Byron-Bergen Central School District – Online Banking and Information Technology (2014M-261)

Issued Date
December 05, 2014

Purpose of Audit

The purpose of our audit was to evaluate internal controls related to online banking and information technology for the period July 1, 2013 through June 6, 2014.

Background

The Byron-Bergen Central School District is located in the Towns of Byron and Bergen in Genesee County. The District, which is governed by an elected seven-member Board of Education, operates two schools with approximately 1.040 students. Budgeted appropriations for the 2014-15 fiscal year total approximately $21.3 million.

Key Findings

  • The District unnecessarily has online banking access for all if its bank accounts.
  • District officials do not secure user names, passwords and secured token devices used to access online banking and do not consistently erase the browser history after online banking.
  • The District did not have written agreements with its banks to clearly prescribe the manner in which electronic or wire transfers of funds would be accomplished.
  • District officials have not established alerts and other security measures available from the District’s banks.

Key Recommendations

  • Consider limiting the online banking capability to certain accounts.
  • Ensure that all online banking users effectively secure the credentials used to access online banking and that they log off the bank website in a secured manner.
  • Have written agreements with banks prescribing the manner in which electronic or wire transfers of funds will be accomplished.
  • Ensure that alerts and other security measures available from the banks are enabled.