Town of Ulysses - Information Technology (2021M-190) | Office of the New York State Comptroller

Issued Date

April 01, 2022

Audit Objective

Determine whether Town of Ulysses (Town) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.

Key Findings

Town officials did not ensure IT systems were adequately secured and protected against unauthorized use, access and loss.

The Board did not adopt adequate written IT policies or a written IT contingency plan.
Officials did not adequately manage local user accounts.
The Board did not enter into a written service level agreement with the Town’s IT service provider. Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

Adopt comprehensive written IT policies, including a written IT contingency plan.
Regularly review local user accounts and disable those that are unnecessary.
Enter into a written service level agreement with the Town’s IT service provider.

Town officials agreed with our recommendations and indicated they planned to initiate corrective action.

Quick Facts
On-site Servers and User Computers	14
Employees	26
Local User Accounts Reviewed	46
Payments to the IT Consultant During Audit Period	$7,685