Document Sample
City_of_Akron_00-Summit_ML Powered By Docstoc
Management Letter
for the Year Ended
December 31, 2000
Deloitte & Touche LLP
127 Public Square
Suite 2500
Cleveland, OH 44114

Tel: (216) 589-1300
Fax: (216) 589-1369

June 8, 2001

The Honorable Mayor Donald L. Plusquellic
and Members of the City Council of the
City of Akron, Ohio

In planning and performing our audit of the general purpose financial statements of the City of Akron,
Ohio (the “City”) as of December 31, 2000 and for the year then ended (on which we have issued our
report dated June 8, 2001), we developed the following recommendations concerning certain matters
related to the City’s internal control and certain observations and recommendations on other accounting,
administrative and operating matters. Our comments are presented in Exhibit I.

This report is intended solely for the information and use of the Auditor of the State of Ohio, City
Council, management and employees of the City and is not intended to be and should not be used by
anyone other than these specified parties.

We have also communicated to you during prior year audits certain additional matters related to the City’s
internal controls. These matters have not been duplicated in this letter; however, the City should continue
to assess its progress in addressing those matters.

We will be pleased to discuss current and prior year comments with you and, if desired, to assist you in
implementing any of the suggestions.

Yours truly,
                                                                                                 EXHIBIT I


Loans Receivable – Unrecorded Loans

Observation - During the course of our loans receivable testing, we noted several loans made by the City that
were not recorded in the general ledger. We understand the aforementioned loans were expensed in the year
they were entered into and that the City subsequently recorded such loans as an adjustment to the 2000
financial statements.

Recommendation - We recommend the City consider evaluating all departments within the City that can
initiate loan transactions. The authorized departments should be trained to identify loan transactions and
monitored by accounting personnel to ensure that the loan is properly reflected in the financial statements.
Procedures should be developed to improve the communication and documentation of these transactions.

City’s Response - The City did identify, document, and subsequently followed up on the aforementioned
loans prior to an outside notification. The City has taken steps to identify potential loans made by various
divisions during the year.

Utilities Receivables - Write-Off of Uncollectible Accounts

Observation - During the course of our receivable testing, we noted that several utility receivables accounts
were over 90 days past due. Several of these accounts have been inactive for several years. We understand
that the City maintains a 95% valuation allowance against these accounts, but does not actually write any of
these accounts off due to the amount of time that would be necessary to consistently review utility accounts
for collectibility. Inactive accounts are also not written-off because the City’s system of tracking accounts
will automatically attach inactive account balances to a new account if an individual ever attempted to open a
new account.

Recommendation - We suggest the City consider reviewing their utility accounts on a regular basis in order
to determine if “open inactive” accounts should be written-off. Alternatively, the City may wish to enact a
policy in which accounts are automatically written-off if they have been inactive for a certain period of time.
This would allow for timely write-offs, while reducing the volume of accounts. A separate file could be
maintained including information of previously written-off accounts to be crosschecked when a customer
applies for a new account.

City’s Response - Late in 1999, the Public Utilities Bureau (the “PUB”) implemented a new computer billing
system. The PUB acknowledges that there is no current policy dealing with inactive accounts. There is a
design team developing “best business practices” for the Utilities Business Office, including collections and
inactive accounts.


Local Law Enforcement Block Grant, Public Safety Partnership, and Community Policing Grants

Observation - During our testing of internal control and compliance requirements for the Local Law
Enforcement Block Grant (the “LLEBG”), Public Safety Partnership, and Community Policing Grants, we
observed the following:

    •   Written procedures regarding subrecipient monitoring do not exist for the LLEBG grant
    •   No written procedures exist related to matching, method of equipment counts, or reporting
    •   All available federal funds under the LLEBG 1997 grant were not used
    •   All of the “Activity Reports” were not retained after the Financial Status Reports were faxed
    •   Copies of the Progress Reports could not be located

Recommendation - The following recommendations were developed based on the aforementioned

    •   The City should document and follow written procedures to monitor subrecipient activities through
        review of financial and programmatic reports, performance of site visits, review of the respective
        subrecipient’s audit report and follow up of corrective actions.

    •   In order to be in compliance with federal guidance, a written policy should exist that establishes
        responsibility and provides the procedures for program income, matching, method of equipment
        counts and reporting requirements. Additionally, a tracking system should be implemented that
        reminds staff when reports are due and supervisory reviews of reports should be implemented to
        assure accuracy and completeness of data and information included in the reports.

