INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT"

Transcription

1 INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT FOLLOW UP REVIEW TO AUDIT OF COURTROOM AUTOMATION Karleen F. De Blaker Clerk of the Circuit Court Ex officio County Auditor Robert W. Melton, CPA*, CIA, CFE Chief Deputy Director Internal Audit Division Prepared by: Deborah Cross-McCray, CIA Internal Auditor Supervised by: Ronald Peters, CIA, CISA Internal Audit Manager DECEMBER 4, 2003 REPORT NO *Regulated by the State of Florida

2 December 4, 2003 The Honorable Karleen F. De Blaker Clerk of the Circuit Court We have conducted a follow-up review to our audit of Courtroom Automation. The objectives of our review were to determine the implementation status of our previous recommendations. Of the 13 recommendations contained in the audit report, we determined that 6 have been implemented, 2 have been partially implemented, and 5 have not been implemented. The status of each recommendation is presented in this follow-up review. We appreciate the cooperation shown by the staff of Court Services Division during the course of our review. Respectfully Submitted, Robert W. Melton, CPA*, CIA, CFE Chief Deputy Director Internal Audit Division *Regulated by the State of Florida

3 Scope and Methodology We have conducted a follow-up review of our audit of Courtroom Automation. The purpose of our follow-up review is to determine the status of our previous recommendations for improvement. The purpose of the original audit was to: 1) review compliance with the Clerk s procurement process for the Contract, 2) evaluate the adequacy of the terms of the agreement to meet the objectives of the project, 3) determine compliance with the contract terms by the parties, 4) evaluate the effectiveness of the development methodology used by the Contractor to produce the functionality of the product to be delivered, 5) assess Court Service management s oversight of the project relating to the process ability to deliver a satisfactory product in a reasonable time frame, 6) confirm the adequacy of application testing and user training for the product. In addition, for the current production environment, 7) ascertain the appropriateness of the ongoing application maintenance, 8) determine the adequacy of the change control procedures and the application documentation to support the product, and 9) determine the appropriateness of the installation of NT Server security, In Court Docketing (ICD) and Microsoft-Sequential Query Language (MS-SQL) logical controls. To determine the current status of our previous recommendations, we conducted interviews with management to determine the actual action taken to implement the recommendations for improvement. We performed limited testing to verify the progress of the recommendations for improvement. Overall Conclusion Of the thirteen recommendations contained in the report; six have been implemented, two have been partially implemented and five have not been implemented. We encourage management to implement the remaining recommendations. Background The Clerk Of The Circuit Court (Clerk) undertook a project to develop and implement an automated solution covering the Clerk s courtroom daily activities. The objective was to improve the time in processing court documents as well as improving the efficiency and effectiveness of the Clerk s operations. The County s Information Technology Department (IT) was not staffed to undertake this type of project and recommended the use of a contractor that had the technical skills for the task. A contract with Innovative Software Solutions (Innovative) was signed in May 1997 to undertake the development project. The project team consisted of CJC operations personnel, IT staff as technical advisors as well as active participants for the mainframe interface segment, and the Contractor, as designer and programmer for the product. Using the input from the County staff, the contractor developed the Courtroom Automation Design Project Findings document that

4 encompassed development methodology, implementation plans, requirements, scope of development, technology platform and critical success factors. The information in the document was used as a blueprint for the Courtroom Automation Project. Adjustments were made when additional information was obtained, or areas of the plan were expanded as the phases were further defined. The project used Rapid Application Development techniques applying modern clientserver facilities. The ICD application was written in Visual Basic and supported by MS- SQL Server database software. The application runs in a NT-Server platform with Windows NT workstations. The deliverables for the application modules, interfaces and utilities were divided into three major phases. Required enhancements for the completed segments were incorporated in the next phase. The project was started May 1997 and completed March 2001.

5 This section reports our follow-up on actions taken by management on the Recommendations for Improvement in our audit of Courtroom Automation. The recommendations contained herein are those of the prior audit, followed by the current status. 1. The Deployment Of NT Server Security Is Inadequate For The ICD Production Environment, And Security Settings Do Not Meet County Standards. Our review of the functionality of the NT Server security for the Clerk s Domain, (CLKCCC) that supports the ICD Application, found non-compliance with IT and best practice standards. A. System-wide user security settings are not set at a level to provide adequate control. Noncompliance to County and best practice standards was present. We noted the following specific concerns regarding Global Account Policies: 1) The users are not required to periodically change their password ( Password Never Expires setting is active). IT standards require a password to be changed every 30 days. 2) The intruder detection security feature for the Domain has the Account Lockout-Lockout After Bad Logon Attempts option set to six attempts before the user-id is disabled by software security. The IT standard setting is three. In addition, the Account Lockout-Reset Count After option was set to 15 minutes, but the IT standard is 30 minutes. The Lockout Duration setting that tells the security software how long (in days-hours-minutes) to accumulate the incorrect login attempt count before resetting the counter to zero was set to 20 minutes. Best practice standards recommend 2-3 days for an automatic lockout duration setting. 3) Users are not required to have Unique Passwords enforced by software or by department policy. IT standards require a secure password containing both letters and numbers and, if available, enforced by software. 4) The setting User Must Log On In Order To Change Password is not active. IT standards require an active setting that limits only the user to change their password. B. Individual user security settings are not required to be set at a level to provide adequate control.

