Audit Objective
Determine whether the South Seneca Central School District’s (District) Board of Education (Board) and District officials ensure online banking transactions are appropriate and secure.
Key Findings
The Board and District officials did not ensure that online banking transactions were appropriate and secure.
- District officials improperly allowed a third-party administrator to access a District bank account.
- The Board’s online banking policy (Policy) dated April 24, 2013 has not been updated or reviewed. It does not reflect current online banking practices and it assigns oversight responsibilities to an internal auditor. However, the District does not have an internal auditor and these responsibilities were not assigned to another employee.
- Bank agreements do not contain sufficient authorization controls.
- A dedicated computer was not used to conduct online banking and none of the employees involved in online banking received Internet security awareness training.
Key Recommendations
- Discontinue allowing third-party administrator access to a District bank account.
- Update the Policy and perform online banking transactions on a dedicated computer.
- Amend the bank agreements to require another District official to approve electronic transfers
District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.