Audit Objective

Determine whether Eastchester Union Free School District (District) officials established adequate controls over user accounts to help prevent unauthorized use, access, and loss, and whether officials established an adequate information technology (IT) contingency plan.

Key Findings

District officials did not establish adequate controls over user accounts to help prevent unauthorized use, access and loss nor did they establish an adequate IT contingency plan. Sensitive IT control weaknesses were also communicated confidentially to officials.Officials did not:

• Develop comprehensive procedures for managing network and financial application user accounts nor did they periodically review all network user accounts and permissions to determine if they needed to be disabled. As a result, we identified the following unneeded network user accounts:
  • 181 for students no longer in the District.These students left the District between June 2020 and August 2021.
  • Six for two former employees, two former Board members and two former interns. These users left District employment between 2016 and 2021.
• Adopt a comprehensive IT contingency plan to minimize the risk of data loss or prevent a serious interruption of services.

Key Recommendations

• Develop written procedures for managing network and financial application user accounts.
• Develop, adopt, distribute and periodically review and test a comprehensive IT contingency plan.

District officials agreed with our findings and indicated they are initiating corrective action.