Communication is Between People. The Rest is Technology.

How to Prepare for and Survive anIT Audit

AGENDA

• Types of School Audits• Why an IT Audit• Benefits• Drivers or “Triggers”• Typical Components of an

Audit• Key Educational

Components• Phases of an Audit• Key Documents• Key Policies• Resources

School District Audits

• Financial 3rd party review of the

districts financial statements

• Curriculum 3rd party review of the

districts teaching approach and alignment

• Information Technology 3rd party review of the

districts efficiencies of its existing network

Shaping Questions

• Why have we chosen to invest in educational technologies? What rationales have motivated and shaped these investments over time?

• What have been identified as the requisite steps to take in order to ensure that technologies are effectively implemented? What specific recommendations have been given priority over time?

• What assumptions underlie our vision for how technologies can impact teaching and learning, and how have these changed over time?

Why Conduct an IT Audit

• Gives us an opportunity to assess or re-asses why we use technology in the academic and administrative enterprise

Why Conduct an IT Audit

• Merely a “Checkup”

• Reveals areas of strength

• Reveals areas of weakness

• Promotes growth

• Accountability

Benefits

• Provides an insight to make sure your IT strategy is meeting your Technology Plan which feeds into:

Objectives ROI Student Achievement Assets ……and finally desired Goals

Drivers

• Legislative Mandates E-Rate Funding Private Funding Privacy Notification Regulations

• Accountability Where the roles and responsibilities lie in meeting

district goals

• Incidents

• School Board requests

Considered Areas of Focus

Typical Components

• Hardware Review Servers Workstations Closets Wiring Peripherals

• Software Evaluations OS Business Critical Licensing Training Standardization

Typical Components• Documentation

System components/Topology

Facilities Plan Log Files Configuration Files Asset Management Benchmarks Backup Procedures/DR Plan

• Systems Environment Critical Functions Management Personnel Budgeting

Typical Components• Security

Access Controls Log Files Configuration Files Benchmarks IDS/IPS Reports

• Policies Acceptable use Signed agreements Security

Tools

• Nessus Comprehensive vulnerability scanning

program.

• NMAP (Network Mapper) Used to discover hosts and services on

a network creating a “map” of the network.

• MSBA Microsoft tool used to determine

missing security updates and less secure settings on Windows machines.

Tools

• IDS/IPS Device or software that monitors

network activities for malicious or policy violations.

• RAT (Router Audit Tool) Checks router configurations against

benchmarks and produces a report listing each rule with a pass/fail score and corrections.

• Nipper Software that identifies weaknesses on

firewalls, routers and switches and offers remediation.

• This is where the “cookie cutter” approach ends We have just discussed the rudimentary components

• The “tailored components” starts now Crafted to address what matters in YOUR school

district

Specific Key Components• Professional Development

What technology-related training and/or professional development do staff receive?

What are the goals, methods, incentives, and content of technology-related training and/or professional development for staff?

How are training and/or professional development for staff evaluated?

Specific Key Components• Curriculum Development

Does the school districts instructional applications support teaching and learning standards?

Is there support for technology tool skill development?

Are the applications in use evaluated for effectiveness?

• Technology Integration Are teachers proficient in the use of technology in the

environment? Are students proficient in the use of the technology in

the environment? Is technology fully integrated into the environment?

Phases of an IT Audit• Pre-Audit (Internal)

Creation of Teams Creation of “high-level”

documentation Creation of questionnaires Report findings

• On-Site Visit (External) Collecting the Data

• Results and Follow up Data Analysis Final Report Remediation

Pre-Audit

During this phase it is the schools intent to show that the school has its act together and is making

progress toward goals established.

Overview:• Team leaders are chosen. (superintendent)• Audit teams are chosen. (teachers, administrative)• Existing documentation is gathered and shared• Meetings are held to communicate process• Teams work school by school• Another team works on the district as a whole• Questionnaires are created for teachers and staff• Reports are written and combined• Presentation to School Board• School Board approves and results are posted

Sample Questions

Some of the questions that can be addressed in this step.

Questions:• How does the use of computers, the Internet and

other applications by teachers and students affect student performance, knowledge and skills?

• How does the investment in technology compare with other educational innovations, such as smaller classes or individualized instruction, in terms of costs and benefits?

• What are the professional development and technical support strategies for enhancing teachers’ effective use of technology?

On-site Visit

An outside auditor free from bias of the existing situation. The job here is to collect the data

created from exercises mentioned prior and to confirm it is accurate to the environment.

Overview:• Team leaders meet with the auditor• Local teams share all documentation and internal

reports• Discuss timelines and objectives

• What is to be audited?• Auditor studies all documentation• Auditor conducts on-site visit, makes observations• Auditor meets with teams, makes observations

Sample Questions

Some of the questions that the auditor might include.

Questions:• Have processes been implemented to safe-guard the

future viability of the system and the data residing on the system in the event of a malicious or catastrophic event?

• What processes have been implemented to allow for efficient management of the district’s deployed software/hardware?

• Is a process in place for the technology support group and teachers to communicate about the district's future direction in education technology and any challenges they might encounter?

Results and Follow up

• Auditor presents findings/reports to team leaders

• Auditor presents findings to School Board with recommendations

• Optional, but auditor might present findings to community

• Remediation should then proceed from findings

• This improvement plan will need to be created and executed

• This improvement plan is then reviewed by external auditor

Key Documents• Technology Inventory (Asset Tagging)• Technology Plan• Facilities Plan• Network Documentation• Configurations and Log Files• Security/Access Reports• IDS/IPS Reports

Key Policies and Procedures

• Computer/Equipment Usage• Acceptable Use• Information Access• Application Use

• Managing Sensitive Instruction-related Information

• Protecting Student Information/Privacy• Technology Investment Protection Guidelines• Staff Education• Parent and Community Education

New Developments

• Social Networking

• SmartPhones

• BYOD

Summary

• Why an IT Audit

• Benefits

• Drivers or “Triggers”

Summary

• Typical Components of an Audit

• Key Educational Components

• Phases of an Audit

• Key Documents

• Key Policies

Resources• Technology Audit

www.nces.ed.gov

• Technology Plan www.nctp.com dpi.state.wi.us/imt/techplan.html www2.ed.gov/programs/edtech/

techstateplan.html

• Technology Policies www.schooltechpolicies.com

• Other www.thejournal.com

Q&A