Upload
david-radovanovic
View
226
Download
0
Embed Size (px)
Citation preview
8/3/2019 Saugerties Village Audit
1/25
DIVISIONOF LOCAL GOVERNMENT
& SCHOOL ACCOUNTABILITY
O F F I C E O F T H E N E W YO R K ST A T E C O M P T R O L L E R
Report of Examination
Period Covered:
June 1, 2009 November 10, 2010
2011M-172
Village of Saugerties
Financial Condition and
Internal Controls OverSelected Financial Operations
Thomas P. DiNapoli
8/3/2019 Saugerties Village Audit
2/25
11DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
Page
AUTHORITY LETTER 2
EXECUTIVE SUMMARY 3
INTRODUCTION 5
Background 5
Objectives 5
Scope and Methodology 5 Comments of Local Officials and Corrective Action 6
FINANCIAL CONDITION 7
General Fund 7
Records and Reports 9
Recommendations 10
USER CHARGES 11
Policies and Procedures 11 Segregation of Duties 12
Accounting Records and Reports to the Board 12
Recommendations 13
INFORMATION TECHNOLOGY 14
Policies and Procedures 14
Remote Access 15
Backups 15
Disaster Recovery Plan 16 Recommendations 16
APPENDIX A Response From Local Officials 17
APPENDIX B Audit Methodology and Standards 21
APPENDIX C How to Obtain Additional Copies of the Report 23
APPENDIX D Local Regional Office Listing 24
Table of Contents
8/3/2019 Saugerties Village Audit
3/25
2 OFFICEOFTHE NEW YORK STATE COMPTROLLER2
State of New York
Office of the State Comptroller
Division of Local Government
and School Accountability
November 2011
Dear Village Officials:
A top priority of the Office of the State Comptroller is to help local government officials manage
government resources efficiently and effectively and, by so doing, provide accountability for
tax dollars spent to support government operations. The Comptroller oversees the fiscal affairs of
local governments statewide, as well as compliance with relevant statutes and observance of good
business practices. This fiscal oversight is accomplished, in part, through our audits, which identify
opportunities for improving operations and Village governance. Audits also can identify strategies to
reduce costs and to strengthen controls intended to safeguard local government assets.
Following is a report of our audit of the Village of Saugerties, entitled Financial Condition and Internal
Controls Over Selected Financial Operations. This audit was conducted pursuant to Article V, Section
1 of the State Constitution and the State Comptrollers Authority as set forth in Article 3 of the General
Municipal Law.
This audits results and recommendations are resources for local government officials to use in
effectively managing operations and in meeting the expectations of their constituents. If you have
questions about this report, please feel free to contact the local regional office for your county, as listed
at the end of this report.
Respectfully submitted,
Office of the State Comptroller
Division of Local Government
and School Accountability
8/3/2019 Saugerties Village Audit
4/25
33DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
Office of the State ComptrollerState of New York
EXECUTIVE SUMMARY
The Village of Saugerties (Village) is located in the Town of Saugerties in Ulster County and has a
population of approximately 5,000. The Village is governed by a Board of Trustees (Board) which
comprises six elected Trustees and an elected Mayor who serves as the chief executive officer. The
Village Treasurer (Treasurer) is the chieffiscal officer and is responsible for the custody of all Village
moneys.
The Village provides various services to its residents including fire protection, street maintenance,snow removal, water distribution, sewage treatment, and general government support.1 These services
are accounted for in the general, water, and sewer funds. The operating expenditures for the fiscal year
ended May 31, 2010 were $2.7 million in the general fund, $1.1 million in the water fund, and $1.0
million in the sewer fund. These expenditures were funded primarily with revenues from real property
taxes and departmental income, including water sales and sewer rents.
Scope and Objectives
The objectives of our audit were to review the Villages financial condition and internal controls over
user charges and information technology (IT) for the period June 1, 2009 to November 10, 2010. For
financial condition, we expanded the scope of our audit back to the 2005-06 fiscal year to review prior
years financial trends. Our audit addressed the following related questions:
Is the Board adequately managing the Villages financial condition?
