My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Marcum Rachlin
SIBFL
>
City Clerk
>
Bids-RFQ-RFP
>
RFP
>
RFP No. 10-06-01 Auditing Services
>
Responses
>
Marcum Rachlin
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/8/2010 1:36:43 PM
Creation date
11/8/2010 1:36:21 PM
Metadata
Fields
Template:
CityClerk-Bids_RFP_RFQ
Project Name
Professional Audit Services
Bid No. (xx-xx-xx)
10-06-01
Project Type (Bid, RFP, RFQ)
RFP
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
77
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br />Sample Government, FLORIDA <br /> <br />SCHEDULE OF FINDINGS AND RESPONSES <br /> <br />FISCAL YEAR ENDED SEPTEMBER 30, 2009 <br />(Continued) <br /> <br />I. CURRENT YEAR COMMENTS AND RECOMMENDATIONS (Continued) <br /> <br />Condition <br /> <br />While ETS has a policy and performs periodic reviews of end user accounts, the policy and procedures <br />have not being uniformly followed throughout the entity Since the entity uses a partially decentralized IT <br />support model, there are applications/systems that are not currently being periodically reviewed to ensure <br />that access is appropriate. <br /> <br />Cause <br /> <br />While formal policy and procedures exist, they are not being adhered to by all departmental IT teams, <br /> <br />Effect <br /> <br />Terminated employees could have active user accounts and/or active employees could have excessive or <br />incorrect access, <br /> <br />Recommendation <br /> <br />We recommend deploying ETS' policy and procedures to all departmental IT teams along with tools to <br />enable and ensure periodic reviews are performed. <br /> <br />Views of Responsible Officials and Corrective Action <br /> <br />Although Network Access is promptly deactivated for terminating employees, the administration of many <br />user applications is decentralized. We believe that the systems are secure because terminated employees <br />cannot access the network, but it agrees that End User Administration should be further standardized in <br />order to insure terminated employees are removed from financial applications, Enterprise Technology <br />Systems will work with the responsible agencies to standardize end user administration processes for its <br />financial software systems <br /> <br />2009-08 TaxSys End User Administration <br /> <br />Criteria <br /> <br />Access administration enSures that employees and other users of key applications are provided access in <br />accordance to their roles and responsibilities via a standardized, formal process in which all access <br />requests are reviewed and approved by authorized process/application owners prior to <br />creation/modification. Inadequate access administration creates the risk that users have excessive access <br />and are able to perform activities or modify data without detection. <br /> <br />7 <br /> <br />I <br />I <br />
The URL can be used to link to this page
Your browser does not support the video tag.