ISA-2014-1514
This audit was conducted to determine the effectiveness of information technology general controls in the Office of Information Technology Services (ITS). The audit specifically focused on controls for the virtual server environment managed by ITS and the North Carolina Identity Management Service (NCID) system. Our audit found that there is a lack of documented procedures for managing the ITS virtual environment and that service level agreements between ITS and clients are not reviewed regularly. Auditors also found that changes are made to the ITS virtual environment without documented authorization and that required information is not included in documentation for changes to key systems. Additionally, prior year audit issues have not been resolved which increases risks to ITS operations. ITS generally agreed with our findings and recommendations. Details about each item are provided in the Findings and Recommendations section of the report.