District officials did not adequately manage network user accounts or develop and adopt a written disaster recovery plan. As a result, the district has an increased risk that it could lose important data and suffer serious interruption in operations. District officials should have disabled 17 of the 113 network user accounts auditors examined. The 17 user accounts were unneeded and included generic, shared and former employee accounts. District officials should have also revoked permissions for eight of the 12 network user accounts with administrative permissions because the permissions were unneeded. Sensitive information technology control weaknesses were communicated confidentially to officials.