Florida State University needs to establish stronger controls over employee access to sensitive information such as student Social Security numbers and strengthen its protocol of assessing if security risks exist within its IT units, a state audit has revealed.
The Florida Auditor General’s Office also said tighter controls are needed over cash-collection sites on campus and that receipts and deposits should be made in a timely fashion.
The report, released in late December, covered January to December 2017. FSU officials say they have addressed or are addressing concerns the finding listed in the review.
Among the findings:
Continue efforts to reauthorize cash collection points.
Auditors discovered that while 27 cash collection points on campus had been properly reauthorized, 57 sites had been operating for three years without authorization.
“Absent timely reauthorization, the collection points operated without specific authority, increasing the risk for collections to be diverted, without timely detection and resolution,” the report says.
Auditors also found that some checks collected had not been timely deposited.
FSU said 60 of the 67 collection points have since been verified as of November, and the remaining ones were to be completed by Dec. 30.
Information technology
Auditors advised tighter control was needed over access to students’ identification information.