Citywide Social Media Usage Follow-up Report

Similar documents
The Department of General Services Contract Administration Follow up Report

City Attorney s Office: Litigation and Claims Management Follow-up Report

Denver 311 Follow up Report

Citywide Identity Management Follow up Report

DIA Network Security Management Follow up Report

Network Security Management Phases 1 and 2 Follow up Report

Police Records Management System IT General Controls Follow up Report

Assessor s Office Performance Audit

FOLLOW-UP REPORT Change Management Practices

DIA Network Device Security Management Performance Audit

911 Data Center Operations Performance Audit

PeopleSoft IT General Controls

Denver International Airport Airport Legal Services Section Performance Audit

Fixed Assets Management Performance Audit

The Department of General Services Contract Administration Performance Audit

How To Audit The City Of Denver'S Mobile Device Management Program

Denver 311 Performance Audit

City Attorney s Office: Litigation and Claims Management Performance Audit

Audit Committee. Audit Staff

Network Security Management Phase 1 Performance Audit

Department of Human Services Performance Audit

Workers Compensation Program Performance Audit

Denver International Airport Planning and Development Division Performance Audit

Citywide Identity Management Performance Audit

Network Security Management Phase 2 Performance Audit

Citywide Records Management Performance Audit

Denver International Airport Fleet Management Program Performance Audit

Police Records Management System IT General Controls Performance Audit

Denver International Airport Emergency Preparedness Program Performance Audit

Denver International Airport Facility Management Performance Audit

Fiscal Sustainability: Debt Management Performance Audit

Office of the Independent Monitor Performance Audit

O FFICE O F T HE C ITY A UDITOR City of Colorado Springs and Colorado Springs Utilities Claims Reserve and Workers Compensation Funds

Career Service Authority Recruiting Process Performance Audit

Audit Follow-Up. The City s Parking Program (Report #0622, Issued September 8, 2006) As of September 30, Summary. Report #0806 January 11, 2008

Office of Emergency Management and Homeland Security Performance Audit

Re: Case 16-4 Request for Advisory Opinion concerning Super Bowl 50

AUDIT REPORT Department of Finance Accounting Services

Department of Aviation Revenue Contract Management Performance Audit

City Vehicle Fleet Management Performance Audit

10-13 MEMORIAL HEALTH SYSTEM IT BACKUP PROCESS PUBLIC REPORT CITY OF COLORADO SPRINGS OFFICE OF THE CITY AUDITOR JULY 22, 2010

Mecklenburg County Department of Internal Audit. Business Support Services Agency Fuelman Gas Card Investigation Follow-Up Audit Report 1467

Denver Sheriff Department Jail Operations Performance Audit

OFFICE OF THE AUDITOR

Denver City Assessment audit

Comptroller of Public Accounts Effectiveness of Internal Engagement May 1997

OFFICE OF THE AUDITOR

Association of Inspectors General 445 West 59 th Street, 3532N New York, New York 10018

10-15 MEMORIAL HEALTH SYSTEM WORKERS COMPENSATION SELF INSURANCE FUND PUBLIC REPORT. July 22, 2010 CITY OF COLORADO SPRINGS OFFICE OF THE CITY AUDITOR

Denver International Airport Environmental Programs Management Performance Audit

O FFICE O F T HE C ITY A UDITOR C OLORADO S PRINGS, C OLORADO Memorial Health System Workers Compensation Self Insurance Fund

Dennis Gallagher Auditor, City and County of Denver

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Public Affairs & Security Studies Report No.

ffi n te rnal Au Public Works and Assets d it Land Management Process January 2011 P u b lic W o rks a n d A sse ts L a n d Ma n a g em

Property Room. Records Management System

Sample Invitation letter

OFFICE OF THE AUDITOR

Emerging Strategies for Performance Auditing

13 01 Colorado Springs Utilities Debt Management Audit

SPECIAL ADVISORY REPORT

AUDIT REPORT Technology Services IT Service Desk

Quality Assessment Report. Louisville Metro Government Office of Internal Audit. For. December 13, 2006

Budgeting in the Municipal World

O FFICE O F T HE C ITY A UDITOR C OLORADO S PRINGS, C OLORADO Colorado Springs Utilities E Commerce Review

A REPORT TO THE CITIZENS OF SALT LAKE COUNTY. BEN McADAMS, MAYOR. An Audit of the Key Controls of. Salt Lake County Fitness Center.

Missouri State Auditor March Report No

1001 Lindsay Street Chattanooga, Tennessee (423) FAX: (423)

11 10 Memorial Health System Patient Access Audit

May 2012 Report No

Lori Brooks, City Auditor Susan Edwards, Assistant City Auditor. E-Services Follow-Up Audit March 2015

U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C

13 06 Colorado Springs Utilities Payroll Audit

Procure to Pay Process Audit

TAMPA CONVENTION CENTER SERVICE CONTRACTS AUDIT MARCH 14, 2013

The change fund custodians listed on the Petty Cash Report are not the same as the employees currently using the change funds.

