Audit of. Software Inventory Procedures
|
|
- Kristin Smith
- 8 years ago
- Views:
Transcription
1 Audit of Software Inventory Procedures April 22, 2003 Report
2 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our students with the knowledge, skills, and ethics required for responsible citizenship and productive employment. Arthur C. Johnson, Ph.D. * Superintendent of Schools School Board Members Tom Lynch, Chair William C. Graham Vice Chair* Paulette Burdick* Monroe Benaim, M.D. Mark Hansen Sandra Richmond Debra Robinson, M.D. Audit Committee Members Cindy Adair, Chair Richard Roberts, Vice Chair Georgette B. Carroll Max Davis Kevin James Noah Silver JulieAnn Rico Allison* Shelley Vana * Thais Villanueva* *Ex-Officio Audit Committee Members
3 Audit of Software Inventory Procedures Executive Summary The primary objectives of the audit were to determine the adequacy of District procedures in preventing the use of unlicensed software and protecting the District's computers against virus infection. As of January 2003, the District had approximately 60,000 personal computers (PC) as well as a considerable amount of computer software for both mainframe and microcomputers. The use of computer software generally requires a license from the manufacturer authorizing a certain number of copies of the software to be used. However, unlicensed software can be easily installed onto the computers by current or previous users. Users may also unknowingly use demo versions ofthe software for daily operations. Ifthe Business Software Alliance or Microsoft Corporation finds users violating the licensing requirements, they can levy fines in an amount allowed by law. Due to the easy access to and popularity ofpc software downloaded from the Internet or obtained from other sources, the risk ofvirus infection has exponentially increased. Virus infection can detrimentally destroy or corrupt valuable data and information stored on the computers. The audit produced the following major conclusions: 1. School District Did Not Keep Software Inventory. The District did not maintain software inventory records in accordance with District Directive D-S.143 (5)(h). Without an accurate count of all licensed software used by the District, there is no assurance that unauthorized use and illegal duplication of software is detected and prevented. 2. No Asset Management System to Track Software Location(s) on Hardware Equipment. Without proper inventory, the District could have (1) installed unlicensed software on hardware, or (2) under-licensed software programs due to the failure to purchase/renew the needed number ofsoftware licenses. Under-licensing of software could place the District at risk for liability and litigation from copyright owners. Maintaining accurate PC and software inventories can provide reliable data to the District in prioritizing information technology resources. This can also help ensure efficient and accurate reporting in: 1. Software license compliance tests 2. Microsoft volume licensing
4 3. Disaster recovery planning 4. Financial planning and purchasing 5. Removal or reassignment of PC's 6. Help desk support 7. Windows 2000 or XP migrations 8. Software licensing and maintenance agreements renewals 3. Three Unauthorized and Unlicensed Software Found. Based on the review of computer software installed on 20 selected PC, we found three unauthorized and unlicensed software packages on three computers, at three different locations. Upon our notice, IT immediately removed these three unauthorized software. To ensure that all software installed is properly licensed and authorized, IT should conduct periodic inventory of software. Any unauthorized or unlicensed software found should be removed immediately. 4. Two PC Without Virus Protection. Our review of 20 selected PC also indicated that two ofthem were not installed with anti-virus program. To protect our computers from possible virus infection, all District's PC should be installed with the latest antivirus software. In response to our finding, IT has installed the needed anti-virus program onto the two PC as ofaprilll, A Virus Log Report generated by Network Services for July through December 2002, indicated that the number of viruses detected ranged from a low of99 on December 22, 2002, to a high of 15,542 on November 17,
5 Audit of Software Inventory Procedures Table of Contents ="..= ============================== Page EXECUTIVE SUMMARY PURPOSE AND AUTHORITY SCOPE AND METHODOLOGY BACKGROUND CONCLUSIONS 1. School District Did Not Keep Software Inventory 2 2. No Asset Management System to Track Software Location(s) on Hardware Equipment 3 3. Three Unauthorized and Unlicensed Software Found 4 4. Computer Virus 4 APPENDIX Management's Response 6
6 THE SCHOOL DISTRICTOF PALM BEACH COUNTY. FLORIDA OFFICE OF DISTRICTAUDITOR 3346 FOREST HILL BOULEVARD, SUITE WEST PALM BEACH, FL (561) FAX: (561) LUNG CHIU, CPA DISTRICT AUDITOR ARTHUR C. JOHNSON, Ph.D. SUPERINTENDENT MEMORANDUM TO: FROM: Honorable Chair and Members ofthe School Board Arthur C. Johnson, Ph.D., Superintendent of Schools Chair and Members ofaudit Committee -k"l<:- Lung Chiu, CPA, District Auditor DATE: April 22, 2003 SUBJECT: Audit of Software Inventory Procedures PURPOSE AND AUTHORITY Pursuant to the District's Audit Plan 0/ , we have audited the District's Software Inventory Procedures. The primary objectives ofthe audit were to detennine the adequacy ofdistrict procedures in: Preventing the use of unlicensed software. Protecting the District's computers against virus infection. SCOPE AND METHODOLOGY The audit was perfonned in accordance with Government Auditing Standards by Randy Law, CISA, and Ellen Steinhoff, CISA, during October 21,2002, through January 17,2003. This audit included: Reviewing applicable School Board Policies. Interviewing staff of District departments, and selected elementary, middle, and high schools. Reviewing 20 sampled personal computers at three departments and three schools, for unlicensed software and anti-virus software. Draft findings were sent to the Division of Infonnation Technology for review and comments, and management response is included in the Appendix. We appreciate the AN EQUAL QpPOATUNITY EMPLOYER
