Finn Academy: An Elmira Charter School - Information Technology (2018M-141)

Issued Date
November 02, 2018

[read complete report - pdf]

Audit Objective

Determine whether Board and School officials effectively managed information technology (IT) assets.

Key Findings

  • The Board did not develop adequate IT policies and procedures.
  • School officials did not provide IT security awareness training to employees.
  • The Board did not develop a disaster recovery plan.

Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Adopt written IT policies and procedures.
  • Provide periodic IT security awareness training to personnel who use IT resources, including the importance of physical security and protection of personal, private, sensitive information (PPSI).
  • Develop a disaster recovery plan.
  • Address the IT recommendations communicated confidentially.

School officials disagreed with certain aspects of our findings and recommendations, but indicated they planned to initiate corrective action. Appendix B includes our comments on issues raised in the School’s response letter.