Background

The Mayfield Central School District (District) is located in the Towns of Broadalbin, Johnstown, Mayfield, and Northampton in Fulton County. The District is governed by the Board of Education (Board) which comprises five elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board.

There are two schools in operation within the District, with approximately 1,200 students and 165 employees, not including substitutes. The District’s budgeted general fund expenditures for the 2005-06 school year were approximately $14.7 million, funded primarily with real property taxes, State aid and grants.

The District has established and manages a Local Area Network (network), made up of approximately 350 computers (workstations) located throughout the school facilities. The network is managed on a full time basis by the technology coordinator who is augmented by a consultant under contract with the District. The network allows sharing of information, resources, and applications including email and internet access. The District’s six-person Business Office processes financial transactions using a computerized financial management system residing on a network server and six workstations located in the District’s Business Office. This server stores nearly all the District’s financial data, including payroll. Sensitive student data is also stored on the network.

Objecitve

The objective of our audit was to determine if the District had implemented adequate internal controls to safeguard its computer data. Our audit addressed the following related questions:

• Has the District adopted adequate policies relating to information technology?
  
  
• Has the District properly implemented controls over access to the computer network and the financial management system?
  
  
• Has the District adopted procedures to ensure that the computer data can be recovered in the event of a disaster or computer failure?
  

Scope and Methodology

During this audit we examined the internal controls over computer data for the period July 1, 2005 through December 31, 2006.

We conducted our audit in accordance with generally accepted government auditing standards (GAGAS). More information on such standards and the methodology used in performing this audit are included in Appendix B of this report.

Comments of District Officiasl and Corrective Action

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and have initiated, or indicated they planned to initiate, corrective action.

The Board has the responsibility to initiate corrective action. Pursuant to Section 35 of the General Municipal Law, Section 2116-a (3)(c) of the Education Law and Section 170.12 of the Regulations of the Commissioner of Education, the Board must approve a corrective action plan that addresses the findings in this report, forward the plan to our office within 90 days, forward a copy of the plan to the Commissioner of Education and make the plan available for public review in the District Clerk’s office. For guidance in preparing the plan of action, the Board should refer to applicable sections in the publication issued by the Office of the State Comptroller entitled Local Government Management Guide.

---

Complete Audit in PDF