Audit Objective
Determine whether North Salem Central School District (District) officials ensured network user accounts were adequately managed (granted, changed and disabled).
Key Findings
District officials did not ensure network user accounts were adequately managed. In addition to finding sensitive information technology (IT) control weaknesses, which we communicated confidentially to officials, we found that District officials should have:
- Developed procedures for granting, changing and disabling network user accounts.
- Ensured IT staff disabled 181 unneeded network user accounts. Seven of these users left the District between 2011 and 2019.
Key Recommendations
- Develop procedures for granting, changing and disabling network user accounts, and ensure that employees implement and comply with the procedures.
- Maintain a list of authorized user accounts and routinely evaluate and disable any unneeded network user accounts.
District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.