Purpose of Audit

The purpose of our audit was to examine IT controls for the period September 1, 2015 through February 27, 2017.

Background

Sullivan County Community College is part of the State University of New York system. The College is governed by an appointed 10-member Board of Trustees. Budgeted IT appropriations for the 2016-17 fiscal year totaled approximately $664,000.

Key Findings

• Over 100 user accounts that were no longer needed were not disabled or removed and the Board did not establish policies and procedures regarding breach notifications and disaster recovery plans.
• Server room equipment is not adequately protected.

Key Recommendations

• Create, adopt and implement written policies and procedures for the review and removal of inactive and unnecessary user accounts, breach notifications and disaster recovery testing and updating.
• Implement environmental controls to mitigate the risk of damage to servers, or consider other options for the server room’s location that would provide a more appropriate environment.