4 Approve only routine items. All non-routine items should be discussed and supporting documentation
reviewed.
5 Inquire whether the district periodically performs a review of adopted written procedures, processes,
and guidelines.
6 Develop and distribute a policy for staff to submit concerns to the Board.
7 Adopt a comprehensive policy to address nepotism.
8 Adopt a policy that the Superintendent report all personnel actions to the Board.
9 Ensure policies address continuing education for employees, including the Superintendent.
10 Establish and adhere to policies regarding extended employees’ workdays beyond their original
contracts.
11 Take official action during a Board meeting to approve the Superintendent’s contract itemizing
compensation and benefits to be provided by the district.
12 Specify vacation and sick days in the Superintendent’s contract.
13 The Board’s attorney should review the Superintendent’s proposed contract prior to it being approved
by the Board.
14 Ensure employment contracts are written and signed prior to the contract’s effective date.
15 Provide copies of the Superintendent’s contract to the Board’s attorney for an annual review.
16 Review the Superintendent’s benefits and the costs associated with those benefits.
17 Review the current contract for the Superintendent and determine the cost of each benefit for
extending the contract.
18 Review of the Superintendent’s credit card purchases with receipts are done by the full Board, Board
Chair, or a designated Board committee.
19 Review of the Superintendent’s reimbursement requests are done by the full Board, Board Chair, or a
designated Board committee with an initial review conducted by the District’s financial officer.
20 Establish an annual work calendar for the Superintendent that specifies the non-workdays associated
with the Superintendent’s contract. Any modification should be formally submitted for review and
approval by the Board.
21 Adopt the Kentucky Model Procurement Code and follow KRS 45A.385 for small purchases.
22 Develop a policy to require procurement agreements be documented in a formal, written contract
and not rely on implied or verbal agreements.
23 Determine the threshold amount and establish a policy for which a contract requires Board approval.
24 Establish a maximum reasonable number of contract extensions allowable before a competitive
procurement is again required for multi-year contracts.
25 Determine if the use of credit cards by the district’s schools is necessary. If deemed necessary, consider
the use of a procurement card with transaction controls.
26 Establish a specific credit card policy if they are continually used. See the linked report for
recommended policies.
27 Require the costs for training, conferences, or other travel expenses be directly billed to the district or
incurred by the employee for reimbursement.
28 Adopt a policy requiring supporting documentation for all reimbursement requests for conferences
and trainings.
29 Pre-approve all out-of-state travel for the Superintendent, other district employees, and Board
members, including travel for professional development.
30 Adopt the Kentucky State Government per diem reimbursement rates and travel regulations, as
specified by 200 KAR 2:006.
31 Create a written policy regarding the use of district fleet vehicles, addressing assignments to
employee(s) and all accompanying documentation for identification and use.
32 Develop a policy for the use of a fleet fuel card or other credit cards for gas purchases, restricting the
use for only fuel purchases related to business purposes and requiring a card user agreement.
33 Develop a policy for submitting fuel receipts that would require the employee’s initials, the vehicle or
license plate number, and the odometer reading to be recorded on the fuel receipt at the time the fuel is
purchased, and a timeframe for when receipts should be submitted.
Section II: Recommendations 34-38 for Superintendents to Address
Policies or Procedures Regarding Expenditures, Travel, Leave, and
Employee Position Descriptions.
34 Develop, in conjunction with other district management, written procedures to ensure expenses are
appropriate, reasonable, and necessary for the district’s operation prior to its effective date. See the
linked report for recommended procedures.
35 Develop, in conjunction with other district management, specific procedures to ensure that travel and
other reimbursable expenses that are incurred support the district’s operations and objectives and not
personal expenses. See the linked report for recommended procedures.
36 Provide to the Board a copy of the itinerary, meeting minutes, or other materials provided by the host
organization for which a reimbursement for mileage or other travel expenses is requested for
conferences, trainings, and external meetings.
37 Notify the full Board, Board Chair, or a designated Board committee in writing when taking annual,
sick, professional, or other leave for a scheduled contract workday.
38 Review the documented position descriptions for district personnel to ensure they are appropriate,
reflect the employee’s actual job duties and responsibilities.
Section III: Recommendations 39-74 for School District Management
(Management) to Address Various Operational Areas Including
Personnel, Procurement, Travel, and Information Technology.
39 Provide training to all employees commensurate with their job duties and responsibilities. See the
linked report for examples.
40 Develop and formalize an information technology (IT) security awareness program to reinforce
employee responsibilities related to IT security.
41 Evaluate whether candidates are eligible, based on all applicable criteria, for posted employment
positions prior to selecting candidates for interview or further consideration.
42 Provide the district’s itinerant staff with specific written job expectations and required duties where
their work activities are documented daily.
43 Ensure all full-time and substitute employees work the allotted number of hours in accordance with
the Board-approved salary schedule.
