Press Releases
CONTACT:
Press Office
(518) 474-4015

 FOR RELEASE:

Immediately
December 8, 2010

 

DiNapoli Audit Finds Inappropriate Use of Computers at City of Geneva

Lax Oversight Allowed Users to Access Pornography, Shopping and Social Networking Websites



Poorly designed controls and ineffective oversight of computer usage allowed City of Geneva officials and employees to use city-owned computers for such activities as visiting pornographic, social networking and gambling websites as well as to conduct outside business, according to an audit released today by New York State Comptroller Thomas P. DiNapoli.

“City officials have a responsibility to ensure that internal controls are strong and public resources are protected,” DiNapoli said. “Taxpayers should not have to subsidize pornography, gambling and private business enterprises on city-owned computers. Geneva needs to closely monitor the use of city computers.”

The audit, covering the period of July 2008 through September 2009, found the city’s IT security and information systems controls were poorly designed and ineffective at preventing inappropriate use of the city’s computers. In addition, the city did not adopt a policy for acceptable computer use. The lack of adequate oversight allowed city IT resources to be used for a number of inappropriate purposes.

Auditors found one computer located at City Hall was used to visit adult websites with explicit sexual content including an adult-oriented social networking site, an on-line dating website and a pornographic website as well as websites relating to social networking, travel, job searches, sports tickets and used cars during a three-month period when the city’s firewall was not working. This computer also contained files pertaining to an outside business interest.

In addition, auditors’ review of 21 computers found three computers assigned to City Council members were inappropriately used for private employment, file sharing, social networking, gambling, shopping and streaming movies and TV shows. Two council members indicated they allowed their children to use the city-owned computers.

The audit also determined city officials failed to:
  • adopt policies for information breach notification, as required by law; protecting hardware, software and data; and ensuring computers are used for city business;
  • provide information security awareness training for employees;
  • maintain computer hardware and software inventory records; and
  • test and inform key employees of the city’s IT disaster recovery plan.

DiNapoli’s audit recommends city officials:
  • design a comprehensive system of internal controls over IT resources and assign an employee to implement and monitor them;
  • monitor internet activity of city officers and employees in a timely basis and follow up on inappropriate activity;
  • adopt acceptable use and other computer policies to guard against misuse of city equipment; and
  • maintain accurate and up-to-date inventory records for computer assets.

The city agreed with the audit’s findings and indicated it will initiate corrective action.

To view the audit, Click Here.



###

 

Albany Phone: (518) 474-4015 Fax: (518) 473-8940
NYC Phone: (212) 383-1388 Fax: (212) 681-7677
Internet: www.osc.state.ny.us
E-Mail: press@osc.state.ny.us
Follow us on Twitter: @NYSComptroller
Like us on Facebook: www.facebook.com/nyscomptroller