The Brevard County District School Board (District) utilizes Comprehensive Information Management for Schools (CIMS) and CrossPointe software that provide application processing for District administrative systems.  CIMS software processes financial data that supports functions such as general ledger, accounts payable, purchasing, and budget.  CrossPointe software processes data that supports payroll, human resources, and student functions.  The District is in the process of migrating all administrative systems to CrossPointe software, with the completion scheduled for July 2005. 

Our audit focused on selected general information technology (IT) controls, including aspects of the District’s management of the CrossPointe software implementation, and selected terms of the CrossPointe software contract, during the period October 2004 through January 2005, and selected District actions taken from July 2003 through February 2005.  We also evaluated the District’s progress in correcting selected IT-related deficiencies disclosed in audit report No. 02-129; the performance review and best financial management practice review issued by the Office of Program Policy Analysis and Government Accountability (OPPAGA), dated August 1999; and the management letter issued by the predecessor auditor, dated October 23, 2003.

Certain deficiencies were noted in the District’s management controls over selected IT functions.  Specifically, these deficiencies included:

Finding No. 1:        Improvements were needed in the District’s IT risk management practices.

Finding No. 2:        Improvements were needed in the District’s security management. 

Finding No. 3:        The District lacked centralized IT administration controls and enforcement capabilities necessary to ensure that network configuration and security standards and procedures were applied and performed with adequacy, consistency, and appropriateness throughout the District. 

Finding No. 4:        Deficiencies were noted in the District’s IT Disaster Recovery Plan.

Finding No. 5:        The District lacked a formal information systems development methodology.  

The Superintendent's response to the audit findings and recommendations is included in the audit report on the Auditor General Web site.