Audit Objective
Determine whether District officials ensured online banking transactions were appropriate and secure.
Key Findings
While we determined that online banking transactions were appropriate, the Board and District officials did not meet all the requirements of General Municipal Law Section 5-A and must improve controls over online banking to ensure these transactions are secure.
- District officials did not enter into adequate written agreements with the District’s banking institutions, and the Board did not adopt an online banking policy.
- District officials did not adequately segregate online banking duties or require secondary authorization for online payments and transfers.
- Employees who performed online banking activities did not receive Internet security awareness training during our audit period.
Key Recommendations
- Adopt an online banking policy and enter into adequate written agreements with banking institutions.
- Adequately segregate online banking duties.
- Provide periodic Internet security and awareness training to employees who perform online banking activities.
District officials generally agreed with our findings and indicated they plan to initiate corrective action.