City of Tonawanda - Information Technology (2018M-146)

Issued Date
November 21, 2018

Audit Objective

Determine whether the Common Council (Council) ensured information technology (IT) assets were properly safeguarded.

Key Findings

  • The Council has not adopted an acceptable use policy or implemented procedures to properly monitor computer use.
  • City officials did not maintain an inventory of IT assets.
  • City employees were not provided with IT security awareness training.

In addition, sensitive IT control weaknesses were communicated confidentially to City officials.

Key Recommendations

  • Establish an acceptable use policy, distribute it to all City personnel and monitor IT usage.
  • Maintain an inventory of IT assets.
  • Ensure that all necessary City personnel receive IT security awareness training and that training is provided whenever the IT policies are updated.

City officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.