Audits of Local Governments and School Districts
Jefferson County – Internal Controls Over Information Technology (2012M-43)
Released: May 25, 2012 -- [read complete report - pdf]
Purpose of Audit
The purpose of our audit was to assess internal controls over the County’s IT environment for the period January 1, 2010, to August 31, 2011.
Jefferson County has a population of approximately 116,000. The County Legislature (Board) is the legislative body responsible for managing County operations and is responsible for adopting policies and procedures to safeguard computerized systems and data. Budgeted expenditures for the 2011 fiscal year were $230.4 million for all funds.
- The Board has not adopted IT policies that address topics including the protection of personal, private and sensitive information; password security; remote access; back-up and retention of data; breach notification, and disaster recovery.
- The Board has not provided County officers and employees with information security awareness training.
- An account clerk had access rights to the County’s computerized accounting system for which were more than necessary for her assigned duties.
- Adopt policies to address IT topics including protecting personal, private, and sensitive information; remote access; backup and retention of data; and breach notification.
- Provide officers and employees with information security awareness training.
- Institute policies and procedures to control the assignment of user rights to the computerized accounting system.
Local Government and School Accountability Contact Information:
Phone: (518) 474-4037; Email: email@example.com
Address: Office of the State Comptroller, Division of Local Government and School Accountability
110 State Street, 12th Floor; Albany, NY 12236