9 pages

English

Audit Report

Mephor - Cot User

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

9 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

SOFTWARE LICENSING AUDIT 07-15 SEPTEMBER 28, 2007 SOFTWARE LICENSING AUDIT AUDIT 07-15 INTRODUCTION The City of Tampa’s Computing Policies and Procedures places the responsibility for software licensing with the user. Department Liaisons (DLs) are responsible for maintaining a record of all licenses purchased and forwarding the information to the Technology & Innovation (T&I) department. The Security Office maintains a file of software for each department of the City. The last Software Licensing audit was done July 20, 2004. STATEMENT OF OBJECTIVES This audit was conducted in accordance with the Internal Audit Department's FY07 Audit Agenda. The objectives of this audit were to: 1. Ensure that the polices and procedures for obtaining, installing, recording, and reconciling of software licenses are adequate. 2. Determine if sufficient software license information is retained in T&I or the User Department to substantiate license compliance for the software installed on the City’s PC’s. STATEMENT OF SCOPE The audit testing focused on current status of licensing documentation as of the 2nd and 3rd quarter of the 2007 fiscal year. Source documentation was obtained from the various departments within the City and the Technology and Innovation Department (T&I). Original records as well as copies were used as evidence and verified through physical examination. STATEMENT OF ...

Informations

Publié par	Mephor
Nombre de lectures	9
Langue	English

Extrait

SOFTWARE LICENSING

AUDIT 07-15

SEPTEMBER 28, 2007

SOFTWARE LICENSING AUDIT

AUDIT 07-15

INTRODUCTION

The City of Tampa’s Computing Policies and Procedures places the responsibility for

software licensing with the user.

Department Liaisons (DLs) are responsible for

maintaining a record of all licenses purchased and forwarding the information to the

Technology & Innovation (T&I) department.

The Security Office maintains a file of

software for each department of the City.

The last Software Licensing audit was done

July 20, 2004.

STATEMENT OF OBJECTIVES

This audit was conducted in accordance with the Internal Audit Department's FY07 Audit

Agenda.

The objectives of this audit were to:

Ensure that the polices and procedures for obtaining, installing, recording, and

reconciling of software licenses are adequate.

Determine if sufficient software license information is retained in T&I or the User

Department to substantiate license compliance for the software installed on the City’s

PC’s.

STATEMENT OF SCOPE

The audit testing focused on current status of licensing documentation as of the 2nd and 3rd

quarter of the 2007 fiscal year.

Source documentation was obtained from the various

departments within the City and the Technology and Innovation Department (T&I).

Original records as well as copies were used as evidence and verified through physical

examination.

STATEMENT OF METHODOLOGY

The sample size and selection were statistically generated using a desired confidence level

of 90 percent, expected error rate of 5 percent, and a desired precision rate of 5 percent.

Statistical sampling was used in order to infer the conclusions of test work performed on a

sample to the population from which it was drawn and to obtain estimated sampling error

involved.

Computer processed data was not used to arrive at our conclusions; therefore, we are not

required to assess or attest to the reliability of this type of data.

STATEMENT OF AUDITING STANDARDS

We conducted our audit in accordance with generally accepted government auditing

standards.

Those standards require that we plan and perform the audit to afford a

reasonable basis for our judgments and conclusions regarding the organization, program,

activity or function under audit.

An audit also includes assessments of applicable internal

controls and compliance with requirements of laws and regulations when necessary to

satisfy the audit objectives.

We believe that our audit provides a reasonable basis for our

conclusions.

AUDIT CONCLUSIONS

Based upon the test work performed and the audit findings noted below, we conclude that:

Due to the lack of a system to sufficiently track software licenses and to ensure

compliance with software agreements, the City has a potential for risk of civil

penalties.

The T&I Department Liaison Program is not as effective as it could be because there

are no clear polices and procedures regarding software management, resulting in

inconsistencies in managing department software licenses.

SOFTWARE LICENSE COMPLIANCE FOR OTHER SOFTWARE

The City of Tampa’s Computing Policies and Procedures (Section 10 – Licensing) places

the responsibility for software licensing with the user.

The Department Liaisons (D/Ls)

are responsible for keeping a record of all software licenses purchased for their

departments.

The license information for software purchased by the department should

be forwarded to the Technology and Innovation’s Security Office (T&I) to be added to

the master record for the City.

T&I maintains a separate file for each department.