CITY OF SAN ANTONIO P. O. BOX SAN ANTONIO TEXAS

STATE OF ARIZONA OFFICE OF THE AUDITOR GENERAL. April 1, 2008

Public Safety Camera System Audit

Server Management-Scans & Patches

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Rehabilitation Report No

A U D I T R E P O R T. Audit of Child Support Contract CD336

City and County of Denver Office of the Auditor 2010 Audit Plan

Summary Finance Committee. Date: Wednesday, March 1, :30 PM Council Conference Room

July 6, Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263

13 14 Colorado Springs Utilities Billing Audit

Date: March 26, Audit, Finance and Enterprise Committee. Jennifer Ruttman, City Auditor. Annual Credit Card Security Review

AustinGO: Website Governance and Management Audit

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Criminal Justice Report No

Office of the City Auditor. Audit Report

The Honorable Toni Preckwinkle, President And Board of Cook County Commissioners 118 N. Clark Street, Room 537 Chicago, Illinois 60602

Physician Assistant Program

12 05 City Cash Receipts Audit Report

Theatres and Arenas Management and Operations Performance Audit

New Media WEB in Government:

March 2007 Report No

STATE OF NORTH CAROLINA

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

Environmental Services Solid Waste Management Division Follow-Up Audit

Association of Local Government Auditors

Transcription:

Citywide Social Media Usage Follow-up Report May 2015 Office of the Auditor Audit Services Division City and County of Denver Dennis J. Gallagher Auditor

The Auditor of the City and County of Denver is independently elected by the citizens of Denver. He is responsible for examining and evaluating the operations of City agencies for the purpose of ensuring the proper and efficient use of City resources and providing other audit services and information to City Council, the Mayor and the public to improve all aspects of Denver s government. He also chairs the City s Audit Committee. The Audit Committee is chaired by the Auditor and consists of seven members. The Audit Committee assists the Auditor in his oversight responsibilities of the integrity of the City s finances and operations, including the integrity of the City s financial statements. The Audit Committee is structured in a manner that ensures the independent oversight of City operations, thereby enhancing citizen confidence and avoiding any appearance of a conflict of interest. Audit Committee Dennis Gallagher, Chair Maurice Goodgaine Leslie Mitchell Rudolfo Payan Robert Bishop Jeffrey Hart Timothy O Brien, Vice-Chair Audit Management Kip Memmott, Director, MA, CGAP, CRMA John Carlson, Deputy Director, JD, MBA, CIA, CGAP, CRMA Audrey Donovan, Deputy Director, CIA, CGAP, CRMA Audit Staff Marcus Garrett, Audit Supervisor, CIA, CGAP, CRMA You can obtain copies of this report by contacting us at: Office of the Auditor 201 West Colfax Avenue, Department 705 Denver CO, 80202 (720) 913-5000 Fax (720) 913-5247 Or download and view an electronic copy by visiting our website at: www.denvergov.org/auditor Report number A2013-009

City and County of Denver 201 West Colfax Avenue, Department 705 Denver, Colorado 80202 720-913-5000 FAX 720-913-5247 www.denvergov.org/auditor Dennis J. Gallagher Auditor May 14, 2015 Janice Sinden, Chief of Staff Mayor s Office City and County of Denver Re: Audit Follow-Up Report Dear Ms. Sinden: In keeping with professional auditing standards and the Audit Services Division s policy, as authorized by D.R.M.C. 20-276, our Division has a responsibility to monitor and follow-up on audit recommendations to ensure audit findings are being addressed and to aid us in planning future audits. This report is to inform you that we have completed our follow-up effort for the Citywide Social Media Usage audit issued November 21, 2013. Our review determined that the City has implemented the majority of the recommendations made in the audit report. Auditors determined that most of the risk associated with the audit team s initial findings have been fully mitigated. Our Division may revisit the status of outstanding recommendations in future audits to ensure appropriate corrective action is taken. For your reference, this report includes a Highlights page that provides background and summary information on the original audit and the completed follow-up effort. Following the Highlights page is a detailed implementation status update for each recommendation. This concludes audit follow-up work related to this audit. I would like to express our sincere appreciation to you and to Department personnel who assisted us throughout the audit and follow-up process. If you have any questions, please feel free to contact me at 720-913-5029 or Marcus Garrett, Internal Audit Supervisor, at 720-913-5086. Sincerely, KRM/mg Kip Memmott, MA, CGAP, CRMA Director of Audit Services cc: Honorable Michael Hancock, Mayor Honorable Members of City Council Members of Audit Committee Ms. Cary Kennedy, Deputy Mayor, Chief Financial Officer To promote open, accountable, efficient and effective government by performing impartial reviews and other audit services that provide objective and useful information to improve decision making by management and the people. We will monitor and report on recommendations and progress towards their implementation.

