Town of Hunter - Information Technology (2018M-262) | Office of the New York State Comptroller

Issued Date

May 24, 2019

Audit Objective

Determine whether Town officials ensured the Town’s information technology (IT) system was adequately secured and protected against unauthorized use, access and loss.

Key Findings

The Board has not:

Adopted IT policies and procedures for disaster recovery, backups and breach notification.
Provided IT security awareness training.
Ensured that IT hardware and software inventories are up-to-date.

In addition, sensitive IT control weaknesses were communicated confidentially to Town officials.

Key Recommendations

Adopt a disaster recovery plan, backup procedures and a breach notification policy.

Ensure that:

All personnel receive IT security awareness training.
IT hardware and software inventories are up-to-date.

Town officials generally agreed with our recommendations and indicated they planned to initiate corrective action.

Background

The Town of Hunter (Town) is located in Greene County. The Town is governed by an elected Town Board (Board), which is composed of a Supervisor and four Council members. The Board is responsible for the general oversight of operations and finances including establishing policies and procedures to safeguard IT assets and provide a secure IT environment.

Town officials contract with an IT consultant for IT services including support, network management and other services.

Quick Facts
Residents	Approximately 2,700
2018 Appropriations	$3.2 million
Employees	52
Computers in Use	15

Audit Period

January 1, 2017 – August 8, 2018.
We extended our scope forward to December 4, 2018 to complete computer testing.