Purpose of Audit
The purpose of our audit was to evaluate the Library’s information technology (IT) controls for the period January 1, 2016 through June 21, 2017.
The Greece Public Library is located in the Town of Greece in Monroe County. The Library, which received its charter from the New York State Board of Regents in 1958, is governed by a seven-member Board of Trustees appointed by the Town’s governing body. Budgeted appropriations for 2017 total approximately $3.1 million.
- The Board did not adopt any policies to protect its IT assets.
- The Board did not develop a disaster recovery plan.
- Library officials did not have a comprehensive hardware inventory.
- Adopt comprehensive IT policies that include acceptable use, password management, user accounts, access rights, backups, breach notification, hardware and software inventories, restricting personal use and connecting personally owned devices to Library computers and the sanitation and disposal of hardware and electronic media.
- Adopt a comprehensive disaster recovery plan and ensure that the plan is distributed to all essential personnel.
- Maintain complete, comprehensive hardware inventory records that detail the locations, assigned users and acquisition dates.