Summary

Our operational audit for the fiscal year ended June 30, 2008, disclosed the following:
 

Finding No. 1:    The District granted excessive or unnecessary access privileges within PeopleSoft and the supporting information technology (IT) environment.

Finding No. 2:    The District did not timely conduct a review and evaluation of the collection of social security numbers or provide a written statement to individuals stating the purpose for collection of the numbers, contrary to Section 119.071(5)(a), Florida Statutes.
 

Finding No. 3:    The District used ad valorem tax proceeds, totaling $74,053, for nonauthorized purposes such as the purchase of band uniforms and software licenses. Subsequent to our inquiry, the District appropriately reimbursed these expenditures from other moneys.
 

Finding No. 4:    The District lacked written policies and procedures for certain IT security and configuration management functions.
 

Finding No. 5:    The District’s security controls related to user account management, logging, and user authentication needed improvement.
 

Management’s response is included as Exhibit B.