My WebLink
|
Help
|
About
|
Sign Out
Home
Single Audit of Federal Financial Assistance Programs for Fiscal Year 2014 - 2015
PublicDocuments
>
Finance Department
>
Finance Administration
>
Audit Reports
>
Single Audit of Federal Financial Assistance Programs for Fiscal Year 2014 - 2015
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/14/2016 1:14:01 PM
Creation date
7/14/2016 1:00:25 PM
Metadata
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
33
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
County of Hawai‘i, State of Hawai‘i <br />SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) <br />Fiscal year Ended June 30, 2015 <br />SECTION II - FINANCIAL STATEMENT FINDINGS <br />Ref. <br />No.Internal Control Findings <br />2015-001 Information Security Policy <br />Condition:The responsibility of managing the County’s Information Technology (IT) <br />activities is shared by five separate departments. The Department of <br />Information Technology (IT) is primarily responsible for managing the <br />County’s central computer system while the other four departments have <br />personnel responsible for managing and supporting the computer system of <br />each respective department. We noted that the County’s IT activities, as a <br />whole, does not have standardized policies and procedures over information <br />security that are followed by all departments and agencies of the County. <br />Criteria: A standardized information security policy should exist that defines <br />information security objectives that are approved by management. This <br />policy should be supported by standards and procedures that are followed <br />by the entity as a whole. <br />Cause: The County does not have formally documented policies and procedures <br />over information security that are followed by all departments and agencies <br />of the County. <br />Effect: The lack of standardized policies and procedures could increase the risk of <br />unauthorized access to the County’s computer systems, which could <br />potentially result in unauthorized use, modification, damage or loss of critical <br />County data. <br />Recommendation <br />Management should develop standardized information security policies and procedures <br />that are followed by all departments and agencies of the County. <br />27 <br /> <br />
The URL can be used to link to this page
Your browser does not support the video tag.