6 1) All the individual user settings are active for Password Never Expires. IT standards require a password to be changed every 30 days. 2) Most individual user settings are active for User Cannot Change Password. The setting is not in compliance with IT standards. It is essential that the user, to help protect password integrity, periodically change passwords. C. The user ID Administrator is not adequately controlled. The user-id is functioning as a Generic log-on used by the LAN-Administrator, IT product programmer, and CJC product administrator as well as Technology Development Center (TDC). There is also an increase in password confidentiality risk present and a need for manual controls when using Generic user-ids. Its use must be strictly controlled and should never be used as a Generic log-on. D. There is inadequate documentation to justify the need for seven user-ids to be members of the Administrators Group. This Group has the same rights as the powerful Administrator account and, therefore, has full access to the system. To minimize risk and enhance controls, Administrators Group members should be maintained at the smallest possible number. E. The membership structure to Groups has redundancies where user-ids are members of lower level Groups but received the same access rights from their membership in higher-level Groups. F. There were two Generic user-ids that are not required but never removed from the user list. In addition there are four System user-ids that are not currently being used. All user-ids were active at the time of the audit. IT standards require inactive user-ids to be disabled or removed. G. The directories and sub-directories access Permissions for the CLKCCC4 server have not been reviewed by management since the access Rights set-up by the Contractor during the development stage. H. One User Right Policy granted to Groups needs to be adjusted. The Right Access This Computer From Network was given to the Everyone Group by default. A new Group should replace Everyone. For this server, the access should be changed to the Domain User Group. I. CJC management has not adequately defined the responsibility for NT Network security. Consequently, TDC has not been able to implement security that would be equivalent to current Novell Network security levels.

7 Recommendation: A & B. User settings that do not comply with IT or best practice standards be changed. Other settings that will become relevant when passwords are required should also comply with the standards, i.e., Minimum Password Length and Password Uniqueness. Management should also consider obtaining a software solution that would permit an interface with the Novell user-id and password. C. Control of the Administrator user-id be turned over to TDC. Any user-ids requiring Administrator Rights should be made a member of a Group that only grants the Rights needed. If required, new Groups should be established to handle the Right assignment. D. The seven user-ids need for Administrator Rights should be evaluated, and only those Rights that are needed should be granted. E. The Group structure be reviewed and any unnecessary redundant memberships removed. F. The Generic and System user-ids not needed be removed from the NT Server user list. G. CJC management review Permissions setup for the server directories. H. The Domain User Group replace the Everyone Group. I. CJC management assign the security responsibilities for the NT Network. The document should be in writing and accepted by TDC before implementation. Status: A&B. Implemented. CJC has installed Novel Account Management software for the NT Network. The software passes through the Novel user ID and password to the NT security software. Therefore, the NT security settings are not be used to control access. There is still a minor risk if a User can gain access to the NT network without going through the Novell Network. Direct access can be obtained through the NT network and print servers maintained at CJC in the Clerks area. Management informed audit that a combination door lock controls access to this room and Management has installed to prevent unauthorized access to the hardware.

8 C. Partially Implemented. Management has established a Group that will have LAN- Administrator rights. The group will permit the User to use their own ID to gain access with LAN-Admin rights. Control of the Administrator User-id has not been turned over to TDC. CJC Management needs the Administrator User-id to log the print services on the network. The Users having the Administrator Userid have been instructed not to use this ID for other for any other network tasks. The risk is still present for CJC staff to use the Administrator User-id without the action being related to one User. D. Implemented. The Administrators Group Users has been reviewed and only the persons needing access are now members. E. Implemented. The Group has been reviewed. Management will keep redundancies if Users perform dual roles. Management thinks this logic will permit ease of maintenance. If a User role changes then that persons User-ID will be removed from that group. Since this was a record keeping issue not an access risk item Audit has no issue with management s resolution. F. Implemented. Unneeded Generic and system User-id s have been removed. Currently one generic User-id is needed for the daily operation. G. Partially Implemented. Management did not formally review the sub-directories located on the NT servers. Some minor changes have been made. Management will make the changes when the Development Server for the NT network application function is installed H. Not Implemented. Management has not addressed this item. I. Implemented. CJC has technically qualified persons with overall security responsibility. 2. The ICD Application Documentation Is Not Adequate To Support Effective Maintenance and Enhancement Of The Product. The ICD application does not have adequate documentation to support the users maintenance and enhancement needs. The contract with Innovative, the vendor who provided the initial software product, only required source code. The contract was deficient in the area of application documentation requirements, as discussed below. The IT department has not set minimum County standards for documentation for applications running in the network server environment. However, in order for the

