Financial Audit Division Report 04-28 | Released July 15, 2004 |
Key Conclusion: The Minnesota State Colleges and Universities (MnSCU) designed adequate application controls to help ensure that the Degree Audit Reporting System (DARS) and the Course Applicability System (CAS) properly processed transactions. It did not, however, design and implement adequate security controls to protect the integrity and confidentiality of its DARS and CAS data. Findings:
|
Audit Scope:
Audit Period:
Background: DARS and CAS are commercial software applications purchased by MnSCU. DARS is used to define the requirements for every degree offered. It can be used to help students plan and monitor their academic progress. College employees also use it to ensure students meet graduation requirements. Each of MnSCU’s 32 institutions has its own DARS database. CAS is a web-based system that allows anyone with access to the Internet to research the degrees offered by each MnSCU institution as well as the requirements for them. Also, students can identify courses that transfer from one institution to another. Each of MnSCU’s institutions shares a single CAS database. As of the time of our audit, nine of MnSCU’s institutions had implemented CAS. |