Background

The Malone Central School District (District) is located in the Towns of Malone, Bangor, Bellmont, Brandon, Burke, Constable, Duane, Franklin, and Westville, Franklin County. The District is governed by the Board of Education (Board), which comprises nine elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board.

There are five schools in operation within the District, with approximately 2,300 students and 550 full and part-time employees as of June 30, 2006. The District’s budgeted expenditures for the 2006-07 fiscal year are $36,929,425, funded primarily with State aid, real property taxes and grants. The District has approximately 800 individual computers that are networked together. District staff use computers in the day-to-day operations of the school for instructional purposes and to process financial transactions. The Northeastern Regional Information Center (NERIC) provides information technology services to the District.

Objective

The objective of our audit was to determine if there were adequate controls in place over information technology for the period July 1, 2005 to October 31, 2006. Our audit addressed the following related question:

• Are internal controls over the District’s information technology system appropriately designed to protect electronic data?

Scope and Methodology

Our overall goal was to assess the adequacy of the internal controls put in place by officials to safeguard the District’s assets. To accomplish this, we performed an initial assessment of the internal controls so that we could design our audit to focus on those areas most at risk. Our initial assessment included evaluations of the following areas: cash receipts and disbursements, purchasing, payroll and personal services, financial oversight, and information technology systems. Based on that evaluation, we determined that controls appeared to be adequate in the financial areas we reviewed. We did determine that risk existed in the area of information technology. Therefore, we examined internal controls over information technology for the period July 1, 2005 to October 31, 2006.

We conducted our audit in accordance with generally accepted government auditing standards (GAGAS). More information on such standards and the methodology used in performing this audit are included in Appendix B of this report.

Comments of District Officials and Corrective Action

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and indicated they planned to initiate corrective action.

The Board has the responsibility to initiate corrective action. Pursuant to Section 35 of the General Municipal Law, Section 2116-a (3)(c) of the Education Law and Section 170.12 of the Regulations of the Commissioner of Education, the Board must approve a corrective action plan that addresses the findings in this report, forward the plan to our office within 90 days, forward a copy of the plan to the Commissioner of Education and make the plan available for public review in the District Clerk’s office. For guidance in preparing the plan of action, the Board should refer to applicable sections in the publication issued by the Office of the State Comptroller entitled Local Government Management Guide.