7 courtesy and cooperation extended to us by staff during the audit. The final draft report was presented to the Audit Committee at its TBD meeting. BACKGROUND The District has approximately 60,000 personal computers (PC) as well as a considerable amount of computer software for both mainframe and microcomputers. In general, the use of computer software requires a license from the manufacturer authorizing a certain number of copies of the software to be used. To ensure users have the legitimate right to use the software, manufactures contract with special groups to verify the legitimacy of software users. Business Software Alliance (BSA), for example, is a computer industry organization that acts on behalf of software manufacturers against unauthorized use and copying of member company's software. IfBSA or Microsoft Corporation, through its own efforts, finds users not compliant, they will be subject to heavy fines and penalties allowed by law. Unlicensed software can be installed by previous or current users of the equipment. Employees may also unknowingly use demo versions of the software for daily operations. Microcomputers are at risk for virus infection, which can detrimentally destroy or corrupt valuable data and information stored on the computers. Due to the easy access to and popular use of PC software, the risk of infection from computer viruses has exponentially increased while downloading of computer programs from the Internet and other sources become part of our daily activities. CONCLUSIONS 1. School District Did Not Keep Software Inventory. We reviewed the legitimacy of software installed on 20 selected PC at three departments and three schools. Our review indicated that the District did not maintain software inventory records for all the six locations. District Directive D-S.143 (5)(h) states"... The software property designee shall maintain ajile ofall software licenses and locations. Form PBSD 1555, Software Inventory, the school's media center "Unicorn" system, or purchase orders may be used to record the following informationfor all software, regardless value: 1. date and source ofthe software acquisition; 2. location ofeach installation as well as property record number ofthe computer on which each copy ofthe software has been installed; 3. location oforiginal installation disks and existence, if any, ofbackup copies and their location(s); and 4. software product's serial and/or license number. " Without an accurate accounting of all licensed software used by the District, there is no assurance that unauthorized use and illegal duplication of software is detected and prevented. The Software Inventory Form (PBSD 1555) should be filled out and utilized properly. Based on information contained in the Inventory Form, the School 2
8 District should consider creating a database of such inventory record for future reference and prudent management decisions. Management's Response: Concurs. Safeguarding ofassets, including software, regardless ofvalue, is the responsibility ofthe custodian charged with their care. This is usually a Principal or Department head. This is consistent with Florida Statute Inventories ofsoftware should be kept at a local level. Records of software items with an acquisition value of$750 or greater are also maintained in the District'sfixed asset tracking system, FASgov. Information Technology will continue to provide education ofcopyright issues and tracking ofsoftware issues at school technical support training sessions. A bulletin from IT and Capital Assets will be sent to schools and departments reaffirming the importance ofmaintaining records of software transactions and outlining the requirements andprocedures to maintain a site (school/department) based software inventory. (Please see page 7) 2. No Asset Management System to Track Software Location(s) on Hardware Equipment. We were unable to track software to hardware systems. The District has no records of which software is assigned to what and which machine. Without proper inventories, the District could have (1) software licenses that should not have been installed on certain hardware, or (2) under-licensing ofsoftware programs due to the failure to purchase/renew the needed number of software licenses. Under-licensing of software could place the District at risk for liability and litigation from copyright owners. Maintaining accurate PC and software inventories can also provide reliable data to the District in prioritizing information technology resources. This can also help ensure efficient and accurate reporting in: Software license compliance tests Reporting for BSA (Business Software Alliance) or Microsoft audits Microsoft Volume Licensing Disaster recovery plan Financial planning and purchasing Removal or reassignment of PC's Help desk support Windows 2000 or XP migrations Software licensing and maintenance agreements renewals Management's Response: Concurs. A bulletin from IT and Capital Assets will be sent to schools and departments emphasizing the importance ofmaintaining records ofsoftware transactions and outlining the requirements andprocedures to maintain a site (school/department) based software inventory. Inventory ofsoftware items with a value of$750 or greater is kept in the FASgov system with a location listed. (Please see page 7) 3
