ARTIFICIAL INTELLIGENCE IS NOT USED, IN WHOLE OR IN PART, IN THE SUMMARIES OF JUDICIAL AND QUASI-JUDICIAL DECISIONS PREPARED BY NYPPL

February 27, 2015

Selected reports and information published by New York State's Comptroller Thomas P. DiNapoli on February 26, 2015


Selected reports and information published by New York State's Comptroller Thomas P. DiNapoli on February 26, 2015
Click on text highlighted in color  to access the full report

On February 26, 2015 New York State Comptroller Thomas P. DiNapoli announced that the following audits have been issued: 


Department of Health (DOH): Medicaid Program: Medicaid Claims Processing Activity April 1, 2013 Through September 30, 2013 (2013-S-12)
DOH’s eMedNY computer system processes Medicaid claims submitted by providers for services rendered to Medicaid-eligible recipients, and it generates payments to reimburse the providers for their claims. During the six-month period ended Sept. 30, 2013, auditors identified over $5.6 million in inappropriate or questionable Medicaid payments. By the end of the audit fieldwork, auditors recovered about $2.3 million of the overpayments identified.

Department of Labor (DOL): Assessment and Collection of Selected Fees and Penalties (Follow-Up) (2014-F-19)
An initial report issued in May 2013, determined DOL had not collected about $3.8 million in fees and penalties for the Public Work Enforcement Fund, the boiler inspection program and the asbestos abatement program. Auditors also determined DOL does not have accurate records to show who is required to pay boiler inspection and asbestos-related project fees. In a follow-up, auditors found DOL has made substantial progress in addressing the issues identified in the initial report.

Metropolitan Transportation Authority (MTA): Headquarters and Capital Construction Travel and Entertainment Expenses (2013-S-47)
Auditors found MTA Headquarters and MTA Capital Construction have opportunities to strengthen controls over travel and entertainment, which could help reduce certain costs. For example, MTAHQ and MTACC could utilize federal travel guidelines (established by the U.S. General Services Administration and the U.S. Department of State) pertaining to maximum allowable lodging rates. Auditors found certain travel transactions lacked proper prior approvals, statements of purpose, or other required supporting travel documentation. Business office staff did not consistently ensure that all required approvals and supporting documents were included with employees’ travel expense reports.

New York City Department of Housing Preservation and Development (NYC HPD): Housing Preferences for Veterans (2014-F-14)
An initial report issued in June 2012 found that although the state Legislature had extended the right of preference for housing to many more veterans, few actually benefited due to inaction or disregard by housing companies and lax enforcement by NYC HPD. Auditors found two housing companies in Manhattan (Hamilton House and Clinton Towers) filled vacant apartments with non-veterans even though veterans had been identified on their waiting lists. In a follow-up report, auditors found NYC HPD has made progress in addressing the issues identified in the initial report and has implemented all three prior recommendations.

Office of Information Technology Services (OITS):  Security and Effectiveness of Division of Criminal Justice Services’ (DCJS) Core Systems (2014-S-24)
Auditors found that OITS does not have an established monitoring and oversight process for user access management of DCJS systems and is not operating in compliance with state cyber security policies. OITS does not have established policies and procedures for backup of key DCJS systems. Also, ITS does not have an active regional backup site, and DCJS systems are at risk for total data loss in the event of a regional disaster. Auditors also found OITS does not have an established monitoring and oversight process for software or operating systems and changes made to these systems.

Office of Information Technology Services (OITS): Security and Effectiveness of the Department of Labor’s Unemployment Insurance System (2014-S9)
Auditors found the Unemployment Insurance System data has not yet been classified as required by the current security policy, even though 80 of the 83 unemployment insurance applications in use by the Labor Department have been deemed mission critical. The security policy indicates that all agency information should be classified on an ongoing basis based on its confidentiality, integrity, and availability. Almost two years after the transition of services, OITS still does not have a service level agreement in place governing responsibilities and services provided to human services agencies. Auditors also found that although mainframe programming changes are logged, there is no indication of when these changes have been implemented, thereby reducing accountability.

Office of Information Technology Services (OITS): Security and Effectiveness of Department of Motor Vehicles’ (DMV) Licensing and Registration Systems (2013-S-58)
Auditors found OITS and DMV are not in compliance with the payment card industry data security standards that govern the systems that process credit card transactions. Since January 2012, neither agency has completed and submitted a required self-assessment questionnaire or third-party compliance report, which are necessary to ensure that all risks have been properly identified and mitigated. Non-compliance also exposes the state to other risks ranging from extensive fines or penalties to business disruption due to cancelled accounts and the inability to accept credit card payments. OITS does not have an established monitoring and oversight process for user access management of DMV systems and is not operating in compliance with state cybersecurity policies.

CAUTION

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the decisions summarized here. Accordingly, these summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.
THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. AGAIN, CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE, OR CORRESPONDENCE CONCERNING SUCH MATERIAL, DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
New York Public Personnel Law Blog Editor Harvey Randall served as Principal Attorney, New York State Department of Civil Service; Director of Personnel, SUNY Central Administration; Director of Research, Governor’s Office of Employee Relations; and Staff Judge Advocate General, New York Guard. Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material posted to this blog is presented with the understanding that neither the publisher nor NYPPL and, or, its staff and contributors are providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader is urged to seek such advice from a knowledgeable professional.
Copyright 2009-2024 - Public Employment Law Press. Email: nyppl@nycap.rr.com.