Issued Date
January 18, 2019
Audit Objective
Determine whether:
- The Board and District officials ensured information technology (IT) assets were safeguarded.
- District officials accurately maintained leave records for non-instructional employees.
Key Findings
- The Board and District officials have not adopted adequate security policies and procedures to safeguard IT assets.
- District officials did not provide IT security awareness training for employees.
- As of February 27, 2018, leave balances for 31 of the 40 non-instructional employees tested (78 percent) were inaccurate.
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
Key Recommendations
- Adopt comprehensive IT security policies, procedures and plans to safeguard IT assets and data.
- Provide periodic IT security awareness training to personnel who use IT resources.
- Ensure that amounts earned for leave are granted in accordance with contracts and Board approval and that leave records are accurately maintained and up-to-date.
- Address the confidentially communicated IT recommendations.
District officials agreed with our recommendations and indicated they planned to initiate corrective action.