[read complete report – pdf]

Audit Objective

Determine whether Grand Island Central School District (District) officials adequately secured access to the network and properly managed user permissions in financial and student information applications.

Key Findings

District officials did not adequately secure access to the network or properly manage user permissions in financial and student information applications.

In addition to finding sensitive information technology (IT) control weaknesses that were communicated confidentially to officals, we found that District officials did not:

• Disable 297 unnecessary service and network user accounts.
• Properly restrict user permissions in the financial and student information applications.

Key Recommendations

• Ensure that unnecessary service and network user accounts are disabled timely.
• Limit application user permissions based on a user’s job responsibilities.

District officials agreed with our recommendations and indicated they planned to initiate corrective action.