Village of Aurora – Treasurer’s Duties and Information Technology (2014M-107)

Issued Date
August 29, 2014

Purpose of Audit

The purpose of our audit was to review the Village’s financial and information technology operations for the period June 1, 2012 through October 28, 2013.

Background

The Village of Aurora, the home of Wells College, is located in the Town of Ledyard in Cayuga County and has approximately 700 residents. Budget appropriations for the general, water and sewer funds in 2013-14 were approximately $651,100 funded primarily by real property taxes, sales tax, State aid, and water and sewer rents. The Village is governed by a Board of Trustees which comprises four elected Trustees and an elected Mayor.

Key Findings

  • The Board has not implemented adequate compensating controls to address the lack of segregation of duties performed by the Treasurer.
  • The Board did not audit the Treasurer’s records and reports during our audit period. As a result, there is an increased risk that errors and irregularities may occur and remain undetected and uncorrected.
  • The Village does not have policies and procedures in place to safeguard IT assets, including an appropriate use policy, a breach notification policy and a disaster recovery plan. Additionally, Village officials have not implemented adequate controls and restrictions over user access to the financial system. Lastly, the Board has not adopted comprehensive data back-up policies and procedures.

Key Recommendations

  • Implement compensating controls to reduce the risks associated with the lack of segregation of duties.
  • Annually audit the Treasurer’s financial records.
  • Adopt policies and procedures governing IT, including an acceptable use policy, a breach notification policy, and a disaster recovery plan. Ensure that administrative rights to the financial software are not given to someone involved in financial operations and that backups are performed daily, and copies of data are stored at a secure off-site location.