Dansville Central School District - Information Technology and Non-Instructional Employee Leave Benefits (2018M-169)

Issued Date
January 18, 2019

[read complete report - pdf]

Audit Objective

Determine whether:

  • The Board and District officials ensured information technology (IT) assets were safeguarded.
  • District officials accurately maintained leave records for non-instructional employees.

Key Findings

  • The Board and District officials have not adopted adequate security policies and procedures to safeguard IT assets.
  • District officials did not provide IT security awareness training for employees.
  • As of February 27, 2018, leave balances for 31 of the 40 non-instructional employees tested (78 percent) were inaccurate.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

  • Adopt comprehensive IT security policies, procedures and plans to safeguard IT assets and data.
  • Provide periodic IT security awareness training to personnel who use IT resources.
  • Ensure that amounts earned for leave are granted in accordance with contracts and Board approval and that leave records are accurately maintained and up-to-date.
  • Address the confidentially communicated IT recommendations.

District officials agreed with our recommendations and indicated they planned to initiate corrective action.