Purpose of Audit
The purpose of our audit was to evaluate the District’s IT infrastructure for the period July 1, 2012 through August 31, 2013.
Background
The Port Jefferson Union Free School District is located in Suffolk County, has approximately 1,200 students, and is governed by an elected seven-member Board of Education. For the 2012-13 fiscal year, the District’s actual expenditures totaled $36 million, which were funded primarily with real property taxes, State aid and PILOT payments.
Key Findings
- The Board has not established a computer use policy for employees to define appropriate user behavior or procedures to ensure the security of the District’s IT system.
- There are no written procedures to add, delete or modify an individual’s access rights to the District’s overall computer system.
- District management does not require any verification to determine if a vendor being added to the vendor list is already included in the vendor master file and has not established procedures for adding, changing or deleting a vendor.
- District officials have not adequately secured all of its IT hardware.
- The District’s IT inventory record is incomplete and inaccurate.
Key Recommendations
- Adopt and implement a comprehensive computer policy for IT operations that includes guidelines for acceptable use of equipment and systems by District personnel; distribute this policy to all District personnel.
- Develop written procedures for granting, changing and terminating user access rights to the overall networked computer system and to specific software applications.
- Establish procedures for maintaining the vendor master file.
- Ensure that the server room remains locked at all times, restrict physical access to the server room to only authorized individuals and record the arrival and departure dates and times of employees and visitors to-and-from the server room.
- Establish a comprehensive inventory policy that defines procedures for tagging all new purchases as they occur, relocating assets, updating the inventory list, performing periodic physical inventories and investigating any differences, and holding individuals responsible for safeguarding District assets entrusted to them.