Purpose of Audit
The purpose of our audit was to determine whether Authority officials adequately safeguarded and protected information technology assets used in its business environment against unauthorized use, access and loss for the period January 1, 2016 through October 6, 2017.
Background
The Erie County Water Authority is a public benefit corporation established in 1949, providing water supply to approximately 550,000 customers across Western New York. The Authority is governed by three Board members, appointed by the Erie County Legislature.
Key Findings
- The Authority has 696 network user accounts that have not been used in the last six months, with 75 accounts that have not logged on in at least four years and 377 accounts that have never been used.
- Five of 10 tested employees visited social media, shopping websites and personal email, which could expose the network to virus attacks or compromise systems and data.
Key Recommendations
- Evaluate all existing network user accounts, disable or remove any deemed unnecessary and ensure that accounts are periodically reviewed for necessity and appropriateness.
- Review the Internet usage log to ensure compliance with the computer use policy.