9 3. Three Unauthorized and Unlicensed Software Found. Our review of computer software installed on 20 selected PC found three unauthorized and unlicensed software packages on three computers at three different locations. We have referred our concern to Information Technology (IT) for immediate corrective actions. District Directive D-S.143 (5)(1) states "District personnel may conduct audits of microcomputers to ensure compliance with all software licenses. Unscheduled audits may be conducted... During the audit, district staffwill also search for computer viruses and eliminate any that are found" However, according to IT, software inventory audits were not performed. To ensure all software installed is properly licensed and authorized, IT should conduct periodic software inventory. Any unauthorized or unlicensed software found should be removed from the District's computers immediately. The District currently has approximately 60,000 PC, and about 30,000 of them are connected to the District's computer network. As a result, software inventory and tracking for these 30,000 PC could be performed through the existing network with enhanced automation system. According to the Gartner Group, Inc., an internationally recognized technology consulting firm, there are a number of best practices that can help organizations prevent the use of unlicensed software and protect against computer viruses. For example, organizations can monitor employees' use of computer applications, periodically inventory the applications, conduct surprise audits of the software installed on microcomputers, use virus detection software, maintain a log of virus infections, and educate employees about the dangers of computer viruses and the need to avoid the use of unlicensed software. As ofapril 11, 2003, staffhad corrected the problem and immediately removed the unlicensed and unauthorized software on all three Pc. Management's Response: Concurs. IT will continue to provide information in workshops and documentation. IT will provide procedures and technical assistance to schools and departments to perform audits and remove unauthorized software. (Please see page 7.) 4. Computer Virus. The District has not developed comprehensive procedures to educate and train employees regarding the use of licensed software and protection against computer viruses. A McAfee Virus Log Report generated by Network Services for July through December 2002, indicated that the number of viruses detected ranged from a low of 99 on December 22,2002, to 15,542 on November 17, Our review of computer software installed on 20 selected PC found that two 4
10 PC did not have the computer virus protection software. To protect our computers from possible virus infection, all District's PC should be installed with the latest antivirus software. As of April 11, 2003, the IT staffhad corrected the problem and promptly installed virus protection on both PC. Management's Response: Concurs. IT staffwill continue to train school and department technical contacts on the use oflicensed software and virus protection via workshops and documentation. (Please see page 7.) - End of Report 5
11 Appendix Management's Response THE SCHOOl DISTRICT JIM SHEEHAN ARTHUR C. JOHNSON, Ph.D. OF PAlM BEACH COUNTY. FLORIDA CHIEF INFORMATION OFFICER SUPERINTENDENT INFORMATION TECHNOLOGY 334S FOREST HILL BOULEVARD WEST PAlM BEACH. FL (561) April 16, 2003 MEMORANDUM TO: FROM: SUBJECT: Lung Chiu, District Auditor John Inglis, Manager Network Services tj~ Draft Audit ofsoftware Inventory prouures After reviewing your draft ofthe Software Inventory Procedures, Network Services is providing you with a written response to your concerns. Per your request, we will indicate whether we concur with your conclusions, corrective actions to be taken, ifnecessary, and targeted completion dates. Please review this document prior to the April 22, 2003 Audit Committee meeting, so that our information can be incorporated. Please contact me ifyou have any other questions. C: Joe Moore, Chief Financial Officer Jim Sheehan, Chief Infonnation Officer Larry Padgett, Director Network Services Greg Ostaffe, Manager-Capital Assets Attachment DISTRICT AUDITOR F:lNelwork Services Admin OrouplAudits\Software audit 1I.doc
12 Appendix Management's Response Management Responses 1. School District Did Not Keep Software Inventory Concur: Safeguarding ofassets, including software, regardless ofvalue, is the responsibility ofthe custodian charged with their care. This is usually a Principal or Department head. This is consistent with Florida Statute Inventories ofsoftware should be kept at a local level. Records ofsoftware items with an acquisition value of $750 or greater are also maintained in the District's fixed asset tracking system, FASgov. Information Technology will continue to provide education ofcopyright issues and tracking ofsoftware issues at school technical support training sessions. Abulletin from IT and Capital Assets will be sent to schools and departments reaffirming the importance ofmaintaining records ofsoftware transactions and outlining the requirements and procedures to maintain a site (school/department) based software inventory. 2. Asset Management System to Track Software Location(s) on Hardware Equipment Concur: A bulletin from IT and Capital Assets will be sent to schools and departments emphasizing the importance ofmaintaining records ofsoftware transactions and outlining the requirements and procedures to maintain a site (school/department) based software inventory. Inventory ofsoftware items with a value of$750 or greater is kept in the F ASgov system with a location listed. 3. Three Unauthorized and Unlicensed Software Found Concur: IT will continue to provide information in workshops and documentation. IT will provide procedures and technical assistance to schools and departments to perform audits and remove unauthorized software. 4. Computer Virus Concur: IT staff will continue to train school and department technical contacts on the use oflicensed software and virus protection via workshops and documentlttion. DISTRICT AUDITOR F:lNctwork Services Admin GrouplAudilslSoftware audil Jl.doc
