Determine whether Cayuga County Soil and Water Conservation District (District) officials adequately safeguarded information technology (IT) assets.
District officials did not establish adequate controls over IT assets. The Board did not:
- Develop comprehensive IT policies or procedures.
- Enter into a written service level agreement (SLA) with the IT vendor.
- Establish adequate safeguards for online banking transactions.
- Implement strong access and financial application controls.
- Provide IT security awareness training for employees who use District IT assets.
In addition, sensitive IT control weaknesses were communicated confidentially to officials.
The Board should:
- Adopt comprehensive IT security policies and periodically review them.
- Enter into a SLA with the IT vendor.
- Provide IT security awareness training to personnel who use IT assets.
District officials generally agreed with our recommendations and indicated they plan to initiate corrective action.