Contact: Danielle Katz, (cell) 949-374-3828, 714-834-5279, Danielle.firstname.lastname@example.org
AUDITOR-CONTROLLER RELEASES GENERAL ASSESSMENT OF AUDITOR-CONTROLLER INFORMATION TECHNOLOGY SECURITY
November 15, 2016 – Orange County Auditor-Controller Eric H. Woolery, CPA, today released a General Assessment of Information Technology (IT) Security of the Auditor-Controller’s Office.
This assessment revealed eight security findings, including one determined to be a critical control weakness that involves network security configurations. Due to the sensitive nature of the specific findings, the details of the report are not available to the public.
“I am concerned about the critical weakness involving our network security, but by performing this assessment, this is the first step in correcting any issues,” said Auditor-Controller Eric Woolery. “With the hiring of our new Senior IT Audit Manager, we plan to perform similar assessments and audits county-wide in the future.”
The audit identified one critical control weakness and four significant control weaknesses in the area of network security configurations and three control findings in the area of IT security policies. The results of this audit will be considered in the Internal Audit Division’s risk analysisin preparing future audit plans.
This general assessment was limited to a “desk audit” in which the IT Audit Manager utilized standard IT audit tools to query the network and conducted discussions with Auditor-Controller IT staff.
The Auditor-Controller’s office of Orange County typically releases anywhere from 1 to 5 audits per month. With over 400 employees, the Orange County Auditor-Controller’s office is the largest independently elected Auditor-Controller in the nation.
For more information on the Internal Audit Division, or the Auditor-Controller’s Office, visit