Citizen Portal
Sign In

Weaver audit finds incomplete software inventory at Conroe ISD; recommends formal inventory, classification and decommissioning processes

5852605 · May 8, 2025

Get AI-powered insights, summaries, and transcripts

Sign Up Free
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

Weaver advisors presented an application‑inventory and application lifecycle review that found more than 125 applications in a preliminary list, no complete formal inventory or regular classification by security sensitivity, and no formal decommissioning process. Weaver recommended policies, security classification, budget controls for activity‑

Reema Parapili, a partner in Weaver's IT practice, and manager Mudra Mohanty presented an internal audit of Conroe ISD's application inventory and end‑of‑life procedures and identified opportunities to strengthen software governance and security.

Parapili said Weaver found an in‑progress inventory with at least about 125 applications but no formalized policy or completed inventory that includes security classification, purpose, hosting model or single‑sign‑on details. "The application inventory is not complete, and there is no formalized process or procedure in place at the moment," Parapili said.

Weaver documented seven primary improvement opportunities and corresponding management responses and timelines: - Complete and formalize the application inventory and publish roles and responsibilities for inventory maintenance; target policy date September 1 (management response tied to Incident IQ implementation). - Add IT security‑level impact and data classification fields to the inventory (Incident IQ/tool implementation targeted July 1 to support this). - Prevent activity‑fund purchases of unapproved applications by adding budgetary controls and updating the activity fund manual (management targeted April 30 to update the manual and training). - Limit administrative install rights on district machines to IT staff or implement a controlled software center for approved installs (management target October 1 to evaluate and implement; acknowledges cost/impact considerations). - Periodically review higher‑traffic web applications and blacklist unauthorized software in coordination with network services; Weaver noted the district has the LearnPlatform tool to help track web usage and will begin periodic reviews. - Create a formal decommissioning process to remove applications and archive or purge data when systems retire; management tied this to data governance planning with a target starting Sept. 1 pending funding. - Map data flows across applications and define ownership and accountability for data (management recognizes high priority but has not set a final date; funding and scope remain under discussion).

Parapili said the findings were discussed with district leaders and that management agreed to the recommendations and provided target dates for many items. The audit noted that some actions depend on the new inventory system and on a larger data governance project; Dr. Jared Lambert and CFO Karen Garza discussed funding options and a possible multi‑year consultant engagement for data governance during the meeting.

No vote was required; Weaver and district staff agreed to move forward on the inventory implementation and follow up on the listed items.