9 technical support department to maintain and/or enhance the application without technical staffing risk, documentation should include: System diagrams Application flows Program narratives Data flows Data edits that are included in the application SQL data structures Server directory definitions and data content information In some cases the Contractor did supply segments of the above items, but in most cases, the information is no longer current. Recommendation: CJC management request IT to construct a plan to consolidate, evaluate and update the limited documentation supplied by Innovative. After completing the updating, documentation to support the ongoing maintenance as well as user enhancements for the application should be developed. Status: Not Implemented. CJC management has not taken action on this issue. Management informed Audit that the maintenance of the application is under IT. We continue to encourage implementation of our recommendation. 3. The Procurement Of The Innovative Software Solutions Contract Was Not Competitively Offered for Bid. The Clerk s Office granted the contract to Innovative to provide services for the Courtroom Automation Project with no advertisement to solicit bids from other vendors. CJC management stated that Innovative was under contract with the IT Department and worked on existing programs relating to courtroom applications. Since the contractor had experience with the applications and IT was satisfied with their performance, the Clerk s Office decided to offer the new project contract to Innovative. The Clerk s Office Policies and Procedures, Chapter 12, Purchasing, states that all purchases or contracts for goods or services over $20,000 be advertised for bids, and awarded to the lowest and best bid serving the best interest of Pinellas County. The Clerk s Policies offer the ability to have Noncompetitive Purchases, if the goods or services are available from only one source. No documentation was present to support exercising this exemption.

10 Recommendation: The Clerk s Office conduct and document a good faith search for potential vendors before noncompetitive contracts are awarded. Non-competitive bid justification for any contract should be formally documented. Status: Not Implemented. Management has not formally documented justification for the non-competitively bid contract for Advanced Programming Resources. Management indicated this contract was a renewal of a terminating contract under the Board of County Commissioners due to budget cuts and to obtain the original programmer of the in-court docketing application. Although this may be a justifiable reason to non-competitively bid the contract, the Clerk s policies and procedures require documented justification of non-competitively bid contracts. Management indicated in most cases some formal documentation is utilized, but did not document this contract because it was a renewal of an existing contract under the Board of County Commissioners. However, the decision to not seek competition should be justified. 4. Information Relating To Service Rendered Present On The Contractor s Invoices Did Not Comply With Contract Requirements. The Contractor billed the County for a total of 14,055 hours (6.8 man-years) for the Courtroom Automation Project. Invoices did not identify the specific elements of the ICD programs which were being worked on. The billings only contained hours worked by each contractor and their living and air travel expenses. The Innovative Contract, Section 5, Compensation, states, Payments shall be made in accordance with Florida Prompt Payment Act upon the receipt of bimonthly invoices from the Contractor which include date of service by the subcontractors, the nature of the services performed, and the number of hours per subcontractor per day. The invoices did not contain adequate information to permit Court Administration Management to relate hours billed to the status of work completed. Without the ability to relate the task performed to the hours being billed, a key control was eliminated in the oversight of the Contractor s performance and expense verification.

11 Recommendation: Future contracts require detailed invoices to ensure compliance with payment terms. Status: Not Implemented. Invoices submitted for IT services under the current Courtroom Automation project only lists hours worked with no details as to what portion of the project the contractor worked on. 5. Contract Compliance For Insurance Coverage Was Not Properly Monitored. There is no documentation to support Workers Compensation coverage for August 27, 1997 to August 31, 1998 and September 2, 1999 to August 31, In addition, General Liability insurance coverage was not documented for September 2, 1997 to August 31, 1998 and September 2, 1999 to August 31, For the remaining contract time frame, proof of insurance was received from the Contractor. The Innovative Contract, Section 5, Compensation, states, Prior to the time Contractor is entitled to commence any part of the project, work or service under this agreement, Contractor shall procure, pay for and maintain at least the following insurance coverage limits. Said insurance shall be evidenced by delivery to the County of (1) certificate of insurance executed by the insurers listing coverage s and limits, expiration date and terms of polices and all endorsements upon whether or not required by the County, and listing all carriers said policies; and (2) a certified copy of each policy including all endorsements. The Contract required Workers Compensation in at least the limits as required by Florida Law and Comprehensive General Liability. The lack of complete insurance coverage documentation represents poor monitoring of contract requirements and if coverage was not in place, increased County liability issues. Recommendation: Future contracts be closely monitored to ensure compliance with insurance terms. Status: Not Implemented. The current Courtroom Automation IT contract requires the contractor maintain Workers Compensation insurance. No insurance certificate was maintained by the management. Insurance monitoring controls require

12 management to maintain a tickler system that would alert management in advance when an insurance certificate expires and the amount of coverage required by the contract. We did not observe a tickler procedure present to ensure adequate monitoring of active insurance certificates.

