The Dover Union Free School District (District) is governed by the Board of Education (Board) which comprises nine elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board. The District has 350 employees with payroll and personal service costs that totaled approximately $12 million for the 2005-06 fiscal year. District personnel prepare payroll in-house and most financial and non-financial data is maintained using the District’s computer system. The District relies on the Dutchess BOCES (BOCES) to maintain its servers and update its software.

Scope and Objective

The objective of our audit was to examine the adequacy of the District’s internal controls over financial operations for the period July 1, 2005 to November 27, 2006. Our audit addressed the following related questions:

• Are internal controls over the District’s information technology (IT) system designed appropriately and operating effectively to adequately protect computerized data?
  
  
• Are internal controls over payroll and personal services designed appropriately and operating effectively to adequately protect District assets against fraud, abuse, and professional misconduct?

Audit Results

The District’s controls over information technology are not adequate. There is no comprehensive IT policy to adequately address all major areas of IT operations and BOCES staff can remotely access the District’s servers at any time. Further, BOCES employees have full administrative rights and there is no formal written agreement with BOCES to outline remote access policy and rules. In addition, the District does not have a disaster recovery plan, back-up files are not stored in a secure off-site location, and there are weaknesses in the use of passwords and session locks. As a result, the District’s computer system is susceptible to a greater risk of inappropriate access by unauthorized users which can result in key District data being lost or corrupted and/or the District’s IT resources being compromised.

We also found weaknesses in internal controls over payroll and personal services. The District has not developed written policies and procedures for payroll. We also found errors in overtime calculations, and leave time accrual balances that did not comply with employee contracts or collective bargaining agreements.

Comments of District Officials

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and indicated they planned to initiate corrective action.