Audit Objective
Determine whether the District ensured information technology (IT) assets were properly safeguarded and secured.
Key Findings
- District officials did not provide IT security awareness training for individuals who used District IT assets.
- Employees accessed websites for social networking, shopping, travel and other personal use.
In addition, sensitive IT control weaknesses were communicated confidentially to District officials.
Key Recommendations
- Provide periodic IT security awareness training.
- Provide adequate oversight of employee Internet use to ensure it complies with Board policies.
District officials agreed with our recommendations and indicated they planned to initiate corrective action.