Haldane Central School District – Information Technology (2021M-84)

Issued Date
November 05, 2021

[read complete report - pdf]

Audit Objective

Determine whether Haldane Central School District (District) officials adequately managed and monitored user accounts and permissions.

Key Findings

District officials did not adequately manage and monitor user accounts and permissions. As a result, the District has an increased risk that it could lose important data and suffer serious interruption in operations. District officials did not:

  • Disable 74 unneeded network user accounts of the 300 accounts we examined. The 74 accounts included generic and former employee accounts.
  • Create secondary user accounts, for three network user accounts with administrative permissions, to be used for non-administrative activities.

Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Evaluate all network user accounts to ensure unneeded network user accounts are disabled.
  • Assess all network user accounts with administrative permissions and create secondary accounts to be used for non-administrative activities.

District officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.