Audit Objective
Determine whether Sewanhaka Central High School District (District) officials developed an information technology (IT) contingency plan to help secure and protect business office IT systems in the event of a disruption or disaster.
Key Findings
District officials did not develop an IT contingency plan to help them adequately secure and protect business office IT systems in the event of a disruption or disaster.
Without a comprehensive written IT contingency plan in place that is properly distributed to all business office staff and periodically tested for efficacy, District officials have less assurance that employees and other responsible parties will react quickly and effectively to maintain business continuity. As a result, important financial and other business office data could be lost or suffer a disruption to operations.
Additional sensitive IT control weaknesses were communicated confidentially to District officials.
Key Recommendations
- Develop, adopt and test a written IT contingency plan and communicate it to appropriate officials and employees.
District officials agreed with our findings and have initiated or plan to initiate corrective action.