Information Technology (2009)

As part of the audits conducted at two School of Medicine units, one UW Medical Center unit, and two units within other schools or colleges on campus, we reviewed the controls over the IT systems that they maintain. We found that controls were adequate at two of the five units 
reviewed. In the remaining three, recommendations were made to improve controls over performance of risk and security assessments, limiting access to systems administrators, change management, and disaster recovery.