    •   In order to maximize the use of federal grant monies, all available funds should be monitored to
        ensure that all funds are used to enhance the police programs. In addition, if funds are not utilized,
        there is the potential that future funds will be reduced because prior funds were not fully utilized.

    •   In order to provide better verification as to the date of filing the Financial Status Reports, the
        Activity Reports should be retained and filed.

    •   Although we were able to verify with the Department of Justice that the Progress Reports had been
        filed, the City should retain copies of the Progress Reports in the files to provide evidence of their

City’s Response - The City will review the subrecipient monitoring recommendations and work towards
implementing suggested recommendations and procedures. The City will also work towards generating a
written policy for establishing responsibility for monitoring activity, supervisory reviews, and reporting

The grant period for the LLEBG 1997 started 10/1/97, but the City was not eligible to receive any funds until
all jurisdictions involved agreed to a joint spending plan. The delay was with Summit County and
negotiations lasted until September 1998 or approximately one year from the initial grant period. In
December, 1998, the City was finally able to proceed with the public hearing process and other subsequent
steps as required by the Bureau of Justice Assistance. In February 1999, the City received the grant

adjustment notice that authorized expenditures to begin. This left the City with less than one year in which to
obligate and spend the approved funds. The City believes that an exemplary job was done of spending the
majority of the funds within this reduced time period and feels fortunate to have returned only $56,427 of the
federal award amount of $592,174. From all indications, these delays have not and will not result in a
reduction of allocations on subsequent LLEBG Grant Programs.

The activity reports printed by the fax machine are generally retained. However, since it is a “community”
fax shared by many, either the report did not print correctly, or was inadvertently destroyed. The City will at
least attach a note to the financial reports if a similar situation should occur again.

The semi-annual progress reports are the responsibility of the officer who oversees the grant operations. In
the future, the Planning and Research Unit should receive a copy of the Progress Reports so that they can be
filed with the financial records. The Planning and Research Unit has recorded the due dates of the various
reports to remind the personnel responsible for completing them when they are due and can request a file
copy at that time.

Enterprise Community Program

Observation - During our testing of reporting procedures, we noted that the City did not submit an
expenditure report for the fourth quarter of 2000 as required by the Enterprise Community Program grant
agreement with Ohio Department of Human Services.

Recommendation - We recommend that the City file all required financial reports as required on a timely

City’s Response - The City is in agreement and will request the Planning Department to file all required
financial reports on a timely basis.

Women’s, Infants & Children Program (WIC)

Observation - During our testing of cash management procedures, we noted that the City began receiving
advance funding for the Women’s, Infants & Children Program (WIC) from the U.S. Department of
Agriculture during the previous year. A special revenue fund has been established and excess cash balances
are included in the “pooled cash” of the City and invested by the City’s Treasury Division. Currently, no
interest earned on these advances is allocated to the WIC fund from the Investment Earnings Fund.

Recommendation - The WIC program is subject to the Cash Management Improvement Act of 1990. As
such, any interest earned on advance funding should be used for the purposes of the program per the grant.
While the amounts are currently not significant, we suggest the City allocate interest to the WIC program
according to their interest allocation procedures.

City’s Response - The City has reviewed the federal guidelines relating to the WIC Program and is in
agreement with the recommendation of interest allocation. The City will allocate interest to the WIC
Program beginning in 2001.


Observation - During our testing of budgets, we noted instances of non-compliance as appropriations
exceeded estimated revenues for certain funds.

Recommendation - Per Ohio Revised Code 5705.39, the total appropriation from each fund should not
exceed the total estimated revenue. In addition, no appropriation measure is to become effective until the
county auditor files a certificate that the total appropriations from each fund do not exceed the total official
estimate or amended official estimate. The County certifies a tax budget that lists expenses, however, the
City has not received a certified appropriations budget. This is essential for budgeting purposes to ensure
that appropriations do not exceed available resources.

City’s Response - The City does have grant funds that require the funds to be expensed prior to drawing
down the grant funds, thus draws may occur in the subsequent year and are not included in the current year
estimated revenues. The City is required to submit the tax budget to the County by July 20th of the year
preceding the tax budget year. Based on the tax budget prepared by the City, the County does provide the
City with an “Official Certificate of Estimated Resources” prior to the end of the year.


Information Security Policy and Standards

Observation - Formal information security standards and policies have not been developed. Information
security and standards policies provide documentation of the organizational security framework and provide
guidance for proper and consistent implementation of security and standards across the organization.