Audit of. Information Technology Help Desk
Audit of Information Technology Help Desk October 10,2003 Report 2003-15 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation ofall our students
More informationAudit of. Boca Raton Middle School's Community School Program
Audit of Boca Raton Middle School's Community School Program November 12,2004 Report 2004-15 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation
More informationAudit of Cellular Phones Usage and Charges
Audit of Cellular Phones Usage and Charges May 19,2003 REPORT 2003-9 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our students with
More informationAudit of. Procedures for Payroll Deductions
Audit of Procedures for Payroll Deductions September 12, 2003 Report 2003-13 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our students
More informationReview of. Freedom Shores Elementary Parent-Teacher Association's Bank Accounts
Review of Freedom Shores Elementary Parent-Teacher Association's Bank Accounts December 7, 2007 Report 2007-17 Review of Freedom Shores Elementary Parent-Teacher Association's Bank Accounts Table of Contents
More informationAudit of. Accounts Payable Procedures
Audit of Accounts Payable Procedures March 6, 2006 Report 2006-03 Audit of Accounts Payable Procedures Table of Contents Page EXECUTIVE SUMMARY PURPOSE AND AUTHORITY SCOPE' AND METHODOLOGY BACKGROUND 1
More informationAudit of. District s Information Technology Disaster Recovery Plan
Audit of District s Information Technology Disaster Recovery Plan April 11, 2014 Report #2014-03 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education
More informationContract Compliance Audit of. WHLS of Florida, Inc., for Fiscal Year 2006. January 19, 2007
Contract Compliance Audit of WHLS of Florida, Inc., for Fiscal Year 2006 January 19, 2007 Report 2007-03 Contract Compliance Audit of WHLS of Florida, Inc., for Fiscal Year 2006 Table of Contents PURPOSE
More informationAudit of. Information Technology Disaster Recovery. March 11, 2005
Audit of Information Technology Disaster Recovery March 11, 2005 Report 2005-05 MISSION STATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our
More informationFollow-up Audit of. Fees Paid to Construction Managers
Follow-up Audit of Fees Paid to Construction Managers June 11, 2015 Report #2015-07 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education with excellence
More informationAudit of Third Party Administration for Workers' Compensation
Audit of Third Party Administration for Workers' Compensation March 5, 2004 REPORT 2004-01 Audit of Third Party Administration for Worker's Compensation Table of Contents Page EXECUTIVE SUMMARY PURPOSE
More informationAudit of. Football Stadium Taxes
Audit of Football Stadium Taxes October 15, 2004 Report 2004-11 MISSIONSTATEMENT The School Board of Palm Beach County is committed to excellence in education and preparation of all our students with the
More informationAudit of. Workers Compensation Program
Audit of Workers Compensation Program October 23, 2014 Report #2014-06 MISSION STATEMENT The School Board of Palm Beach County is committed to providing a world class education with excellence and equity
More informationAUDITOR GENERAL WILLIAM O. MONROE, CPA
AUDITOR GENERAL WILLIAM O. MONROE, CPA HILLSBOROUGH COUNTY DISTRICT SCHOOL BOARD LAWSON FINANCIALS MODULE Information Technology Audit SUMMARY To support its financial management needs, the Hillsborough
More informationAnchor Bay Schools Software Policy
Anchor Bay Schools Software Policy Table of Contents 1. Statement of Ethics... Page 1 2. Purchasing and Acquisition... Page 1 3. Registration... Page 1 4. Installation of Software... Page 2 5. Individual
More information4.0 ISSUANCE OF REGULATIONS/STANDARD OPERATING PROCEDURES
Policy: 13.09 SUBJECT: SOFTWARE USAGE Supersedes: 2001-2002 DPS Policy Manual, No. 10.10 Computer Hardware/Software and Office Equipment Use, dated July 14, 2000 Effective: February 15, 2005 Page: 1 of
More informationMedford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee
Software Policy Approved by School Committee General Statement of Policy The Medford Public Schools licenses the use of computer software from a variety of third parties. Such software is normally copyrighted
More informationAudit of. G-Star School of the Arts For Motion Pictures and Television
Audit of G-Star School of the Arts For Motion Pictures and Television September 14, 2007 Report 2007-11 Audit of G-Star School of the Arts for Motion Pictures and Television Table of Contents PURPOSE AND
More informationLOS ANGELES UNIFIED SCHOOL DISTRICT POLICY BULLETIN
TITLE: Compliance with the1976 United States Copyright Law Computer Software ROUTING All Employees All Locations NUMBER: BUL 716.2 ISSUER: Margaret A. Klee, Chief Information Officer Information Technology
More informationOffice of the City Auditor. Audit Report. AUDIT OF SOFTWARE LICENSE COMPLIANCE (Report No. A14-010) April 11, 2014. City Auditor. Craig D.