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/ Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system

More information

December 2013 Report No. 14-013

December 2013 Report No. 14-013 John Keel, CPA State Auditor An Audit Report on Information and Communications Technology Cooperative Contracts at the Health and Human Services Commission Report No. 14-013 An Audit Report on Information

More information

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 1 Walton Centre Access and Authentication (network) Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 2 Table of Contents Section

More information

Department of Public Utilities Customer Information System (BANNER)

Department of Public Utilities Customer Information System (BANNER) REPORT # 2010-06 AUDIT of the Customer Information System (BANNER) January 2010 TABLE OF CONTENTS Executive Summary..... i Comprehensive List of Recommendations. iii Introduction, Objective, Methodology

More information

Seattle Public Schools The Office of Internal Audit

Seattle Public Schools The Office of Internal Audit seaonly Seattle Public Schools The Office of Internal Audit Capital Internal Audit Report Issue Date: December 16, 2014 Executive Summary Background In accordance with the Capital Risk Assessment and Audit

More information

Distribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr.

Distribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr. Distribution: Sheryl L. Sculley, City Manager Gloria Hurtado, Assistant City Manager Ben Gorzell, Chief Financial Officer Dr. Thomas Schlenker, Director, San Antonio Metropolitan Health District Robert

More information

KAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls

KAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller AUDIT OF Human Capital Management System (HCMS) Application Controls Audit Services Karen E. Rushing Clerk of the Circuit Court and County

More information

AUDIT REPORT 2013/024

AUDIT REPORT 2013/024 INTERNAL AUDIT DIVISION AUDIT REPORT 2013/024 Audit of air travel activities and related practices at UNON Overall results relating to efficient and effective management of travel services were assessed

More information

Audit Follow-Up Status As of September 30, 2015

Audit Follow-Up Status As of September 30, 2015 Audit Follow-Up Status As of September 30, 2015 Active Directory T. Bert Fletcher, CPA, CGMA City Auditor (Report #1210 issued June 19, 2012) Report #1603 January 11, 2016 Summary This is the third follow-up

More information

Information System Audit Report Office Of The State Comptroller

Information System Audit Report Office Of The State Comptroller STATE OF CONNECTICUT Information System Audit Report Office Of The State Comptroller AUDITORS OF PUBLIC ACCOUNTS KEVIN P. JOHNSTON ROBERT G. JAEKLE TABLE OF CONTENTS EXECUTIVE SUMMARY...1 AUDIT OBJECTIVES,

More information

THIS PAGE INTENTIONALLY BLANK

THIS PAGE INTENTIONALLY BLANK BOARD OF COUNTY COMMISSIONERS OFFICE OF THE COMMISSION AUDITOR M E M O R A N D U M TO: FROM: Honorable Chairman Jean Monestime, and Members, Board of County Commissioners Charles Anderson, CPA Commission

More information

FOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. 08-04-107F. City of Albuquerque Office of Internal Audit and Investigations

FOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. 08-04-107F. City of Albuquerque Office of Internal Audit and Investigations FOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. City of Albuquerque Office of Internal Audit and Investigations City of Albuquerque Office of Internal Audit and Investigations P.O. BOX 1293 ALBUQUERQUE,

More information

Security and Control Issues within Relational Databases

Security and Control Issues within Relational Databases Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

PeopleSoft IT General Controls

PeopleSoft IT General Controls PeopleSoft IT General Controls Performance Audit December 2009 Office of the Auditor Audit Services Division City and County of Denver Dennis J. Gallagher Auditor The Auditor of the City and County of

More information

NETWRIX IDENTITY MANAGEMENT SUITE

NETWRIX IDENTITY MANAGEMENT SUITE NETWRIX IDENTITY MANAGEMENT SUITE FEATURES AND REQUIREMENTS Product Version: 3.3 February 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute

More information

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Server Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to

More information

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT

INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT INTERNAL AUDIT DIVISION CLERK OF THE CIRCUIT COURT FOLLOW-UP REVIEW TO AUDIT OF COLLECTIONS AND ENFORCEMENT OF COURT FINES AND COSTS Ken Burke, CPA Clerk of the Circuit Court Ex officio County Auditor

More information

We would like to extend our appreciation to the staff that assisted us throughout this audit. Attachment

We would like to extend our appreciation to the staff that assisted us throughout this audit. Attachment Date: June 25, 2014 To: Brenda S. Fischer, City Manager From: Candace MacLeod, City Auditor Subject: Audit of Glendale Fire Department s Payroll Process The City Auditor s Office has completed an audit

