July 03, 2008 08:44 am
—
By MICHELLE MILLER
Staff Writer
CHERRY VALLEY — Results
from an audit conducted
by the New York State
Comptroller’s Office showed
that Cherry Valley-Springfield
Central School has not
adopted comprehensive policies
and procedures to effectively
address the safeguarding
of computerized data and
assets.
Specifically, the audit
found that CV-S has not adopted
comprehensive policies
and procedures relating to
strong passwords, and the
addition, modification, and
deletion of user access rights.
The CV-S Board of Education
also has not developed a
formal disaster recovery plan
or physically secured its computerized
assets.
While tests did not identify
any occurrences of unauthorized
activity, the audit
advised district officials to
promptly correct the weaknesses
identified, to reduce
the risk that sensitive or
mission-critical data may be
lost or compromised, or that
systems could be damaged or
disrupted.
The results of the audit
and recommendations have
been discussed with district
officials, and according to
Superintendent Nicholas
Savin, the district will develop
a plan to address the identified
areas in need of improvement
as received in the
final audit report.
Savin said the district received
the audit report about
a week ago, and has already
been taking measures for improvement.
He said the district
has increased its staff in
order to address technology
glitches. CV-S originally had
a BOCES employee working
halftime, assessing and improving
the quality of security
controls of the district’s
technology network system,
and now it has hired a full time
in-house employee to
speed up the process of addressing
concerns.
The district became aware
of concerns during an exit interview
with members of the
Comptroller Office last May,
and the district has been in
the planning process ever
since, according to Savin. By
the end of the summer, the
district is going to have to
send a more detailed document
to the Comptroller’s
Office showing how the district
plans to address the
safeguarding of computerized
data and assets. Savin
said he hopes CV-S can start
implementing the plan when
staff returns for the upcoming
school year.
District’s safeguards were
examined over computerized
data and assets for the period
July 1, 2006 to Feb. 4,
2008. The overall goal was to
assess the adequacy of the
internal controls put in place
by officials to safeguard district
assets.
In order to accomplish
that, an initial assessment of
the internal controls was
preformed so that the Comptroller’s
Office could design
an audit to focus on those areas
most at risk. The initial
assessment included evaluations
of the following areas:
financial oversight, cash receipts
and disbursements,
purchasing, payroll and personal
services and information
technology.
Copyright © 1999-2008 cnhi, inc.