Town of Queensbury - Information Technology (2018M-224) | Office of the New York State Comptroller

Issued Date

March 22, 2019

Audit Objective

Determine whether officials ensured the Town’s information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.

Key Findings

Town officials have not:

Implemented comprehensive procedures for managing, limiting, securing and monitoring user access.
Monitored compliance with the acceptable use policy, or developed a formal disaster recovery plan.

In addition, sensitive IT control weaknesses were communicated confidentially to Town officials.

Key Recommendations

Implement strong access controls, in part, by removing or disabling unnecessary local user accounts.
Enforce the acceptable use policy and adopt a comprehensive disaster recovery plan.

Local officials agreed with our recommendations and indicated they have begun corrective action.

Background

The Town of Queensbury (Town) is located in Warren County.

The Town is governed by an elected Town Board (Board) composed of a Town Supervisor and four Board members. The Board is responsible for the general oversight of operations and finances, including security over the Town’s IT system.

Quick Facts
2018 General Fund Budget	$13.5 million
Residents	27,900
Employees	260
Network Accounts	158

Audit Period

January 1, 2017 - April 11, 2018