An audit by the New York State Comptroller’s Office has uncovered significant deficiencies in the Wayland-Cohocton Central School District’s management and monitoring of building access accounts and badges, raising concerns about unauthorized access to school facilities.
The report, covering the period from July 1, 2023, to June 30, 2024, found that district officials failed to establish clear written procedures for managing building access accounts and badges. Among the findings were inadequate oversight of access granted to non-employees, missing background checks, and unmonitored shared access accounts.
“Without proper procedures, the district cannot ensure building access accounts and badges are properly issued, managed, and monitored,” the report stated.
The audit revealed that nearly half of the active building access accounts — 319 out of 654 — belonged to non-employees or were generic shared accounts. Alarmingly, 39 individuals participating in continuing education programs were granted access without undergoing background checks. Additionally, 14 non-employee accounts and badges were issued without proper authorization from district administrators.
In one instance, the district failed to deactivate the access account of a former employee who had resigned months earlier, and the associated badge remained unaccounted for until auditors flagged the issue.
The audit also criticized the district for not having a formal service-level agreement (SLA) with its third-party security system provider. This agreement would outline roles, responsibilities, and oversight measures for managing the badge system and shared accounts, particularly those provided to first responders.
District officials generally agreed with the audit’s findings and pledged to take corrective action. The Comptroller’s Office issued several recommendations, including creating written procedures for managing access accounts, conducting background checks for non-employee access, and formalizing an SLA with the security provider.
The district has been instructed to prepare a corrective action plan within 90 days to address the identified vulnerabilities.
FingerLakes1.com is the region’s leading all-digital news publication. The company was founded in 1998 and has been keeping residents informed for more than two decades. Have a lead? Send it to [email protected].