Audit Objective
Determine whether Morristown Central School District (District) officials adequately managed network user accounts and developed an information technology (IT) contingency plan.
Key Findings
District officials did not adequately manage network user accounts or develop an IT contingency plan that details how District officials would respond to IT disruptions. Officials did not:
- Develop written procedures for granting, changing and revoking user access to the overall network.
- Perform periodic reviews of network user accounts to determine whether they were appropriate or needed.
In addition, sensitive IT control weaknesses were communicated confidentially to officials.
Key Recommendations
- Develop written procedures for network user access.
- Evaluate and periodically review all network user accounts and disable those that are unneeded.
- Develop a comprehensive written IT contingency plan for the District.
District officials generally agreed with our recommendations and have initiated or indicated they plan to initiate corrective action.