CITY OF DALLAS Dallas City Council Office of the City Auditor Audit Report Mayor Michael S. Rawlings Mayor Pro Tem Tennell Atkins AUDIT OF SOFTWARE LICENSE COMPLIANCE (Report No. A14-010) Deputy Mayor
More informationFOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. 08-04-107F. City of Albuquerque Office of Internal Audit and Investigations
FOLLOW-UP OF PERSONAL COMPUTER LICENSING REPORT NO. City of Albuquerque Office of Internal Audit and Investigations City of Albuquerque Office of Internal Audit and Investigations P.O. BOX 1293 ALBUQUERQUE,
More informationCITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION
CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION 1.0 Purpose and Scope of Policy It is the policy of the City of Waukesha (City) to respect all computer
More informationOctober 2008 Report No. 09-006
John Keel, CPA State Auditor An Audit Report on Performance Measures at the Board of Nursing Report No. 09-006 An Audit Report on Performance Measures at the Board of Nursing Overall Conclusion The Board
More informationComputer Security Policy (Interim)
Computer Security Policy (Interim) Updated May, 2001 Department of Information Systems & Telecommunications Table of Contents 1. SCOPE...1 2. OVERVIEW...1 3. RESPONSIBILITIES...3 4. PHYSICAL SECURITY...4
More information1.Business Advisor Series
1.Business Advisor Series Software Asset Management Ensure license compliance, reduce risk, and increase IT saving Foreword There are software licenses for every type of individual and organization from
More informationTHE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Public Affairs & Security Studies Report No.
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Report No. 15-06 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive Edinburg, Texas
More informationAudit of the Software License Compliance
Audit of the Software License Compliance Audit #00-09 Prepared by Office of Inspector General Allen Vann, Inspector General John Lynch, Lead Information Systems Auditor SOUTH FLORIDA WATER MANAGEMENT DISTRICT
More informationSoftware License Compliance Audit
Software License Compliance Audit October 24, 2014 Mayor Betsy Price Council Members Sal Espino, District 2 W. B. Zimmerman, District 3 Danny Scarth, District 4 Gyna Bivens, District 5 Jungus Jordan, District
More informationInformation Technology Security Policies
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
More informationDraft Internal Audit Report Software Licensing Audit. December 2009
Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement
More informationFIRST AND FINAL ADDENDUM RFP FOR ROOFING SERVICES FOR DISASTER RECOVERY ASSISTANCE
THE SCHOOL DISTRICT SHARON SWAN ARTHUR C. JOHNSON, Ph.D. OF PALM BEACH COUNTY, FLORIDA DIRECTOR SUPERINTENDENT CONSTRUCTION PURCHASING DEPARTMENT 3661 INTERSTATE PARK ROAD NORTH, SUITE 200 RIVIERA BEACH,
More informationOffice of the City Auditor. Audit Report. AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS (Report No. A08-010 ) May 2, 2008.
CITY OF DALLAS Dallas City Council Office of the City Auditor Audit Report Mayor Tom Leppert Mayor Pro Tem Dr. Elba Garcia Deputy Mayor Pro Tem Dwaine Caraway AUDIT OF SELECTED CLIENT SERVER GENERAL CONTROLS
More informationDOT.Comm Oversight Committee Policy
DOT.Comm Oversight Committee Policy Enterprise Computing Software Policy Service Owner: DOTComm Operations Effective Date: TBD Review Schedule: Annual Last Review Date: Last Revision Date: Approved by:
More informationWalton County Clerk of the Court s Office Fixed Asset Review. Martha Ingle Clerk of the Courts
Walton County Clerk of the Court s Office Fixed Asset Review Martha Ingle Clerk of the Courts Internal Audit Department Johnny Street Internal Audit Manager Report 09-02 May 2009 August 3, 2009 Martha
More informationVirtual Desktop Infrastructure
Virtual Desktop Infrastructure Improved manageability and availability spur move to virtualize desktops Many companies have turned to virtualization technologies for their servers and in their data centers
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA AUDIT OF THE INFORMATION SYSTEMS GENERAL CONTROLS BRUNSWICK COMMUNITY COLLEGE DECEMBER 2007 OFFICE OF THE STATE AUDITOR LESLIE MERRITT, JR., CPA, CFP STATE AUDITOR AUDIT OF THE
More informationGOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011
APPENDIX 1 GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT January 7, 2011 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS
More informationCity of Venice Information Technology Usage Policy
City of Venice Information Technology Usage Policy The City of Venice considers information technology (IT) resources to be city resources. It shall be the policy of the city to maintain these resources
More informationSignificant Revisions to OMB Circular A-127. Section Revision to A-127 Purpose of Revision Section 1. Purpose
Significant Revisions to OMB Circular A-127 Section Revision to A-127 Purpose of Revision Section 1. Purpose Section 5. Definitions Section 6. Policy Section 7. Service Provider Requirements Section 8.