Recommendation - We understand that the City of Akron has begun the initial process for developing an
Information Security and Standards Policy. A comprehensive Information Security and Standards policy
should be developed at the City of Akron that applies to all users and all computer environments. This
policy should include, but not be limited to, provisions to establish:

•   Proper use of the City of Akron’s computer hardware and software
•   Confidentiality of information (i.e. passwords, resident information and financial data),
    in electronic as well as hardcopy format
•   System implementation and security change control guidelines
•   Remote access standards
•   Data backup policies
•   Virus protection policies
•   Adherence to software licensing agreements
•   Documentation of the penalties for violation of the security policies

A copy of the information security policy should also be given to all employees, and all employees should be
required to sign a copy to acknowledge that they read it, which should be filed in the employee’s records.

City’s Response - The City will continue to develop an Information Security and Standards policy. The Law
Department is currently working on E-mail, Internet, and PC usage policies. Virus protection has been
standardized by installing InoculateIT on all personal computers and servers. Other areas will be addressed
by various Departments in the future. The City will give each employee a copy of the policy and we will
consider requiring employees to sign a copy for their employee file.

User Access Administration

Observation - A “Network Access Request” form has been created to document requests and approvals of
access to the network environment; however, there is no formal documented access request and approval
necessary prior to the users being granted access to the MUPS application.

Additionally, there is no formal communication from Human Resource to the MUPS or Banner Systems
Administrators of employee terminations or transfers to ensure the timely removal of user access to the City’s
computer systems and information.

Recommendation - Formalized access request procedures help ensure that user access is restricted to only
the necessary applications, functions, and information needed by each individual employee. A MUPS access
request form should be required to be completed for each new employee or access change request. The forms
should be signed by the user’s supervisor indicating that the request is valid and authorized.

Additionally, on a regular basis (i.e. biweekly or monthly), the Human Resources department should provide
the Information Systems Department with a listing of employees who have changed job positions or left the
City, to enable system and application administrators to ensure that the employee’s access has been
appropriately adjusted or revoked.

City’s Response -The “Network Access Request” form was created not only for a means to document
requests and approvals to the network environment, but also as a communications channel between the MIS
Division and the users of the network. The form was designed for the users to inform the MIS Division of
additions, changes and deletions to the network environment. The users are required and instructed to fill
out, sign and send the forms to the MIS Division. These forms are available from the MIS Division or can be
downloaded from the City’s Intranet. Once MIS receives the forms, they are filed and entered into an
assignment database. The database is reviewed by an NT administrator. The NT administrator will make the
appropriate changes to the users accounts and then notify the other administrators of the changes so that they
can also make the appropriate changes in their systems or applications.

The Personnel Department currently does supply the MIS Division with a monthly report, indicating changes
in personnel throughout the City. This report includes new hirees, transfers and employees who resign from
the City. The NT administrator receives the report and reviews it and makes the appropriate changes to the
network environment. As part of these changes, other administrators are notified of these changes so that
they can also make the changes in their applications.

A new MUPS form was developed and is in use for the following:

Add, delete and modify user access to AIX and MUPS permissions.

Add or remove software on MUPS PC’s.

Add or remove hardware on MUPS PC’s.

Move hardware from one location to another.

Setup users profile and mail on multiple PC’s.

A copy of the form is available.

Windows NT Logical Security

Observation - In the past year, the Windows NT LAN environment has become more significant in terms of
processing business critical applications. However, the current security measures implemented in the
Windows NT environment do not reflect the importance of the Network. Our procedures identified the
following security weaknesses:

•   Password parameters have not been configured to ensure a strong level of security. Proper password
    security controls help to ensure that only authorized personnel are utilizing computer systems. We
    identified the following weaknesses in the password controls over the City’s Windows NT environment:

    o   NT_CITY Domain: All NT user accounts are configured so that the passwords never expire and the
        user is never forced to change the account password.

    o   NT_CITY Domain: The Windows NT Account Policy settings do not require periodic password
        changes, does not establish a minimum password length (which may allow users to have accounts
        that do not require a password for authentication), and there is no restriction on the reuse of user

    o   SAFETY and CADNET Domains: Passwords are only required to be four characters in length and
        changed every 365 days.

•   12 users in the Budget Global user group within the NT_CITY Domain have been granted the advanced
    system right to “Act as part of the Operating System”. This allows a process running under any of these
    IDs to execute as a secure, trusted part of the operating system. This increases the risk that unauthorized
    system level activities could occur that may impact the integrity of the network and application systems.