Are internal controls over user charges appropriately designed and operating effectively to
adequately safeguard Village assets?
Are internal controls over IT appropriately designed to adequately safeguard Village assets?
Audit Results
The Board is not adequately managing the Villages financial condition. Specifically, the Board has
continually included amounts of fund balance in excess of the amounts actually available as a
financing source in its annual general fund budgets, had to issue short-term debt to meet cash flow
needs, and relied on annual subsidies from both the water and sewer funds to finance general fund
operations. Because the Board did not adopt budgets that provided sufficient ongoing revenues
1 As of January 1, 2011, police protection is provided to Village residents by the Town rather than the Village.
8/3/2019 Saugerties Village Audit
5/25
4 OFFICEOFTHE NEW YORK STATE COMPTROLLER4
to fund ongoing expenses or adopt reasonable methods for funding the general fund, the Villages
financial condition has deteriorated, and taxpayers have paid interest on money borrowed to pay
for operating costs. Further, because users of the water and sewer systems are subsidizing the
operations of the Villages general fund, these user fees may be higher than necessary to finance the
actual operations of these funds. We also found that fund balance in the Villages general fund was
overstated by more than $152,000.
We also identified weaknesses in the Villages internal controls over water and sewer user charges. The
Board has not adopted written policies and procedures for billing and collection, properly segregated
duties related to billing and collection, or ensured that user charges are correctly reported in Village
financial statements and reports. While our limited tests did not identify any instances of incorrect
bills, account entries, or deposits, the Board and Village officials should adopt billing and collection
policies and strengthen internal controls over these activities to reduce the risk that errors and/or
irregularities could occur and go undetected.
The Village also needs to improve its internal controls over IT. We found that the Village lacks Board-
adopted comprehensive IT policies and procedures. Further, Village officials do not monitor remote
access, do not routinely test data on backups or store them off-site, and do not have a disaster recoveryplan. As a result, the Villages IT system and electronic data are subject to increased risk of loss or
misuse.
Comments of Local Officials
The results of our audit and recommendations have been discussed with Village officials and their
comments, which appear in Appendix A, have been considered in preparing this report. Village
officials generally agreed with our recommendations and indicated they have initiated, or plan to
initiate, corrective action.
8/3/2019 Saugerties Village Audit
6/25
55DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
Background
Introduction
Objectives
Scope and
Methodology
The Village of Saugerties (Village) is located in the Town of
Saugerties in Ulster County and has a population of approximately
5,000. The Village is governed by a Board of Trustees (Board), which
comprises six elected Trustees and an elected Mayor who serves asthe chief executive officer. The Village Treasurer (Treasurer) is the
chieffiscal officer and is responsible for the custody of all Village
moneys.
The Village provides various services to its residents, including fire
protection, street maintenance, snow removal, water distribution,
sewage treatment, and general government support.2 These services
are accounted for in the general, water, and sewer funds. The
operating expenditures for the fiscal year ended May 31, 2010 were
$2.7 million in the general fund, $1.1 million in the water fund, and$1.0 million in the sewer fund. These expenditures were funded
primarily with revenues from real property taxes and departmental
income, including water sales and sewer rents.
The Village services approximately 1,600 water and sewer users and
bills for related services quarterly in June, September, December, and
March. For the fiscal year ending May 31, 2010, Village revenues
for user charges for the water and sewer funds totaled approximately
$1.7 million.
The objectives of our audit were to review the Villages financialcondition and to assess internal controls over selected financialoperations. Our audit addressed the following related questions:
Is the Board adequately managing the Villages financialcondition?
Are internal controls over user charges appropriatelydesigned and operating effectively to adequately safeguardVillage assets?
Are internal controls over IT appropriately designed toadequately safeguard Village assets?
We examined the Villages financial condition and internal controlsover user charges and IT for the period June 1, 2009 to November 10,2010. For financial condition, we expanded the scope of our auditback to the 2005-06 fiscal year to review prior years financial trends.
