Bainbridge-Guilford Central School District – Network User Accounts (2021M-118)

Issued Date

October 08, 2021

Audit Objective

Determine whether Bainbridge-Guilford Central School District (District) officials adequately managed network user accounts.

Key Findings

District officials:

Did not adequately manage network user accounts. We identified 66 unneeded user accounts including 52 generic accounts and 14 former employees’ accounts.
Adequately managed network administrative permissions.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

Disable former employees’ network user accounts as soon as they leave District employment.
Periodically evaluate existing network user accounts, including generic accounts and disable any deemed unneeded.

District officials agreed with our recommendations and indicated they planned to initiate corrective action.

Background

The District serves the Towns of Sanford in Broome County, Afton, Bainbridge, Coventry, Guilford, Norwich and Oxford in Chenango County, Masonville and Sidney in Delaware County, and Unadilla in Otsego County.

The District is governed by an elected seven-member Board of Education (Board) responsible for managing and controlling financial and educational affairs. The Superintendent of Schools is the chief executive officer and responsible for District administration.

The District contracts with the South Central Regional Information Center (SCRIC) to provide IT services, which includes an IT Coordinator, who, in part with the Superintendent, manages the network user accounts and permissions.

Quick Facts
Student Network Accounts	938
Nonstudent Network Accounts	296
Employees	270

Audit Period

July 1, 2019 – April 22, 2021