Financial Audit Division Report 13-20 | Released August 29, 2013 |
The Department of Education did not have adequate internal controls to ensure that it appropriately limited access to its data and protected the hardware and software that support its significant computer applications. 1
The audit objective was to determine whether the Department of Education had adequate information technology controls, as of March 2013, to protect data from unauthorized access or modification and to ensure that changes made to the department’s significant computer applications and supporting hardware and software were authorized.
1The Department of Education’s significant applications included the Integrated Department of Education Aid System (IDEAS) which processed state school aid payments; the State Educational Record View and Submission System (SERVS) which processed federal school aid payments; and versions one and two of the Cyber-linked Interactive Child Nutrition System (CLiCS1 and CLiCS2), which processed federal food and nutrition program payments.