Auditors found that systems software standards and documentation need improvement. Back-up tapes for one application system were not rotated off-site on a schedule mandated by NCCU policy. Other findings in this audit were of a sensitive nature and were reported to management in a private letter in the interest of information systems security.