Summary

Our operational audit for the fiscal year ended June 30, 2008, disclosed the following:

Finding No. 1:          Improvements are needed in the District’s preparation of bank reconciliations for its two main operating accounts.

Finding No. 2:          Enhancements could be made in District procedures to ensure that the investment of certificate of participation proceeds are appropriately secured.

Finding No. 3:          Controls over the expenditure of capital outlay millage levy and county impact fee proceeds could be improved.

Finding No. 4:          Improvements could be made in payroll processing controls over time records.

Finding No. 5:          The District could enhance procedures to ensure compliance with certain facility safety standards.

Finding No. 6:          Controls over the issuance of student diplomas could be enhanced.

Finding No. 7:          The District did not conduct a review and evaluation of the collection of social security numbers or provide a written statement to individuals stating the purpose for collection of the numbers, contrary to Section 119.071(5)(a), Florida Statutes (2007).

Finding No. 8:          Enhancements could be made in procedures for timely obtaining fingerprints and background checks for contractual personnel that have direct contact with students.

Finding No. 9:          Monitoring controls over cellular telephones use could be improved.

Finding No. 10:        Improvements are needed in District procedures for monitoring insurance coverage of its charter schools.

Finding No. 11:        The District’s schedule of property casualty insurance coverage was not accurate.

Finding No. 12:        The District had not developed policies for communicating and reporting known or suspected fraud.

Finding No. 13:        The District did not document that it had established an information technology (IT) security awareness program, and should take immediate action to properly secure and restrict access to certain personal information.

Finding No. 14:        Total Educational Resource Management System (TERMS) application security activity, including modifications to user access privileges, was not systematically logged by the District, limiting the District’s ability to monitor the appropriateness of security administration actions.

Finding No. 15:        The District lacked written policies and procedures for certain security monitoring functions.

Finding No. 16:        The District’s IT disaster recovery plan, approved in 2006, had not been tested.

Management’s response is included as Exhibit B.