More information

REPORT 2016/035 INTERNAL AUDIT DIVISION

REPORT 2016/035 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2016/035 Audit of the use of consultants and individual contractors in the United Nations Stabilization Mission in Haiti Overall results relating to the effective hiring

More information

December 2014 Report No. 15-017. An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission

December 2014 Report No. 15-017. An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission John Keel, CPA State Auditor An Audit Report on The Telecommunications Managed Services Contract at the Health and Human Services Commission Report No. 15-017 An Audit Report on The Telecommunications

More information

Data Stored on a Windows Computer Connected to a Network

Data Stored on a Windows Computer Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Computer Connected to

More information

INTERNAL AUDIT REPORT. Review of Software Change Management. Fairfax County Internal Audit Office

INTERNAL AUDIT REPORT. Review of Software Change Management. Fairfax County Internal Audit Office INTERNAL AUDIT REPORT Review of Software Change Management FAIRFAX COUNTY, VIRGINIA INTERNAL AUDIT OFFICE M E M O R A N D U M TO: Anthony H. Griffin DATE: May 2, 2002 County Executive FROM: SUBJECT: Ronald

More information

4.06 Consulting Services

4.06 Consulting Services MANAGEMENT BOARD SECRETARIAT AND MINISTRIES OF THE ENVIRONMENT, FINANCE, HEALTH AND LONG-TERM CARE, NATURAL RESOURCES, AND COMMUNITY SAFETY AND CORRECTIONAL SERVICES 4.06 Consulting Services (Follow-up

More information

Automating Compliance Reporting for PCI Data Security Standard version 1.1

Automating Compliance Reporting for PCI Data Security Standard version 1.1 PCI Compliance Reporting Solution Brief Automating Regulatory Compliance and IT Best Practices Reporting Automating Compliance Reporting for PCI Data Security Standard version 1.1 The PCI Data Security

More information

Information Technology Internal Controls Part 2

Information Technology Internal Controls Part 2 IT Controls Webinar Series Information Technology Internal Controls Part 2 Presented by the Arizona Office of the Auditor General October 23, 2014 Part I Overview of IT Controls and Best Practices Part

More information

KAREN E. RUSHING. Audit of Purchasing Card Program

KAREN E. RUSHING. Audit of Purchasing Card Program KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller Audit of Purchasing Card Program Audit Services Jeanette L. Phillips, CPA, CGFO, CIG Director of Internal Audit and Inspector General

More information

Competitive Bid Request for Proposal Re-Keying Project Fairfield & Alfond Campuses

Competitive Bid Request for Proposal Re-Keying Project Fairfield & Alfond Campuses Competitive Bid Request for Proposal Re-Keying Project Fairfield & Alfond Campuses 1.0 Overview and Objectives Kennebec Valley Community College (KVCC) is requesting proposals from experienced and qualified

More information

Audit Follow-Up. Active Directory. Status As of February 28, 2015. Summary. Report #1508 April 20, 2015

Audit Follow-Up. Active Directory. Status As of February 28, 2015. Summary. Report #1508 April 20, 2015 Audit Follow-Up Status As of February 28, 2015 Active Directory T. Bert Fletcher, CPA, CGMA City Auditor (Report #1210 issued June 19, 2012) Report #1508 April 20, 2015 Summary This is the second follow

More information

Vendor Questionnaire

Vendor Questionnaire Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining

More information

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452

Mecklenburg County Department of Internal Audit. PeopleSoft Application Security Audit Report 1452 Mecklenburg County Department of Internal Audit PeopleSoft Application Security Audit Report 1452 February 9, 2015 Internal Audit s Mission Through open communication, professionalism, expertise and trust,

More information

South Northamptonshire Council

South Northamptonshire Council South Northamptonshire Council Windows Active Directory Final Internal Audit Report - September Distribution list: Mike Shaw IT & Customer Services Manager David Price Director of Community Engagement

More information

Maryland Insurance Administration

Maryland Insurance Administration Audit Report Maryland Insurance Administration June 2011 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence are

More information

General Computer Controls

General Computer Controls 1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems

More information

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft- Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page

More information

April 2010. promoting efficient & effective local government

April 2010. promoting efficient & effective local government Department of Public Works and Environmental Services Department of Information Technology Fairfax Inspections Database Online (FIDO) Application Audit Final Report April 2010 promoting efficient & effective

More information

Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for Open Systems

Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for Open Systems Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for Open Systems The Payment Card Industry has a published set of Data Security Standards to which organization s accepting and

More information

Department of Veterans Affairs

Department of Veterans Affairs Audit Report Department of Veterans Affairs December 2013 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence

More information

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,

More information

Office of the City Auditor. Audit Report. AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS (Report No. A08-010 ) May 2, 2008.

