Case Study
September 16, 2022

A School District Improves Cybersecurity Through Risk Management and Internal Audit

No items found.
Ready to find your business’ potential?
contact us
back to insights

Management asked: "What are the biggest threats to the district and are we adequately addressing these threats?"


  • The school district required an enterprise risk assessment to determine high-risk areas/processes
  • Based on the risk assessment results, we prioritized the highest risk areas within our audit plan, which included IT general controls and cybersecurity
  • Conducted an internal audit of IT general controls and cybersecurity processes and identified areas for cybersecurity posture improvements

Our Approach

Risk Assessment

  • Determined the residual risk ratings for key processes by considering the school district's inherent risks (i.e., types of risks and likelihood of occurrence) and the potential impact to the school districts if these risks materialized, after considering the mitigating internal controls (i.e., control effectiveness)
  • Based on the residual risk ratings, the internal audit plan was developed for the subsequent three-year period, prioritizing the highest risk areas including cybersecurity

Internal Audit Process

  • Conducted detailed corroborative interviews of key IT and cybersecurity stakeholders to gain an understanding of the current state of implemented controls and identify potential control gaps
  • Performed substantive testing and data analysis of key IT general and cybersecurity controls to determine the sufficiency of design and operating effectiveness of implemented controls
  • Reported on the potential risks and impacts of identified IT and cybersecurity deficiencies, utilizing specific and measurable attributes to best estimate the impacts in an actionable format
  • Provided recommended corrective action plans to jumpstart the remediation process for the identified vulnerabilities

Customer Impact

  • Received detailed summary of internal audit results, including recommendations to improve the overall security of the school district
  • Technology staff able to coordinate immediately with Elliott Davis and respond to critical findings
  • Utilizing the internal audit results, the school district improved the security controls surrounding its critical computer systems and information resources to mitigate the impacts of internal and external cybersecurity threats

We Can Help

For more information on this and other topics, contact a member of our team.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.

links and downloads.

Ready to find your business’ potential?

get in touch

download the white paper

meet the author

meet the authors

No items found.

contact our team.