Audit Objective
Determine whether controls over information technology (IT) were properly designed and operating effectively.
Key Findings
- Access to the District’s financial application was not properly segregated.
- Online banking users had excessive permissions.
- Employees accessed websites such as shopping, personal email and social networking that did not always comply with the District’s Internet use policy.
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
Key Recommendations
- Ensure that user access to the financial application is properly segregated.
- Limit online banking access to ensure District users cannot control all phases of a transaction.
- Review and adjust the web filtering software to enforce compliance with the District’s Internet use policy.
District officials generally agreed with our recommendations and indicated they planned to initiate corrective action.