New York State Comptroller Thomas P. DiNapoli today announced the following local government and school audits were issued.
Town of Guilford – Budgeting (Chenango County)
The board did not develop realistic budgets. Estimated revenues were underestimated and appropriated fund balance was not used, resulting in unrestricted fund balance in the general and highway funds that exceeded the town’s fund balance policy limit. Actual revenues exceeded estimated revenues by an average of $210,000 (42%) in the general fund and $180,000 (17%) in the highway fund. The board adopted budgets that planned for using $228,000 of fund balance to offset projected operating deficits in the general fund. Instead, the general fund incurred operating surpluses each year for a combined total of $378,991. Therefore, appropriated fund balance was not used as intended. In addition, unrestricted fund balance for the general and highway funds exceeded the maximum allowable limit per the town’s policy ranging from $464,000 to $709,000 in the general fund and $168,000 to $225,000 in the highway fund.
Valley Stream Union Free School District Thirteen – Disbursements (Nassau County)
The board and treasurer did not appropriately and securely execute check signatures for non-payroll checks between July 1, 2021 and June 30, 2023. Although the checks reviewed were disbursed for what appear to be legitimate district purposes, when the treasurer does not maintain control of his electronic signature, there is an increased chance of unauthorized checks being signed. In addition, although the board did not authorize the treasurer to sign district checks with an electronic signature, the treasurer used an electronic signature to sign 3,621 non-payroll checks totaling $26.7 million. The treasurer did not maintain custody or supervise the use of his electronic signature, and he remotely signed 615 checks totaling $4.8 million.
Rockville Centre Union Free School District – Information Technology (IT) (Nassau County)
District officials did not monitor users’ compliance with the district’s acceptable Internet use policy (AUP). Of the 37 network users reviewed: Fifteen network users (41%) accessed websites, such as shopping, entertainment, online gambling and social media, on district computers although the district’s regulations for AUP state that personal use is prohibited. As a result, the likelihood that a user’s Internet browsing exposes the district to malicious software that may compromise data, confidentiality, integrity or availability is increased. Fifteen network users (41%) did not have signed forms acknowledging they received and reviewed the district’s AUP. This diminishes accountability and the district’s ability to protect district computers and the data contained therein. Also, six nonstudent network users (22%) did not receive IT security awareness training. As a result, the risk that users will not understand their responsibilities and put personal, private and sensitive information on district computers at greater risk of misuse or loss is increased.
Chittenango Central School District – Information Technology (Madison County)
District officials did not adequately manage nonstudent network and local user account access or develop an information technology (IT) contingency plan. As a result, the district’s IT system and its personal, private and sensitive information may be accessible to unauthorized users. Officials also have less assurance that, in the event of a disruption or disaster such as a ransomware attack, employees and other responsible parties would be able to react quickly and effectively to help resume, restore, repair and/or rebuild critical IT systems or data in a timely manner. In addition, auditors determined that 89 (15%) of the district’s nonstudent network user accounts were no longer needed and should have been disabled and 11 of 21 local user accounts (52%) reviewed on 12 district computers were no longer needed.