ALBANY – A state comptroller’s audit of the Cornwall Central School District’s information technology system found it did not establish adequate internal controls to safeguard the district’s user accounts.
The audit found that network user accounts were not adequately managed; officials did not monitor compliance with the district’s acceptable use policy; and that the school board did not adopt adequate information technology policies or a disaster recovery plan.
Sensitive IT control weaknesses, including issues related to software updates, were communicated confidentially to officials.
The state auditors recommended development of written procedures for managing system access that include periodically reviewing user access and disabling unnecessary network user accounts; monitoring internet use to ensure employees comply with the acceptable use policy; and adoption of comprehensive IT policies and a disaster recovery plan.
District officially generally agreed with the state’s findings and indicated they plan to initiate corrective action.
