Published: July 03, 2008 08:39 am         

State audit prompts changes at CV-S

By MICHELLE MILLER
Staff Writer

CHERRY VALLEY — Results from an audit conducted by the New York State Comptroller’s Office showed that Cherry Valley-Springfield Central School has not adopted comprehensive policies and procedures to effectively address the safeguarding of computerized data and assets.

Specifically, the audit found that CV-S has not adopted comprehensive policies and procedures relating to strong passwords, and the addition, modification, and deletion of user access rights. The CV-S Board of Education also has not developed a formal disaster recovery plan or physically secured its computerized assets.

While tests did not identify any occurrences of unauthorized activity, the audit advised district officials to promptly correct the weaknesses identified, to reduce the risk that sensitive or mission-critical data may be lost or compromised, or that systems could be damaged or disrupted.

The results of the audit and recommendations have been discussed with district officials, and according to Superintendent Nicholas Savin, the district will develop a plan to address the identified areas in need of improvement as received in the final audit report.

Savin said the district received the audit report about a week ago, and has already been taking measures for improvement. He said the district has increased its staff in order to address technology glitches. CV-S originally had a BOCES employee working halftime, assessing and improving the quality of security controls of the district’s technology network system, and now it has hired a full time in-house employee to speed up the process of addressing concerns.

The district became aware of concerns during an exit interview with members of the Comptroller Office last May, and the district has been in the planning process ever since, according to Savin. By the end of the summer, the district is going to have to send a more detailed document to the Comptroller’s Office showing how the district plans to address the safeguarding of computerized data and assets. Savin said he hopes CV-S can start implementing the plan when staff returns for the upcoming school year.

District’s safeguards were examined over computerized data and assets for the period July 1, 2006 to Feb. 4, 2008. The overall goal was to assess the adequacy of the internal controls put in place by officials to safeguard district assets.

In order to accomplish that, an initial assessment of the internal controls was preformed so that the Comptroller’s Office could design an audit to focus on those areas most at risk. The initial assessment included evaluations of the following areas: financial oversight, cash receipts and disbursements, purchasing, payroll and personal services and information technology.