Laserfiche WebLink
County of Hawai‘i, State of Hawai‘i <br />SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) <br />Fiscal year Ended June 30, 2015 <br />SECTION II - FINANCIAL STATEMENT FINDINGS <br />Ref. <br />No.Internal Control Findings <br />2015-001 Information Security Policy <br />Condition:The responsibility of managing the County’s Information Technology (IT) <br />activities is shared by five separate departments. The Department of <br />Information Technology (IT) is primarily responsible for managing the <br />County’s central computer system while the other four departments have <br />personnel responsible for managing and supporting the computer system of <br />each respective department. We noted that the County’s IT activities, as a <br />whole, does not have standardized policies and procedures over information <br />security that are followed by all departments and agencies of the County. <br />Criteria: A standardized information security policy should exist that defines <br />information security objectives that are approved by management. This <br />policy should be supported by standards and procedures that are followed <br />by the entity as a whole. <br />Cause: The County does not have formally documented policies and procedures <br />over information security that are followed by all departments and agencies <br />of the County. <br />Effect: The lack of standardized policies and procedures could increase the risk of <br />unauthorized access to the County’s computer systems, which could <br />potentially result in unauthorized use, modification, damage or loss of critical <br />County data. <br />Recommendation <br />Management should develop standardized information security policies and procedures <br />that are followed by all departments and agencies of the County. <br />27 <br /> <br />