Office of the City Auditor. Audit Report. AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS (Report No. A08-010 ) May 2, 2008. CITY OF DALLAS Dallas City Council Office of the City Auditor Audit Report Mayor Tom Leppert Mayor Pro Tem Dr. Elba Garcia Deputy Mayor Pro Tem Dwaine Caraway AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS

More information

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint

More information

Information Technology Operational Audit

Information Technology Operational Audit REPORT NO. 2012-028 NOVEMBER 2011 AGENCY FOR WORKFORCE INNOVATION UNEMPLOYMENT INSURANCE PROGRAM Information Technology Operational Audit DIRECTOR OF THE AGENCY FOR WORKFORCE INNOVATION Pursuant to Section

More information

INFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION. Information Technology Operational Audit

INFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION. Information Technology Operational Audit REPORT NO. 2015-017 SEPTEMBER 2014 INFORMATION TECHNOLOGY CONTROLS OF SELECTED SYSTEMS UTILIZED BY THE CITIZENS PROPERTY INSURANCE CORPORATION Information Technology Operational Audit CITIZENS PROPERTY

More information

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers

June 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information

More information

Data Stored on a Windows Computer Connected to a Network

Data Stored on a Windows Computer Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Computer Connected to

More information

ICT USER ACCOUNT MANAGEMENT POLICY

ICT USER ACCOUNT MANAGEMENT POLICY ICT USER ACCOUNT MANAGEMENT POLICY Version Control Version Date Author(s) Details 1.1 23/03/2015 Yaw New Policy ICT User Account Management Policy 2 Contents 1. Preamble... 4 2. Terms and definitions...

More information

Certified Florida Community Service Provider (CFCSP)

Certified Florida Community Service Provider (CFCSP) Certified Florida Community Service Provider (CFCSP) APPLICANT INFORMATION Thank you for your interest in becoming a Certified Florida Community Service Provider (CFCSP) and member of Florida Community

More information

PRIVACY IMPACT ASSESSMENT

PRIVACY IMPACT ASSESSMENT Name of System/Application: LAN/WAN PRIVACY IMPACT ASSESSMENT U. S. Small Business Administration LAN/WAN FY 2011 Program Office: Office of the Chief Information Officer A. CONTACT INFORMATION 1) Who is

More information

Project Management Procedures

Project Management Procedures 1201 Main Street, Suite 1600 Columbia, South Carolina 29201 Project Management Procedures Start Up The grant becomes effective upon return of one copy of the grant award executed by the Chief Executive

More information

University System of Maryland University of Maryland, College Park Division of Information Technology

University System of Maryland University of Maryland, College Park Division of Information Technology Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND

More information

June 2008 Report No. 08-037. An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs

June 2008 Report No. 08-037. An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs John Keel, CPA State Auditor An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs Report No. 08-037 An Audit Report on The Texas Education Agency s Oversight

More information

Implementation of Internal Audit Recommendations: Summary of Progress Report by Head of Finance

Implementation of Internal Audit Recommendations: Summary of Progress Report by Head of Finance Financial Scrutiny and Audit Committee 11 February 2014 Agenda Item No 13 Implementation of Internal Audit : Summary of Progress Report by Finance Summary: This report updates members on progress in implementing

More information

Department of Transportation Office of Transportation Technology Services

Department of Transportation Office of Transportation Technology Services Audit Report Department of Transportation Office of Transportation Technology Services October 2005 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report

More information

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID State of New Jersey Department of Community Affairs Division of Local Government

More information

Missouri State Auditor March 2014 http://auditor.mo.gov Report No. 2014-016

Missouri State Auditor March 2014 http://auditor.mo.gov Report No. 2014-016 Thomas A. Schweich Missouri State Auditor FOLLOW-UP REPORT ON AUDIT FINDINGS City of Marshfield March 2014 Report No. 2014-016 http://auditor.mo.gov Follow-Up Report on Audit Findings Table of Contents

More information

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07 EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all

More information

SECTION 3014 Area Agency on Aging Contract Management Requirements

SECTION 3014 Area Agency on Aging Contract Management Requirements SECTION 3014 Area Agency on Aging Contract Management Requirements POLICY STATEMENT: AAAs shall follow procurement practices established by federal and state laws and regulations in awarding contracts.

