1 Photo
The East Quogue School. FILE PHOTO
With the first day of school only weeks away on September 5, is the East Quogue Union Free School District up to the task when it comes to securing and managing its infrastructure technology (IT) assets?
The answer was “no,” as of a March audit of the district issued by New York State Comptroller Thomas P. DiNapoli.
The comptroller’s office audited the district’s IT spending and deployment of computer equipment for a roughly three-year period beginning in July 2019, and running through March of last year. Over that time, the district bought or leased about $322,000 in IT assets that included servers, computers, monitors and the like. For the audit, the comptroller’s office set out to determine whether the district had, over that time, “appropriately tracked, inventoried and safeguarded IT assets acquired or in use during this period,” according to the district’s own guidelines.
They did not, said DiNapoli’s investigators: “District officials did not appropriately track or inventory IT assets, maintain complete IT inventory records, or establish adequate controls to safeguard IT assets. As a result,” the audit concluded, “officials cannot assure taxpayers that money invested in IT assets has been appropriately spent or safeguarded.”
Taxpayers in March approved a $28.3 million budget for the district that included a 1.99 tax levy increase.
The March 2023 audit found that 20 percent of the district’s IT assets “were not properly accounted for,” and that taxpayer-funded equipment “was susceptible to environmental damage.”
The district has around 400 students and a staff of around 100 at its single elementary school on Central Avenue in East Quogue.
According to the comptroller’s report, the district’s IT director is a contractor responsible for overseeing a two-person IT team — a contracted systems administrator and an IT coordinator who is a district employee. The audit reported that there appeared to be some issue about who was responsible for tracking and inventorying computer purchases, and for making sure equipment was stored or deployed in a safe and secure manner.
It noted that an “interactive display,” valued at more than $3,000, had been left unsecured in a school hallway.
And on-site auditors also “observed water leakage in the ceiling of a server closet above stored network hardware, leaving the hardware susceptible to damage.”
When the comptroller’s office tried to ascertain who may have been responsible for installing a network server in a leaky closet, it found that “The IT Director and the Superintendent said they were unaware of the water leakage and the superintendent told us that the system administrator would be made aware of any leaks. However, the system administrator told us he was unaware of any leaks.” That was, apparently, the purview of the facilities department, according to the audit, which recommended greater coordination between departments.
The key takeaways from the audit were that the superintendent and IT director, “did not provide adequate oversight of IT staff to ensure detailed up-to-date inventory records or a single master inventory list were maintained, annual physical inventories were conducted, or that district IT assets were adequately safeguarded. As a result, district officials cannot be assured that IT assets are adequately accounted for and would be detected if lost, stolen, or misused.”
The district was one of 20 districts around the state whose IT protocols and security practices were recently audited by the comptroller. In January, the East Quogue district, which had been made aware of the audit’s findings prior to the release of the March report, said it was working on the audit’s recommended remedial steps.
The comptroller’s office said the audit was initiated owing to “the onset of the COVID-19 pandemic.” It said that “school districts acquired a significant number of IT assets to transition to remote and hybrid learning,” during the pandemic and that “this influx of new and often highly portable IT assets highlighted the importance of tracking and inventorying practices to ensure that taxpayer funds are appropriately spent and safeguarded.”
DiNapoli’s deputy press secretary, Matt Ryan, explained the methodology behind the IT audits: “We selected 20 districts for audit from a list of school districts (excluding New York City schools) with enrollment greater than 300 and not currently in the OSC audit process at the time of selection. We classified school districts into four groups by enrollment and, using a random number generator, selected districts from these groups. The list was broken out by geographic region for an even representation of school districts across the state for this multi-unit audit.
In a response letter to the comptroller, district Interim Superintendent and school Principal Kelly Fallon said the district was working on a “formal corrective action plan” based on the audit’s findings. Fallon wrote that “we acknowledge that, although we fared well in comparison to others, we have work to do in order to achieve a 100 percent level in this area.”
She committed to a seven-point action plan to, among other things, “perform weekly inspections of all areas where IT equipment is housed to assure its safety and security.”
Fallon stepped into the interim role after longtime school superintendent-principal Robert Long died last summer.
The audit in East Quogue was undertaken during a period when internet security emerged as a huge, countywide issue beginning last September, after the Suffolk County computer network was crippled by a malware attack. That attack prompted localities to take a hard look at their own IT security protocols and make improvements where necessary.
For its part, the East Quogue district puts a big emphasis on technology, believing that it “plays an essential role in enhancing our students’ educational experience,” according to online materials. “That’s why we’ve invested in the latest technology to ensure that all students have access to the tools they need to succeed.”
Students in grades K-2 are equipped with IPads, while third through sixth-graders are provided with Chromebooks “to help them explore the world of online resources and learn how to use technology in responsible ways.”
Efforts to contact Fallon for comment were unsuccessful. The main phone number at the school offered a busy signal on multiple occasions. An email sent to Fallon was forwarded to an assistant, who replied via auto reply that she, the assistant, was out of the office until August 14.
The comptroller’s office was unable to provide an updated assessment of the district’s IT asset management protocols: “While schools prepare a corrective action plan, we are unable to comment on how or if schools implemented the audit recommendations,” said Ryan, “or otherwise remediated the findings without completing a follow-up audit.”
