city of San Antonio


Share to Facebook Share to Twitter Bookmark and Share
File #: 19-8488   
Type: Staff Briefing - Without Ordinance
In control: Audit and Accountability Committee
On agenda: 11/19/2019
Posting Language: AU18-F04 Follow-Up Audit of ITSD - Hardware & Software Lifecycle Management Process
Attachments: 1. AU18-F04 Follow-Up Audit of ITSD - Hardware & Software Lifecycle Management Process
Date Ver.Action ByActionResultAction DetailsMeeting DetailsVideo
No records to display.
AUDIT COMMITTEE SUMMARY
November 19, 2019
Follow-Up of ITSD Hardware and Software Lifecycle Management Process
Report Issued October 21, 2019

Audit Objective

Determine if prior audit recommendations are successfully implemented and working as intended.

Background

In October of 2016, the Office of the City Auditor completed an audit of ITSD's hardware and software lifecycle management process. The objective of the audit was as follows:

Determine if current process for managing the lifecycle of hardware and software for general office use throughout the City are appropriate and meeting the needs of City staff.

The Office of the City Auditor concluded that internal controls need improvement to ensure that the lifecycle of hardware and software are effectively managed. Specifically:

* A control to ensure that information needed to effectively monitor IT related purchase requests did not exist.
*
A standard process for performing periodic physical inventories did not exist; ITSD had not performed a physical inventory of assets since September of 2014.

* Privileged users with access to modify IT assets in the Remedy system were not being reviewed for appropriateness. Additionally, critical changes to the status (i.e. disposals or end of life) of IT assets were not being monitored.

* Disposed capital assets were not accurately accounted for in SAP.

ITSD management agreed with the conclusions in the 2016 report and developed action plans to address the audit recommendations.

Audit Scope & Methodology

The audit scope was limited to the recommendations and corrective action plans made in the original report for the time frame May 2017 to July 2018.

Audit Conclusions

We determined that of four action plans, ITSD successfully implemented one, partially implemented two, and did not implement one.

ITSD successfully implemented a process to ensure that ITSD personnel review IT related purchase requests for accuracy and completeness prior to management a...

Click here for full text