Audit Objective
Determine whether the Board and District officials ensured District information technology (IT) assets and computerized data were safeguarded.
Key Findings
- District officials did not develop procedures for managing, limiting and monitoring user accounts and securing personal, private and sensitive information (PPSI).
- District officials generally maintained proper asset inventory records and provided IT security awareness training for District employees.
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
Key Recommendations
- Thoroughly review user accounts on a routine basis and disable any unnecessary network accounts as soon as they are no longer needed.
District officials agreed with our findings and recommendations and indicated they have taken, or planned to take, corrective action.