The primary objective of this audit was to evaluate IS general controls at the College. The scope of our IS general controls audit included general security issues, access controls, program maintenance, physical security, operations procedures, system software, telecommunications, and disaster recovery. Other IS general control topics were reviewed as considered necessary. Some of the findings are summarized below. We found that proper segregation of duties is not logically enforced and that the internal auditor was not involved in the review of information systems. We noted several weaknesses in access controls over the mainframe and LAN servers. We noted the College has not implemented a firewall to prevent unauthorized access to the telecommunications network. A complete disaster recovery plan that is tested periodically is necessary to enable the College to recover from an extended business interruption due to the destruction of the computer center or other College assets.

First Published
NC County