Laserfiche WebLink
Conclusion <br /> We sincerely thank the Department of Information Technology's leadership and staff for <br /> their cooperation during our follow-up work and for their efforts in working toward <br /> implementing and partially implementing most IT asset management recommendations, <br /> such as: <br /> ➢ Lifecycle management for hardware and software upgrades and replacements <br /> ➢ Purchase request and approval <br /> maintaining approved software listing and communicating the risks to <br /> departments <br /> updating County-Issued Technology Devise policy prohibiting users from <br /> installing non-supported software and adding un-approved devices to the <br /> County network <br /> ➢ Redeployment of assets <br /> ➢ Evaluating leasing as an option to procure computers and software licenses <br /> ➢ Tracking users in a centralized database <br /> ➢ Centrally receiving and accepting all IT assets to ensure DIT is aware of new <br /> computers or software before they are introduced into the County environment <br /> ➢ Secure disposal <br /> Annual review of secured disposal policy <br /> Additional physical security controls to safeguard IT assets from loss or <br /> theft. <br /> Opportunities exist to fully meet best practices, such as DIT should: <br /> ➢ Centralize the IT asset management function <br /> ➢ Own all IT assets and establish an IT asset management role <br /> Develop a one through five-year financial forecast of upgrades and <br /> replacements for each of the departments by analyzing the historical <br /> information on the County's IT environment, current trends, and future <br /> needs. <br /> ➢ Conduct periodic physical inventory to ensure all County IT assets are properly <br /> recorded and included in the annual physical inventory. <br /> ➢ Address gaps in Employee Policies to address: <br /> Current software approval processes including annual review <br /> Current redeployment processes including the retrieval of computers and <br /> software licenses that were installed on computers that were replaced or idle <br /> for an extended period of time. <br /> Implement County-wide written procedures to centrally track users for all <br /> IT assets <br /> Centrally receive and accept all IT assets and/or current receiving and <br /> accepting processes, and <br /> Transfer of all obsolete hard drives to DIT for destruction including an annual <br /> review process. <br /> IT Asset Management Follow-up Audit Conclusion page 13 <br />