ARTIFICIAL INTELLIGENCE [AI] IS NOT USED, IN WHOLE OR IN PART, IN PREPARING NYPPL SUMMARIES OF JUDICIAL AND QUASI-JUDICIAL DECISIONS

March 21, 2024

New York State Comptroller DiNapoli releases municipal and school audits

On March 20, 2024, New York State Comptroller Thomas P. DiNapoli announced the following local government and school audits were issued.

Click on the text highlighted in color to access both the summary and the full audit.


New York State Comptroller Thomas P. DiNapoli today announced the following local government and school audits were issued.

City of Salamanca – Collections (Cattaraugus County)

The city comptroller’s collections were not always accurately recorded and because adequate collection records were not always maintained, auditors could not determine whether deposits were generally made in a timely manner. Auditors reviewed 29 deposits totaling nearly $2 million that consisted of 1,835 entries made during the audit period and determined: 1,759 entries lacked a duplicate press-numbered receipt which precluded them from determining whether deposits were made in a timely manner. Another 34 entries totaling approximately $50,000 did not have the correct form of payment (cash or check) listed in the collection records and 26 entries totaling approximately $18,000 did not have either the correct check number included on the collection records, or no check number was listed at all. Auditors found no collections were lost, misused or misappropriated, but because complete and reliable collections were not always maintained, there is an increased risk of city collections being lost, misused or misappropriated.

 

Piseco Common School District – Authorized Investments (Hamilton County)

District officials did not invest in accordance with statutory requirements. As a result, district investments were at an increased risk of loss. District officials did not adhere to the district’s investment policy and invested $35,000 in an investment account that is not statutorily authorized. The board re-adopted its investment policy annually but did not ensure the district’s investments complied with the policy’s list of eligible investments. In addition, the board did not develop procedures to address investment requirements.

 

Village of Afton – Claims Auditing and Disbursements (Chenango County)

The board did not properly audit claims, and as a result, payments were made prior to audit, for unsupported claims and for inappropriate purposes. Of the 98 claims totaling $155,528 reviewed: 53 claims totaling $13,356 were paid prior to audit and one claim totaling $793 did not include adequate supporting documentation, such as itemized receipts. The village reimbursed the former mayor for two payments totaling $1,500 for the village’s accounting software that she paid for with her personal credit card. The village should not reimburse anyone other than current village officials or employees. In addition, auditors reviewed 50 disbursements totaling $11,480 and determined that the board did not properly monitor non-payroll disbursements. As a result, there is an increased risk that errors or inappropriate transactions could occur and remain undetected.

 

Beacon Central School District – Information Technology (IT) (Dutchess County)

District officials did not ensure network user accounts were adequately managed. Unnecessary enabled network user accounts are additional entry points into a network and, if accessed by attackers, could potentially be compromised or used for malicious purposes. In addition to sensitive IT control weaknesses that were communicated confidentially to district officials, auditors found that officials did not disable 281 unneeded network user accounts of the 1,280 accounts reviewed. The accounts included 153 student accounts, 89 nonstudent accounts, and 39 shared and service accounts.

 

Copiague Union Free School District – Information Technology (Suffolk County)

District officials did not properly manage nonstudent network user accounts and financial software access controls. As a result, data and personal, private and sensitive information accessible by those accounts were at a greater risk for unauthorized access, misuse or loss. Auditors found that officials did not disable 316 nonstudent network user accounts (24%) that were not needed, including two user accounts assigned to employees that left the district more than 17 years ago. In addition, the district did not ensure that employees had the appropriate access to the financial software necessary to perform their job functions or provide IT security awareness and data privacy training annually to all officials and employees with access to financial and other sensitive data.

 

OnTECH Charter High School – Information Technology (Onondaga County)

School officials did not ensure IT systems were adequately secured and protected against unauthorized use, access and loss. In addition to sensitive IT control weaknesses that were communicated confidentially to officials, the board and officials did not adequately manage user accounts and permissions. As a result, the six computers tested had unneeded user accounts and unnecessary administrative permissions. Officials also did not monitor Internet usage for compliance with the school’s acceptable use policy. As a result, there is an increased risk of school computers being exposed to malicious software. In addition, officials did not develop and adopt an IT contingency plan and provide staff with IT security awareness training.

###

CAUTION

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the information and, or, decisions summarized in NYPPL. For example, New York State Department of Civil Service's Advisory Memorandum 24-08 reflects changes required as the result of certain amendments to §72 of the New York State Civil Service Law to take effect January 1, 2025 [See Chapter 306 of the Laws of 2024]. Advisory Memorandum 24-08 in PDF format is posted on the Internet at https://www.cs.ny.gov/ssd/pdf/AM24-08Combined.pdf. Accordingly, the information and case summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.
THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. AGAIN, CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE, OR CORRESPONDENCE CONCERNING SUCH MATERIAL, DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
NYPPL Blogger Harvey Randall served as Principal Attorney, New York State Department of Civil Service; Director of Personnel, SUNY Central Administration; Director of Research, Governor’s Office of Employee Relations; and Staff Judge Advocate General, New York Guard. Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material posted to this blog is presented with the understanding that neither the publisher nor NYPPL and, or, its staff and contributors are providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader is urged to seek such advice from a knowledgeable professional.
New York Public Personnel Law. Email: publications@nycap.rr.com