The Democratic presidential candidate Hillary Clinton disregarded various State Department guidelines for avoiding cybersecurity risks, an internal audit found Wednesday.

Clinton's use of private email, held on a private server at her Chappaqua, New York, home, for government purposes has come up in various investigations, and the controversy over it has hung over her campaign for months.

The report by the department's inspector general cited "longstanding, systemic weaknesses" with State Department records that predated Clinton's tenure, but criticized her for using private email for government business and for failing to turn over records promptly, media reports said.

"At a minimum, Secretary Clinton should have surrendered all emails dealing with department business before leaving government service and, because she did not do so, she did not comply with the Department's policies that were implemented in accordance with the Federal Records Act," the report read.

Despite guidelines to the contrary, Clinton used mobile devices to conduct official business on her personal email account and private server. She never sought approval from senior information officers, who would have refused the request because of security risks, the audit said.

"By Secretary Clinton's tenure, the department's guidance was considerably more detailed and more sophisticated," it concluded. "Secretary Clinton's cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives."

Clinton has been dogged by questions about her email practices for more than a year, since the AP revealed that the clintonemail.com server was in the basement of Clinton's New York home while she served as the nation's top diplomat from 2009 to 2013. It's also been raised as an issue in her campaign for the Democratic presidential nomination.

Separately from the State Department audit, FBI agents have been probing whether Clinton's use of a private email server imperiled government secrets.

Clinton has acknowledged in the campaign that her homebrew email setup was a mistake, but said she never sent or received anything marked classified at the time.

State Department spokesman Mark Toner said the agency is "already working" to improve its email and records management system.

Toner said "it is clear that the department could have done a better job preserving emails and records of secretaries of state and their senior staff going back several administrations." He said the State Department also agrees that compliance with its rules has been "inconsistent across several administrations."

The independent review by the department's inspector general was prompted by the revelations of Clinton's email use, but the audit also encompassed the email and information practices of the last five secretaries.

The report said the department and its secretaries were "slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership."