[read complete report - pdf]

Audit Objective

Determine whether Whitesville Central School District (District) officials adequately secured access to the network and information systems.

Key Findings

District officials did not adequately secure access to the network and information systems. District officials did not:

• Disable six unnecessary user accounts.
• Establish written policies or procedures to monitor shared accounts or for adding, modifying or disabling user permissions to the network and information systems.
• Establish a written agreement with the Erie 1 Board of Cooperative Educational Services (BOCES) to define information technology services to be provided.

In addition, sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

• Disable unnecessary accounts.
• Adopt a written user permissions policy and establish written procedures for adding, modifying and disabling user permissions and for monitoring shared accounts.

District officials agreed with our recommendations and indicated they have initiated or planned to initiate corrective action.