Purpose of Audit

The purpose of our audit was to determine if computerized data and assets were properly safeguarded for the period August 1, 2013 through April 30, 2015.

Background

The Village of East Hampton is located in the Town of East Hampton, Suffolk County, and has a population of approximately 1,400. The Village is governed by an elected five-member Board of Trustees. General fund expenditures for the 2013-14 fiscal year were approximately $19.7 million.

Key Findings

• The Board has not adopted written computer-related policies to address user access, data backups, remote access or password security and management.
• Officials improperly assigned administrative privileges, created generic user accounts and provided excessive access right to the financial and real property tax software.
• The Board has not adopted a comprehensive disaster recovery plan.
• The Treasurer has administrative rights to the financial software and the Clerk has supervisor-level access to the real property tax software.

Key Recommendations

• Adopt policies and procedures to address internal user access, data backups, remote access and password security and management.
• Establish a policy to ensure that access is provided only to specified persons and only based on the needs associated with their job functions.
• Adopt and distribute to all responsible parties a comprehensive disaster recovery plan, which should be periodically tested and updated.
• Designate an administrator who does not perform or monitor financial or property tax recordkeeping.