2 As of January 1, 2011, police protection is provided to Village residents by the
Town rather than the Village.
8/3/2019 Saugerties Village Audit
7/25
6 OFFICEOFTHE NEW YORK STATE COMPTROLLER6
Our audit disclosed areas in need of improvement related to IT
controls. Certain vulnerabilities are not discussed in this report because
of their sensitivity, but we have communicated this information
separately to Village officials so they could take corrective action.
We conducted our audit in accordance with generally accepted
government auditing standards (GAGAS). More information on such
standards and the methodology used in performing this audit are
included in Appendix B of this report.
The results of our audit and recommendations have been discussed
with Village officials and their comments, which appear in Appendix
A, have been considered in preparing this report. Village officials
generally agreed with our recommendations and indicated they have
initiated, or plan to initiate, corrective action.
The Board has the responsibility to initiate corrective action. A
written corrective action plan (CAP) that addresses the findings andrecommendations in this report should be prepared and forwarded
to our office within 90 days, pursuant to Section 35 of the General
Municipal Law. For more information on preparing and filing your
CAP, please refer to our brochure, Responding to an OSC Audit
Report, which you received with the draft audit report. We encourage
the Board to make this plan available for public review in the Clerks
office.
Comments of
Local Officials and
Corrective Action
8/3/2019 Saugerties Village Audit
8/25
77DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
Financial Condition
A local governments financial condition reflects its ability to provide
and finance services on a continuing basis. A local government is
considered to have sound financial health when it can consistently
generate sufficient revenues to finance anticipated expenditures, andmaintain sufficient cash flow to pay bills and other obligations when
due without relying on short-term borrowings or subsidies from other
operating funds. Accordingly, Village officials must adopt realistic
budgets that accurately estimate the revenues required to finance
expenditures, and monitor fund balance levels to ensure that the
Village has sufficient cash flow to maintain operations. While fund
balance can be used to help finance operations, using it repeatedly
for this purpose in place of ongoing revenue sources can deplete fund
balance, leaving the Village without enough cash flow to routinely
pay vendors and employees.
We found that the Board is not adequately managing the Villages
financial condition. Specifically, the Board continually appropriated
more fund balance in the general fund than was actually available
as a financing source, had to issue short-term debt to meet cash
flow needs, and relied on annual subsidies from both the water and
sewer funds to finance general fund operations. Because the Board
did not adopt budgets that provided sufficient ongoing revenues to
fund ongoing expenses or adopt reasonable methods for funding the
general fund, the Villages financial condition has deteriorated, and
taxpayers have paid interest on money borrowed to pay for operatingcosts. We also found that the amount of fund balance reported in
the Villages general fund was overstated by more than $152,000.
Therefore, the general fund balance as of May 31, 2010 is actually
only $46,885.
The Board is responsible for maintaining the Villages financial
health by adopting budgets with realistic estimates of revenues
and financing sources, including the fund balance available for
appropriation. Fund balance represents the differences between
revenues and expenditures that accumulate over time. Estimating
fund balance is an integral part of the budget process because a
reasonable level of fund balance is key to financing the Villages
operations and providing sufficient cash flow. Long-term planning
also helps the Board establish clear goals and methods for funding the
Villages general fund.
We found that the Board did not adequately manage the Villages
financial condition because it did not adopt structurally balanced
General Fund
8/3/2019 Saugerties Village Audit
9/25
8 OFFICEOFTHE NEW YORK STATE COMPTROLLER8
budgets. The Board appropriated non-existent fund balance or used
subsidies from other funds to make up for insufficient revenue in the
general fund. The Board routinely appropriated general fund balance
in excess of amounts actually available, resulting in operating deficits
and unreserved, unappropriated fund balance deficits for the fiscal
years ending May 31, 2006 thru May 31, 2010, as shown in Table 1.
In 2007-08 and 2008-09, the Board appropriated fund balance when
fund balance was already in a deficit condition.
