Village of Brightwaters – Financial Operations, Conflict of Interest and Information Technology (2012M-190)

Issued Date
February 22, 2013

Purpose of Audit

The purpose of our audit was to review selected Village financial operations for the period June 1, 2010, through February 29, 2012.

Background

The Village of Brightwaters is located in the Town of Islip in Suffolk County and has approximately 3,300 residents. The Village is governed by an elected Board of Trustees comprising four elected Trustees and an elected Mayor. Operating expenditures for the 2010-11 fiscal year were $2,866,612.

Key Findings

  • Over the 2009-10 through 2011-12 fiscal years, the Board underestimated expenditures by a total of more than $416,000 despite historical indications that expenditures consistently exceeded the budget. These budgeting practices created operating deficits that have contributed to ongoing fund balance deficits in the general fund. During this period, the Village received over $642,000 in non-recurring revenue without which the fund balance deficit would have been even greater.
  • The Board failed to audit all claims as required by Village Law. For the fiscal year ended May 31, 2011, the Board reviewed and authorized only 12 abstracts with 573 claims out of 146 abstracts with a total of 1,031 claims.
  • A Board member had a prohibited interest in a contract with the Village.
  • Village officials have not adopted comprehensive IT policies and procedures regarding standards for computer use, remote access, breach notification, data backup, and disaster recovery.

Key Recommendations

  • Adopt structurally balanced budgets with realistic estimates that enable operations to be financed without relying on non-recurring revenue sources.
  • Conduct a thorough and deliberate audit of all claims against the Village, before they are paid, ensuring that each claim has sufficient supporting documentation and represents a valid Village expenditure.
  • Establish controls to help detect and prevent the Village from entering into contracts in which an officer or employee has a prohibited interest.
  • Adopt policies and procedures for the acceptable use of equipment and systems, user access rights, remote access, breach notification, data backup and disaster recovery.