Dundee Central School District - Information Technology (2018M-74)

Issued Date
August 03, 2018

[read complete report - pdf]

Audit Objective

Determine whether the Board and District Officials ensured District information technology (IT) assets and computerized data were safeguarded.

Key Findings

  • The Board and District officials have not adopted adequate IT security policies and procedures.
  • District officials did not provide IT security awareness training for District employees.

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

  • The Board and District officials should adopt comprehensive IT security policies, procedures and plans to safeguard computerized assets and data.
  • Provide periodic IT security awareness training to personnel who use IT resources.

District officials generally agreed with our recommendations and indicated they are in the process of taking corrective action.