Fort Edward Union Free School District

Internal Controls Over Financial Activities - EXECUTIVE SUMMARY

The Fort Edward Union Free School District (District) is governed by the Board of Education (Board) which comprises nine elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board.

Scope and Objective

The objective of our audit was to assess internal controls for the period July 1, 2005 to February 7, 2007. Our audit addressed the following related questions:

• Are internal controls over the District’s cash receipts, payroll, and purchasing appropriately designed and operating effectively to protect District resources?
• Are internal controls over the District’s claims processing appropriately designed and operating effectively to protect District resources?
• Are internal controls over the District’s information technology system appropriately designed?

Audit Results

The District did not have an adequate segregation of duties over the cash receipts, payroll, and purchasing processes to ensure that one person does not control all phases of a transaction. For example, the Superintendent did not directly oversee employees’ use of his own signature on purchase orders and, as a result, internal controls were circumvented and purchase orders were approved after the purchases were made. The Superintendent also acted as purchasing agent, approving his own requisitions and purchase orders. In addition, the Board had not established written policies and procedures over the cash receipts and payroll processes. The absence of written policies and procedures, or the failure to follow established procedures, and the lack of proper segregation of duties and managerial oversight increase the chance that errors or irregularities could occur and not be detected and corrected in a timely manner.

We found significant deficiencies in the internal controls over the claims process. The Board did not perform a proper audit of claims, allowing some payments to be made even though claim voucher packages lacked sufficient supporting documentation. Further, 165 claims totaling $2,727,064 were improperly paid before the audit was performed. District officials did not adhere to the Board’s credit card policy and, as a result, not all purchases were properly supported or authorized in advance. Deficiencies in the internal controls over the claims auditing and credit card purchasing functions increase the risk that the District could incur unnecessary expenditures and that errors, irregularities, or fraud could occur and not be detected and addressed in a timely manner.

The District did not have adequate internal controls over its information technology (IT) system and had not developed adequate policies and procedures to address IT issues, including but not limited to passwords, remote access, and physical security. The District also did not physically secure its servers and backup tapes from unauthorized access. The lack of adequate controls and protection for its IT system places the District at risk of unauthorized access to its computer resources, loss or misuse of the District’s electronic information, and disruption of its computer operations.

Comments of District Officials

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and have initiated, or indicated they planned to initiate, corrective action.