Dundee Central School District - Information Technology (2018M-74)

Issued Date

August 03, 2018

Audit Objective

Determine whether the Board and District Officials ensured District information technology (IT) assets and computerized data were safeguarded.

Key Findings

The Board and District officials have not adopted adequate IT security policies and procedures.
District officials did not provide IT security awareness training for District employees.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

The Board and District officials should adopt comprehensive IT security policies, procedures and plans to safeguard computerized assets and data.
Provide periodic IT security awareness training to personnel who use IT resources.

District officials generally agreed with our recommendations and indicated they are in the process of taking corrective action.

Background

The Dundee Central School District (District) serves the Towns of Starkey, Barrington and Milo in Yates County and the Towns of Reading and Tyrone in Schuyler County. The District is governed by a seven-member Board of Education (Board) responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools is the chief executive officer responsible for the District’s administration. The Business Administrator is the chief fiscal officer. The IT Director is responsible, along with two technicians, for the overall management of the District’s IT infrastructure; they serve as the network administrators.

Quick Facts
Number of Students	Approximately 700
Number of Staff	Approximately 200
Number of Desktops, Laptops and Tablets	Approximately 1,030

Audit Period

July 1, 2016 – January 29, 2018