New York State Comptroller Thomas P. DiNapoli announced school district audits this week. Here are the summaries with links to the audit reports:
Hudson City School District – Information Technology (Columbia County)
District officials did not adequately secure and protect its information technology (IT) systems against unauthorized use, access and loss. The board and district officials also did not adopt adequate IT policies or a disaster recovery plan. Auditors found questionable internet use on four of six computers tested. School officials also did not disable 123 of the 462 enabled network accounts auditors examined. These 123 user accounts were not needed and included generic and former employee accounts. In addition, sensitive IT control weaknesses were communicated confidentially to officials.
Royalton-Hartland Central School District – Information Technology Contingency Planning (Genesee County, Niagara County and Orleans County)
The board and district officials have not developed and adopted a comprehensive written information technology (IT) contingency plan. The district pays $10,500 for central site infrastructure support, which includes a disaster recovery plan template, a key component of an IT contingency plan. Although the district paid for a template, officials did not obtain it. Without a comprehensive written IT contingency plan in place that is properly distributed to all responsible parties and periodically tested for efficacy, district officials have less assurance that employees will react quickly and effectively to maintain business continuity. As a result, important financial and other data could be lost, or suffer a disruption to operations.