ALBANY – A state audit of the Village of Ellenville’s computerized
data and assets found they were not properly safeguarded.
The comptroller’s audit looked at the village for the period June
1, 2013 through May 31, 2014. The village’s general fund expenditures
for the 2013-2014 fiscal year were some $3.9 million.
The audit found village officials had not designated a financial software
administrator who is independent of financial recordkeeping; had not restricted
users’ access to the financial system based on employee job responsibilities;
and the board had not developed comprehensive policies and procedures
to protect critical financial data.
Key recommendations of the audit include designating an administrator
of the financial software who does not perform or monitor the village’s
financial recordkeeping; restrict users’ computer access to only
those duties needed to perform their job responsibilities; and adopt written
IT policies and procedures to address breach notification, disaster recovery,
acceptable use, system security, internal user access, data backups and
protecting personal, protect and sensitive information.
