The Sewanhaka Central High School District (District) is governed by the Board of Education (Board) which comprises eight members, appointed by the boards of their respective Union Free School Districts (UFSD) where they serve as elected board members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer and is responsible, along with other administrative staff, for the day-to-day management of the District under the Board’s direction. The President of the Board (President) serves as the chief fiscal officer.

There are five high schools in operation within the District with approximately 8,600 students and 1,200 employees. The District’s budgeted expenditures for the 2006-07 fiscal year were $134,022,079, funded primarily with State aid and real property taxes. Expenditures for the 2005-06 fiscal year were $122,621,689.

Scope and Objective

The objective of our audit was to examine the District’s internal controls over financial operations for the period July 1, 2005 to June 30, 2006. Our audit addressed the following related questions:

• Has the District established and appropriately monitored the implementation of internal control policies and procedures over the purchasing function?
  
  
• Has the District established and appropriately monitored the implementation of internal control policies and procedures over the use and protection of computer resources?
  
  
• Has the District established and appropriately monitored the implementation of internal control policies and procedures over the disposition of capital assets?

Audit Results

We found deficiencies in the District’s controls and procedures over procurement of professional services, computer operations, and disposition of capital assets. The lack of competition in the procurement process leaves the District without adequate assurance of obtaining the most economical professional services. Deficiencies in the District’s computer systems security controls expose the District to risk of loss or misuse of data and costly disruptions to District operations. Omissions in the recording and reporting of transactions related to an asset disposition caused fixed assets to be overstated on the District’s financial statements.

District officials did not consistently follow the Board’s policy requiring competition or Requests for Proposals (RFP) when awarding contracts for professional services. The District paid 19 professional service providers a total of over $1.8 million without soliciting any form of competition, and 21 of the services procured were not approved by the Board. In eight instances totaling $355,554, the professional services were rendered without a contract. The failure to follow procurement policies and procedures places the District at risk of procuring services that may not be priced economically, may not be of the best quality available, and may not be in appropriate quantities. In addition, because of the lack of proper supporting documentation and written authorizations, the District’s claims auditor cannot audit the claims properly and the Board does not have adequate assurance that the services are necessary and appropriate.

Because the Board has not adopted a comprehensive computer security policy with protocols, procedures, and controls for maintaining a secure and reliable IT system, there is no assurance that the District’s IT resources and information are adequately protected. The District does not have a disaster recovery plan or business continuity plan, which is critical for uninterrupted operations if the computer systems or data are compromised or rendered inoperable by unauthorized users or as a result of a disaster.

The District’s server equipment is not properly secured and is exposed to the risk of fire and water damage. In addition, the District’s financial data is stored and maintained on the business server in the business office, while the physical backup media are stored in close proximity. These conditions may impede the District’s ability to recover and restore its computer operations in the event of a disaster.

The function of the financial software administrator is not properly segregated from the accounting function. The senior accountant who maintains the District’s accounting records is also the system administrator of the District’s financial software. Without proper segregation of duties between the accounting and the financial software administration functions, the District incurs the risk of unauthorized changes to the accounting records, to the software security settings, and to user authorization privileges.

The District disposed of certain land, including the old Middle School building, without properly accounting for the disposition and without recording and reporting the related financial activities in the District’s financial statements. As a result, the District’s reported values for land and buildings were not appropriately reduced and fixed assets were overstated for the 2004-05 fiscal year.

Comments of District Officials

The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. Except as specified in Appendix A, District officials generally agreed with our recommendations and indicated they planned to take corrective action. Appendix B includes OSC comments on issues raised in the District’s response letter.