Audit Objective
Determine whether information technology (IT) assets are properly safeguarded, secured and accessed for appropriate District purposes.
Key Findings
- District officials did not provide IT security awareness training for individuals who used District IT assets.
- Personal Internet use was found on computers assigned to four employees who routinely accessed personal, private and sensitive information (PPSI).
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
Key Recommendations
- Provide periodic IT security awareness training.
- Provide adequate oversight of employee Internet use to ensure it complies with Board policies and regulations.
District officials agreed with our findings and recommendations and indicated they planned to initiate corrective action.