Mr. David P. Edinger, Chief Performance Officer Ms. Beth Machann, Controller Mr. Scott Martinez, City Attorney Ms. Janna Young, City Council Executive Staff Director Mr. L. Michael Henry, Executive Director, Board of Ethics Ms. Rowena Alegria, Director of Communications Mr. Alena Gouveia, Manager of IT Governance To promote open, accountable, efficient and effective government by performing impartial reviews and other audit services that provide objective and useful information to improve decision making by management and the people. We will monitor and report on recommendations and progress towards their implementation.

City and County of Denver Office of the Auditor Audit Services Division REPORT HIGHLIGHTS Citywide Social Media Usage Follow-up Report: April 2015 The City has implemented the majority of recommendations made in the November 2013 audit report. Background Social media or social networking, as defined by the City, includes networking sites that offer multiple ways to connect to registered users through status updates, instant messaging, blogs, or photo and video sharing. The City is officially represented only on Facebook at the City and County of Denver page. Links to individual City agencies social media accounts are located at the top of the Denvergov.org homepage in the drop-down menu labeled Connect Denver. Three entities have a potentially greater role to play with respect to social media: Communications, Technology Services, and the City Attorney s Office. The City and County of Denver has begun developing official guidelines for the administration of social media. Purpose The purpose of this audit was to assess the effectiveness of Citywide social media guidance or policy, specifically regarding strategy, business objectives, governance structure, and the administration of social media throughout the City. Highlights from Original Audit The City should develop social media governance to provide structure and guidance and reduce risk associated with social media. Such governance should also provide City agencies with some autonomy to act quickly and to conform their social media usage to their specific needs. In the past, the City lacks an overall strategy and related business objectives for social media use throughout the City, without which it is difficult to assess the effectiveness of social media usage. In addition, the City s ability to proactively identify and address key risks of social media including information security risks and legal risks is inhibited by the lack of broad guidance for social media and by the City s highly decentralized structure related to social media usage. Although some decentralization is necessary to ensure that timely social media engagement is not impeded by an overly bureaucratized structure, the City would benefit from greater Citywide guidance and oversight to adequately address the social media issues that have befallen the City and other organizations. Additionally, City agencies should make greater efforts to develop internal guidance, to monitor the effectiveness of social media use, and to ensure that social media administrators training needs are met. Findings at Follow-up In collaboration with agencies from around the City, Communications developed an official social media policy on September 2014 that provides guidance to agencies and departments and establishes a governance framework around the use of social media. For a complete copy of this report, visit www.denvergov.org/auditor Audit Contact Person: Marcus Garrett 720.913.5086 marcus.garrett@denvergov.org

Recommendations: Status of Implementation Recommendation Auditee Action Status Finding: Social Media Governance Should Be Further Developed to Address Key Risks While Allowing Some Agency Autonomy 1.1 The City needs to clarify and formalize its social media strategy and business objectives, and because of its unique position, the Mayor s Office of Communications should take the lead role in this effort. 1.2 The Mayor s Office of Communications should ensure that it gathers feedback and input from agencies including Technology Services and the City Attorney s Office, as well as all independent City agencies, including the City Council, the Clerk and Recorder s Office, and the Auditor s Office, to develop a Citywide social media strategy and business objectives. 1.3 The Mayor s Office of Communications should ensure that the Citywide strategy that is developed conforms with both the social media business objectives and other core Citywide business objectives. The Mayor s Office of Communications agrees that a formal social media strategy was necessary to meet the City s business objectives. The Mayor s Office of Communications developed a strategy that provided guidance to agencies and departments and a governance framework around the use of social media. The strategy referenced in Recommendation 1.1 was a collaborative exercise, and the Mayor s Office of Communications met with agencies and departments under the executive direction of the Mayor. This collaborative exercise included the independent agencies noted. The business objectives for all forms of communication were key drivers in the development of the City s social media strategy. Page 1 Office of the Auditor

Recommendations: Status of Implementation Recommendation Auditee Action Status 1.4 The Mayor s Office of Communications should lead the development of Citywide social media policies and procedures to address the risks associated with inadequate guidance, such as ensuring that key areas of social media usage are performed the same way, and to complement the development of a social media strategy and business objectives. The Mayor s Office of Communications should involve representatives from various City entities, including the Mayor s Office of Communications, Technology Services, the City Attorney s Office, and key social media users within the City. 1.5 The policies and procedures Communications should be limited in scope, generally maintaining the decentralized approach of allowing agencies to quickly respond to situations as determined by their business needs. The social media policy was created based on interviews with City agencies and departments, and a review of new techniques and strategies by other government entities. The City s social media policies and procedures conform to Recommendation 1.5. City and County of Denver Page 2

