Lyncourt Union Free School District – Information Technology (2020M-121)

Issued Date
February 05, 2021

[read complete report - pdf]

Audit Objective

Determine whether Lyncourt Union Free School District (District) officials adequately managed network user accounts and developed a disaster recovery plan.

Key Findings

District officials did not adequately manage network user accounts or develop and adopt a written disaster recovery plan. As a result, District has an increased risk that it could lose important data and suffer serious interruption in operations. District officials should have:

  • Disabled 17 of the 113 network user accounts we examined. The 17 user accounts were unneeded and included generic, shared and former employee accounts.
  • Revoked permissions for eight of the 12 network user accounts with administrative permissions because the permissions were unneeded.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Evaluate all network user accounts to ensure unneeded network user accounts are disabled.
  • Assess all network user accounts with administrative permissions and remove unneeded permissions.
  • Develop a comprehensive written disaster recovery plan.

District officials generally agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.