Lake-Sumter Community College (College) uses the SCT Banner System to support various student and administrative functions.  The SCT Banner System operates in a client server environment.

Our audit focused on the Payroll module of the SCT Banner System, as implemented by the College. We also evaluated selected general controls within the overall information technology (IT) environment of the College for the period February 2004 through May 2004, and selected College actions taken from June 2000, and determined management’s awareness of and actions taken regarding the Health Insurance Portability and Accountability Act (HIPAA).

As described below, we noted deficiencies in certain controls related to the College’s IT functions and practices. 

Finding No. 1:        The College had not developed a Collegewide security program to ensure that exposures and vulnerabilities of IT resources had been sufficiently assessed by management and addressed through enforced user and system security controls.  Additionally, during our field work, the College had not established a security management structure with a central figure (Information Security Manager or similar function) assigned the responsibility of overseeing the security program.

Finding No. 2:        Operational deficiencies were noted in the College’s security controls within the SCT Banner application environment.

Finding No. 3:        Deficiencies were noted within the security of the network operating environment at the College.

The President's response to the audit findings and recommendations is included in the audit report on the Auditor General Web site.