Purpose of Audit

The purpose of our audit was to evaluate the Town’s Information Technology (IT) controls for the period January 1, 2016 through June 30, 2017.

Background

The Town of Greece is located in Monroe County and has a population of approximately 96,000. The Town is governed by an elected five-member Town Board. Budgeted appropriations for 2017 totaled approximately $56.7 million.

Key Findings

• The Town’s acceptable use policy did not include provisions for enforcement, such as monitoring computer use and reviewing installed software.
• Town officials also did not adopt a comprehensive online banking policy or adequately segregate online banking duties.
• The Board did not adopt a comprehensive disaster recovery plan.
• Town officials did not have a comprehensive hardware inventory, and IT staff did not maintain a comprehensive list of all Town-owned software and software licenses.

Key Recommendations

• Enforce the acceptable use policy.
• Adopt a comprehensive online banking policy and ensure that someone who does not have the ability to make transfers performs timely bank reconciliations.
• Adopt a comprehensive disaster recovery plan and ensure the plan is distributed to all essential personnel.
• Maintain complete and comprehensive hardware and software inventories.