Laserfiche WebLink
Conclusion <br /> We sincerely thank the Department of Information Technology's leadership and staff for <br /> their cooperation during our follow-up work and for their efforts in working toward <br /> implementing and partially implementing most IT asset management recommendations, <br /> such as: <br /> r Lifecycle management for hardware and software upgrades and replacements <br /> Purchase request and approval <br /> o maintaining approved software listing and communicating the risks to <br /> departments <br /> o updating County-Issued Technology Devise policy prohibiting users from <br /> installing non-supported software and adding un-approved devices to the <br /> County network <br /> r Redeployment of assets <br /> r Evaluating leasing as an option to procure computers and software licenses <br /> r Tracking users in a centralized database <br /> r Centrally receiving and accepting all IT assets to ensure DIT is aware of new <br /> computers or software before they are introduced into the County environment <br /> r Secure disposal <br /> o Annual review of secured disposal policy <br /> o Additional physical security controls to safeguard IT assets from loss or <br /> theft. <br /> Opportunities exist to fully meet best practices, such as DIT should: <br /> r Centralize the IT asset management function <br /> r Own all IT assets and establish an IT asset management role <br /> o Develop a one through five-year financial forecast of upgrades and <br /> replacements for each of the departments by analyzing the historical <br /> information on the County's IT environment, current trends, and future <br /> needs. <br /> r Conduct periodic physical inventory to ensure all County IT assets are properly <br /> recorded and included in the annual physical inventory. <br /> r Address gaps in Employee Policies to address: <br /> o Current software approval processes including annual review <br /> o Current redeployment processes including the retrieval of computers and <br /> software licenses that were installed on computers that were replaced or idle <br /> for an extended period of time. <br /> o Implement County-wide written procedures to centrally track users for all <br /> IT assets <br /> o Centrally receive and accept all IT assets and/or current receiving and <br /> accepting processes, and <br /> o Transfer of all obsolete hard drives to DIT for destruction including an annual <br /> review process. <br /> IT Asset Management Follow-up Audit Conclusion 113 <br />