Audit Committee Materials-November 2017 Background Image
Table of Contents Table of Contents
Previous Page  12-13 / 264 Next Page
Information
Show Menu
Previous Page 12-13 / 264 Next Page
Page Background

Institution

Report

Release

Date

Recommendation

Responsible Staff

Date

Management’s

Actions to be

Implemented

Revised Date

Management’s

Actions to be

Implemented

# of Changes to

Date

Management's

Actions to be

Implemented

Initial Date of

Internal Audit

Follow-up

Most Recent

Date of Internal

Audit Follow-up

Status

TBR SWIA - Status Report on Internal Audit Recommendations- Community Colleges

(Reports sorted by Status, Institution, Report Release Date)

ChSCC 21-Apr-17 ChSCC Sensitive Equipment 5 of 7:

Management should verify that all divisions have sensitive equipment tracking processes, a current inventory

listing, and an assigned coordinator. This coordinator will work with Educational Technology when any

adjustments are made to the division's sensitive equipment inventory.

VP of Technology/ Director of

Educational Technology

31-Dec-17

0

Not Yet Due

ChSCC 21-Apr-17 ChSCC Sensitive Equipment 4 or 7:

The KACE system should be used as an inventory tool. The KACE data should compared to sensitive inventory

listing on a periodic basis to identify equipment location discrepancies.

VP of Technology/Director of

Educational Technology

31-Dec-17

0

Not Yet Due

ChSCC 21-Apr-17 ChSCC Sensitive Equipment 6 of 7:

In-service and Surplused sensitive equipment inventories should be maintained separately. Additionally,

Tennessee College of Applied Technology - Chattanooga items should be listed separately from the remainder

of college.

VP of Technology/ Director of

Educational Technology

31-Dec-17

0

Not Yet Due

ChSCC 21-Apr-17 ChSCC Sensitive Equipment 7 of 7:

Surplus documentation procedures should be developed to ensure accurate equipment final resolution

documentation and timely removal from in-service.

Documentation should include the date of surplus and final resolution such as reason for being destroyed or

released to warehouse for auction consideration by the Business Office.

Documentation of this process should include a time-frame requirements, completion sign-offs, and timely

management review to ensure the process is completed in a timely manner.

VP of Technology/Director of

Educational Technology

31-Dec-17

0

Not Yet Due

DSCC 11-Jan-17 DSCC-Building Security and Key Controls-Observation 1 of 3

Key return has historically been a problem at DSCC as there is no way to force terminated employees to return

keys. This problem is compounded by the fact that hard keys are used throughout the college and many

"building master" (exterior access) keys are issued due to a lack 24 hour Security department personnel.

Management should consider rekeying exterior building access door locks and/or purchasing a card key system

for the exterior building doors.

VP for Finance and

Administration

Director of Physical Plant

31-Jul-17

24-May-17

1

Not Yet Due

DSCC 11-Jan-17 DSCC-Building Security and Key Controls- Observation 2 of 3

As door locks, both interior and exterior, are updated as prescribed by the current DB70 Capital Project, a

review of the need for access to these areas should be performed prior to reissuing the corresponding keys.

Only personnel with a definite and consistent need to these areas should be granted master key access. A

review of all employees in possession of master keys is needed to determine the necessity of those issued keys.

VP for Finance and

Administration

Director of Physical Plant

Assistant Director of Physical

Plant

31-May-17

24-May-17

1

Not Yet Due

DSCC 30-Jun-17 An IT Disaster Recovery policy that shows the purpose, objectives, an outline of the development and approval

process of the IT Disaster Recovery Plan, and any other pertinent issues relating to IT Disaster Recovery should

be developed. The most current IT Disaster Recovery Plan should be an attachment to this policy.

Vice President for Technology

30-Nov-17

0

17-Aug-17

Not Yet Due

DSCC 30-Jun-17 The current IT Disaster Recovery Plan developed in January 2017 needs to be reviewed, updated, approved and

reissued. This plan was last approved by the DSCC President in October of 2014. A newer version of the plan

was updated and passed by the IT Committee in January 2017 but this version had no final approval of the DSCC

President. Since the last update to this plan, the Vice President for Technology resigned and a new Vice

President is now in place for this area.

A subsequent review of the IT Disaster Recovery Plan by IT Management and the Director of Internal Audit has

shown the need for it to be updated once again and approved by both the IT Committee and the DSCC

President.

Vice President for Technology

31-Aug-17

0

17-Aug-17

Not Yet Due

7