February 20, 2021

Municipal and school district audits issued during the week ending February 19, 2021

New York State Comptroller Thomas P. DiNapoli announced the following municipal and school district audits were issued during the week ending February 19, 2021.

Click on the text highlighted in color to access the complete audit report

MUNICIPAL AUDITS

New York State Comptroller Thomas P. DiNapoli today announced the following local government and school district audits have been issued.

 

Village of Red Hook – Information Technology (Dutchess County) Officials did not adequately secure and protect the village’s information technology (IT) systems against unauthorized use, access and loss. The board also did not adopt required or sufficient IT policies, provide users with IT security awareness training, or develop a disaster recovery plan. Officials were unaware that employees were accessing websites for nonbusiness purposes because they did not routinely monitor employee Internet use. The IT consultant’s responsibilities were not defined and officials did not have a formal contract with the consultant. In addition, sensitive IT control weaknesses were communicated confidentially to officials.

 

Village of Pittsford – Audit Follow-Up Letter (Monroe County) In a previous report issued in July 21, 2017, auditors identified problems with the board’s oversight over the village’s financial operations. When auditors revisited the village in August 2020 to review progress, they found limited corrective actions had occurred. Of the seven audit recommendations, one recommendation was fully implemented, four recommendations were partially implemented and two recommendations were not implemented.

 SCHOOL DISTRICT AUDITS

Honeoye Falls Lima Central School District – Access Controls (Livingston County, Monroe County and Ontario County)   District officials did not ensure user access controls were appropriate and secure. Officials did not adopt key information technology (IT) security policies, resulting in increased risk that data, hardware and software may be lost or damaged by inappropriate use or access. Officials also did not regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.

In addition, sensitive IT control weaknesses were communicated confidentially to officials. Due to the COVID-19 pandemic, with the district‘s increased reliance on a remote learning environment and administrative operations, protecting IT assets is critical.

 

CAUTION

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the decisions summarized here. Accordingly, these summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.
THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. AGAIN, CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material in this blog is presented with the understanding that neither the publisher nor members of the staff are providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader is advised to seek such advice from a competent professional.