This audit was conducted to determine the effectiveness of the general and business process application controls maintained by the Department of Information Technology (DIT). The general control objectives were: security management, access controls, configuration management, segregation of duties, and contingency planning. Our audit found that DIT did not annually review the standard pre-approved changes inventory as required. Auditors also found that DIT did not retain testing documentation, increasing the risk that systems may not operate as intended. DIT agreed with our findings and recommendations. Details about each item are in the Findings and Recommendations section of the report.
Document Entity Terms
First Published