October 4, 2014
Appeal-Democrat
Andrew Creasey
The Sutter County Board of Supervisors agreed in part with
grand jury findings the county's Information Technology Department was not in
compliance with a 2011-12 audit report.
The grand jury found terminated employees still had access
to financial applications, passwords required to access systems were not
complex, independent security testing is not performed periodically and
information technology risks are not formally documented, evaluated and
addressed periodically.
The IT Department was audited by CohnReznick in fiscal
year 2012-13, which made several recommendations about IT policy and procedure
that were not implemented, according to the grand jury report.
IT Deputy Director Michael Baker told the grand jury the
department is understaffed and under-budgeted and that to implement the
recommendations of the report would be costly and time- consuming.
Many of the issues have been rectified since the IT
Department was reorganized into the General Services Department in July 2013,
according to the board's response.
A new policy was implemented in January 2014 requiring
passwords to be changed at regular intervals while adhering to password
complexity criteria.
The county financial system's security has been revamped.
Every account has been re-evaluated, and access to the system has been
restricted based on the individual user.
The county has spent about $318,000 overall on the
implementation of its financial system, said Chuck Smith, county spokesman.
In May 2014, the county became an official member of the
Multi-State Information Sharing and Analysis Center, which provides cyber
security services.
The county also developed an IT Strategic Plan with Curt
Dodds, an IT strategy consultant, at just under $6,000.
The grand jury report also recommended the IT Department
request additional funds to comply with the audit report.
"The board cannot concur with (that recommendation)
if it is not prepared to grant that additional funding immediately," Smith
said in an email.
In the response, the board said it acknowledges the needs
of the IT Department but must balance those needs with other areas.
"Continued budget constraints and the competing
priorities of the county are expected to continue for the foreseeable future,
and will force the county to make difficult decisions regarding funding any new
programs and efforts," the response stated.
The county was also concerned about the term
"compliance" in the grand jury report. There is no requirement to be
in compliance with the independent audit, Smith said.
CONTACT reporter Andrew Creasey at 749-4780 and on Twitter
@AD_Creasey.
No comments:
Post a Comment