More information

Commercial Real Estate. Risk Transfer Suggested Practices. For Commercial Property Owners

Commercial Real Estate. Risk Transfer Suggested Practices. For Commercial Property Owners Commercial Real Estate Risk Transfer Suggested Practices For Commercial Property Owners Common practices, such as leasing space to tenants, contracting for maintenance, repair or other services, or even

More information

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE

MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE IT SYSTEMS COMPLIANCE AND QUALITY ASSURANCE SPECIALIST

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

EXECUTIVE SUMMARY Audit of information and communications technology governance and security management in MINUSTAH

EXECUTIVE SUMMARY Audit of information and communications technology governance and security management in MINUSTAH EXECUTIVE SUMMARY Audit of information and communications technology governance and security management in MINUSTAH OIOS conducted an audit of information and communications technology (ICT) governance

More information

Insurance Administration

Insurance Administration Insurance Administration City of Tulsa Internal Auditing June 2009 Insurance Administration City of Tulsa Internal Auditing Ron Maxwell, CIA, CFE Chief Internal Auditor Phil Wood, CIA, CFA City Auditor

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

Woodward County Emergency Medical Service District

Woodward County Emergency Medical Service District Woodward County Emergency Medical Service District For the period July 1, 2011 through June 30, 2014 Oklahoma State Auditor & Inspector Gary A. Jones, CPA, CFE FOR THE PERIOD JULY 1, 2011 THROUGH JUNE

More information

Citywide Identity Management Follow up Report

Citywide Identity Management Follow up Report Citywide Identity Management Follow up Report July 2015 Office of the Auditor Audit Services Division City and County of Denver Dennis J. Gallagher Auditor The Auditor of the City and County of Denver

More information

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT CONSTRUCTION AUDIT PROGRAM

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT CONSTRUCTION AUDIT PROGRAM GENERAL: Some of the Districts largest capital expenditures are from new construction, facility upgrades, and renovations. A single project can run into the millions of dollars, involving engineering,

More information

STATE OF MINNESOTA GRANT CONTRACT

STATE OF MINNESOTA GRANT CONTRACT STATE OF MINNESOTA GRANT CONTRACT This grant contract is between the State of Minnesota, acting through its Department of Labor and Industry, Apprenticeship Unit ("State") and [FULL NAME AND ADDRESS OF

More information

Walton County Clerk of the Court s Office Fixed Asset Review. Martha Ingle Clerk of the Courts

Walton County Clerk of the Court s Office Fixed Asset Review. Martha Ingle Clerk of the Courts Walton County Clerk of the Court s Office Fixed Asset Review Martha Ingle Clerk of the Courts Internal Audit Department Johnny Street Internal Audit Manager Report 09-02 May 2009 August 3, 2009 Martha

More information

HANDBOOK for INDIVIDUAL SERVICE PROVIDERS

HANDBOOK for INDIVIDUAL SERVICE PROVIDERS HANDBOOK for INDIVIDUAL SERVICE PROVIDERS (Revised 02/13) 2/28/2013 ISP Handbook INDIVIDUAL SERVICE PROVIDERS... 3 Welcome... 3 What Is an ISP?... 3 What Services Can an ISP Provide?... 4 APPLICATION /

More information

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized

More information

NetWrix Privileged Account Manager Version 4.0 Quick Start Guide

NetWrix Privileged Account Manager Version 4.0 Quick Start Guide NetWrix Privileged Account Manager Version 4.0 Quick Start Guide Table of Contents Table of Contents... 2 1. Introduction... 3 1.1. What is NetWrix Privileged Account Manager?... 3 1.2. Licensing... 3

More information

REQUEST FOR PROPOSAL. Ambulance Billing Services

REQUEST FOR PROPOSAL. Ambulance Billing Services REQUEST FOR PROPOSAL Ambulance Billing Services City of Calais (the City ) is requesting proposals from qualified Vendors ( Vendor ) to provide ambulance billing collection, financial reporting, and analytical

More information

C. La Plata County is exempt from all state taxation including state sales and use tax.

C. La Plata County is exempt from all state taxation including state sales and use tax. Informal Bid (Request for Quotes) Drupal Hosting and Development Service Project Number 12-062-2201 Let Date: August 17, 2012 Bid Deadline: 2:00 p.m. August 30, 2012 I. Administrative Information A. La

More information

OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia,

More information

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE 2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology

More information

Netwrix Auditor. Role-Based Access. Version: 7.1 10/27/2015

Netwrix Auditor. Role-Based Access. Version: 7.1 10/27/2015 Netwrix Auditor Role-Based Access Version: 7.1 10/27/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from Netwrix Corporation

More information

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12

Evaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12 Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General

More information

84-01-31 Windows NT Server Operating System Security Features Carol A. Siegel Payoff

84-01-31 Windows NT Server Operating System Security Features Carol A. Siegel Payoff 84-01-31 Windows NT Server Operating System Security Features Carol A. Siegel Payoff This article is designed to provide security administrators with a security checklist for going live with Windows NT.

More information

Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for AIX

Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for AIX Detailed Analysis Achieving PCI Compliance with SkyView Partners Products for AIX The Payment Card Industry has a published set of Data Security Standards to which organization s accepting and storing

More information

OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT. County of San Diego Auditor and Controller

OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT. County of San Diego Auditor and Controller County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA,

More information

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT

OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:

More information

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY

More information

e-governance Password Management Guidelines Draft 0.1

e-governance Password Management Guidelines Draft 0.1 e-governance Password Management Guidelines Draft 0.1 DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S.

