Minerva
Central School District
Internal Controls Over Background The Minerva Central School District (District) is located in the Town of Minerva in Essex County, and in a small section of the Town of Chester in Warren County. The District is governed by the Board of Education (Board) which comprises five elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the Board’s direction. There is one school in operation within the District, with approximately 135 students and 70 employees. The District’s budgeted expenditures for the 2006-07 fiscal year were $4.86 million, funded primarily with State aid, real property taxes and grants. The District deployed approximately 130 computers and related technology equipment throughout the school building located in offices, classrooms, the library, and a computer lab. Other equipment is installed or stored in the building’s basement level. The District has made a significant investment in the human and technical resources included in the information technology system. Objective The objective of our audit was to determine if there were adequate controls in place over information technology for the period July 1, 2005 to April 25, 2007. Our audit addressed the following related question:
Scope and Methodology Our overall goal was to assess the adequacy of the internal controls put in place by officials to safeguard District assets. To accomplish this, we performed an initial assessment of the internal controls so that we could design our audit to focus on those areas most at risk. Our initial assessment included evaluations of the following areas: financial oversight, cash receipts and disbursements, purchasing, and payroll and personal services. Based on that evaluation, we determined that controls appeared to be adequate and limited risk existed in most of the financial areas we reviewed. We did determine that risk existed in the area of information technology and, therefore, we examined internal controls over physical access and security of technology equipment, network passwords, data backups and disaster recovery, remote network access, and removal of property from the District’s premises for the period July 1, 2005 to April 25, 2007. Our audit identified areas in need of improvement concerning information technology controls. Because of the sensitivity of this information, certain specific vulnerabilities are not discussed in this report, but have been communicated separately to District officials so they can take corrective action. We conducted our audit in accordance with generally accepted government auditing standards (GAGAS). More information on such standards and the methodology used in performing this audit are included in Appendix B of this report. Comments of District Officials and Corrective Action The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and have initiated, or indicated they planned to initiate, corrective action. The Board has the responsibility to initiate corrective action. Pursuant to Section 35 of the General Municipal Law, Section 2116-a (3)(c) of the Education Law and Section 170.12 of the Regulations of the Commissioner of Education, the Board must approve a corrective action plan that addresses the findings in this report, forward the plan to our office within 90 days, forward a copy of the plan to the Commissioner of Education, and make the plan available for public review in the District Clerk’s office. For guidance in preparing the plan of action, the Board should refer to applicable sections in the publication issued by the Office of the State Comptroller entitled Local Government Management Guide. |