Stamford
Central School District
Internal Controls Over The Stamford Central School District (District) is governed by the Board of Education (Board) which comprises five elected members. The Board is responsible for the general management and control of the District’s financial and educational affairs. The Superintendent of Schools (Superintendent) is the chief executive officer of the District and is responsible, along with other administrative staff, for the day-to-day management of the District under the direction of the Board. The Board and Treasurer have the responsibility to assess the risks associated with payroll and institute appropriate internal controls to mitigate those risks. This includes ensuring that employees receive wages, salaries, and benefits to which they are entitled and segregating job duties so that the work performed by one individual is verified in the normal course of another employee’s regular duties. The Board is also responsible for appointing a claims auditor in compliance with the Regulations of the Commissioner of Education. The claims auditor is responsible for auditing and approving claims prior to payment. The District uses one networked1 computer system to process and store financial and non-financial data,2 supported by four servers located at the school. Financial data is stored on a separate and dedicated server. The Information Technology (IT) administrator oversees the network system, and is an employee of the Broome-Tioga Board of Cooperative Educational Services. Scope and Objective The objective of our audit was to determine if District officials were properly managing District operations to safeguard District assets for the period of July 1, 2005 through February 5, 2007. Our audit addressed the following related questions:
Audit Results The Treasurer paid certain salaries and stipends to various employees, which were not authorized or approved by the Board. Unauthorized payments totaled $16,426. There also was a lack of segregation of duties in the payroll process. Finally, the Board has not established comprehensive policies and procedures to effectively address the safeguarding of computerized data and assets. Specifically, formal policies and procedures relating to acceptable computer usage; addition, modification, and deletion of user access rights; and a strong password system have not been adopted. The Board also has not developed a formal disaster recovery plan or policies and procedures for the back-up of financial and non-financial data. Comments of District Officials The results of our audit and recommendations have been discussed with District officials and their comments, which appear in Appendix A, have been considered in preparing this report. District officials generally agreed with our recommendations and indicated they planned to initiate corrective action. |