Town of Lloyd - Information Technology (2019M-36) | Office of the New York State Comptroller

Issued Date

June 21, 2019

Audit Objective

Determine whether Town officials ensured the Town’s Information Technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.

Key Findings

Employees accessed nonbusiness websites for personal use.
The Board did not provide IT security awareness training for employees who used Town IT assets.
Town officials (Officials) did not adopt a disaster recovery plan or develop written data backup procedures.

In addition, sensitive IT control weaknesses were communicated confidentially to Officials.

Key Recommendations

Monitor compliance with the acceptable use policy.
Provide IT security awareness training to personnel who use IT resources.
Adopt written IT policies and procedures to address disaster recovery and data backup.

Officials indicated that they have initiated corrective action.

Background

The Town of Lloyd (Town) is located in Ulster County and serves approximately 11,000 residents.

The Town is governed by an elected five-member Town Board (Board), composed of the Town Supervisor (Supervisor) and four Board members. The Board is responsible for the general oversight of the Town’s operations and finances. The Supervisor, as chief fiscal officer, is responsible for the day-to-day management of the Town.

The Town contracted with a third-party consultant to operate and maintain the Town’s IT system. The Supervisor is responsible for overseeing the IT consultant.

Quick Facts
Servers	5
Computers	44
Employees	88
2019 General Fund Appropriations	$5 million

Audit Period

January 1, 2017 – September 14, 2018. We extended our scope period to January 15, 2019 for IT information.