Evans-Brant Central School District - Information Technology (2019M-121)

Issued Date

October 04, 2019

Audit Objective

Determine whether information technology (IT) assets are properly safeguarded, secured and accessed for appropriate District purposes.

Key Findings

District officials did not provide IT security awareness training for individuals who used District IT assets.
Personal Internet use was found on computers assigned to four employees who routinely accessed personal, private and sensitive information (PPSI).

In addition, sensitive IT control weaknesses were communicated confidentially to District officials.

Key Recommendations

Provide periodic IT security awareness training.
Provide adequate oversight of employee Internet use to ensure it complies with Board policies and regulations.

District officials agreed with our findings and recommendations and indicated they planned to initiate corrective action.

Background

The Evans-Brant Central School District (District) serves the Towns of Brant, Evans and Eden in Erie County and the Cattaraugus Reservation of the Seneca Nation of Indians.

The District is governed by an elected seven-member Board Superintendent of Schools is the chief executive officer and is responsible, along with other administrative staff, for the District’s day-to-day management under the Board’s direction.

The District employs a Director of Technology/Chief Information Officer (Director) to manage its IT department.

Quick Facts
Total Network Accounts	2,860
Employee Network Accounts	433
Employee Computers Examined	26

Audit Period

July 1, 2017 – May 15, 2019