Determine whether the Board and District officials ensured online banking transactions were appropriate and secure.
- The Board did not adopt an online banking policy.
- Employees accessed nonbusiness websites although it is prohibited by District policy.
- District officials did not provide IT security awareness training to IT users.
Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.
- Adopt a comprehensive online banking policy.
- Monitor computer use to ensure compliance with District policies.
- Provide IT security training to all IT users.
District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.