State Comptroller Audits of Local School Districts Reveal Multiple Failures On Asset Management and IT Security

Education Government Legal
RCBJ-Audible (Listen For Free)
Voiced by Amazon Polly

State Comptroller Audit of Pearl River School District Reveals Failures To Monitor & Account For Fixed Assets

A recently released audit conducted by the New York State Comptroller’s Office concluded the Pearl River Union Free School District has improperly monitored and failed to account for fixed assets. School district officials did not properly monitor and account for 70 percent of fixed assets reviewed by the state auditors totaling $546,527, and failed to follow their own Board-adopted fixed asset policies, according to the report.

“We reviewed 96 fixed assets with a combined cost of $679,7062 and found that not all were recorded, most were not tagged, and assets were not always in the locations indicated. We also found that some assets were disposed of without Board approval or had an unclear disposal status,” state auditors reported.

Specifically, findings revealed 21 fixed assets with a combined cost of $55,832 were not recorded on the inventory list. Officials were unable to locate 26 fixed assets with a combined cost of $57,516. Thirty-one fixed assets with a combined cost of $88,931 did not have the required asset tags. And, thirty-five fixed assets with a combined cost of $491,259 were disposed of without proper approval.

The School District Treasurer is responsible for maintaining the district’s capital assets inventory list, adding new acquisitions and recording disposals under the direction of the Assistant Superintendent for Business.

Ten assets costing $433,179 were disposed of without any evidence of approval, including a grandstand bleacher costing $40,773, and two floor steamers costing $18,929. Some other assets that were “missing” also included a cleaning system costing $4,420, a wireless mic receiver costing $2,370, and a smartboard costing $2,070.

District officials generally agreed with the findings and indicated they plan to initiate corrective action.

Superintendent Marco Pochintesta acknowledged the assets were not properly identified as retired or disposed of according to policy.

Despite the lack of following procedures and district policies, there was no evidence of fraud found in the audit. Extensive corrective measures were detailed for both the Board and the District staff.

Audit of Nanuet School District Reveals Multiple IT Failures and Vulnerabilities

An audit of the Nanuet School District revealed that district officials did not disable and remove unnecessary network user accounts allowing network vulnerabilities, and did not adopt an adequate IT contingency plan in the event of a data loss or serious interruption of services.

The audit found eighteen generic user accounts that were no longer used and should have been disabled. The maintenance of these accounts created a risk that access to the district’s systems could be compromised or used for malicious purposes. Unnecessary network user accounts are entry points into the district’s network that attackers could potentially use to inappropriately access and view personal, private and sensitive information on the network.

The audit also revealed the school district did not have an adequate IT contingency plan describing how officials would respond to potential disruptions and disasters affecting the district’s IT environment. The district had backup and disaster recovery procedures did not adequately address the range of threats to the district’s IT system. Also, the backup plan did not focus on sustaining critical business functions during and after a disruption.

District officials generally agreed with the findings and indicated they plan to initiate corrective action.

Superintendent McCahill said, “The District recognizes that it would best be served by having a comprehensive IT contingency plan that addresses multiple threats.”

The inadequacy of other information technology controls were also reviewed in the audit, but because of the sensitivity of some of this information, the results were not published in the audit, but instead were communicated confidentially to District officials.