📋

Extracted from Consolidated Report

This investigation was originally published as part of a larger consolidated report containing multiple investigations. View the consolidated PDF for the complete document.

Placer County Grand Jury • 2019-2020

Placer County Information Technology Fiscal Transparency and Governance

Published: June 30, 2020 14 pages

View PDF View Full Original

⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.

⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.

Findings 6 findings

F1 Page 68

Placer County’s total cost for providing IT services cannot be determined from current financial reports. This defeats the county’s goal for transparency of costs and operations.

F2 Page 68

Numerous IT policies and procedures, including, among others, “Data Network Standards Policy” (2013) and “Employee Technology Use Policy” (2017), appear to be out-of-date and do not reflect current technology.

F3 Page 68

Placer County does not have a complete view of system security, backup, and recovery because of the fragmented responsibility for these services.

F4 Page 68

The Department of Information Technology has limited arrangements for cross-training or vacation coverage with offices, departments, or agencies that maintain their own in- house IT operations.

F5 Page 68

No audits of security, segregation of duties, or system controls were conducted to verify proper performance of the Workday Enterprise Resource Planning system after its implementation.

F6 Page 68

The failure to complete the knowledge transfer plan for the new ERP system required the county to fund the extension of a consulting contract.

Recommendations 6

R1
Page 68

The Auditor-Controller prepare and present to the Board of Supervisors by October 1, 2020, a report of the total countywide IT costs for the 2019–2020 fiscal year, and annually thereafter, so that the total cost of IT is fully transparent.
R2
Page 68

The CIO prepare a plan by October 1, 2020, to update IT procedures to align with current technology and business practices.
R3
Page 68

The CIO prepare a plan by October 1, 2020, for periodic and unannounced testing at least annually. This should include penetration tests and security validations at a minimum, for organizations that maintain a network outside of the DIT.
R4
Page 68

The CIO develop a cross-training plan by October 1, 2020, for the most critical IT functions in other offices and departments to ensure their continuity of operations.
R5
Page 68

The Auditor-Controller include ERP system testing in Placer’s FY 2020–2021 audit plan
R6
Page 68

The Auditor-Controller complete the ERP knowledge transfer by June 30, 2020, to avoid further consulting contract extensions and costs. - 68 - 2019–2020 Placer County Grand Jury Final Report