[read complete report - pdf]

Audit Objective

Determine whether Town of Fishkill (Town) officials ensured the Town’s Information Technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.

Key Findings

Town officials did not adequately secure and protect the Town’s IT systems against unauthorized use, access and loss.

• The Board did not adopt adequate IT policies or a disaster recovery plan.
• Officials did not adequately manage user accounts for the network or financial application.
• Town employees did not comply with the acceptable use policy (AUP) and officials did not monitor the use of IT resources.

Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

• Adopt comprehensive IT policies and a disaster recovery plan.
• Develop written procedures for managing system access.

Town officials generally agreed with our recommendations and indicated they planned to initiate corrective action.