Table 1: General Fund Fiscal Years 2005-06 to 2009-10
2005-06 2006-07 2007-08 2008-09 2009-1
Beginning Fund Balance $165,923a $70,090a $35,355 ($55,598) ($64
Operating Surplus/(Deficit) ($398,943) ($274,656) ($495,953) ($226,621) ($141
Plus: Annual transfer from:
Water Fund $180,000 $112,761 $255,000 $180,000 $25
Sewer Fund $95,000 $127,160 $150,000 $37,500 $15
Total of Annual Transfers $275,000 $239,921 $405,000 $217,500 $40
Total Ending Fund Balance $41,980 $35,355 ($55,598) ($64,719) $19
Appropriated Fund Balance $189,616 $224,402 $127,460 $247,481 $3aIncludes a prior period adjustment
As a result of general fund operating deficits and unfavorable
economic conditions, the Village was forced to rely on short-term
borrowings to address cash flow problems and to provide sufficient
cash to finance operations. Specifically, the Board authorized the
issuance of a $150,000 revenue anticipation note3 in May 2008
and a $300,000 tax anticipation note in March 2009 in the general
fund. Although both debt issues were redeemed in a timely manner,financing ongoing expenses with short-term borrowing instead of
ongoing revenue can be expensive because the Village must pay
interest on borrowed monies. Village officials have not formulated
a written multi-year financial plan to address these budgeting
deficiencies and to match the costs of general fund operations to the
revenues necessary to sustain them.
The general fund budget for the fiscal year ended May 31, 2010 again
included the appropriation of fund balance in excess of the amount
actually available as a financing source. While the Village ended
the 2009-10 year with a positive fund balance in the general fund,
this was primarily the result of subsidies from both the water and
sewer funds totaling $405,000 in the 2009-10 year. Over the five-
year period ended May 31, 2010, the general fund has received total
transfers of $1,543,000 from these funds: $983,000 from the water
fund and $560,000 from the sewer fund. This practice continued
3 This note was for anticipated aid/revenue for police cars and the Villages
streetscape project.
8/3/2019 Saugerties Village Audit
10/25
99DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
in the 2010-11 fiscal year, as transfers from the water and sewer
funds totaled $206,200.4 Although the transfers from the water fund
are legally permissible, General Municipal Law (GML) prohibits
revenues derived from sewer rents from being used for other than
specific sewer-related purposes. Therefore, the Village is not allowed
to transfer money from the sewer fund to the general fund.
Because the Board routinely transfers earnings from the water and
sewer funds to the general fund, users of the water and sewer systems
are being charged fees which, in effect, are subsidizing the operations
of the Villages general fund. As a result, these fees may be higher
than necessary to finance the actual operations of these funds.
Accurate recording and reporting offinancial activity are critical
to the effective management of the Villages operations. Accounting
records also serve as a basis for the Villages annual financial
statement, an important document that allows management and
the general public to assess the Villages financial operations andfinancial condition.
The Treasurer is responsible for maintaining appropriate accounting
records, as well as providing financial reports to the Board. The
Village contracts with a certified public accounting (CPA) firm to
prepare and file the annual financial report (also known as the annual
update document, or AUD) with the State Comptrollers Office, as
well as to audit the Villages financial statements.
We reviewed the Villages AUD, analyzed trends, and compared
reported amounts to supporting documentation including bankstatements, general ledgers, and other accounting records, focusing
on the fiscal year ending May 31, 2010. We found that the following
excluded accounts resulted in overstating the amount of the Villages
fund balance in the general fund by $152,186.
Deferred tax revenues are not accurately reported. The
Village consistently reports current and overdue taxes
receivable without properly recording a related liability for
deferred taxes. Deferred taxes should be used to account
for the amount of taxes remaining uncollected 60 days afterthe end of the fiscal year. The Villages financial statements
failed to report deferred taxes of $83,195 at May 31, 2010,
which resulted in overstating the reported fund balance for the
general fund by this amount.
