Audit Objective
Determine whether South Orangetown Central School District (District) officials ensured network user accounts were adequately managed.
Key Findings
District officials did not ensure network user accounts were adequately managed. In addition to sensitive information technology (IT) control weaknesses which we communicated confidentially to officials, we found District officials did not:
- Ensure procedures for granting, changing and disabling network access are consistently followed by all departments.
- Always review all network user accounts to determine if they are needed
- Disable 30 of the 3,675 network user accounts that were no longer needed. The 30 accounts include 13 generic accounts, nine former employee accounts and eight contractor accounts.
Key Recommendations
- Ensure that unneeded network user accounts are immediately disabled and regularly review enabled network user accounts for necessity.
District officials agreed with our recommendations and indicated they will initiate corrective action.