Orange County Auditor-Controller Eric H. Woolery, CPA, today released a General Assessment of the Information Technology (IT) Security of the Auditor-Controller’s office. This audit revealed eight security findings, including one determined to be a critical weakness that involve Network Security Configurations. Due to the sensitive nature of the specific findings, the classified details of the report are not available to the public.
“I am concerned about the critical weakness involving our Network Security, but by performing this audit, this is the first step in correcting any issues,” said Auditor-Controller Eric Woolery. “With the hiring of our new IT Audit Manager, a first for our organization, we hope to be able to remedy all of the issued found in this audit and to continue to be committed to upholding the security this office requires.”
The audit identified one critical control weakness and four significant control weakness in the area of Network Security and three control findings in the area of IT Security Policies. The results of this audit will be considered in the Internal Audit Division’s Risk Analysis in preparing future audit plans.
This audit was performed as a “desk audit”, in which the IT Audit Manager utilized standard IT audit tools to query the network as well as conducted discussions with staff.
The Auditor-Controller’s office of Orange County typically releases anywhere from 1 to 5 audits per month. With over 400 employees, the Orange County Auditor-Controller’s office is the largest independently elected Auditor-Controller in the nation.