More informationELECTRONIC INFORMATION SECURITY A.R.
A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy
More informationTHE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Rehabilitation Report No. 14-15
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Report No. 14-15 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive Edinburg, Texas
More informationAudit Report. Information Technology Email Service. May 2014. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT
Audit Report AUDIT DEPARTMENT Information Technology Email Service May 2014 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani
More informationSTATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236. February 25, 2011
THOMAS P. DiNAPOLI COMPTROLLER STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER 110 STATE STREET ALBANY, NEW YORK 12236 STEVEN J. HANCOX DEPUTY COMPTROLLER DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA INFORMATION SYSTEMS AUDIT OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION TECHNOLOGY GENERAL CONTROLS OCTOBER 2014 OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA STATE AUDITOR
More informationHardware Inventory Management Greater Boston District
Hardware Inventory Management Greater Boston District Audit Report Report Number IT-AR-15-004 March 25, 2015 Highlights Management does not have an accurate inventory of hardware assets connected to the
More informationUniversity of South Wales Software Policies
University of South Wales Software Policies Updated 23 rd January 2015 Page 1 University of South Wales - Software Policies The University s software policies are applicable to all software and datasets
More informationAudit Report. University Medical Center HIPAA Compliance. June 2013. Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT DEPARTMENT
Audit Report AUDIT DEPARTMENT University Medical Center HIPAA Compliance June 2013 Angela M. Darragh, CPA, CISA, CFE Audit Director AUDIT COMMITTEE: Commissioner Steve Sisolak Commissioner Chris Giunchigliani
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationSTANDARDIZED SOFTWARE STANDARD BUILD STANDARD PROCEDURES
Approved: Shobna Varma Deputy Director Standard Procedure No.: 242-004 (SP) Responsible Office: Division of Information Technology STANDARDIZED SOFTWARE STANDARD BUILD STANDARD PROCEDURES PURPOSE: The
More informationAuditor General s Office. Governance and Management of City Computer Software Needs Improvement
Auditor General s Office Governance and Management of City Computer Software Needs Improvement Transmittal Report Audit Report Management s Response Jeffrey Griffiths, C.A., C.F.E Auditor General, City
More informationDATA CENTER OPERATIONS
REPORT NO. 2015-101 FEBRUARY 2015 FLORIDA STATE UNIVERSITY NORTHWEST REGIONAL DATA CENTER DATA CENTER OPERATIONS Information Technology Operational Audit EXECUTIVE DIRECTOR OF THE NORTHWEST REGIONAL DATA
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationHow To Audit The Minnesota Department Of Agriculture Network Security Controls Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Agriculture Network Security Controls Information Technology Audit July 1, 2010 Report 10-23 FINANCIAL
More informationAUDITOR GENERAL DAVID W. MARTIN, CPA
AUDITOR GENERAL DAVID W. MARTIN, CPA AGENCY FOR HEALTH CARE ADMINISTRATION ADMINISTRATIVE ACTIVITIES Operational Audit SUMMARY This operational audit of the Agency for Health Care Administration (Agency)
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationREPORT NO. 2015-052 DECEMBER 2014 SURPLUS COMPUTER HARD DRIVE DISPOSAL PROCESSES AT SELECTED STATE AGENCIES. Information Technology Operational Audit
REPORT NO. 2015-052 DECEMBER 2014 SURPLUS COMPUTER HARD DRIVE DISPOSAL PROCESSES AT SELECTED STATE AGENCIES Information Technology Operational Audit STATE AGENCY HEADS The Florida Statutes establish the
More informationDRAFT - NMHU POLICIES CONCERNING COMPUTER, NETWORK, AND E-MAIL
The goal of the New Mexico Highlands University (NMHU) Computer & Networking Services (CNS) Group is to support the University in the pursuit of its Mission Statement 1. These policies, guidelines, and
More informationInformation Technology Internal Audit Report # 2009-01
Information Technology Internal Audit Report # 2009-01 June 2009 September 23, 2009 Mr. Peter Breslin President Board of Education Katonah-Lewisboro Union Free School District One Shady Lane South Salem,
More informationOffice of Information Technology E-Government Services
New Jersey State Legislature Office of Legislative Services Office of the State Auditor Office of Information Technology E-Government Services February 13, 2001 to November 21, 2001 Richard L. Fair State
More informationJustifying projects in software license compliance
Justifying projects in software license compliance The role of software license compliance within an organization White paper Introduction... 2 Software license compliance the risk... 2 Sources of software
