The Heuvelton Central School District (District) is governed by the Board of Education (Board) which comprises seven elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the District’s chief executive officer of the District and is responsible, along with other administrative staff, for day-to-day District management under the Board’s direction.

There is one school in operation within the District, with approximately 650 students and 130 full and part-time employees. The District’s budgeted expenditures for the 2004-05 fiscal year were $8.7 million, funded primarily with State aid, real property taxes and grants.

On an annual basis, the Board appoints a claims auditor who assumes the Board’s powers and duties for approving or denying claims against the District. The District contracts with the St. Lawrence-Lewis BOCES (BOCES) for a variety of instructional and financial related services through a shared services agreement. As part of the agreement, the shared business office provides the District with a Business Manager/Purchasing Agent and processes all of the District’s financial transactions. The Regional Information Center (RIC) provides internet and e-mail services to the District.

Scope and Objectives

The objectives of our audit were to examine the District’s internal controls relating to the treasury function, computer security, claims auditing, payroll and capital assets for the period July 1, 2004 to June 30, 2005. Due to the situation with the bus mechanics,1 our scope period for that area of payroll was July 1, 2003 to June 30, 2005. Our audit addressed the following related questions:

• Are internal controls over the District’s treasury function appropriately designed and operating effectively?
  
  
• Are internal controls over the District’s computer security appropriately designed to protect electronic data?
  
  
• Are internal controls over the District’s claims auditing function appropriately designed and operating effectively?
  
  
• Are internal controls over the payroll process appropriately designed and operating effectively?
  
  
• Are internal controls over capital assets appropriately designed and operating effectively?

Audit Results

The District had significant internal control deficiencies in each of the areas we audited. As a result of these deficiencies, District assets are at risk because in the current environment errors and irregularities can occur and go undetected and uncorrected.

For example, the District’s Treasurer does not maintain adequate control over his signature. District checks are computer generated with the Treasurer’s signature imprinted on them. BOCES personnel apply the Treasurer’s signature to the check when the District’s disbursement records (payrolls and warrants) are processed at the BOCES office. The Treasurer does not directly supervise the signature process. Complicating this lack of control is the ability of the BOCES check-printing program to create duplicate checks and the District’s failure to obtain and review images of both sides of the cancelled checks.

We also found that the BOCES, which processes the District’s financial transactions, has no formal written computer policies relating to computer use. In addition, BOCES personnel do not change passwords regularly, update security patches on a timely basis, or use change reports. We also noted that the BOCES lacks a disaster recovery plan for the District’s financial data. As a result, the Districts financial data may be at risk of loss, exposure or corruption.

The District’s claims auditing function also has significant deficiencies. Since the claims auditor does not report directly to the Board, the Board cannot be certain that its directives are being carried out as intended. The claims auditor paid certain claims for conference attendance without receiving the required approvals. The District also has inadequate policies governing procurement, travel expenses (i.e. conference attendance) and travel advances that reduce the effectiveness of the claims audit process. Voucher packets approved by the claims auditor for the District’s monthly health insurance bills did not include the supporting billing detail identifying the individuals insured. As a result of these deficiencies, the District does not have adequate assurance that all payments are appropriate and necessary.

The Board has also not provided District staff with any formal written policies or procedures for the payroll process for the District. Internal controls over payroll were so weak that without the knowledge or approval of the Board, a senior bus driver was able to set the rates of compensation for himself and a subordinate and to receive payment at those rates for over a year before the unauthorized compensation was discovered. Fringe benefits and other compensation issues for non-union department heads were not in writing, thus there is no process for verifying the fringe benefits, work schedules or compensation for these individuals.

The District does not have adequate internal controls to protect its capital assets. The District’s capital asset inventory records do not include all District assets. As a result, vehicles worth approximately $212,000, though covered by insurance, were not reflected in the inventory records.

Comments of District Officials

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and indicated they planned to initiate corrective action.