True North Rochester Preparatory Charter School - Information Technology (2019M-148)

Issued Date

October 18, 2019

[read complete report - pdf]

Audit Objective

Determine whether the Board and School officials ensured information technology (IT) assets were safeguarded.

Key Findings

The Board did not adopt adequate IT policies or a disaster recovery plan.
School officials did not provide IT security awareness training to staff.
Hardware and software inventory records were inaccurate and outdated.

In addition, sensitive IT control weaknesses were communicated confidentially to School officials.

Key Recommendations

Adopt comprehensive IT policies and procedures and a disaster recovery plan.
Provide security awareness training to staff and maintain complete and up-to-date hardware and software inventory records.

School officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.

Background

True North Rochester Preparatory Charter School (School) is located in the City of Rochester in Monroe County.

The School is governed by a Board of Trustees (Board) composed of nine members. The Board contracted with a charter management organization (Company) and delegated its authority for the management and implementation of both the academic and non-academic operations.

The School’s IT network and assets are managed by an IT service provider who works closely with the IT Coordinator (Coordinator), an employee of the Company. The Coordinator is responsible for managing the day-to-day IT operations, while the IT service provider provides support for complex IT issues.

Quick Facts
Enrollment	2,250
Employees	272
Number of Desktops, Laptops and Tablets	1,250

Audit Period

July 1, 2016 – December 31, 2018