Recommendation - We recommend that NT Account Policies be synchronized across all Domains that
adhere to the MIS Security Policies (see Information Security Policy and Standards comment above).
Security controls that should be enhanced include a password change interval of 60 days, a minimum
password length of six characters, and a password history of five. In addition, the system administrator
should review the Windows NT system rights that have been granted to user groups and ensure that all rights
have been appropriately assigned.

City’s Response - The City agrees that it is a good idea to synchronize a security policy across all the
domains that adhere to the Information Security Policy and Standards and will work toward that goal with

The City does recognize the importance of security on the Network and is currently discussing possible
changes to the NT user accounts and the accounts policy. These include: passwords being at least six
characters long, forcing periodic password changes and a restriction on the reuse of users’ passwords. These
changes should be applied sometime this year.

The Budget Global user group in the Akron City domain has been altered from the “Advanced System Right”
to “Act as part of the Operating System”.

UNIX Security

Observation - We identified several potential security weaknesses in the UNIX environments that may
represent risks to the integrity of the processing environments. Specifically, we identified the following
security related concerns.

•   CTYAKRON (Banner server)

    o   Nine UNIX accounts exist that have root-level authority. Many of these accounts are unused or do
        not appear to be needed on the system, therefore creating additional risk that these privileged
        accounts may be used for unauthorized purposes.
    o   Two UNIX hosts were identified that are trusted by the CTYAKRON machine. The trusted hosts are
        no longer needed.
    o   The UNIX password change interval has been set to 24 weeks. As a result, a majority of the
        passwords have not been changed in over 90 days.
    o   Several root-level account passwords have not been changed in over 4 years.
    o   There are several shared accounts/duplicate UIDs that may be used by users or system
        administrators. The sharing of user accounts weakens system audibility and user accountability by
        making it difficult, if not impossible, to trace back changes made with shared accounts to an
        individual user.

•   AKRON (MUPS server)

    o   All users have the ability to access the system via File Transfer Protocol (FTP).
    o   Security monitoring is not performed on a regular basis.
    o   Password controls do not require a minimum password length, passwords are not required to be
        changed on a periodic basis, and no password history is retained to prevent the reuse of prior
    o   There are a high number of user accounts that have been assigned as a member to several UNIX
        system groups, including the SYS, SYSTEM, BIN, and SECURITY groups. Therefore, these users
        have the authority as a member of these groups to access many of the sensitive system or application
        files owned by these groups. This may represent a significant risk to the integrity of the UNIX
        operating system and the application systems.

Recommendation - The above security weaknesses should be reviewed and evaluated for appropriateness.
Best practices indicate that:


    o   Only 2 – 3 root level accounts should have access to the system
    o   Trusted domains should be removed from the system if not in use
    o   Root level passwords should be changed on a regular basis
    o   Duplicate User IDs should not be used and User IDs for users and administrators should not be

•   AKRON (MUPS server)

    o   Security monitoring should be performed on a regular basis

    o   Passwords standards should be implemented that include a minimum of 6 characters in length,
        passwords should be required to be changed every 60 days, and a password history should be
        implemented to prevent the reuse of the prior five account passwords.

    o   Users should only be established into the necessary groups. Access should be limited to only those
        functions needed to perform job responsibilities.

    o   FTP access controls should be implemented to ensure that only accounts that need to access the
        system via FTP should be permitted.

City’s Response -

CTYAKRON (Banner Server)

Four (4) unused UNIX accounts were deleted that had root-level authority.

Both trusted hosts (CTYAKRON machine) were deleted.

The City will consider changing the UNIX password change interval of 24 weeks to 12 weeks.

Root-level account passwords have been changed.


The City has contacted the vendor to help MIS do the following so that we can ensure MUPS users can
perform their daily jobs:

        Monitoring security on the MUPS server will be done.

        The City will change the passwords for MUPS user and for AIX users, similar to the
        methods that will be used for NT.

        The City will look into reducing the number of accounts that access the SYS, SYSTEM,
        BIN, and the SECURITY groups. Additionally, FTP access will be reviewed. Contact has
        been made with the MUPS software owner for their recommendations.

Root passwords have already been changed by MIS.

