Denver Auditor’s Office Suggests Better Monitoring of Online Apps and Services | Government

The Denver Auditor’s Office suggested the city invest in better oversight of third-party information technology vendors to better protect against hackers.

A statement from the office documents “certain incidents” since January 2021 where a product provided by a vendor experienced a service disruption and the vendor failed to compensate the city.

Auditor Timothy M. O’Brien said 31% of the 26 vendors tested had “critical incidents” and the city did not seek compensation.

“If the city never holds vendors accountable, then more vendors will test the limits of what they can do using taxpayer resources,” O’Brien said.

Only one supplier reimbursed the city, and the process was initiated by the supplier, not the city. O’Brien said the city is not holding providers accountable, which puts the city’s data, services and reputation at risk.

O’Brien recommends the city implement several “essential strategies,” including dedicating staff to monitoring the city’s contracts with vendors and providing training and reviewing safety assessments. The city drafted a vendor management policy in 2021, but didn’t finalize it until after O’Brien’s audit was completed.

“We’re hoping that because agency officials already have a draft policy and because they’ve accepted all of our recommendations, they’ll make the necessary changes quickly and comprehensively,” O’Brien said.

City officials did not immediately respond to a request for comment.

Veronica J. Snell