IT Inventory Audit

Project Overview

ITS will begin a large project to address five IT inventory audit recommendations related to purchasing, devices and inventory, to be completed by mid- to late-2025. The recommendations are the result of a report generated by the Iowa Board of Regents Office of Internal Audit. Work begins with department and campus partners in fall 2024    

Back to top

Project Update

October 2024: Committee members selected to pursue the five audit recommendations. 

Back to top

Project Details

Audit recommendations include: 

  1. Inventory tracking: ITS will create a policy and guidelines for tracking hardware and software across the university. Inconsistent IT tracking processes currently in place can result in inconsistent security practices and do not require endpoint management software or anti-virus software to be installed.   

  1. Purchasing policy: In collaboration with key stakeholders, ITS will develop a policy for technology purchases that outlines purchasing and monitoring processes for devices, software and websites. Without a central policy, risks include redundant software and purchases that do not comply with other ISU policies.   

  1. Inactive devices: ITS will develop guidelines for identifying inactive devices and implement one or more processes that will disconnect inactive devices from the network. ITS was previously using a practice to remove devices, but that mechanism is no longer in place. Guidelines developed will reduce the potential risk of unpatched computers connecting to the network.  

  1. Redundant software: Working with campus partners including local IT staff, ITS will provide a list of available software systems for campus to limit redundant software purchases.   

  1. Website tracking: ITS will create a policy for websites to be centrally registered, along with minimum security requirements and approved platforms. The lack of a central registry of ISU-managed websites poses challenges including limited abilities for central monitoring of controls.   
     

Back to top

Schedule & Timeline

  • September 2024: Board of Regents Office of Internal Audit release report. 
  • October 2024: Committee leads and members selected to begin work on audit recommendations.

Back to top