Recommendations for Kentucky School Districts

​​​Auditor of Public Accounts Recommendations for Kentucky School Districts

The Auditor of Public Accounts makes the following recommendations to assist districts and their boards in designing and implementing effective policies and procedures. These recommendations should aid Board members, superintendents, and district management in providing significant financial oversight and strong internal controls to maximize the fiscal operations of the district. The following recommendations are a summary of the full linked report. Please click the hyperlink in the right-hand panel for the full report. 

Section I: Recommendations 1-33 for School District Boards (Board) Address Oversight, Policies, and Procedures.

1 Expand committee structure. 

2 Hold annual training workshops. 

3 Establish a budget and provide strategic direction and financial objectives. 

4 Approve only routine items. All non-routine items should be discussed and supporting documentation reviewed. 

5 Inquire whether the district periodically performs a review of adopted written procedures, processes, and guidelines. 

6 Develop and distribute a policy for staff to submit concerns to the Board. 

7 Adopt a comprehensive policy to address nepotism. 

8 Adopt a policy that the Superintendent report all personnel actions to the Board. 

9 Ensure policies address continuing education for employees, including the Superintendent. 

10 Establish and adhere to policies regarding extended employees’ workdays beyond their original contracts. 

11 Take official action during a Board meeting to approve the Superintendent’s contract itemizing compensation and benefits to be provided by the district. 

12 Specify vacation and sick days in the Superintendent’s contract. 

13 The Board’s attorney should review the Superintendent’s proposed contract prior to it being approved by the Board. 

14 Ensure employment contracts are written and signed prior to the contract’s effective date. 

15 Provide copies of the Superintendent’s contract to the Board’s attorney for an annual review. 

16 Review the Superintendent’s benefits and the costs associated with those benefits. 

17 Review the current contract for the Superintendent and determine the cost of each benefit for extending the contract. 

18 Review of the Superintendent’s credit card purchases with receipts are done by the full Board, Board Chair, or a designated Board committee. 

19 Review of the Superintendent’s reimbursement requests are done by the full Board, Board Chair, or a designated Board committee with an initial review conducted by the District’s financial officer. 

20 Establish an annual work calendar for the Superintendent that specifies the non-workdays associated with the Superintendent’s contract. Any modification should be formally submitted for review and approval by the Board. 

21 Adopt the Kentucky Model Procurement Code and follow KRS 45A.385 for small purchases. 

22 Develop a policy to require procurement agreements be documented in a formal, written contract and not rely on implied or verbal agreements. 

23 Determine the threshold amount and establish a policy for which a contract requires Board approval.

24 Establish a maximum reasonable number of contract extensions allowable before a competitive procurement is again required for multi-year contracts. 

25 Determine if the use of credit cards by the district’s schools is necessary. If deemed necessary, consider the use of a procurement card with transaction controls. 

26 Establish a specific credit card policy if they are continually used. See the linked report for recommended policies.

27 Require the costs for training, conferences, or other travel expenses be directly billed to the district or incurred by the employee for reimbursement. 

28 Adopt a policy requiring supporting documentation for all reimbursement requests for conferences and trainings.

29 Pre-approve all out-of-state travel for the Superintendent, other district employees, and Board members, including travel for professional development. 

30 Adopt the Kentucky State Government per diem reimbursement rates and travel regulations, as specified by 200 KAR 2:006.

 31 Create a written policy regarding the use of district fleet vehicles, addressing assignments to employee(s) and all accompanying documentation for identification and use. 

32 Develop a policy for the use of a fleet fuel card or other credit cards for gas purchases, restricting the use for only fuel purchases related to business purposes and requiring a card user agreement. 

33 Develop a policy for submitting fuel receipts that would require the employee’s initials, the vehicle or license plate number, and the odometer reading to be recorded on the fuel receipt at the time the fuel is purchased, and a timeframe for when receipts should be submitted. 

Section II: Recommendations 34-38 for Superintendents to Address Policies or Procedures Regarding Expenditures, Travel, Leave, and Employee Position Descript​ions.

34 Develop, in conjunction with other district management, written procedures to ensure expenses are appropriate, reasonable, and necessary for the district’s operation prior to its effective date. See the linked report for recommended procedures. 

35 Develop, in conjunction with other district management, specific procedures to ensure that travel and other reimbursable expenses that are incurred support the district’s operations and objectives and not personal expenses. See the linked report for recommended procedures. 

36 Provide to the Board a copy of the itinerary, meeting minutes, or other materials provided by the host organization for which a reimbursement for mileage or other travel expenses is requested for conferences, trainings, and external meetings. 

37 Notify the full Board, Board Chair, or a designated Board committee in writing when taking annual, sick, professional, or other leave for a scheduled contract workday. 

38 Review the documented position descriptions for district personnel to ensure they are appropriate, reflect the employee’s actual job duties and responsibilities. 

Section III: Recommendations 39-74 for School District Management (Management) to Address Various Operational Areas Including Personnel, Procurement, Travel, and Information Technology. 

39 Provide training to all employees commensurate with their job duties and responsibilities. See the linked report for examples. 

40 Develop and formalize an information technology (IT) security awareness program to reinforce employee responsibilities related to IT security. 

