[read complete report – pdf] | [read complete 2023 report – pdf]
Purpose of Review
The purpose of our review was to assess Copiague Union Free School District’s (District) progress, as of January 2026, in implementing our recommendations in the audit report Copiague Union Free School District – Information Technology, 2023M-150, released in March 2024.
The audit determined District officials did not properly manage nonstudent network user accounts and financial software access controls. As a result, data and personal, private and sensitive information (PPSI) accessible by those accounts were at a greater risk for unauthorized access, misuse or loss. In addition to sensitive information technology (IT) control weaknesses that were confidentially communicated to District officials, we found that officials did not:
- Disable 316 nonstudent network user accounts (24 percent) that were not needed, including two user accounts assigned to employees that left the District more than 17 years ago.
- Ensure that employees had the appropriate access to the financial software necessary to perform their job functions.
- Provide IT security awareness and data privacy training annually to all officials and employees with access to financial and other sensitive data.
The audit included four recommendations to help officials improve the District’s controls over information technology.
Background
The District serves the Town of Babylon in Suffolk County and is governed by an elected seven-member Board of Education (Board) responsible for managing and controlling financial and educational affairs. The Superintendent of Schools is the chief executive officer and is responsible, along with the Assistant Superintendent for Finance and Operations (Assistant Superintendent) and other administrative staff, for the District’s day-to-day management under the Board’s direction. The Assistant Superintendent, as system administrator, is responsible for managing user access rights in the financial software. The IT Director is responsible for managing the District’s computer resources and overseeing the IT department, including the Network Engineer and technicians who manage the network and IT assets. The former IT Director resigned in August 2022, and the current IT Director started after the end of the audit period.
Results of Review
Based on our limited procedures, of the four recommendations contained in the 2024 report, we determined that the District’s IT Director and officials fully implemented three recommendations and partially implemented one recommendation.