Audit Objective
Determine whether Carle Place Union Free School District (District) officials established adequate controls over network user accounts.
Key Findings
District officials did not establish adequate controls over network user accounts. As a result, the District has an increased risk of unauthorized access to and use of its network and potential loss of important data. In addition to finding sensitive information technology (IT) control weaknesses that were confidentially communicated to officials, we found that District officials did not:
- Disable 52 unneeded employee network user accounts, 376 unneeded student network user accounts, 14 unneeded shared accounts and 25 unneeded service accounts.
- Establish written procedures for granting, verifying, changing and disabling network user account access.
Key Recommendations
- Establish written procedures for granting, verifying, changing and disabling network user account access.
- Disable network user accounts that are unneeded or have not been used after a specified period of inactivity.
District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.