This audit was conducted to determine the effectiveness of information technology general controls for the overall organization and operation of the North Carolina Office of Information Technology Services (ITS). The ITS Education and Training policy for employees is general in nature and not adequate for key personnel, such as system administrators and information security officers. The ITS policy requiring contractors to acknowledge understanding of ITS policies is not enforced. Items regarding access controls, due to their sensitivity, were reported to the agency by separate letter and should be kept confidential as provided in North Carolina G.S. 132-6.1(c). Generally, the Department agreed with our findings and recommendations. Details about each item are provided in the Findings and Recommendations section of the report.
Office of the Information Technology Services-Information Technology General Controls
Categorization and Details