My WebLink
|
Help
|
About
|
Sign Out
Home
Single Audit of Federal Financial Assistance Programs for Fiscal Year 2014 - 2015
PublicDocuments
>
Finance Department
>
Finance Administration
>
Audit Reports
>
Single Audit of Federal Financial Assistance Programs for Fiscal Year 2014 - 2015
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/14/2016 1:14:01 PM
Creation date
7/14/2016 1:00:25 PM
Metadata
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
33
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
County of Hawai‘i, State of Hawai‘i <br />STATUS REPORT <br />Fiscal year Ended June 30, 2015 <br />This section contains the current status of prior audit recommendations. The recommendations <br />are referenced to the pages of the previous audit report for the fiscal year ended <br />June 30, 2014, dated January 12, 2015. <br />SECTION II - FINANCIAL STATEMENT FINDINGS <br />Reference <br />NumberRecommendationCurrent Status <br /> <br />2014-001 Logical Access & Access Security (pages 25 - 26) <br /> Strengthen password controls for the IAS and ReCo Accomplished. As of <br />systems that include a combination of minimum June 30, 2015, password <br />length, complexity, expiration, history, and lockout requirements for both the <br />policy and duration. As a compensating control to ReCo system and IAS have <br />mitigate the lack of functionality in the IAS and ReCo been strengthened. <br />systems, strengthen the domain password <br />parameters and security settings to increase the <br />minimum password age and lockout duration <br />requirements. <br />Develop an information security policy, have the policy Not accomplished. Refer to <br />approved by the appropriate level of management and current year finding 2015- <br />communicate the policy to employees. 001 for management’s <br />response. <br /> <br />2014-002 Physical Security (page 27) <br /> The County should develop formal policies over the Not accomplished. Refer to <br />physical security of IT systems at the Civil Defense current year finding 2015- <br />Center and to implement them. The server room 002 for management’s <br />should be locked and access to keys or codes should response. <br />be limited to authorized personnel. A fire suppression <br />system should be installed to prevent or limit the loss <br />of data from fire. <br /> <br />2014-003 Information Technology (IT) Governance (page 28) <br /> The County should formally establish an IT Accomplished. The County <br />management steering committee that meets on a implemented quarterly IT <br />regular basis in order to evaluate IT risks and to management committee <br />ensure that identified risks are appropriately meetings to facilitate <br />addressed on a timely basis. information sharing and <br />collaboration between the <br />various departments <br />supporting the County’s <br />information technology <br />function. <br /> <br />30 <br /> <br />
The URL can be used to link to this page
Your browser does not support the video tag.