit Objective

Determine whether the Board ensured Information Technology (IT) assets were properly safeguarded and secured.

Key Findings

  • Town officials have not designed or implemented procedures to monitor compliance with the acceptable use policy or determine the amount of employees’ personal use.
  • Town officials did not maintain an inventory of IT assets.
  • Employees were not provided with IT security awareness training.

In addition, sensitive IT control weaknesses were communicated confidentially to Town officials.

Key Recommendations

  • Ensure the acceptable use policy is distributed to all personnel and monitor IT use.
  • Develop and maintain an inventory of IT assets.
  • Ensure all necessary personnel receive IT security awareness training and that training is provided whenever the IT policies are updated.

Town officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.