Get updates delivered to you daily. Free and customizable.
Connecticut Inside Investigator
Audit finds IT deficiency at CSCU
By Katherine Revello,
20 days ago
Information security policies used in a system that collects records at the Connecticut State Colleges and Universities (CSCU) system office were at least two years out of date according to an audit conducted by the Auditors of Public Accounts.
The audit was conducted in November 2023 and reviewed CSCU’s system office’s internal controls over the Banner Information System, which collects data related to financial records, human resources, and student information, and found it was using information security policies that were at least two years out of date. It also looked at the office’s compliance with policies and procedures, as well as the efficiency of certain management practices.
The audit revealed one finding about an internal control deficiency, as well as an instance of noncompliance with policies. It found that CSCU’s information security policy was at least two years out of date.
CSCU’s information security policy requires that policies and procedures be reviewed annually. CSCU’s information security policy relies on a publication from the National Institute of Standards and Technology, which was last revised in September 2020. The information security policies the audit reviewed did not include that revision.
The finding was rated a moderate risk. Other categories the audit reviewed, including maintenance, personnel, and security, were rated low risk and the audit’s review of practices in these areas did not generate any findings.
“Missing or outdated policies increase the risk of inadequate or incomplete procedures (electronic or human), and undermine efforts to ensure appropriate confidentiality, integrity, and availability of data.” the audit report noted.
According to the audit, the finding, which has not been previously reported, was caused by changes in personnel and “shifting management priorities.”
Auditors recommend CSCU’s system office strengthen its internal controls to ensure its policies are current. The office agreed with the finding and said it is “currently reviewing some of the identified documents, with others planned for review early next year.”
Get updates delivered to you daily. Free and customizable.
Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.
Comments / 0