Audit Objective
Determine whether Ellenville Central School District (District) officials ensured network user accounts were adequately managed.
Key Findings
District officials did not ensure network user accounts were adequately managed. In addition to sensitive information technology (IT) control weaknesses which we communicated confidentially to officials, we found District officials should have:
- Disabled 550 network user accounts that were no longer needed. Of the 550 unneeded accounts, 462 were not used to log into the District’s IT system in at least six months from the date of our test.
- Established written procedures for granting, changing or disabling network user accounts.
Key Recommendations
- Develop written procedures for granting, changing and disabling user access.
- Maintain a list of authorized user accounts and routinely evaluate and disable any unnecessary user accounts.
District officials agreed with our recommendations and indicated they will take corrective action.