The Office of Human Resources fully implemented the one recommendation we made to it in the original audit report. Meanwhile, Technology Services fully implemented three recommendations, but it has not taken steps to address the risks the three remaining recommendations had sought to resolve.
By fully implementing four recommendations, the city is conducting phishing simulations and offering similar cybersecurity awareness trainings to the employees who need it most. These trainings will help make users of city systems aware of risks when clicking a link from a malicious email and deter them from doing so.
The three recommendations Technology Services did not implement present several lingering risks. Among them:
March 7, 2024 In keeping with generally accepted government auditing standards and Auditor’s Office policy, as authorized by city ordinance, we have a responsibility to monitor and follow up on audit recommendations to ensure city agencies address audit findings through appropriate corrective action and to aid us in planning future audits. In April 2021, we audited the City and County of Denver’s phishing defenses and found risks involving which employees should be required to complete cybersecurity awareness trainings and how the Technology Services agency communicates phishing metrics to other agencies. Technology Services and the Office of Human Resources agreed to implement all seven of our recommendations. We recently followed up on our original report and found the Office of Human Resources fully implemented its one recommendation, while Technology Services fully implemented only three recommendations and the three others remain not implemented. Although Technology Services has made some progress, it did not fully address all the risks associated with our original findings. Consequently, we may revisit these risk areas in future audits to ensure the city takes appropriate corrective action. We appreciate the leaders and team members at Technology Services and the Office of Human Resources who shared their time and knowledge with us throughout the audit and the follow-up process. Please contact me at 720-913-5000 with any questions. Denver Auditor's Office Timothy O'Brien, CPA
AUDITOR TIMOTHY O'BRIEN, CPA Denver Auditor
Denver Auditor's Office
201 W. Colfax Ave. #705 Denver, CO 80202 Email: auditor@denvergov.org Call: 720-913-5000 Follow us on Facebook Connect with us on Twitter