44 Implement adequate internal controls to ensure substitute teacher payments are accurate and
supported by timesheets or another form that provides the date, the name of the substitute, the person
for which the substitute is working, and the school or location worked.
45 Report to the Board, at least quarterly, the current amount of leave and the cumulative associated
value of that leave for all staff members, including the Superintendent.
46 Develop a procedure, subject to Board approval, requiring all employees report the actual amount of
leave time used regardless of any exemption status.
47 Implement changes to the Superintendent’s salary or benefits only after complete, written, and signed
documentation is received from the Board.
48 Include the Superintendent’s professional leave in the standard monthly reporting to the Board.
49 Ensure that procurement contracts entered into by the district specify the services required to be
performed and the amount to be paid with specific language outlining everything pertaining to all parties
in the contract. Further, we recommend District policy prohibit gratuities, gifts, conflict of interests, and
other issues involving procurement as specified in KRS 45A.455.
50 Monitor the contractor’s performance and review applicable invoices to ensure compliance with the
contract.
51 Maintain a record of all contracts to facilitate review and monitoring activities.
52 Provide a detailed annual report to the Board of all vendor contract renewals and extensions.
53 Develop a procedure requiring teachers to be informed of the individual maximum amount in the
budget available for reimbursement of personal funds used to purchase necessary supplies for classrooms
and students.
54 If the Board adopts the per diem method for meal reimbursement as previously suggested, disallow
and discourage other methods to incur meal expenses, such as the use of district credit cards or
reimbursing the employee based on an actual receipt.
55 Maintain a list of employees attending conferences and training with a criterion on eligibility and
limitations on attendance.
56 Inform appropriate payroll staff of employee take-home vehicle assignments so that the taxable
benefit is properly reported on the employee’s W-2 tax documents, vehicle records are maintained, and
responsibility is assessed accordingly in the case of misuse or improper filing.
57 Require maintenance/transportation departments to maintain an accurate, up-to-date inventory
database.
58 All written district IT policies and procedures must reflect current processes and procedures. See the
linked report for examples of district IT policies and procedures.
59 Ensure updated policies and procedures are maintained in a central location and made available to all
district staff.
60 Ensure internal staff and the application vendor has properly configured IT devices to limit
vulnerabilities that could be exploited.
61 Identify all services running on their critical servers housing student information or other personally
identifiable information (PII) are strictly secured and encrypted.
62 Ensure a process is in place to identify incidents where breaches of district systems and data have
occurred, including a remediation plan and formal process for notifying the affected individuals, credit
bureaus, and appropriate law enforcement in compliance with KRS 61.931 to 61.934.
63 Develop a process for sanitizing and disposing of IT equipment in their central office and individual
schools.
64 Develop a report to communicate sanitizations and disposals by the schools to the central office with
any items that are removed from the district’s fixed asset listing accounted for and included in the report.
65 Develop a formal written procedure detailing the process for all employees, including central office
staff, to request new access, change access, or remove access to applications.
66 Perform periodic review of the user accounts and security role groupings established within these
applications and production servers to ensure they have a business purpose. Restrict access of outside
vendors to the district network to defined periods of time with all actions taken monitored by IT staff.
67 Work with KDE to develop and formalize a password policy. See the linked report for a list of password
requirements.
68 Apply the password policy to all applications used by the district. Any exceptions to the password
policy should be retained.
69 Implement a standardized process to ensure password audits are performed on a periodic basis.
Results of these password audits should be maintained.
70 Ensure that all new IT devices are consistently and periodically configured based on internally
developed or KDE directed base- line configurations. Document any variations from the base-line
configurations with justification and management’s authorization.
71 Take the necessary actions to ensure the services and open ports on their devices have a specific
business purpose. Any unnecessary services are to be disabled or the associated ports should be closed.
72 Develop and finalize a DRP/BCP with adequate distribution to key staff within the process cycle. See
the linked report for a list of what a DRP/BCP should include.
73 Develop, document, test and distribute written backup procedures to key staff responsible for this
process and provide training in their specific responsibilities. See the linked report for recommended
backup procedures.
74 Review the applicable record retention schedules established by the Kentucky Department of Libraries
and Archives.
Section IV: Recommendation 75 for Site Based Decision Making
Councils Regarding Activity Fund Policies and Procedures.
75 To facilitate compliance with the Kentucky Department of Education’s (KDE) Accounting Procedures
for Kentucky School Activity Funds, we recommend Site Based Decision Making Councils develop school
specific policies and procedures to oversee activity funds. These policies and procedures should be
designed to ensure financial transactions of the activity funds are properly accounted for, reported, and
used for the benefit of the students. We also recommend that the Site Based Decision Making Council
inform all external booster organizations of the requirements of activity accounts according to KDE’s
Accounting Procedures for Kentucky School Activity Funds, as well as any school specific policies and
procedures developed.