Permissions to Critical Application and Database Files

Observation - During our review of UNIX Security (CTYAKRON and AKRON) and Network Security, we
identified that permissions to both Network and UNIX files appear to give users the ability to modify
application software and application data. Inappropriate modifications to application software and data may
lead to system errors or data integrity issues. Specifically, we identified the following concerns:

•   Windows NT Network

    o   The EVERYONE user group has full access to the directories where the PeopleSoft executable files
        are located, which provides every user with the potential ability to change or delete critical
        PeopleSoft programs or files.

    o   The EVERYONE user group has full access to the directories where the Oracle Database files for the
        Banner system are located which provides every user with the potential ability to change or delete
        critical database files.

•   UNIX

    o   Several files are set up as world and/or group writable. Over 800 world-writeable files were
        identified on the CTYAKRON server that includes PeopleSoft and system backup files, and over 350
        world-writeable files identified on the AKRON MUPS server. These files can be accidentally or
        purposefully modified or deleted by any system user with command line access without appropriate
        approval and/or review. These files can also be accessed and modified by using FTP, which
        currently is not restricted.

Recommendation - A review of Windows NT directory shares should be conducted and public access
restricted appropriately. Where public access is necessary, the EVERYONE group should be restricted to
Read and Execute authority on most directories where appropriate. Additionally, a similar review of Unix
files should be performed and file permissions on all critical files should be restricted as necessary.

City’s Response - Unnecessary files were deleted off the CTYAKRON server. The same will be done with
the MUPS server after the City has reviewed the files with the vendor.

The City is currently in the process of removing the EVERYONE user group from the PeopleSoft directories.
A PeopleSoft user group has been established with all the users who have permission to access the
PeopleSoft application. The next step will be to replace the EVERYONE group with the PeopleSoft group
on all the PeopleSoft directories and shares. This will then give only users in the PeopleSoft group access to
the PeopleSoft application. This will be done after a review of the permissions on the PeopleSoft directories
so that permissions already established are not removed.

Access to the Banner application directories are being limited by the use of a Banner user group. This group
will also be used to limit the access to the directories where the Oracle Database files are located.

On the AIX MUPS UNIX server, the City has contacted the owner of the software to discuss these issues
before making the changes.

Administrator Training

Observation - During our review of the City of Akron’s computer systems, we identified several instances in
the AIX environment where security weaknesses were present. These weaknesses are primarily due to
requirements in the MUPS application however, these weaknesses may potentially be correctable, without
implications to the MUPS application, if the City of Akron had the appropriate knowledge of the application
and platform to make these changes.

                                                    - 10 -
Recommendation - Since the City of Akron’s computer environments are rather complex and since they are
using technologically advanced platforms (Windows NT, SVR5 Unix, and AIX Unix) and applications
(Oracle on NT, Oracle on Unix, Banner, and Peoplesoft), all administrators should have the necessary skills
and training to support these platforms and applications.

We recommend that platform and application administrators attend the necessary trainings so that they have
the necessary knowledge to make changes to the systems considering operational, functional, and security
related issues.

City’s Response - The City has sent all administrative and application MIS personnel to many classes over
the last several years and is still continuing that education. When problems arise that are above the skill level
of MIS personnel, the vendor is contacted for support. The City’s environment is continually changing and
as an example Banner was running on UNIX and is now running on NT. The City will do its best to provide
the necessary training to MIS personnel as in the past.

Vendor Access

Observation - During our review of the City of Akron’s computer systems, we identified that vendors have
the ability to dial into the City’s computer systems without the permission or knowledge of the City of

Recommendation - The City of Akron should disable any vendor accounts and/or disable any modems when
they are not needed by the vendors for dial-in purposes. Vendor accounts should also only be activated for a
period agreed upon by the City of Akron and the Vendor (i.e. 1 day).

These policies should be documented in the Security Policies and Procedures (see Information Security
Policy and Standards comment above) as a guideline for MIS personnel and vendors to follow.

City’s Response - A letter will be going out to each application analyst, with copies to their respective
Departments about dial-in and account policies. Each analyst will then forward a copy to all appropriate
vendors indicating the methods of contacting the analyst to obtain access when needed. All dial-in access
will be documented. This will place the City in control of outside access.

Several vendors do have the ability to dial into the City’s network to make changes and help troubleshoot
problems. These vendors are assigned a username and password to dial in. These user accounts are enabled
when the vendors need to get in and disabled when they are done. In addition, these accounts are set up to be
used only Monday through Friday and only from 8:00 a.m. to 4:00 p.m. when MIS is present.