More informationTHE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES LAPTOP ENCRYPTION. Report No. 13-14
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES LAPTOP ENCRYPTION Report No. 13-14 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive
More informationOverview. Responsibility
Overview Property management is an important function at the University. Prudent inventory practices help protect the University s multi-million dollar investment in equipment, provide documentation needed
More informationNetwork and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
More informationServer Management-Scans & Patches
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Server Management-Scans & Patches Report No. 14-11 OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West
More informationAnswer: C. Answer: C. Answer: B
Question: 1 You are a Software Asset Management (SAM) consultant for Company.com. The company has grown through acquisition for several years. The company does not use a common method for software license
More informationBlocal government bulletin b
Electronic Records Standards and Procedures Blocal government bulletin b july 1998 Comments or complaints regarding the programs and services of the Texas State Library and Archives Commission may be addressed
More informationMANAGEMENT AUDIT REPORT SECURING CRITICAL DATA CITYWIDE REPORT NO. 09-106. City of Albuquerque Office of Internal Audit and Investigations
MANAGEMENT AUDIT REPORT OF SECURING CRITICAL DATA CITYWIDE REPORT NO. 09-106 City of Albuquerque Office of Internal Audit and Investigations Securing Critical Data Citywide Report No. 09-106 Executive
More informationINFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE
INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.1 Approved by: Information Governance
More informationW H I T E P A P E R : Software Compliance. Understanding and Managing Software Compliance Issues
W H I T E P A P E R : Software Compliance Understanding and Managing Software Compliance Issues Lori Henry Thompson Sales Operations Manager CompuCom Systems, Inc. August 2007 Executive Summary The mere
More informationSoftware Asset Management Guide
Software Asset Management Guide WHY MANAGE SOFTWARE ASSETS Introduction IN TODAY'S ECONOMY, software is indispensable to every organization, large and small. Thanks to software, businesses are more efficient
More informationInformation Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No. 2016-002 July 2015
July 2015 Information Technology Operational Audit DEPARTMENT OF STATE Florida Voter Registration System (FVRS) Sherrill F. Norman, CPA Auditor General Secretary of State Section 20.10, Florida Statutes,
More informationMemorandum of Understanding (MOU) Northwest Regional Data Center. School Board of Palm Beach County MOU # NWRM0011
Memorandum of Understanding (MOU) By and Between Northwest Regional Data Center and School Board of Palm Beach County MOU # NWRM0011 PROJECT: Disaster Recovery/Business Continuity PM: Annie Zhang/Bill
More informationReview of Document Imaging Railroad Unemployment Insurance Act Programs Report No. 01-01, November 17, 2000
Review of Document Imaging Railroad Unemployment Insurance Act Programs Report No. 01-01, November 17, 2000 This report represents the results of the Office of Inspector General s (OIG) review of the Railroad
More informationEPA Could Improve Processes for Managing Contractor Systems and Reporting Incidents
OFFICE OF INSPECTOR GENERAL Audit Report Catalyst for Improving the Environment EPA Could Improve Processes for Managing Contractor Systems and Reporting Incidents Report No. 2007-P-00007 January 11, 2007
More informationKey Considerations for Documentation Management Technology. Learning from Local Experience
Key Considerations for Documentation Management Technology Learning from Local Experience Agenda Document Management Systems Key Considerations Types of Document Management Systems Hardware/Software Requirements
More informationHealthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service
Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that
More informationDepartment of Public Safety and Correctional Services Information Technology and Communications Division
Audit Report Department of Public Safety and Correctional Services Information Technology and Communications Division January 2012 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationDATA CENTER OPERATIONS
REPORT NO. 2011-082 JANUARY 2011 NORTHWOOD SHARED RESOURCE CENTER DATA CENTER OPERATIONS Information Technology Operational Audit EXECUTIVE DIRECTOR OF THE NORTHWOOD SHARED RESOURCE CENTER Pursuant to
More informationPBGC Information Security Policy
PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.
