ARTIFICIAL INTELLIGENCE [AI] IS NOT USED, IN WHOLE OR IN PART, IN PREPARING NYPPL SUMMARIES OF JUDICIAL AND QUASI-JUDICIAL DECISIONS

February 20, 2021

Municipal and school district audits issued during the week ending February 19, 2021

New York State Comptroller Thomas P. DiNapoli announced the following municipal and school district audits were issued during the week ending February 19, 2021.

Click on the text highlighted in color to access the complete audit report

MUNICIPAL AUDITS

New York State Comptroller Thomas P. DiNapoli today announced the following local government and school district audits have been issued.

 

Village of Red Hook – Information Technology (Dutchess County) Officials did not adequately secure and protect the village’s information technology (IT) systems against unauthorized use, access and loss. The board also did not adopt required or sufficient IT policies, provide users with IT security awareness training, or develop a disaster recovery plan. Officials were unaware that employees were accessing websites for nonbusiness purposes because they did not routinely monitor employee Internet use. The IT consultant’s responsibilities were not defined and officials did not have a formal contract with the consultant. In addition, sensitive IT control weaknesses were communicated confidentially to officials.

 

Village of Pittsford – Audit Follow-Up Letter (Monroe County) In a previous report issued in July 21, 2017, auditors identified problems with the board’s oversight over the village’s financial operations. When auditors revisited the village in August 2020 to review progress, they found limited corrective actions had occurred. Of the seven audit recommendations, one recommendation was fully implemented, four recommendations were partially implemented and two recommendations were not implemented.

 SCHOOL DISTRICT AUDITS

Honeoye Falls Lima Central School District – Access Controls (Livingston County, Monroe County and Ontario County)   District officials did not ensure user access controls were appropriate and secure. Officials did not adopt key information technology (IT) security policies, resulting in increased risk that data, hardware and software may be lost or damaged by inappropriate use or access. Officials also did not regularly review network user accounts and permissions to determine whether they were appropriate or needed to be disabled.

In addition, sensitive IT control weaknesses were communicated confidentially to officials. Due to the COVID-19 pandemic, with the district‘s increased reliance on a remote learning environment and administrative operations, protecting IT assets is critical.

 

CAUTION

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the information and, or, decisions summarized in NYPPL. For example, New York State Department of Civil Service's Advisory Memorandum 24-08 reflects changes required as the result of certain amendments to §72 of the New York State Civil Service Law to take effect January 1, 2025 [See Chapter 306 of the Laws of 2024]. Advisory Memorandum 24-08 in PDF format is posted on the Internet at https://www.cs.ny.gov/ssd/pdf/AM24-08Combined.pdf. Accordingly, the information and case summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.
THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. AGAIN, CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE, OR CORRESPONDENCE CONCERNING SUCH MATERIAL, DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
NYPPL Blogger Harvey Randall served as Principal Attorney, New York State Department of Civil Service; Director of Personnel, SUNY Central Administration; Director of Research, Governor’s Office of Employee Relations; and Staff Judge Advocate General, New York Guard. Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material posted to this blog is presented with the understanding that neither the publisher nor NYPPL and, or, its staff and contributors are providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader is urged to seek such advice from a knowledgeable professional.
New York Public Personnel Law. Email: publications@nycap.rr.com