Records and Reports
4 $155,000 from the water fund and $51,200 from the sewer fund
8/3/2019 Saugerties Village Audit
11/25
10 OFFICEOFTHE NEW YORK STATE COMPTROLLER10
Current portions of certain long-term liabilities were not
reported in the Villages AUD. The report by the Villages CPA
showed 10 percent of the Villages compensated absences and
judgments and claims liabilities, totaling $68,991, as a current
liability of the general fund. The Villages AUD, however, did
not reflect this current liability. As a result, the fund balance
of the general fund was overstated at May 31, 2010 by this
amount.
Because of these excluded accounts, the fund balance in the Villages
general fund was overstated, hindering informed decision-making by
Village officials.
1. The Board should develop realistic and structurally balanced
annual budgets and ensure that surplus fund balance is actually
available prior to including any such surplus as a funding source.
2. The Board should develop a multi-year financial plan to establishclear goals and methods for funding the Villages general fund.
3. The Board should ensure that any operating subsidies from
other Village funds are in compliance with GML, and in the best
interests of Village taxpayers and ratepayers.
4. The Treasurer should maintain accurate records and ensure that
annual financial reports are accurate.
Recommendations
8/3/2019 Saugerties Village Audit
12/25
1111DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
User Charges
It is important that Village officials ensure that they accurately bill
water and sewer accounts, collect all the money due to the Village, and
correctly report revenues from user fees in the financial statements.
However, Village officials have little assurance that all user chargesare properly billed, collected, and reported because the Village lacks
effective internal controls over these functions. The Board has not
adopted written policies and procedures for billing and collection,
properly segregated duties related to billing and collection, or ensured
that user charges are correctly reported in Village financial statements
and reports. While our limited tests did not identify any instances
of incorrect bills, account entries, or deposits, the Board and Village
officials should adopt billing and collection policies and strengthen
internal controls over these activities to reduce the risk that errors
and/or irregularities could occur and go undetected.
It is the Boards responsibility to ensure that water and sewer user
charges are being appropriately billed, collected, enforced, and
accounted for by providing appropriate oversight over control
procedures. A written policy and procedures that identify the
responsibilities of key individuals, and that require independent
reconciliations of accounts can ensure that user charges are
appropriately billed, collected, enforced, and accounted for.
The Board has not adopted written policies and procedures for the
billing, collection, enforcement, and accounting for water and seweruser charges. While we identified Village local laws related to these
user charges, such laws were conflicting and inconsistent with Village
practices. For example, one law required a semiannual sewer rent but
another law requires that sewer user charges be billed quarterly with
water bills. Additionally, local laws require a 10 percent penalty if a
bill is not paid within 30 days, and an additional 2 percent interest
fee for each subsequent month the bill remains unpaid. However, in
practice, the Village does not charge the additional 2 percent interest
fee.5
Because the Board has not adopted and enforced conformance with
policies and procedures for billing and collecting user charges, the
Village may lose revenues due from user charges or fail to detect and
correct billing or reporting errors.
Policies and Procedures
5 None of the payments we tested were late enough to require the additional fee.
8/3/2019 Saugerties Village Audit
13/25
12 OFFICEOFTHE NEW YORK STATE COMPTROLLER12
An important component of any internal control system is proper
segregation of duties to ensure that no one person controls all
phases of a transaction. Concentrating key duties (i.e., authorization,
recordkeeping, and custody) with one individual with little or no
oversight weakens internal controls and significantly increases the
risk that errors and/or irregularities might occur and go undetected
and uncorrected. If segregation of duties is not possible, the Board
should provide additional oversight of operations and implement
compensating controls.
The water clerk is responsible for preparing water and sewer bills,6
mailing bills, maintaining the detailed customer accounts, collecting
water and sewer bill payments, entering receipts in detail records,
preparing deposits, enforcing unpaid customer accounts, and adjusting
individual customer accounts. She also has the ability to change the
water rate in the computerized billing system. Although the Treasurer
maintains control accounts for water and sewer operations and
prepares bank reconciliations, the Treasurer uses records preparedby the water clerk to do the reconciliation. No one independent of
water and sewer billing processes reviews account detail information
or account adjustments to ensure that billing is accurate, receipts are
all accounted for, and adjustments are legitimate.