More informationJune 2008 Report No. 08-038. An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers
John Keel, CPA State Auditor An Audit Report on The Department of Information Resources and the Consolidation of the State s Data Centers Report No. 08-038 An Audit Report on The Department of Information
More information911 Data Center Operations Performance Audit
911 Data Center Operations Performance Audit June 2010 Office of the Auditor Audit Services Division City and County of Denver Dennis J. Gallagher Auditor The Auditor of the City and County of Denver is
More informationQuantifying ROI: Building the Business Case for IT and Software Asset Management
Quantifying ROI: Building the Business Case for IT and Software Asset Management Benefits of IT and Software Asset Management In today s increasingly competitive business environment, companies are realizing
More informationSEMINOLE COUNTY COURT ADMINISTRATION 18 TH JUDICIAL CIRCUIT AND SEMINOLE COUNTY ATTORNEY S OFFICE
SEMINOLE COUNTY COURT ADMINISTRATION 18 TH JUDICIAL CIRCUIT AND SEMINOLE COUNTY ATTORNEY S OFFICE LIMITED REVIEW OF THE COURT-APPOINTED ATTORNEY PROGRAM JUNE 2000 Prepared by: Clerk of the Circuit Court
More informationREPORT NO. 2011-024 OCTOBER 2010 LAKE-SUMTER COMMUNITY COLLEGE. Operational Audit
REPORT NO. 2011-024 OCTOBER 2010 LAKE-SUMTER COMMUNITY COLLEGE Operational Audit BOARD OF TRUSTEES AND PRESIDENT Members of the Board of Trustees and President who served during the 2009-10 fiscal year
More informationCITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR. Follow-up Audit of Information Technology Services Department. IT Contingency Planning
Follow-up Audit of Information Technology Services Department CITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR Follow-up Audit of Information Technology Services Department Project No. AU13-F05 October 25,
More informationHOSTED EXCHANGE SERVICES & HOSTED SHAREPOINT SERVICES TERMS AND CONDITIONS
HOSTED EXCHANGE SERVICES & HOSTED SHAREPOINT SERVICES TERMS AND CONDITIONS This agreement is between you, the subscriber to the Hosted Exchange service and/or Hosted Sharepoint service, and Excalibur Technology
More informationU.S. Department of the Interior Office of Inspector General AUDIT REPORT
U.S. Department of the Interior Office of Inspector General AUDIT REPORT GENERAL CONTROL ENVIRONMENT OF THE FEDERAL FINANCIAL SYSTEM AT THE RESTON GENERAL PURPOSE COMPUTER CENTER, U.S. GEOLOGICAL SURVEY
More informationWe would like to extend our appreciation to the staff that assisted us throughout this audit. Attachment
Date: June 25, 2014 To: Brenda S. Fischer, City Manager From: Candace MacLeod, City Auditor Subject: Audit of Glendale Fire Department s Payroll Process The City Auditor s Office has completed an audit
More informationThe Power to Take Control of Software Assets
The Software Asset Management Specialists 781-569-0410 www.aid.com The Power to Take Control of Software Assets The Benefits of SAM: Building the case for Conducting a SAM Assessment and Implementing a
More informationOffice of the Chief Internal Auditor. Audit Report. Lap Top Inventory Audit
Office of the Chief Internal Auditor Audit Report Lap Top Inventory Audit January 23, 2015 OFFICE OF THE CHIEF INTERNAL AUDITOR Commission of the South Carolina Department of Transportation The Honorable
More informationSystem Management. What are my options for deploying System Management on remote computers?
Getting Started, page 1 Managing Assets, page 2 Distributing Software, page 3 Distributing Patches, page 4 Backing Up Assets, page 5 Using Virus Protection, page 6 Security, page 7 Getting Started What
More informationDeveloping a Records Retention Program
Developing a Records Retention Program This site is intended to help you design and implement a records retention program for your organization. Here you will find a basic explanation of a records retention
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationUniversity of Hartford. Software Management and Compliance Guidelines
University of Hartford Software Management and Compliance Guidelines This policy is issued in an effort to remind the University community of the importance of complying with that policy and to reiterate
More informationSTATE OF CONNECTICUT
STATE OF CONNECTICUT AUDITORS' REPORT STATE INSURANCE AND RISK MANAGEMENT BOARD FOR THE FISCAL YEARS ENDED JUNE 30, 2001 AND 2002 AUDITORS OF PUBLIC ACCOUNTS KEVIN P. JOHNSTON ROBERT G. JAEKLE Table of
More informationHIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report 10-53 October 25, 2010
HIPAA COMPLIANCE CALIFORNIA STATE UNIVERSITY, EAST BAY Audit Report 10-53 October 25, 2010 Members, Committee on Audit Henry Mendoza, Chair Raymond W. Holdsworth, Vice Chair Nicole M. Anderson Margaret
More informationINFORMATION SECURITY AT THE HEALTH RESOURCES AND SERVICES ADMINISTRATION NEEDS IMPROVEMENT BECAUSE CONTROLS WERE NOT FULLY IMPLEMENTED AND MONITORED
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL INFORMATION SECURITY AT THE HEALTH RESOURCES AND SERVICES ADMINISTRATION NEEDS IMPROVEMENT BECAUSE CONTROLS WERE NOT FULLY IMPLEMENTED
More informationMaryland Transportation Authority
Audit Report Maryland Transportation Authority March 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND GENERAL ASSEMBLY This report and any related follow-up correspondence
More information