My WebLink
|
Help
|
About
|
Sign Out
Home
2013-COH - Single Audit of Federal Financial Assistance Programs
PublicDocuments
>
Legislative Auditor
>
Audit Reports
>
Single Audit Reports
>
2013-COH - Single Audit of Federal Financial Assistance Programs
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
4/3/2023 4:15:43 PM
Creation date
4/3/2023 4:13:21 PM
Metadata
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
33
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
County of Hawaii <br />State of Hawaii <br />Schedule of Findings and Questioned Costs <br />Year Ended June 30, 2013 <br />Section II — Financial Statement Findings <br />Finding No. 2013-001: Information Technology (Significant Deficiency) <br />Condition <br />Information technology ("IT") is a strategic element of the operations of the County of Hawaii (the <br />"County") and the Department of Water Supply (the "Department"), a component unit of the County. <br />Because of the high volume of transactions at the County and the Department, the establishment of <br />internal controls over processes incorporating IT is critical to its operations. As part of our financial <br />statement audits for the year ended June 30, 2013, we performed IT general controls reviews of the <br />following systems operated by the County and the Department: <br />Count <br />• Windows Domain <br />• Eden <br />• Integrated Assessment System <br />• Revenue Collection <br />Department <br />• Windows Domain <br />• Select Financial System <br />• Public Utility Billing System <br />• ARB N_Sight Mobile System <br />Our review resulted in several IT control deficiencies in the areas of physical and logical security, change <br />management, and IT operations as follows: <br />Physical and logical security <br />• Lack of formal security administration policies and procedures addressing: <br />o New, transferred and terminated user account administration <br />o Maintenance of audit evidence to support approval of employee access to the system <br />o Identification of terminated employees who continue to have access to the system <br />o Identification of employees whose access to system resources are not commensurate <br />with their job responsibilities <br />o Minimum password security settings <br />o Network security reviews <br />o Minimum environmental security requirements <br />o Physical access to the servers <br />• Weak password security settings or the lack of system functionality to enforce strong password <br />policies for certain applications. <br />• System databases are not appropriately restricted and monitored for unauthorized changes. <br />• Appropriate user access reviews are not performed for certain applications and security groups. <br />Cage management <br />• Lack of a formalized change management process for certain applications and firewall configuration <br />settings. <br />• Lack of segregation of duties for developers and security administrators. <br />IT Operations <br />• Test restorations not performed. <br />21 <br />
The URL can be used to link to this page
Your browser does not support the video tag.