As it has done with other school districts, the NYS Comptroller’s Office has released its audit of Information Technology for the Port Jefferson Union Free School District. The audit covered the period July 1, 2012 — August 31, 2013.
Here’s a snippet from their report findings:
The Board and District officials need to improve controls over the District’s IT assets. The Board has not established a computer use policy for employees to define appropriate user behavior or procedures to ensure the security of the District’s IT system. The Treasurer has administrative rights to the District’s financial software that allow her to control and use all aspects of the financial software application, which creates the opportunity for the manipulation and concealment of transactions. Also, the District’s vendor master file is outdated with inactive vendors and duplicate names for the same vendors.
In addition, the District has no controls in place over remote access, such as user authorizations, policies or monitoring, and has not enabled the audit trail function for its network operating system. Therefore, the District cannot ensure accountability for unauthorized users, reconstruction of events, intrusion detection, and problem identification. Finally, physical security over the District’s server room is inadequate, and the District’s computer asset inventory record is incomplete and inaccurate. As a result, the District’s IT resources are subject to an increased risk of unauthorized access, manipulation, theft and loss.
You can read the full report and recommendations here (pdf). Because of the sensitive nature of the information involved, not all details were disclosed in the report, but a list of recommendations was included.