What Office of Inspector General Investigated:
The Library OIG engaged Sikich to conduct a performance audit of the Library’s IT inventory controls for end user devices to determine the accuracy of the Library’s inventory, the validity of the procure-to-disposal process, and the effectiveness of controls in operation.
What Office of Inspector General Found:
- The Library’s inventory for end user devices did not accurately reflect its current information system
- The Library’s IT asset records were not current and complete
- The Library has inadequate controls over the tracking of digital media devices through sanitization and destruction prior to final disposition.
- The Library stopped requiring property passes for Library GFE but did not update its related policies and procedures.
What Office of Inspector General Recommends:
1.1 Complete the inventory of Library end user devices being conducted at the time of this audit, to include all MFDs, including those that are leased.
2.1 Complete OCIO’s development and implementation of an automated IT asset management solution.
2.2 Finalize the development of formal procedures for maintaining an up-to-date inventory of hardware assets, from acquisition to final disposition, including all end user devices and MFDs, as well as such devices purchased without the involvement of Library logistics personnel. 3.1 Update LCD 8-330.1 to assign responsibility for the sanitization and destruction of digital media devices.
3.2 Develop a formal process to document the OCIO and ISS responsibilities, procedures, and recordkeeping controls necessary to effectively track digital media devices through sanitization and destruction prior to the devices’ final disposition."
4.1 Revise LCR 8-320, as well as other regulations and directives as appropriate, to accurately reflect the Library’s desired operational control environment related to laptop and government mobile device physical security and the use of property passes.
