Ellicottville Central School District - Information Technology (2019M-14)

Issued Date

June 14, 2019

[read complete report - pdf]

Audit Objective

Determine whether the District ensured information technology (IT) assets were properly safeguarded and secured.

Key Findings

District officials did not provide IT security awareness training for individuals who used District IT assets.
Employees accessed websites for social networking, shopping, travel and other personal use.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

Provide periodic IT security awareness training.
Provide adequate oversight of employee Internet use to ensure it complies with Board policies.

District officials agreed with our recommendations and indicated they planned to initiate corrective action.

Background

The Ellicottville Central School District (District) serves the Towns of East Otto, Ellicottville, Franklinville, Great Valley, Humphrey and Mansfield in Cattaraugus County.

The District is governed by an elected seven member Board of Education (Board), which is responsible for establishing policies and procedures for all aspects of the District’s IT environment. The Superintendent of Schools (Superintendent) is the chief executive officer and is responsible, along with other administrative staff, for the District’s day-to-day management under the Board’s direction.

Quick Facts
Student Network Accounts	557
Employee Network Accounts	111
Desktops, Laptops and Tablets	1,143
Servers	4

Audit Period

July 1, 2016 – December 18, 2018