Dolgeville Central School District – System Access Controls (2016M-265)

Issued Date
January 06, 2017

Purpose of Audit

The purpose of our audit was to examine information technology access controls over personal, private and sensitive information in the District’s financial system and student information system for the period July 1, 2014 through April 15, 2016.

Background

The Dolgeville Central School District is located in the Towns of Fairfield, Manheim and Salisbury in Herkimer County and the Towns of Ephratah, Oppenheim and Stratford in Fulton County. The District, which operates three schools with approximately 920 students, is governed by an elected seven-member Board of Education. Budgeted appropriations for the 2015-16 fiscal year totaled approximately $19 million.

Key Findings

  • Not all financial system and student information system user accounts were necessary.
  • Some users were assigned more access permissions than needed for their job duties.
  • District officials did not regularly review system logs.

Key Recommendations

  • Evaluate all existing financial system and student information system user accounts and remove any deemed unnecessary.
  • Establish written procedures for managing and monitoring system access, including guidance for assigning permissions.
  • Ensure that system audit logs are periodically reviewed for indications of unauthorized or inappropriate activity.