Determine whether the Gorham-Middlesex Central School District (District) officials limited online banking access and permissions to Board-authorized users.
District officials did not ensure online banking access was limited to Board-authorized users because no one reviewed online banking users’ access and permissions. Officials at the District also did not monitor online banking transactions. As a result, the risk that the District may become the victim of a cybercrime and experience financial losses is heightened.
- Of the District’s 10 online banking users, six users were not authorized by the Board to conduct online banking but were inappropriately provided with online banking access to one or more of the District’s bank accounts.
- Five of the six users not authorized to conduct online banking and the Business Official and Business Administrator inappropriately had administrative permissions to one or more of the District’s bank accounts, which allowed them to add, remove or modify user access and permissions.
- Limit online banking access to Board-authorized users and ensure administrative permissions are granted to users that require these permissions.
- Monitor online banking users’ access and permissions and comply with Board policy.
District officials agreed with our findings and indicated they plan to initiate corrective action.