Recommendations: Status of Implementation Recommendation Auditee Action Status 1.6 The policies and procedures Communications should ensure the creation and maintenance of a complete and accurate social media site inventory. In addition, a single complete and accurate list of social media administrators is necessary for determining who has access to City social media sites, and for disabling access when those individuals leave City service. Since these are operational activities rather than policy decisions, Technology Services should be named the lead agency responsible for the social media inventories. 1.7 The policies and procedures Communications should address relevant information security and access control issues, and should name Technology Services as the lead agency for the ensuring that appropriate security is maintained. 1.8 The policies and procedures Communications should specifically require that Technology Services be included as an administrator on all social media sites, if allowed by the site, to ensure that no City social media sites are lost due to inadequate access controls. The City s updated social media policy states that Technology Services will maintain an inventory and the Division will continue to work to establish a final inventory. Technology Services will assume responsibility for ensuring that current information security principles are applied to the City s use of social media, and will also perform periodic risk assessments on these activities. Technology Services should have administrative access to all City social media sites to ensure adequate access controls. This requirement will be included in the strategic documents that will be promulgated to City agencies and departments using social media. Agree/Not Agree/Not Page 3 Office of the Auditor

Recommendations: Status of Implementation Recommendation Auditee Action Status 1.9 The policies and procedures Communications should require that no City funds be collected through social media sites to avoid potential loss of the payment card industry (PCI) compliance. Instead social media sites should only link to the City s website, which is in compliance with PCI standards. 1.10 The policies and procedures Communications should provide clarification regarding relevant legal issues, including but not limited to when deleting public comments is allowed, how to maintain appropriately the privacy of citizens who use City social media sites, and the requirements of social media records management for open records purposes. The City Attorney s Office should be the lead agency developing guidelines to address relevant legal risks of social media use. The City s social media policy includes that City funds should not be collected through payment applications on social media sites, and that any fund collection through social media be limited to links to approved City payment sites. The City s social media policy includes requirements for a uniform privacy policy across all City sites as well as compliance with records retention requirements and the Colorado Open Records Act (CORA). City and County of Denver Page 4

Recommendations: Status of Implementation Recommendation Auditee Action Status 1.11 The policies and procedures Communications should clarify how social media coordination will occur in the event of an emergency, including which agency is the lead voice for the City in specific emergencies, and how social media use should be coordinated with the City website usage. The group developing the policies and procedures should consider the City s records management policy, access controls policy, and data classification policy when developing social media guidance. 1.12 To ensure that agencies are developing and formalizing guidance for their social media administrators, the Mayor s Office of Communications should require (or request from independent agencies) formal social media guidance to developed by all agencies using social media, and serve as the repository for this guidance. 1.13 The Mayor s Office of Communications should support the agencies development of internal guidance by answering questions about best practice or referring agencies to Technology Services and the City Attorney s Office when necessary. The policies and procedures will include a list of types of communications, and the designated lead agency for each. As the citywide process around social media matures, this list will be expanded. The City s draft social media policy includes a requirement that all agencies and departments create an annual social media strategy that will be reviewed by Communications. The Mayor s Office of Communications, Technology Services, and the City Attorney s Office will continue to provide guidance to agencies and departments based on new techniques and strategies, advances in social media technology, and relevant legal guidance. Agree/Not Page 5 Office of the Auditor

Recommendations: Status of Implementation Recommendation Auditee Action Status 1.14 The Mayor s Office of Communications should assist agencies in meeting their training needs by referring them to existing social media trainings or by periodically setting aside time at its monthly meeting with City communications and marketing personnel for presentations that address agencies social media training needs. 1.15 The Mayor s Office of Communications should support sharing best practices by periodically setting aside time at its monthly meeting with City communications and marketing personnel to discuss and analyze best practices for measuring social media effectiveness. The City will continue to designate time in its monthly marketing and communications meetings to discuss social media issues and advice around new techniques and strategies. The Mayor s Office of Communications has designated time in its monthly marketing and communications meetings to discuss social media issues and advice around new techniques and strategies. City and County of Denver Page 6

Conclusion We found that the City has implemented the majority of recommendations and adequately mitigated the risk identified during the original audit. The Audit Services Division may revisit the status of outstanding recommendations in future audits to ensure appropriate corrective action is taken. On behalf of the citizens of the City and County of Denver, we thank staff and leadership from the various Departments for their cooperation during our follow-up effort and their dedicated public service. Page 7 Office of the Auditor

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information