We reviewed 50 accounts7 to ensure that user charges were billed/
adjusted, collected, deposited, and enforced in accordance with legal
requirements and managements authorization. We found that all
billings were at approved rates, usage was supported, extensions were
correct, and deposits were made in a timely manner. The adjustments
we found were supported, but authorization for these adjustmentswas not documented. Although we did not identify any exceptions,
it is important that the Board and Village officials segregate critical
duties related to user charges or provide for increased review of the
water clerks activities, including authorizing adjustments, to reduce
the risk that errors and irregularities could occur without detection.
The Treasurer is responsible for maintaining complete, accurate, and
current accounting records related to water and sewer user charges.
These records provide the basis for periodic reports to the Board.
To help ensure the accuracy of such reports, the Treasurer shouldperiodically reconcile her report balances and activity to the detail
records maintained by the water clerk. However, the Treasurer does
Segregation of Duties
Accounting Records and
Reports to the Board
6 A Town employee helps with the process of generating bills. Specifically, this
employee runs a register of all customers, checks the totals for reasonableness, and
prints the bills.7 This sample included 40 accounts that were randomly selected using a random
number generator and 10 accounts (for key officials and others) deemed to have a
higher risk of unauthorized adjustments.
8/3/2019 Saugerties Village Audit
14/25
1313DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
not perform this type of reconciliation. We compared the Treasurers
records for water and sewer receivable accounts to the water clerks
detail records. While we found that collections were properly
recorded, we found that billings were not accurately recorded, and
that year-end balances were not supported by lists of unpaid customer
accounts.
The lack of routine reconciliation may result in inaccurate accounting
records, and preclude the Board from making sound financial
decisions. Further, the Village is at an increased risk that errors and/
or irregularities will occur and go undetected and uncorrected.
5. The Board should review the Villages local laws related to
water and sewer user charges and ensure such laws reflect
managements objectives and are not conflicting.
6. The Board should establish written policies and procedures for
billing, collecting, enforcing, and accounting for water and seweruser charges.
7. The Board should segregate the duties related to billing,
depositing, and accounting for water and sewer user charges or
establish compensating controls to mitigate risk.
8. The Treasurer should maintain accurate accounting records and
periodically reconcile those records to those of the water clerk.
Recommendations
8/3/2019 Saugerties Village Audit
15/25
14 OFFICEOFTHE NEW YORK STATE COMPTROLLER14
Information Technology
The Board is responsible for designing and implementing a
comprehensive system of internal controls over IT resources including
policies and procedures that protect IT equipment, software, and data
from loss due to error, malicious intent or accidents (disasters).Village officials rely on their IT system to access the Internet,
communicate by email, store data, and maintain financial records.
It is essential that access to the Villages IT resources be controlled
and monitored to reduce the risk of misuse or alteration of data, and
that security roles and responsibilities be established and monitored.
It is also important that electronic data is backed up and a disaster
recovery plan is in place so that in the event of the loss of data or
equipment, operations can be restored completely and accurately.
The Village needs to improve its internal controls over IT.
Specifically, the Board has not adopted comprehensive IT policies
and procedures. Further, the Village does not monitor remote access,
store backups off site, or have a disaster recovery plan to follow in
the event of emergency. As a result, the Villages IT system and
electronic data are subject to increased risk of loss or misuse.
The Board is responsible for establishing policies and procedures
to protect the Villages computing environment and provide clear
guidance on all aspects of IT used. Such policies and procedures
should define security problems and include, but not be limited to,
acceptable computer use, the Internet and email, data safeguards,anti-virus protection, and password security. In addition, they should
address remote access controls, data backup systems, and disaster
recovery. Effective technology policies and procedures should be
regularly reviewed and updated to reflect changes not only in the
organizations technology environment, but those occurring in the
outside computing environment as well.
