Audit Objective
Determine whether Oceanside Union Free School District (District) officials monitored employees’ compliance with the acceptable Internet use policy (AUP) on the District’s network.
Key Findings
District officials did not monitor employee compliance with the acceptable Internet use policy on the District’s network. In addition to finding sensitive information technology (IT) control weaknesses, which we communicated confidentially to officials, we found that:
- Six of 40 employees used District computers to access websites, such as shopping, entertainment, personal email, online gaming and social networking, in violation of the District’s AUP. Internet browsing increases the likelihood that users will be exposed to malicious software that may compromise data confidentiality, integrity or availability.
Key Recommendations
- Monitor employee Internet use on District computers and enforce compliance with the AUP.
District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action