IT Audits of State and Local Governments
IT audits conducted for state and local government entities, including the following:
City of Blue Springs, MO
City of Independence, MO
Columbia, MO
City of Tulsa, OK
The objective of the audits was to assess the effectiveness of the user access management and IT controls over the entity’s systems, as they relate to the financial reporting process. The audit criteria were based on standardized control frameworks and each organization’s policies and procedures.
Audit Approach
The audits adopted a top-down approach, starting from mapping the technology architecture, examining entity-level controls, and working downward to accessing the application-level controls. The audit procedures included: interviewing the key personnel involved in managing IT components, reviewing relevant documentation, performing walkthroughs, testing a sample of user access records, and evaluating the design and operating effectiveness of controls.
Audit Findings
The audits identified several significant risks and control weaknesses related to the examined systems, including the following examples:
Unauthorized or inappropriate user access to systems
Outdated ser access policies that reflect the current roles and responsibilities of the users and the business processes
Inadequate or ineffective user access monitoring and reporting that could result in user access issues
The audits discovered several significant risks and control weaknesses indicating controls over the systems were effective in ensuring the reliability and integrity of the financial reporting process. Comprehensive audit reports identified control deficiencies that could result in errors, fraud, or misstatements in the financial statements. The audits also provided several recommendations to improve the user access management process, system controls, and to mitigate the risks.
