Audit Objective
Determine whether North Babylon Union Free School District (District) officials ensured online banking transactions were appropriate and secure.
Key Findings
While we determined that online banking transactions were appropriate, the Board of Education (Board) and District officials did not meet all the requirements of New York State General Municipal Law (GML) Section 5-a and must improve controls over online banking to ensure these transactions are secure. In addition to sensitive information technology (IT) control weaknesses that we confidentially communicated to District officials, we found that:
- District officials did not enter into an adequate written bank agreement with their banking institution, and the Board did not adopt an online banking policy.
- Employees who performed online banking activities did not receive cybersecurity awareness training.
- The District’s acceptable use policy (AUP) was insufficient and not communicated to employees who performed online banking transactions.
Key Recommendations
- Enter into an adequate written bank agreement with their banking institution and adopt an online banking policy.
- Provide periodic cybersecurity awareness training and an updated AUP to employees who perform online banking transactions.
District officials agreed with our findings and recommendations and have initiated, or indicated they planned to initiate, corrective action.