The Board has not established policies and procedures related to
acceptable use of computer resources. Also, Village officials do not
monitor computer use to determine whether staff are properly using
the Villages computer resources.
While comprehensive computer usage policies do not guarantee the
safety of the Villages electronic information, the lack of such policies
significantly increases the risk that hardware and software systems
and the data they contain may be lost or damaged by inappropriate
use. This leaves the Village vulnerable to risks associated with
personal use, including computer viruses and spyware.
Policies and Procedures
8/3/2019 Saugerties Village Audit
16/25
1515DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
Remote access (from any source) must be controlled and monitored
so that only authorized individuals can use the Villages computer
system or retrieve data. It is essential that Village officials develop
and implement policies and procedures addressing how remote
access is granted, who is given remote access, and how remote access
will be monitored and controlled. For example, procedures should
ensure that someone is assigned to periodically print and review audit
logs to ensure that only authorized individuals have accessed the IT
system, and that their activities were appropriate. It is important
to retain documentation to indicate that the audit logs have been
reviewed. Additionally, if remote access users are not Village officials
or employees, but vendors who might be used as IT consultants, it
is important to establish agreements with these vendors regarding
expectations and consequences for violating such expectations.
The Village has two software vendors who have been granted remote
access to the IT system to provide support, technical services,
problem solving, and any other requests made by Village officials.Village officials do not adequately monitor these vendors remote
access to determine when and who has accessed the system remotely,
and for what reasons. There are no procedures to review audit logs to
monitor vendors work within the system. Additionally, the Village
has not secured a written agreement with these vendors regarding
expectations and consequences.
Without remote access agreements, there is no assurance that the
Villages interests are effectively protected. The lack of monitoring
also increases the risk that financial data can be manipulated, lost, or
misused without detection.
The Villages electronic data should be backed up (duplicate copies
made) on a routine basis and the copies should be stored in a secure
off-site location. Periodically, Village personnel should verify the
integrity of the copied data and test the effectiveness of the restoration
process by restoring data from the backups.
The Villages electronic data is backed up daily to tapes. The tapes,
however, are not stored at a secure off-site location, but rather,
are stored in the Villagesfi
re-proof, water-proof safe (that is keptopen throughout the day). Additionally, Village personnel do not
periodically restore/test the data from these backup tapes.
In the event that a fire or other disaster were to occur, both the server
and backups could be destroyed or damaged resulting in a loss of
essential financial data that may not be recoverable. Also, since
Village officials do not periodically restore/test the backups, they
have no assurance about the effectiveness of the backup process.
Remote Access
Backups
8/3/2019 Saugerties Village Audit
17/25
16 OFFICEOFTHE NEW YORK STATE COMPTROLLER16
A disaster recovery plan is intended to identify and describe how
the Village plans to deal with potential disasters. Such disasters may
include any sudden, catastrophic event (e.g., fire, computer virus,
power outage, or inadvertent employee action) that compromises
the integrity of the IT system and data. An effective plan includes
precautions, including the routine backup of critical data, to minimize
the effects of a disaster and to enable the Village to either maintain or
quickly resume its critical functions.
The Village does not have a formal disaster recovery plan.
Consequently, in the event of a disaster, Village personnel have no
guidelines or plan to follow to help minimize or prevent the loss of
equipment and data, or guidance on how to implement data recovery
and resume operations as efficiently as possible.
9. The Board should establish written IT policies and procedures
to address acceptable computer use, remote access controls, data
backup systems, and disaster recovery.
10. Village officials should secure agreements with vendors
regarding expectations and consequences. Village officials
should also establish procedures for granting and monitoring
user access.
11. Village officials should ensure that backups are stored at a secure
off-site location. Officials should verify integrity of the data by
periodically testing/restoring the backups.
12. Village officials should establish a formal disaster recoveryplan. This plan should be distributed to all responsible parties,
periodically tested, and updated as needed.
