[read complete report - pdf]

Audit Objective

Determine whether the Otego-Unadilla Central School District (District) Board and officials ensured District computerized data was safeguarded through training, monitoring user accounts and adopting a written information technology (IT) contingency plan.

Key Findings

The Board and District officials did not ensure computerized data was safeguarded. In addition to sensitive IT control weaknesses that we communicated confidentially to District officials, we found:

• The District had 58 unneeded user accounts.
• Officials did not provide IT security awareness training.
• The Board did not adopt a written IT contingency plan.

Key Recommendations

• Thoroughly review user access on a routine basis and disable any unnecessary network user accounts as soon as they are no longer needed.
• Provide periodic IT security awareness training.
• Develop and adopt a comprehensive written IT contingency plan.

District officials generally agreed with the findings in our report and indicated they plan to initiate corrective action.