Historic
City Hall
17 S. Second Ave.,
#200 Phoenix,
AZ 85003
602-262-6641
City
Auditor Department - Project Highlights
We
believe that the cumulative effect of our audits and management
services has a significant impact on the stability and credibility
of our city. We are determined to improve the organization and
Phoenix as a whole. This belief and determination is reflected
by the full range of services we perform, the recommendations
we make in our audits and the economic benefit of our efforts.
Noted below are several project highlights over the past year.
Badging
Regulation
A citywide audit of badge security identified the need for citywide
policies for the distribution and control of access badges.
The City Auditor Department facilitated 24 committee meetings
made up of employees considered experts in the areas of security,
locks and keys, identification badges and homeland defense to
develop an administrative regulation for access control and
badging.
Committees
had representation from 14 city departments and members were
from all levels of the organization. The committees developed
an administrative reglation that established guidelines for
access authorization, identification, key control, alarm services
and other general security guidelines.
Internal
Network Vulnerability Assessment
According
to IT Security experts, more than 70% of unauthorized access
to sensitive information comes from internal users, not external
hackers. The city has a significant amount of sensitive data
that should be kept confidential, such as personally identifiable
information, medical information, and credit card numbers.
The
City Auditor teamed up with external auditors to perform a vulnerability
assessment of the internal network. Our consultants scanned
each active device type (e.g. workstation, server) to determine
if there were any vulnerabilities that would allow unauthorized
access, such as:
Well known default
passwords
Delinquent patch
installation
Excessive open
ports
We provided each
department with a list of vulnerabilities. Information Services
is coordinating mitigation of these risks citywide.
Cellular
Phone Usage
The
primary goal of this audit was to review cellular phone usage
by city employees to assure that usage is appropriate and
expenditures are reasonable.
The city has annual
cellular phone expenditures of more than $1.3 million, with
22 city departments that utilize cellular phones. We utilized
Audit Control Language (ACL) software to analyze more than
2.5 million call records, which represented 81% of all annual
cellular expenditures.
Overall,
employee usage of cellular equipment was in compliance with
city policy. Our report included some recommendations for
increased internal controls as well as incorporating future
call data testing into continuous auditing.
Continuous
Auditing
The
primary goals for our continuous auditing program are:
1) Audit / monitor high risk areas citywide
2) Perform testing on a continuous basis to detect and prevent
problems as quickly as possible
3) Increase our
audit coverage throughout the organization.
During fiscal year
2006/07, we performed continuous audit testing in the areas
of cash, accounts payable, expenditures, contracts, payroll,
Internet privacy, monthly financial reporting, and missing
/ stolen property. We performed detailed testing on more than
1,100 transactions and contacted more than 180 employees.
