Purpose of Audit

The purpose of our audit was to assess internal controls over information technology (IT) for the period January 1, 2011, to November 15, 2012.

Background

The Town of North East is located in Dutchess County and has a population of approximately 3,500. The elected Town Board is comprised of four Board members and the Supervisor. The Town’s budget for the 2012 fiscal year was approximately $1 million.

Key Findings

• The Board does not have a written agreement with one of the Town’s IT service providers and cannot be assured the Town is receiving IT services that meet the Town’s needs and expectations.
• Although the Board has adopted a breach notification policy, it has not designated responsible parties to implement the policy, nor educated Town officials and employees on the existence of the policy.
• The Town does not have a disaster recovery plan.

Key Recommendations

• Ensure that the Board has a written agreement with all third-party IT service providers that clearly defines the services and the related security to be provided to the Town.
• Educate Town officials and employees about the adopted information breach notification policy and designate the Town officials and/or employees responsible for implementing the policy.
• Adopt a comprehensive disaster recovery plan.