The audit report details security risks, outdated equipment and software, and a lack of a strategic plan for the county’s IT department, which also manages the city’s computer and technology systems. Grand Traverse County commissioners on Wednesday will review the report by the Trivalent Group, an IT consulting firm, during a study session.
Board Chairwoman Christine Maxbauer said the report identified several inefficiencies and vulnerabilities.
“It is concerning and it is disturbing to me, both as a resident and as a county commissioner,” she said. “It highlights the fact that the county can improve employee productivity just through IT.”
Don Sheehan, the county’s IT director, didn’t return a call for comment.
The audit report states survey responses from employees characterize Sheehan as “responsive” and “highly respected.” It also states maintaining IT staffs’ assignments within specific departments and retaining IT department members are cited as the absolute highest priority in surveys.
Trivalent’s auditors identified “critical” issues — many related to security. It states several network devices no longer are supported by vendors, unsupported software such as Windows XP and Microsoft Office 2003 still are in use, firewalls are out of date, anti-virus software isn’t installed on some computers and several systems have weak passwords.
County Administrator Tom Menzel said the critical security risks must be addressed “right away.” He said the audit also outlines a need for a long-term plan for the county’s and city’s technology needs.
“We badly need a strategic plan that takes us out one to three years and moves us from a day-to-day reactive approach,” he said.
Menzel said there’s a general lack of technology coordination between departments.
The report states the Traverse City Police Department and Grand Traverse County Sheriff’s Department, for example, use a different software system than the prosecutor’s office. That means law enforcement complaints must be printed, hand-delivered to the prosecutor’s office, where they’re scanned and data is reentered and finally printed again and walked to the courthouse.
Menzel said developing a plan would help put all the departments on the same page.
“In the long run, it makes a more unsuccessful IT department because there’s not the integration and strategies to connect,” he said.
Deputy county Administrator Jennifer DeHaan said the report also identified a lack of an “acceptable use policy” for users. She said it would make clear users shouldn’t store files on computer desktops, which opens up the potential for lost data and security risks if the device is lost.
“There are a number of them,” she said. “As... organizations, we’re not doing best practices.”
Menzel said those smaller changes can be completed at little cost, but others would have to wait for a plan. Maxbauer said she wants to hear the presentations Wednesday before she comments on future changes.
It’s not the only audit of a county department in the offing. DeHaan and consultant Mary Lannoye plan to finish a similar look at the sheriff’s department by July. DeHaan declined to comment on that audit’s findings.
©2016 The Record-Eagle (Traverse City, Mich.) Distributed by Tribune Content Agency, LLC.
