Comptroller DiNapoli Releases Audits
New York State Comptroller Thomas P. DiNapoli announced today the following audits have been issued:
Department of Agriculture and Markets, Catering with a Flair Contract (2010-S-53)
In 2002, the New York State Fair contracted with Catering with a Flair to manage the Empire Room and provide catering services in exchange for a percentage of sales and certain required capital improvements. In 2009, the contract was extended through 2014. In August 2010, the Office of the Inspector General issued a report questioning the propriety of several transactions between the Contractor and the former fair director, who was subsequently arrested for larceny. At the Inspector General’s request, the department asked the comptroller to undertake a complete audit of the fair’s catering contract. The fair’s response to the draft of this report stated the contract with Catering with a Flair was terminated on Nov. 30, 2011. Auditors concluded that the department followed proper procedures when entering into the contract, and that the contractor accurately reported revenue and made required capital improvements. However, there are instances where the department needs to improve its monitoring of compliance with contract terms.
New York State Department of Civil Service, Network Security Controls (2011-S-7)
The department’s data and resources are at risk of unauthorized access, disclosure of sensitive data, and denial of service, in part because the department has not evaluated the effectiveness of its security controls. Without this evaluation, the department cannot be sure its controls adequately secure confidential data.
New York State Workers' Compensation Board, Network Security Controls (Follow-Up) (2011-F-29)
The initial audit report (2009-S-49) determined that the board’s management had not taken certain fundamental steps to secure their network, such as completing a risk assessment and data classification. The board’s security unit has taken many actions to implement the recommendations made. Some tasks still need to be completed to sufficiently protect the board’s network from security risks. Of the four recommendations, two were implemented and two were partially implemented.