Audit Objective
Determine whether District officials established controls to ensure online banking transactions were appropriate and secure.
Key Findings
- Officials segregated the duties of employees responsible for online banking transactions, but they could further strengthen controls by improving their monitoring procedures.
- Officials entered into agreements with the District’s banks, but did not require confirmations for all electronic transactions.
- The online banking policy does not clearly indicate how online transfers will be authorized and processed.
- A dedicated computer was not always used for online banking and none of the employees involved in online banking received Internet security awareness training.
Key Recommendations
- Update the online banking policy to clearly describe the procedures for authorizing and processing transactions.
- Ensure that a dedicated computer is used to perform online transactions and that employees involved in online banking receive Internet security awareness training.
District officials agreed with our recommendations and indicated they planned to initiate corrective action.