Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
Audit: Many Kansas school districts lack basic accounting-system access controls and written policies
Summary
A Legislative Division of Post Audit review found that among 20 Kansas school districts examined, most lacked at least one basic access control for accounting systems and very few had written policies covering account management, identity management and user limits.
Maury, an auditor with the Legislative Division of Post Audit, told the Legislative Post Audit Committee that his office evaluated accounting-system access controls at 20 school districts to answer whether the districts “have adequate access security controls.” He summarized the audit’s short answer: “Of the 20 districts that we reviewed, only some had adequate access controls for their accounting systems and very few had adequate written policies.”
The audit team compiled 12 access controls drawn from guidance by the Kansas Information Technology Executive Council (ITEC), the National Institute of Standards and Technology (NIST) and accounting-control practices the Kansas Department of Administration makes available. The controls were grouped into three categories: account management, identity management, and user limits.
Why it matters: district accounting systems record payroll, benefits and other K‑12 expenditures; weak access controls can increase risk of unauthorized access, ransomware and fraud. The auditor said school districts are not required by state law to have specific accounting-system access controls; the audit therefore evaluated…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