More information

Appendix 1 CJC CONTRACT MANAGEMENT POLICIES AND PROCEDURES. Criminal Justice Commission Contract Management Policies and Procedures

Appendix 1 CJC CONTRACT MANAGEMENT POLICIES AND PROCEDURES. Criminal Justice Commission Contract Management Policies and Procedures CJC CONTRACT MANAGEMENT POLICIES AND PROCEDURES SNYOPSIS: The CJC was created by a Palm Beach County ordinance in 1988. It has 21 public sector members representing local, state, and federal criminal justice

More information

IFB 2015-0009 BID SPECIFICATIONS. For COURTHOUSE SECURITY

IFB 2015-0009 BID SPECIFICATIONS. For COURTHOUSE SECURITY IFB 2015-0009 BID SPECIFICATIONS For COURTHOUSE SECURITY April 2015 Facilities Management Division 12A Gateway Circle Hilton Head Island, SC 29926 843-342-4581 TOWN OF HILTON HEAD ISLAND INVITATION FOR

More information

ATTACHMENT A ADMINISTRATIVE MEMORANDUM SELECTION OF INDEPENDENT CONTRACTORS

ATTACHMENT A ADMINISTRATIVE MEMORANDUM SELECTION OF INDEPENDENT CONTRACTORS Environmental Consulting Services for Conducting Groundwater and Landfill Gas Monitoring at the Closed Half Moon Bay and Pescadero Landfills County of San Mateo Department of Public Works Utilities-Flood

More information

SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY

SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY SPECIAL TERMS AND CONDITIONS FOR INFORMATION TECHNOLOGY A. ACCEPTANCE: The College shall commence Acceptance testing within five (5) days, or within such other period as agreed upon. Acceptance testing

More information

Department of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government

Department of Information Technology Remote Access Audit Final Report. January 2010. promoting efficient & effective local government Department of Information Technology Remote Access Audit Final Report January 2010 promoting efficient & effective local government Background Remote access is a service provided by the county to the Fairfax

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Department of Legislative Services Office of Legislative Audits. Maryland Insurance Administration

Department of Legislative Services Office of Legislative Audits. Maryland Insurance Administration Maryland Insurance Administration Report Dated November 20, 2014 Audit Overview MIA licenses and regulates insurers, insurance agents and brokers who conduct business in the State, and monitors the financial

More information

HMIS Privacy/Security Plan

HMIS Privacy/Security Plan Page 1 of 8 Memphis and Shelby County Homeless Management Information System Community Alliance for the Homeless, MIS Department Memphis TN 38103 (901) 527-1302 Phone, (901) 527-1308 Fax www.cafth.org

More information

Second Follow-up Audit Report on Department of Education Internal Controls Over Its Data Center 7F04-137

Second Follow-up Audit Report on Department of Education Internal Controls Over Its Data Center 7F04-137 Second Follow-up Audit Report on Department of Education Internal Controls Over Its Data Center 7F04-137 September 27, 2004 THE CITY OF NEW YORK OFFICE OF THE COMPTROLLER 1 CENTRE STREET NEW YORK, N.Y.

More information

Justice Information Sharing Division ( ND CJIS ), and

Justice Information Sharing Division ( ND CJIS ), and Criminal Justice Information Sharing Division (ND CJIS) Office of the Attorney General 600 E Blvd Ave, Dept 125 Bismarck ND 58505 Office: (701) 328-1110 Fax: (701) 328-2226 P1 LERMS AGENCY AGREEMENT This

More information

Information Technology Internal Audit Report # 2009-01

Information Technology Internal Audit Report # 2009-01 Information Technology Internal Audit Report # 2009-01 June 2009 September 23, 2009 Mr. Peter Breslin President Board of Education Katonah-Lewisboro Union Free School District One Shady Lane South Salem,

More information

STATUTORY REPORT District Attorney District 26

STATUTORY REPORT District Attorney District 26 District Attorney District 26 Bogus Check Restitution Program, Supervision Program, Restitution and Diversion Program, Property Forfeiture Program For the period July 1, 2009 through June 30, 2012 Independently

More information

Department of Education. Network Security Controls. Information Technology Audit

Department of Education. Network Security Controls. Information Technology Audit O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Education Network Security Controls Information Technology Audit May 5, 2010 Report 10-17 FINANCIAL

More information

Report 6c. Final Internal Audit Report Network and Communications. April 2008

Report 6c. Final Internal Audit Report Network and Communications. April 2008 Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results

More information

SEALED BID REQUEST FOR INFORMATION

SEALED BID REQUEST FOR INFORMATION Department of Buildings and General Services Purchasing & Contract Administration 10 Baldwin St. Agency of Administration Montpelier VT 05633 [phone] 802-828-2210 [Fax] 802-828-2222 www.bgs.state.vt.us

More information