Internal Audit contacted the Software & Information Industry Association (SIIA) which

is one of the agencies that reviews software license compliance asking what

documentation they require during their reviews.

They responded – “the original

purchase documents typically list the software that comes OEM.

This may be in the form

of an invoice, packing list, or receipt”. Our testwork revealed that this documentation was

not available for every software instance requiring a license.

In some cases, purchase

orders with multiple copies of software were provided but it could not be determined

what PC the software was installed on.

For other software, only the installation CDs

could be located or the Department Liaisons stated that T&I had the documentation.

The lack of a system to track software license documentation and/or to ensure

compliance with software agreements could put the City at risk for potential civil

penalties and substantial fines.

In the SIIA Anti-Piracy 2006 Year in Review report, 49

companies settled copyright infringement claims with SIIA.

The SIIA audit of the Los

Angeles Sheriff’s Department determined that they were liable for a $210,000 penalty for

installing and using copies of a software product in excess of the number permitted by the

licensing agreement.

In addition to the penalty, the court also required the Sheriff’s

Office to pay more than $516,000 to the attorney of the software company that was

pirated and $38,000 in court cost – bringing the total amount paid to over $750,000.

We also noted that some PCs had games that were downloaded or other software where

license information could not be shown.

Most of this software was deleted by the D/L.

RECOMMENDATION

T&I should develop polices and procedures to centralize the acquisition and tracking of all

software utilized by the City.

AUDITEE RESPONSE

T&I concurs and has joined with Purchasing to develop a process to implement a new

Magic Self Service request form for software procurement.

Purchasing is also changing

their policy to require T&I approval on all software acquisitions.

In order to fully manage

the new process, T&I will purchase and implement additional tools to remotely identify

software installed on computer systems and to improve existing policy management

software to automatically prevent and or back-out unauthorized installs.

SOFTWARE LICENSE COMPLIANCE FOR OFFICE SOFTWARE

T&I maintains a database of all “reported” software by department.

“Reported” refers to

software that T&I has knowledge of such as MS Office, Visio, Crystal Reports, Novell and

GroupWise.

T&I reconciles the licenses for Novell and GroupWise on a yearly basis.

the past, T&I had the capability to remotely inventory MS Office software as well.

The

last reconciliation of MS Office software was conducted approximately 2 years ago.

During our testwork on the selected sample of PCs, it could not be determined if there were

sufficient licenses for each installation of MS Office.

The Department Liaisons provided

purchase orders for MS Office software.

However, the purchase orders listing multiple

copies of MS Office could not be traced to the PC where the software was installed.

As a

result, we could not determine if the MS Office installed on a particular PC was license

compliant.

RECOMMENDATION 2

T&I should resume their reconciliation of MS Office software. This should be done at least

once a year.

After completing the reconciliation of MS Office, other Citywide software

(i.e. MapInfo, Visio, and Crystal Reports) should be reconciled as well.

AUDITEE RESPONSE

T&I concurs and will prioritize a project to install Zenworks Middle Tier which provides

software reconciliation for all network attached PCs.

Furthermore, T&I will develop a

process to use the tool to assist in reconciliation of installed products on all network

attached PCs.

DEPARTMENT LIAISON PROGRAM

Internal Audit distributed a questionnaire to all Department Liaisons (D/Ls) requesting

responses on various aspects of software management.

The questions included:

•

how and what software is tracked;

•

if a software inventory is maintained;

•

what documentation is used to support authentication of software licenses;

•

if the D/Ls perform audits of the software in their department.

The responses varied greatly as to how software licenses information is maintained.

RECOMMENDATION

Until T&I centralizes the acquisition and tracking of software, T&I should develop

comprehensive polices and procedures for the D/Ls so that they can effectively manage the

software and PCs in their departments and help T&I ensure software license compliance.

T&I should periodically monitor the D/Ls to verify compliance with the policies and

procedures.

AUDITEE RESPONSE

T&I concurs and is currently involved in an Efficiency and Effectiveness Task Force

committee that is charged with developing plans to centralize technology software and

hardware procurement.

Similar to Recommendation 1, special software will be installed to

remotely reconcile and report all installed software and security measures will be

developed to better manage and back-out unauthorized software installs.

In the meantime,

T&I will educated D/Ls in all departments to adhere to software compliance policies and

will periodically follow up to ensure compliance.

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

Audit Report

YouScribe

Le catalogue

Le service

Les conditions