Audit Objective
Determine whether Nanuet Union Free School District (District) officials ensured network user accounts were needed and whether officials adopted an adequate Information Technology (IT) contingency plan.
Key Findings
District officials did not ensure network user accounts were needed, and did not adopt an adequate IT contingency plan. In addition to sensitive IT control weaknesses that we communicated confidentially to officials, we found that officials did not develop:
- Written procedures to identify and disable unnecessary network user accounts. As a result, we identified 18 generic accounts that should have been disabled.
- An adequate comprehensive IT contingency plan to minimize the risk of data loss or prevent a serious interruption of services.
Key Recommendations
- Develop written procedures for managing network user account access.
- Develop and adopt a comprehensive IT contingency plan and communicate it to appropriate officials and employees.
District officials generally agreed with our findings and indicated they plan to initiate corrective action.