East Hampton Union Free School District – Financial Software User Access (2016M-340)

Issued Date
December 30, 2016

Purpose of Audit

The purpose of our audit was to evaluate the District’s controls over user access to the financial software for the period July 1, 2014 through March 31, 2016.

Background

The East Hampton Union Free School District is located in the Town of East Hampton in Suffolk County. The District, which operates three schools that serve approximately 1,800 students, is governed by an elected seven-member Board of Education. Budgeted appropriations for the 2015-16 fiscal year were approximately $66.1 million.

Key Findings

  • The Board has not annually designated a system administrator. Instead, the Board annually appoints a Network Systems Manager who performs these duties.
  • District officials have not adopted procedures outlining how user access rights should be established or modified, and permissions are not reviewed quarterly to ensure a proper segregation of duties.
  • Users were given system administrator rights when they shouldn’t have been, giving them access to leave records, vendor information, budget transfers and personal, private, sensitive information.

Key Recommendations

  • Annually designate an administrator for the financial software to clarify who is responsible for financial software administration.
  • Develop written procedures outlining how user access rights should be established or modified based on job duties and proper segregation of duties.
  • Limit the number of users with system administrator rights.