Tim Whisenhunt addresses the Board of Regents/Trustees.

Justin Kersey with Crawford and Associates presented the 2021-2022 audit findings for the College Bookstore and IT General Controls at the April 18 meeting of the Board of Regents/Trustees. 

“We go and conduct interviews with appropriate management personnel,” Kersey said. 

They selected key areas that cover backup of data access and security controls, internet policies, physical control over assets, and employee termination procedures.

To conduct the audit, Crawford and Associates had a sample of five terminated employees and requested information from HR and the IT department. 

She also asked if employees who leave OCCC have outside access to the system or must they physically be on campus. 

Whisenhunt replied that student employees wouldn’t have the same access as non-student employees and referenced one of the sample selections. He also noted a retiree wasn’t promptly removed from the system because his ticket did not have a termination date. 

The Board of Regents spent a good portion of time discussing the safety of OCCC’s network and disaster recovery. 

The meeting never expressed previous concerns or caused any new concerns. However, the discussion alluded to possible system breakdowns without reinforcing the importance of timely termination notifications required to allow the IT Department to maintain network security. 

When asked why he believes the Board of Regents spent so much time discussing network security, Khai Huynh, Pioneer staff writer said, 

“The recovery plan will tell the organization whether the network is secure or not,” Khai Huynh, Pioneer Staff Advisor and a computer science major at the University of Oklahoma, said. 

Internal network sabotage could damage a college’s reputation, interrupt the flow of business, cause compliance issues and become costly, but the April Board of Regents/Trustees meeting reflected its commitment to preventing cyber-attacks and data breaches.

Khai Huynh

About Post Author

Leave a Reply

Your email address will not be published.