X hits on this document

PDF document

OFFICE OF AUDITOR OF STATE STATE OF IOWA - page 32 / 39

137 views

0 shares

0 downloads

0 comments

32 / 39

(J)

Villisca Municipal Power Plant

Schedule of Findings

Year ended December 31, 2003

To provide better control over budgeted disbursements and the opportunity for timely amendments to the budget, the financial reports given to the Board should include comparisons to the certified budget.

Response – The Secretary will present a statement of revenues and expenses report for

previous month.

The Secretary will verify the report has been reconciled

receipts and disbursement journals. We Secretary assuring it has been reconciled.

will have an official year-end We will have an annual audit.

report

with with

the the the

Conclusion – Response accepted.

Information Systems – The following weaknesses in the Power Plant’s computer based systems were noted:

The Power Plant does not have written policies for:

  • Password privacy and confidentiality.

  • Requiring password changes because software does not require the user to change

log-ins/passwords periodically.

  • Ownership of in-house developed software and data.

  • Logging off when a terminal is unattended and no automatic log off exists.

  • Requiring backups be performed weekly, monthly and yearly.

  • Storing system backup tapes at an offsite facility.

  • Ensuring only software licensed to the Power Plant is installed on computers and

monitoring software licensing requirements to ensure the Power Plant is in compliance.

  • Usage of the internet.

Also, the Power Plant does not have a written disaster recovery plan to help ensure the continuity of Power Plant operations in the event of a disaster.

Recommendation – The Power Plant should develop written policies addressing the above items in order to improve the Power Plant’s control over computer based systems.

Response –

  • 1.

    We will have the software provider set up passwords and require they be changed monthly.

  • 2.

    We will ask the software provider to set up an automatic log off system when computer is unattended.

31

Document info
Document views137
Page views137
Page last viewedMon Jan 23 08:56:31 UTC 2017
Pages39
Paragraphs1113
Words7575

Comments