Urban Choice Charter School - Information Technology (2019M-240) | Office of the New York State Comptroller

Issued Date

June 12, 2020

[read complete report - pdf]

Audit Objective

Determine whether the Board and School officials ensured information technology (IT) assets were safeguarded.

Key Findings

A former employee’s user account was used to process 510 financial transactions after her resignation.
School officials did not adopt IT policies or a disaster recovery plan.
IT users were not provided with IT security awareness training.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

Immediately disable user accounts of former employees and ensure all IT users have and use their own user accounts when accessing the network and specialized software applications.
Adopt comprehensive IT policies and procedures and a disaster recovery plan.
Provide IT users with IT security awareness training.

Background

The Urban Choice Charter School was founded in 2005 and is located in the City of Rochester in Monroe County. The School serves approximately 400 students and has 69 part- and full-time employees.

The School is governed by an eight-member Board of Trustees (Board). The Board is responsible for the general management and control of financial and educational affairs. The Board appointed a chief executive officer to manage the School’s day-to-day operations.

The Director of Operations (Director) is the School’s chief financial officer and is responsible for maintaining custody of, depositing and disbursing School funds; maintaining the School’s financial records; and preparing monthly and annual financial reports for the Board.

The IT Director is the School’s only IT employee. He reports to the Director and is responsible for day-to-day IT operations with the assistance of an outside vendor.

Quick Facts
IT Employees	1
Network Users	121
Number of devices	Approximately 500

Audit Period

July 1, 2018 – November 5, 2019