The Miami-Dade County District School Board (District) Information Technology Services office (ITS) administers and delivers infrastructure and application support to the District.  Our audit focused on evaluating management controls and selected information technology (IT) functions related to ITS during the period February 2004 through May 2004, including selected general controls; determining the effectiveness of management’s configuration policies and procedures for promoting a secure network infrastructure; and determining management’s assessment of Health Insurance Portability and Accountability Act of 1996 (HIPAA) applicability to the District and evaluating the  effectiveness of selected IT-related actions taken to promote compliance with HIPAA.

Certain deficiencies were noted in the District’s management controls over selected IT functions.  Specifically, these deficiencies included:

Finding No. 1:   The District lacked centralized IT administration controls necessary to ensure that network configuration and security standards and procedures were applied and performed with adequacy, consistency, and appropriateness. 

Finding No. 2:  Improvements were needed in the District’s network management practices. 

The Superintendent's response to the audit findings and recommendations is included in the audit report on the Auditor General Web site.