The Elmsford Union Free School District (District) is governed by the Board of Education (Board) which comprises five elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board. The Deputy Superintendent is responsible for ensuring the accuracy of financial statements and reports. A network specialist is assigned the task of ensuring that all District information technology and systems are protected.

Scope and Objective

The objective of our audit was to determine if internal controls over financial transactions and information technology are appropriately designed and operating effectively for the period July 1, 2005 to April 30, 2007. For tax certioraris, we examined financial records for the period July 1, 2002 to April 30, 2007. Our audit addressed the following related question:

• Has the District established adequate internal controls over financial transactions and information technology to protect the District against fraud, abuse and professional misconduct, and are those controls operating effectively?

Audit Results

The District’s accounting for tax certioraris was not in compliance with generally accepted accounting principles (GAAP). The amounts encumbered have not been based upon court decisions or judgments and have consistently exceeded annual payments. For example, as of June 30, 2006, the District encumbered $6,701,030 to pay for judgments and claims during the 2006-07 fiscal year. However, actual payments totaled only $506,438 as of April 30, 2007. Further, the amounts encumbered during each of the last five years have ranged from $3.8 million to $6.7 million, in contrast to the amounts paid, which have averaged only $719,000, ranging from $65,000 to $1.5 million. It appears that the District has encumbered funds instead of establishing a reserve to circumvent the restrictions placed on reserve funds.

We also found the Board had not established formal policies or procedures to address potential computer-related disasters and backup tapes were not stored off-site. As a result, there was an increased risk that equipment and data could be lost, damaged or destroyed. Further, District personnel were not required to change passwords and locking screen savers were disabled on five of the six computers in the business office. As a result, there was an increased risk that unauthorized users could have accessed the system and corrupted financial data or viewed confidential information.

District officials have been proactive in addressing our IT audit findings and have developed and implemented policies and procedures to address the deficiencies.

Comments of District Officials

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and indicated they planned to initiate corrective action.