Local Government: East Williston Union Free School District


Home > Local Government > Audits > Schools > East Williston Union Free School District
About DiNapoli Newsroom Unclaimed Funds Retirement Members Retirees Employers Planning Contact Us FAQ Publications Forms Change of Address About Us Site Map Consultation Sites Related Links Pension Fund Disclosure of Investments & Transactions Pension Reforms Fiduciary Responsibilities of Comptroller Comprehensive Annual Financial Reports Pension Fund Overview Investments Overview Audits & Publications Audits Reports NYC Financial Reports Retirement Publications State Finances Local Government Legal Opinions State Finances Debt Management Cash Management State Agencies State Payroll Services FOCAS Project Vendor Responsibility Travel Information Agency Financial Reporting Outreach Program Public Authorities What is a Public Authority Reports on Public Authorities View Data on Individual Public Authorities Public Authority Regulations Public Authorities Reporting Information System - PARIS Local Government Audits Cost-Saving Ideas Financial Data Local Government Leadership Institute Publications Required Reporting Research Reports Training NYC Oversight Vendors ePayments FOCAS Project Payment Information Query Procurement Protests Vendor Responsibility OSC Procurements Open Procurements Single/Sole Source Procurements M/WBE Information Personal Service Reporting Investigations Legal Opinions Oil Spill Fund College Savings Working Here Contact Us	Local Government and School Accountability
	East Williston Union Free School District Internal Controls Over Procurement and Information Technology Executive Summary Complete Audit in PDF The East Williston Union Free School District (District) is governed by the Board of Education (Board) which comprises five elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board. The Board designated the Assistant Superintendent for Business as the District’s purchasing agent. Under the general supervision of the Superintendent, the purchasing agent is responsible for administering all purchase activities. The Board’s adopted purchasing policy governs District purchasing and related activities. The District uses a financial accounting software package (financial software) to process and maintain financial transactions. Scope and Objective The objective of our audit was to examine the adequacy of the District’s internal controls over procurement and information technology for the period July 1, 2005 to November 30, 2006. Our audit addressed the following related questions: Has the District established adequate internal controls over purchasing to protect against fraud, abuse and professional misconduct, and are those controls operating effectively? Are internal controls over the District’s information technology system designed appropriately to adequately protect electronic data? Audit Results The District’s purchasing policies do not address the procurement of professional services; therefore, the District continues to use the same professionals year after year without competition. The District paid six professionals a total of $494,610 without soliciting competitive proposals. The District made payments to three professionals, totaling $107,094, for services that were not specified in the contract and were at more than contracted rates. In addition, District officials also paid three other professionals $93,788 without receiving sufficiently itemized invoices. While District officials have adopted purchasing policies, they failed to monitor and enforce compliance with them. The District paid 11 vendors a total of $173,324 without soliciting competitive bids or quotations. As a result, goods and services may not have been obtained at the lowest possible price and the District may have paid professionals for services that were not performed according to contract or properly authorized. District officials have not developed policies and procedures to protect critical financial data. Our audit disclosed that computer hardware is not protected from unauthorized access; this means that critical financial data is subject to an increased risk of loss or misuse. In addition, the financial software does not generate audit logs, and thus unauthorized activity could go undetected. Because passwords are not changed periodically, the District is placing its data at risk of loss or alteration. Finally, back-up data is not periodically tested and restored and the District does not have a formal disaster recovery plan; therefore, the District has no assurance that its data is complete and useable in the event of a disaster. Without a disaster recovery plan, the ability to resume normal operations quickly and with minimal loss is doubtful. Comments of District Officials The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and indicated that they planned to initiate corrective action.