Information Technology Governance
Local Government Management Guide

Area #5 – Malware Protection

Malicious software, or malware, are software programs that are designed to harm computer systems. These programs can wreak havoc on both systems and electronic data by, for example, gathering sensitive information such as passwords without the computer user’s knowledge, deleting files and making systems inaccessible or inoperable. Computer users can inadvertently install malware on their computers by opening email attachments, downloading content from the Internet or merely visiting infected websites.

Information Technology Governance
Local Government Management Guide

Area #4 – Contracts and Service Level Agreements for IT Services

Local governments and schools often rely on third parties to provide a variety of IT-related services. For your protection and to avoid potential misunderstandings, there should be a written agreement between your local government or school and the IT service provider that specifies the level of service to be provided by the vendor and clearly states your needs and expectations, including those relating to the confidentiality and protection of personal, private and sensitive information.

Information Technology Governance
Local Government Management Guide

Area #2 – IT Security Training and Awareness

A well-informed workforce is essential to securing electronic data and IT systems. Local governments and schools cannot protect the confidentiality, integrity and availability of their data and systems without ensuring that the people who use and manage IT understand IT security policies and procedures and their roles and responsibilities related to IT security. While the IT policies provide guidance to computer users as to what the governing board expects them to do, IT security training provides them with the skills to do it.

Information Technology Governance
Local Government Management Guide

Security Self-Assessment

The Security Self-Assessment appended to this publication addresses key areas of IT internal controls such as policy, training, access and contingency planning. Several of the main questions include follow-up questions that will elicit information helpful for evaluating the answers. For example, one of the questions is, “Were all computer users provided IT security training?” The question is followed by a prompt to record the date(s) of training and who attended, if applicable.

Information Technology Governance
Local Government Management Guide

IT Security Fundamentals

Prior to examining your local government’s or school’s IT internal controls, it is important to understand two concepts that are fundamental to how IT professionals approach data and network and system security: the CIA triad and defense-in-depth. These concepts highlight the importance of looking at internal controls both individually and collectively and will help you place the internal controls in context.

Overview of Governmental Accounting

This session will familiarize local officials with the accounting process for municipalities and some of the unique elements of governmental accounting. It will include an overview of Generally Accepted Accounting Principles (GAAP), the Uniform Accounting System, measurement focus and encumbrances. We’ll also discuss resources available from the Comptroller’s Office to assist fiscal officers with their responsibilities.

Improving the Effectiveness of Your Claims Auditing Process

This session will assist local officials in learning how to establish an effective and efficient claims processing system. A well-designed system ensures proper use of municipal resources, provides local officials with useful information and complies with all applicable laws and regulations.

Fiscal Oversight Responsibilities of the Governing Board

The governing board’s oversight role can touch virtually every aspect of a local government’s operations. This session will discuss some key functions including budget responsibilities, interim reporting, the audit of claims, and the annual audit requirements. We will also provide resources available to assist in these oversight activities.

Information Technology Governance
Local Government Management Guide

Area #1 – IT Policy

IT policies define the Board’s expectations for appropriate user behavior, describe the tools and procedures used to help protect data and IT systems, assign key responsibilities and explain the consequences of policy violations. The governing board should provide oversight and leadership by adopting IT policies that take into account people, processes and technology; communicating the policies to all computer users; and ensuring there are procedures in place to monitor compliance with policies.