City of Tonawanda - Information Technology (2018M-146) | Office of the New York State Comptroller

Issued Date

November 21, 2018

read complete report311.28 KB

Audit Objective

Determine whether the Common Council (Council) ensured information technology (IT) assets were properly safeguarded.

Key Findings

The Council has not adopted an acceptable use policy or implemented procedures to properly monitor computer use.
City officials did not maintain an inventory of IT assets.
City employees were not provided with IT security awareness training.

In addition, sensitive IT control weaknesses were communicated confidentially to City officials.

Key Recommendations

Establish an acceptable use policy, distribute it to all City personnel and monitor IT usage.
Maintain an inventory of IT assets.
Ensure that all necessary City personnel receive IT security awareness training and that training is provided whenever the IT policies are updated.

City officials agreed with our recommendations and have initiated or indicated they planned to initiate corrective action.

Background

The City of Tonawanda (City) is located in Erie County. The Common Council (Council), composed of five elected members, is responsible for overseeing the City’s operations and finances including establishing policies and procedures to safeguard IT assets and provide a secure IT environment. The Mayor is the City’s chief executive officer and is responsible for supervising City officers and employees.

The Council appointed one employee to act as Network Administrator.

Quick Facts
Employees	162
Residents	15,130
Appropriations	$22.3 million
Computers	75
Servers	6 physical / 4 virtual

Audit Period

January 1, 2017 – April 26, 2018