Purpose of Audit
The purpose of our audit was to examine the County’s internal controls over select financial activities for the period January 1, 2011 through December 19, 2012.
Cattaraugus County is located in the southwest portion of New York State and has a population of 80,317. The County is comprised of two cities, 32 towns and nine villages. The County is governed by a 21-member Legislature. The County’s budgeted appropriations for 2013 are $202 million, which include general fund appropriations of $155 million.
- County officials have not established policies and procedures to monitor the Microenterprise Development Loan Fund (MDLF) Program. Although the County’s contract with the Business Development Corporation (BDC) requires quarterly and annual reporting, BDC provided untimely and insufficiently detailed activity reports. County officials did not have sufficient information to address delinquent balances for nine loans totaling $24,847.
- For the Children with Special Needs program, we found that client files were not always available or complete. We reviewed the files for the 224 children that were available and found that the County did not maintain one or more pieces of required documentation in the files for 19 of these children, for whom the County paid claims totaling $161,482. We also reviewed 16 transportation claims totaling $100,566 and found exceptions with five claims totaling $85,654.
- The Legislature has not established policies and procedures relating to the security of data and assets, including user access, a formal disaster recovery plan, and IT security awareness training for users of the County network.
- Establish formal procedures to monitor the performance and administration of its sub-recipient (BDC) including the provision of timely, detailed reports. Monitor and pursue delinquent loan payments in accordance with the MDLF Operations Manual.
- Establish procedures to ensure each child’s file contains all required documentation so that the County can receive reimbursement for services provided for special needs.
- Develop and adopt IT policies that address acceptable computer use, remote access, and disaster recovery and develop procedures which require that access rights for computer users be based upon current duties or employee status.