Information Systems Steering Committee and Strategic Plan

Observation - A steering committee has not been established to discuss Information Systems (IS) issues,
strategies and policies. General documentation, such as an information systems strategy, IS policies and
procedures, network diagrams, and business continuity plans have not been developed and documented for
the current systems.

General documentation is beneficial to both MIS and the City because it communicates and informs
personnel of critical information. Without a strategic plan, an organization cannot effectively plan for the
future direction of its use of technology and information resources. Additionally, there is no guideline or
benchmark that the organization can use for comparison purposes to ensure that it is moving in the intended

                                                     - 11 -
Recommendation - An IS steering committee should meet on a regular basis (i.e., monthly or quarterly) to
provide overall direction for IS activities, prioritize IS activities and discuss IS issues, strategies and policies.
This steering committee should be comprised of MIS and business representatives, as well as members of the
City’s management. The IS steering committee should develop a strategy and plan to ensure that IS activities
support the overall business plan and needs of each business department. Additionally, MIS should develop
detailed documentation of the current computer environment (i.e., system value listings, computer
environment diagrams and descriptions, application system descriptions and documentation, etc.).

City’s Response - The City is currently in the process of going through a study, performed by an outside
consultant. The results will be presented to the City in July. At that time, the steering committee will meet to
discuss the study, prioritize the needs of the City and develop a 3-5 year strategy and plan. The City
established the Systems Advisory Committee several years ago and it is chaired by the Finance Director and
includes representatives from the following Departments: Mayor’s Office, Planning, Service, and Finance.

Business Continuity

Observation - The City does not have a written plan that identifies procedures to be performed in the event of
a disaster that destroys computer equipment, halts data processing or if access to computing resources is
unavailable. Nor has a plan been developed for recovery of critical business processes in the event of such a
disaster. Additionally, an alternate-processing site for the UNIX and network environments has not been

Without a plan for alternate backup processing, data restoration procedures, business process resumption and
delays in processing due to such a disaster can be significant.

Recommendation - Management of the City should develop a plan of procedures to be performed in the
event of a significant disruption to available computing resources. Additionally, an alternate-processing site
for significant environments and applications should be established. The business continuity plan should
include, but not be limited to, personnel to be contacted, the procurement of necessary hardware, procedures
for restoring programs and data files, etc. Additionally, the plan should be reviewed, tested and updated as
necessary on at least an annual basis.

As functions throughout organization have become more dependent upon availability of information systems,
management should also consider addressing business continuity issues. A business impact assessment
should be performed to determine the critical business functions at the City and their related computer outage
tolerances. Once the critical functions have been determined, a plan can be developed to ensure that
departments are still functional during the period of the outage. The plan should include procedures for
departments to record information during the outage, input the information into the computer system, and
retrieve it when processing is restored. The development of such a plan involves significant input from
system users as well as MIS personnel.

City’s Response - Over the past several years the environment was changing so rapidly, it was nearly
impossible to develop a plan. The City currently is in contact with a consultant to review and determine an
estimated cost to develop and implement a disaster recovery plan.

                                                       - 12 -
Off-Site Backup Storage

Observation - UNIX and network backup tapes are only rotated off-site on a weekly basis and mainframe
backups are not rotated off-site at all. At the time of our audit, all network backup tapes were on-site in order
to restore data lost to the love bug virus; no network tapes were stored off-site.

By storing data on-site, there is an inherent risk that if computer equipment and backup tapes are destroyed or
damaged, record of customer transactions for a period, development activity, and City financial data could be
lost. By storing only weekly data off-site, the City would have to reperform at least one week's worth of data
entry and processing, if daily backup tapes are destroyed or damaged. Storing daily backup copies of all the
systems off-site will help protect the organization from loss of data.

Recommendation - In order to help protect the City from loss of data, the City should, at a minimum, store
weekly backup tapes and the most recent daily backup tape at an off-site location in a secured, fireproof, heat
resistant storage area. Additionally, tapes stored on-site should also be located in a fireproof, heat resistant
storage area. Tapes should only be returned on-site for restoration purposes and/or after the latest backup
tape has been safely stored off-site.

City’s Response - The City has been working with an outside backup storage vendor to determine the cost of
having all City tape files stored off-site at their facility. The City has just received a report from the backup
storage vendor. The next step will be to determine if the City should provide its own off-site storage or have
an outside vendor responsible for providing that service.

                                               * * * * * *

                                                      - 13 -

Description: Audits and management letters from 2000 to the present.