A state audit has found that Eastport-South Manor school officials allowed too many people to use district financial software, making fiscal records vulnerable to tampering.
The 13-page audit, conducted by the office of Comptroller Thomas P. DiNapoli and released last week, did not find evidence of "inappropriate activity," but recommended changes in district policy.
District officials, in a letter to DiNapoli's office, agreed to make changes.DataPer student spending
Auditors found that district officials "improperly assigned administrative privileges and provided excessive access rights" to financial software, the report said. Auditors also found the district did not have written guidelines for how user access should be assigned. The audit was conducted from July 2013 to August 2014.
Access to the financial software was granted to an unnamed assistant business administrator, "even though she is not independent of the financial record keeping functions," auditors wrote.
"Therefore, the assistant business administrator has unrestricted access to all functions within the financial software package. She can add new users to the system, create and change user access rights and can make or delete evidence of payments without restriction," the report said.
Auditors also found a purchasing agent had access to parts of the financial software "that are not consistent with her job duties."The audit said the district's actions created "an increased risk that unauthorized changes to the accounting records, software security settings and user authorization privileges could occur and go undetected. This could lead to the loss of important financial data and cause interruptions to district operations."
In a written response dated March 4, district Superintendent Mark A. Nocero said the assistant business administrator was granted access to the software "as the designated backup financial system administrator" because the district's director of technology position was vacant. That position has been filled, Nocero said.
"We agree that a person independent of the financial operations should be the financial system administrator," he wrote. "Based on your recommendation, we will explore the possibility of having someone independent of the business office serve as the backup financial system administrator."
Nocero also said the district would "formally document" procedures for granting computer access to employees.