Information Technology

New York Local Government and School Cybersecurity: A Cyber Profile

From 2019 through July 31, 2023, DiNapoli’s Local Government and School Accountability division released more than 190 information technology (IT) audits, finding more than 2,400 cybersecurity-related issues. The audits focused on breakdowns or gaps in fundamental cybersecurity components. The most common areas where improvement and corrective action were needed included cybersecurity governance aspects such as training in IT security awareness, policies and procedures, and the need for contingency plans.

Accounting and Financial Reporting for Subscription-Based Information Technology Arrangements (SBITAs) as Required by GASB Statement No. 96

The purpose of this bulletin is to provide accounting and financial reporting guidance for subscription-based information technology arrangements (SBITAs) and illustrate how local governments and school districts will need to account for and report these SBITAs in the Annual Financial Report (AFR) and the ST-3. | Reasonably Certain Template [.xlsx]

Smart Solutions Across the State: Advanced Technology in Local Governments

The City of Schenectady recently began installing energy saving LED street lights and expanding wireless connectivity to certain neighborhoods as part of its Smart City Project. Other local governments across New York State are also turning to new technologies to save money, better communicate with residents and allow taxpayers to make payments online. The report notes that local government leaders should be prepared to systematically address the heightened need for cybersecurity, particularly concerning smart infrastructure devices and related data.

Taking Affirmative Action to Improve New York State’s MWBE Program

As New York State struggles to meet the challenges of its current fiscal crisis, State policy makers must find ways to encourage growth in various sectors of the State’s economy to ensure the long-term fiscal health of the State. Small businesses – including those owned by minorities and women – are a vital part of that economy.

Wireless Technology and Security

The purpose of this guidance is to provide a basic overview of wireless technology and security. There are a number of steps that local governments and school districts can take to help mitigate the risks of wireless technology. Although wireless environments and their related security systems can be quite complex, a government personnel can implement effective controls with relative ease and without incurring additional cost.
Updated July 2021 (Originally Issued January 2016)

Ransomware

Malicious software, or malware, refers to software programs that are designed to harm computer systems. These programs can wreak havoc on both systems and electronic data by, for example, deleting files, gathering sensitive information such as passwords without the computer user’s knowledge and making systems inoperable. Computer users can inadvertently install malware on their computers by many methods, including opening email attachments, downloading content from the Internet or merely visiting infected websites.

The Practice of Internal Controls

The purpose of this management guide is to provide practical information about internal controls for local government financial operations. The control procedures discussed in this guide are presented in an easy reference format which lists individual controls (for specific financial areas) and the reasons why the control is important. Choosing the right internal controls and ensuring that they are consistently applied will help ensure that local governments are using public assets efficiently and protecting against loss, waste and abuse

Management’s Responsibility for Internal Controls

This guide is designed to introduce local government and school managers and officials to the components of an integrated internal control framework. The following topics are discussed in this guide: • The Origin - Committee of Sponsoring Organizations (COSO) • Integrated Internal Control Framework - The Big Picture • The Five Essential Elements of Internal Control • Limitations of Internal Controls • The Impact of Information Technology • The Role of Internal Auditors and Audit Committees.