Villisca Municipal Power Plant
Schedule of Findings
Year ended December 31, 2003
To provide better control over budgeted disbursements and the opportunity for timely amendments to the budget, the financial reports given to the Board should include comparisons to the certified budget.
Response – The Secretary will present a statement of revenues and expenses report for
The Secretary will verify the report has been reconciled
receipts and disbursement journals. We Secretary assuring it has been reconciled.
will have an official year-end We will have an annual audit.
the the the
Conclusion – Response accepted.
Information Systems – The following weaknesses in the Power Plant’s computer based systems were noted:
The Power Plant does not have written policies for:
Password privacy and confidentiality.
Requiring password changes because software does not require the user to change
Ownership of in-house developed software and data.
Logging off when a terminal is unattended and no automatic log off exists.
Requiring backups be performed weekly, monthly and yearly.
Storing system backup tapes at an offsite facility.
Ensuring only software licensed to the Power Plant is installed on computers and
monitoring software licensing requirements to ensure the Power Plant is in compliance.
Usage of the internet.
Also, the Power Plant does not have a written disaster recovery plan to help ensure the continuity of Power Plant operations in the event of a disaster.
Recommendation – The Power Plant should develop written policies addressing the above items in order to improve the Power Plant’s control over computer based systems.
We will have the software provider set up passwords and require they be changed monthly.
We will ask the software provider to set up an automatic log off system when computer is unattended.