Town of Hunter - Information Technology (2018M-262)

Issued Date
May 24, 2019

[read complete report - pdf]

Audit Objective

Determine whether Town officials ensured the Town’s information technology (IT) system was adequately secured and protected against unauthorized use, access and loss.

Key Findings

The Board has not:

  • Adopted IT policies and procedures for disaster recovery, backups and breach notification.
  • Provided IT security awareness training.
  • Ensured that IT hardware and software inventories are up-to-date.

In addition, sensitive IT control weaknesses were communicated confidentially to Town officials.

Key Recommendations

Adopt a disaster recovery plan, backup procedures and a breach notification policy.

Ensure that:

  • All personnel receive IT security awareness training.
  • IT hardware and software inventories are up-to-date.

Town officials generally agreed with our recommendations and indicated they planned to initiate corrective action.