41 Evaluate whether candidates are eligible, based on all applicable criteria, for posted employment positions prior to selecting candidates for interview or further consideration. 

42 Provide the district’s itinerant staff with specific written job expectations and required duties where their work activities are documented daily. 

43 Ensure all full-time and substitute employees work the allotted number of hours in accordance with the Board-approved salary schedule. 

44 Implement adequate internal controls to ensure substitute teacher payments are accurate and supported by timesheets or another form that provides the date, the name of the substitute, the person for which the substitute is working, and the school or location worked. 

45 Report to the Board, at least quarterly, the current amount of leave and the cumulative associated value of that leave for all staff members, including the Superintendent. 

46 Develop a procedure, subject to Board approval, requiring all employees report the actual amount of leave time used regardless of any exemption status. 

47 Implement changes to the Superintendent’s salary or benefits only after complete, written, and signed documentation is received from the Board. 

48 Include the Superintendent’s professional leave in the standard monthly reporting to the Board. 

49 Ensure that procurement contracts entered into by the district specify the services required to be performed and the amount to be paid with specific language outlining everything pertaining to all parties in the contract. Further, we recommend District policy prohibit gratuities, gifts, conflict of interests, and other issues involving procurement as specified in KRS 45A.455. 

50 Monitor the contractor’s performance and review applicable invoices to ensure compliance with the contract. 

51 Maintain a record of all contracts to facilitate review and monitoring activities. 

52 Provide a detailed annual report to the Board of all vendor contract renewals and extensions. 

53 Develop a procedure requiring teachers to be informed of the individual maximum amount in the budget available for reimbursement of personal funds used to purchase necessary supplies for classrooms and students. 

54 If the Board adopts the per diem method for meal reimbursement as previously suggested, disallow and discourage other methods to incur meal expenses, such as the use of district credit cards or reimbursing the employee based on an actual receipt. 

55 Maintain a list of employees attending conferences and training with a criterion on eligibility and limitations on attendance. 

56 Inform appropriate payroll staff of employee take-home vehicle assignments so that the taxable benefit is properly reported on the employee’s W-2 tax documents, vehicle records are maintained, and responsibility is assessed accordingly in the case of misuse or improper filing. 

57 Require maintenance/transportation departments to maintain an accurate, up-to-date inventory database. 

58 All written district IT policies and procedures must reflect current processes and procedures. See the linked report for examples of district IT policies and procedures. 

59 Ensure updated policies and procedures are maintained in a central location and made available to all district staff. 

60 Ensure internal staff and the application vendor has properly configured IT devices to limit vulnerabilities that could be exploited. 

61 Identify all services running on their critical servers housing student information or other personally identifiable information (PII) are strictly secured and encrypted. 

62 Ensure a process is in place to identify incidents where breaches of district systems and data have occurred, including a remediation plan and formal process for notifying the affected individuals, credit bureaus, and appropriate law enforcement in compliance with KRS 61.931 to 61.934. 

63 Develop a process for sanitizing and disposing of IT equipment in their central office and individual schools. 

64 Develop a report to communicate sanitizations and disposals by the schools to the central office with any items that are removed from the district’s fixed asset listing accounted for and included in the report. 

65 Develop a formal written procedure detailing the process for all employees, including central office staff, to request new access, change access, or remove access to applications. 

66 Perform periodic review of the user accounts and security role groupings established within these applications and production servers to ensure they have a business purpose. Restrict access of outside vendors to the district network to defined periods of time with all actions taken monitored by IT staff. 

67 Work with KDE to develop and formalize a password policy. See the linked report for a list of password requirements. 

68 Apply the password policy to all applications used by the district. Any exceptions to the password policy should be retained. 

69 Implement a standardized process to ensure password audits are performed on a periodic basis. Results of these password audits should be maintained. 

70 Ensure that all new IT devices are consistently and periodically configured based on internally developed or KDE directed base- line configurations. Document any variations from the base-line configurations with justification and management’s authorization. 

71 Take the necessary actions to ensure the services and open ports on their devices have a specific business purpose. Any unnecessary services are to be disabled or the associated ports should be closed. 

72 Develop and finalize a DRP/BCP with adequate distribution to key staff within the process cycle. See the linked report for a list of what a DRP/BCP should include.

73 Develop, document, test and distribute written backup procedures to key staff responsible for this process and provide training in their specific responsibilities. See the linked report for recommended backup procedures. ​

74 Review the applicable record retention schedules established by the Kentucky Department of Libraries and Archives. 

Section IV: Recommendation 75 for Site Based Decision Making Councils Regarding Activity Fund Policies and Procedures. 

75 To facilitate compliance with the Kentucky Department of Education’s (KDE) Accounting Procedures for Kentucky School Activity Funds, we recommend Site Based Decision Making Councils develop school specific policies and procedures to oversee activity funds. These policies and procedures should be designed to ensure financial transactions of the activity funds are properly accounted for, reported, and used for the benefit of the students. We also recommend that the Site Based Decision Making Council inform all external booster organizations of the requirements of activity accounts according to KDE’s Accounting Procedures for Kentucky School Activity Funds, as well as any school specific policies and procedures developed.