Laserfiche WebLink
Board of County Commissioners <br />Cabarrus County <br />Page 2 <br />Information Security Manual for NC Division of Social Services and County Departments of <br />Social Services <br />4.1 Workstation Security <br />• Personal computers and computer terminals should not be left logged on when <br />unattended or not in use. If computers or computer terminals are left logged on <br />when unattended or not in use then they should be protected from unauthorized <br />access by physical, technical, or administrative controls such as passwords, time <br />driven screensavers, controlled workstation access, operational procedures, etc. <br />The agency security officer or designee will conduct audits regarding compliance with this <br />standard as part of the required audit process included in the Information Security Manual. <br />Finding 2009-2: <br />Criteria: Management should have a system in place to reduce the likelihood of errors in <br />financial reporting. <br />Condition: While documenting internal controls relating to the general ledger/journal entries, we <br />noted that all finance employees have the ability to post journal entries in the financial accounting <br />system. Furthermore, there is no formal review process in place for journal entries posted to the <br />system. <br />Recommendation: In order to ensure adequate segregation of duties and to reduce the <br />likelihood of journal entries being posted and not detected in a timely manner, management <br />should restrict journal entry access to those employees for whom it is required. Also, a formal <br />journal entry review process should be implemented. <br />Management's Response/Corrective Action: In response to this finding, all Finance staff <br />members' access to Munis, the computer financial software, will be reviewed and restrictions put <br />in place. Journal entry posting has been restricted to two Accountant positions and one Payroll <br />Technician position within the department. All journal entries will be reviewed the Assistant <br />Finance Director, or the Accounting Supervisor, prior to posting. The daily deposit journal entries <br />do not require approval and will be entered as part of the deposit process by the Deposit <br />Accounting Technician. The Finance Director will act as the backup for posting journal entries. <br />Finding 2009-3: <br />Criteria: Management should have a system in place to reduce the likelihood of errors in <br />financial reporting. <br />Condition: While performing procedures related to internal controls over data processing, we <br />noted that access to modules of the financial software need to be strengthened. This access <br />does not allow duties to be fully segregated and weakens internal controls. <br />Recommendation: Employees should only have access rights to modules that they need to <br />perform their daily functions. Read-only access can be granted for other modules as necessary. <br />The access rights should be changed as job duties change. <br />Management's Response/Corrective Action: In response to this finding, as stated above in <br />finding 2009-2, all Finance staff members' access to Munis, the computer financial software, will <br />be reviewed and restrictions put in place to enhance the segregation of duties. Not only will <br />computer access be restricted, duties will be redistributed to strengthen internal controls within <br />the department. <br />G-8 <br />Attachment number 1 <br />Page 256 <br />