Laserfiche WebLink
MARTIN • STARVES <br />& ASSOCIATES, CPAs, P.A. <br />':4 Pr•ofessional.4ssocia~ion of Certified Public .4ccountants and Alanagenient Consultants" <br />October 13, 2009 <br />Board of County Commissioners <br />Cabarrus County <br />Concord, North Carolina <br />In planning and performing our audit of the basic financial statements of Cabarrus County, North Carolina <br />for the year ended June 30, 2009, we considered the County's internal controls to determine our auditing <br />procedures for the purpose of expressing an opinion on the basic financial statements and not to provide <br />assurance on internal controls. <br />However, during our audit we became aware of a several matters that are opportunities for strengthening <br />internal controls and operating efficiency. The following comments summarize our findings and <br />suggestions regarding these matters. We previously reported on the County's internal controls in our <br />report dated October 13, 2009. This letter does not affect that report or our report on the basic financial <br />statements dated October 13, 2009. <br />Finding 2009-1: <br />Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should <br />control physical access to the State network terminals or personal computers that are connected to the <br />State mainframe. <br />Condition: Lack of proper internal controls over data security. Upon surprise inspection, numerous <br />unattended work stations of DSS employees were logged onto the State network without anyone <br />attending to the work stations. Unauthorized access to the State system could be obtained due to the <br />unattended logon to the system throughout the DSS building. <br />Recommendation: Require County data processing department to implement procedures to require <br />logout of work stations where access to the State DSS system is granted. The control procedures should <br />include random verification of logout in instances where offices are unattended. <br />Management's Response/Corrective Action: To comply with Information Security Manual for North <br />Carolina Division of Social Services and County Departments of Social Services Version section 4.1, an <br />Addendum will be added to the Cabarrus County Technology Use Policy for DSS including the <br />requirement that all computers have a password screen saver implemented with a maximum of 15 <br />minutes before screen saver activates and that all computers be locked by the user when leaving work <br />station (Windows key + L or Ctrl-Alt-Del and enter). All current staff will sign the addendum by September <br />30, 2009 with newly hired staff signing the addendum at the same time signature of the policy is secured. <br />The signed addendum will be maintained in the employee's record with the policy.) <br />730 13th Avenue Drive SE ~ Hickory, North Carolina 28602 ~ Phone 828-327-2727 ~ Fax 828-328-2324 <br />13 South Center Street ~ Taylorsville, North Carolina 28681 • Phone 828-632-9025 ~ Fax 828-632-hment number 1 <br />Toll Free Both Locations 1-800-948-Q;~S ~ Website: www.martinstarnes.com Page 255 <br />