1 / 30

Communication is Between People. The Rest is Technology.

How to Prepare for and Survive an IT Audit. Communication is Between People. The Rest is Technology. AGENDA. Types of School Audits Why an IT Audit Benefits Drivers or “Triggers” Typical Components of an Audit Key Educational Components Phases of an Audit Key Documents Key Policies

fleta
Download Presentation

Communication is Between People. The Rest is Technology.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Prepare for and Survive an IT Audit Communication is Between People. The Rest is Technology.

  2. AGENDA • Types of School Audits • Why an IT Audit • Benefits • Drivers or “Triggers” • Typical Components of an Audit • Key Educational Components • Phases of an Audit • Key Documents • Key Policies • Resources

  3. School District Audits • Financial • 3rd party review of the districts financial statements • Curriculum • 3rd party review of the districts teaching approach and alignment • Information Technology • 3rd party review of the districts efficiencies of its existing network

  4. Shaping Questions • Why have we chosen to invest in educational technologies? What rationales have motivated and shaped these investments over time? • What have been identified as the requisite steps to take in order to ensure that technologies are effectively implemented? What specific recommendations have been given priority over time? • What assumptions underlie our vision for how technologies can impact teaching and learning, and how have these changed over time?

  5. Why Conduct an IT Audit • Gives us an opportunity to assess or re-asses why we use technology in the academic and administrative enterprise

  6. Why Conduct an IT Audit • Merely a “Checkup” • Reveals areas of strength • Reveals areas of weakness • Promotes growth • Accountability

  7. Benefits • Provides an insight to make sure your IT strategy is meeting your Technology Plan which feeds into: • Objectives • ROI • Student Achievement • Assets • ……and finally desired Goals

  8. Drivers • Legislative Mandates • E-Rate Funding • Private Funding • Privacy Notification Regulations • Accountability • Where the roles and responsibilities lie in meeting district goals • Incidents • School Board requests

  9. Considered Areas of Focus

  10. Typical Components • Hardware Review • Servers • Workstations • Closets • Wiring • Peripherals • Software Evaluations • OS • Business Critical • Licensing • Training • Standardization

  11. Typical Components • Documentation • System components/Topology • Facilities Plan • Log Files • Configuration Files • Asset Management • Benchmarks • Backup Procedures/DR Plan • Systems Environment • Critical Functions • Management • Personnel • Budgeting

  12. Typical Components • Security • Access Controls • Log Files • Configuration Files • Benchmarks • IDS/IPS Reports • Policies • Acceptable use • Signed agreements • Security

  13. Tools • Nessus • Comprehensive vulnerability scanning program. • NMAP (Network Mapper) • Used to discover hosts and services on a network creating a “map” of the network. • MSBA • Microsoft tool used to determine missing security updates and less secure settings on Windows machines.

  14. Tools • IDS/IPS • Device or software that monitors network activities for malicious or policy violations. • RAT (Router Audit Tool) • Checks router configurations against benchmarks and produces a report listing each rule with a pass/fail score and corrections. • Nipper • Software that identifies weaknesses on firewalls, routers and switches and offers remediation.

  15. This is where the “cookie cutter” approach ends • We have just discussed the rudimentary components • The “tailored components” starts now • Crafted to address what matters in YOUR school district

  16. Specific Key Components • Professional Development • What technology-related training and/or professional development do staff receive? • What are the goals, methods, incentives, and content of technology-related training and/or professional development for staff? • How are training and/or professional development for staff evaluated?

  17. Specific Key Components • Curriculum Development • Does the school districts instructional applications support teaching and learning standards? • Is there support for technology tool skill development? • Are the applications in use evaluated for effectiveness? • Technology Integration • Are teachers proficient in the use of technology in the environment? • Are students proficient in the use of the technology in the environment? • Is technology fully integrated into the environment?

  18. Phases of an IT Audit • Pre-Audit (Internal) • Creation of Teams • Creation of “high-level” documentation • Creation of questionnaires • Report findings • On-Site Visit (External) • Collecting the Data • Results and Follow up • Data Analysis • Final Report • Remediation

  19. Pre-Audit • During this phase it is the schools intent to show that the school has its act together and is making progress toward goals established. • Overview: • Team leaders are chosen. (superintendent) • Audit teams are chosen. (teachers, administrative) • Existing documentation is gathered and shared • Meetings are held to communicate process • Teams work school by school • Another team works on the district as a whole • Questionnaires are created for teachers and staff • Reports are written and combined • Presentation to School Board • School Board approves and results are posted

  20. Sample Questions • Some of the questions that can be addressed in this step. • Questions: • How does the use of computers, the Internet and other applications by teachers and students affect student performance, knowledge and skills? • How does the investment in technology compare with other educational innovations, such as smaller classes or individualized instruction, in terms of costs and benefits? • What are the professional development and technical support strategies for enhancing teachers’ effective use of technology?

  21. On-site Visit • An outside auditor free from bias of the existing situation. The job here is to collect the data created from exercises mentioned prior and to confirm it is accurate to the environment. • Overview: • Team leaders meet with the auditor • Local teams share all documentation and internal reports • Discuss timelines and objectives • What is to be audited? • Auditor studies all documentation • Auditor conducts on-site visit, makes observations • Auditor meets with teams, makes observations

  22. Sample Questions • Some of the questions that the auditor might include. • Questions: • Have processes been implemented to safe-guard the future viability of the system and the data residing on the system in the event of a malicious or catastrophic event? • What processes have been implemented to allow for efficient management of the district’s deployed software/hardware? • Is a process in place for the technology support group and teachers to communicate about the district's future direction in education technology and any challenges they might encounter?

  23. Results and Follow up • Auditor presents findings/reports to team leaders • Auditor presents findings to School Board with recommendations • Optional, but auditor might present findings to community • Remediation should then proceed from findings • This improvement plan will need to be created and executed • This improvement plan is then reviewed by external auditor

  24. Key Documents • Technology Inventory (Asset Tagging) • Technology Plan • Facilities Plan • Network Documentation • Configurations and Log Files • Security/Access Reports • IDS/IPS Reports

  25. Key Policies and Procedures • Computer/Equipment Usage • Acceptable Use • Information Access • Application Use • Managing Sensitive Instruction-related Information • Protecting Student Information/Privacy • Technology Investment Protection Guidelines • Staff Education • Parent and Community Education

  26. New Developments • Social Networking • SmartPhones • BYOD

  27. Summary • Why an IT Audit • Benefits • Drivers or “Triggers”

  28. Summary • Typical Components of an Audit • Key Educational Components • Phases of an Audit • Key Documents • Key Policies

  29. Resources • Technology Audit • www.nces.ed.gov • Technology Plan • www.nctp.com • dpi.state.wi.us/imt/techplan.html • www2.ed.gov/programs/edtech/techstateplan.html • Technology Policies • www.schooltechpolicies.com • Other • www.thejournal.com

  30. Q&A

More Related