Audit Objective
Determine whether Valhalla Union Free School District (District) officials adequately managed network user accounts in order to help prevent unauthorized use, access and/or loss.
Key Findings
District officials did not adequately manage the District’s network user accounts to help prevent unauthorized use, access and/or loss. In addition to sensitive information technology (IT) control weaknesses which we communicated confidentially to officials, we found District officials should have:
- Disabled 67 unneeded network user accounts. These unnecessary accounts had last log-on dates ranging from January 3, 2012, to September 3, 2021, and account for 15 percent of the District’s network user accounts.
- Ensured District procedures were followed to communicate network user account changes to the IT vendor.
Leaving unneeded network user accounts enabled on the network increases the risk of unauthorized access.
Key Recommendations
- Disable unnecessary network user accounts as soon as they are no longer needed and maintain a list of authorized network users to periodically review network user accounts for necessity.
- Review the written procedures the District has in place for the process to communicate employee change in status to the IT vendor to ensure access to the District network is up-to-date.
District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.