[read complete report - pdf]

Audit Objective

Determine whether the Broadalbin-Perth Central School District’s (District) Board and District officials ensured online banking transactions were appropriate and information was secure.

Key Findings

The Board and District officials did not adequately safeguard online banking transactions. Officials did not:

• Adopt a comprehensive online banking policy.
• Monitor online banking user compliance with the District’s acceptable computer use policy (AUP). As a result, five of the six online banking users were allowed to access nonbusiness websites prohibited by the policy.
• Provide IT security awareness training to all online banking users.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

• Adopt a comprehensive online banking policy.
• Monitor computer use to ensure compliance with District policies.
• Provide IT security training to all IT users.

District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.