My WebLink
|
Help
|
About
|
Sign Out
Home
2014-COH - Single Audit of Federal Financial Assistance Programs
PublicDocuments
>
Legislative Auditor
>
Audit Reports
>
Single Audit Reports
>
2014-COH - Single Audit of Federal Financial Assistance Programs
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/13/2015 3:33:40 PM
Creation date
7/13/2015 2:39:32 PM
Metadata
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
40
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
County of Hawaii, State of Hawaii <br />SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) <br />Fiscal Year Ended June 30, 2014 <br />SECTION II - FINANCIAL STATEMENT FINDINGS <br />Ref. <br />No. Internal Control Findings <br />2014-001 Logical Access & Access Security - Significant Deficiency <br />Condition: During our audit, we noted that the County had several internal control deficiencies <br />related to logical access and access security including: <br />• Inadequate password parameters and security settings for IAS and ReCo, <br />combined with network domain password security settings pertaining to minimum <br />password age and lockout parameters that could be further strengthened. <br />• The County did not have any formally documented security administration <br />policies and procedures. <br />Criteria: Access to programs and data are appropriately controlled to prevent unauthorized <br />use, modification, damage or loss of data. <br />A control process exists and is followed to periodically review and confirm user <br />access rights in a timely manner. <br />Procedures exist and are followed to maintain the effectiveness of user <br />authentication and access mechanisms such as password length, password <br />history, and lockout for failed attempts. <br />An information security policy exists and has been approved by an appropriate <br />level of management. A framework of security standards has been developed <br />that supports the objectives of the security policy. <br />Cause: The County has not formally documented all of the Logical Access & Access <br />Security controls nor effectively designed all of these controls. The IAS and ReCo <br />systems do not have the functionality to support adequate password parameters <br />and security settings. <br />Effect: Unauthorized logical access to these systems could result in the destruction of data, <br />unauthorized transactions being made, transactions being inaccurately recorded, or <br />internal controls being circumvented. <br />25 <br />
The URL can be used to link to this page
Your browser does not support the video tag.