Disaster Recovery Plan
Recommendations
8/3/2019 Saugerties Village Audit
18/25
1717DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
APPENDIX A
RESPONSE FROM LOCAL OFFICIALS
The local officials response to this audit can be found on the following pages.
8/3/2019 Saugerties Village Audit
19/25
18 OFFICEOFTHE NEW YORK STATE COMPTROLLER18
8/3/2019 Saugerties Village Audit
20/25
1919DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
8/3/2019 Saugerties Village Audit
21/25
20 OFFICEOFTHE NEW YORK STATE COMPTROLLER20
8/3/2019 Saugerties Village Audit
22/25
2121DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
APPENDIX B
AUDIT METHODOLOGY AND STANDARDS
Our overall goal was to assess the adequacy of the internal controls put in place by officials to
safeguard Village assets. In order to accomplish this, we performed an initial assessment of internal
controls so that we could design our audit to focus on those areas most at risk. Our initial assessment
included evaluations of the following areas: financial condition, control environment, cash receipts,
deposits, investments, cash disbursements, purchasing, claims processing, payroll, billed receivables,
fuel inventory, equipment, capital assets, capital projects, and information technology.
During the initial assessment, we interviewed Village officials and employees, performed limited tests
of transactions, and reviewed pertinent documents such as adopted policies and procedures, Board
minutes, and financial records and reports. After reviewing the information gathered during our initial
assessment, we determined where weaknesses existed, and evaluated those weaknesses for inherent
control risks. We then decided upon the reported objectives and scope by selecting for audit those areas
most at risk. We selected financial condition, user charges, and information technology for furtheraudit testing.
To determine if the Village Board was adequately managing the Villages financial condition, we
interviewed Village officials to obtain an understanding of internal controls. We also reviewed various
records and reports including general ledgers, budgets, balance sheets, bank statements, and other
supporting documentation to analyze the Villages financial condition and ensure that reported figures
were recorded, supported, proper, and authorized.
To assess the effectiveness of internal controls over user charges, we interviewed Village officials and
employees to obtain an understanding of internal controls. We reviewed 50 accounts to ensure that
user charges were billed/adjusted, collected and remitted, and enforced [when unpaid] in accordancewith legal requirements and managements authorization. These 50 accounts include 40 accounts that
were randomly selected using the total number of billed accounts and a random number generator. The
remaining 10 accounts reviewed were made up of key officials and other accounts with a higher risk of
unauthorized adjustments. Our procedures included examination of the following records:
Customer Transaction Summaries
Rate Code Lists
Billing Edit Lists
Reading Edit Lists
Edit Lists
Closing Total Reports
8/3/2019 Saugerties Village Audit
23/25
22 OFFICEOFTHE NEW YORK STATE COMPTROLLER22
Bank Statements
Deposit Slips.
For information technology, we obtained an understanding of system controls through interviews
and observations of the Villages computerized data system. We reviewed available documents and
spoke with Village officials regarding vendors supporting the Villages IT infrastructure and financial
software systems.
We conducted this performance audit in accordance with generally accepted government auditing
standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.
8/3/2019 Saugerties Village Audit
24/25
2323DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY
APPENDIX C
HOW TO OBTAIN ADDITIONAL COPIES OF THE REPORT
Office of the State Comptroller
Public Information Office
110 State Street, 15th Floor
Albany, New York 12236
(518) 474-4015
http://www.osc.state.ny.us/localgov/
To obtain copies of this report, write or visit our web page:
8/3/2019 Saugerties Village Audit
25/25
APPENDIX D
OFFICE OF THE STATE COMPTROLLER
DIVISION OF LOCAL GOVERNMENT
AND SCHOOL ACCOUNTABILITY
Steven J. Hancox, Deputy Comptroller
Nathaalie N. Carey, Assistant Comptroller
LOCAL REGIONAL OFFICE LISTING
BINGHAMTON REGIONAL OFFICE
H. Todd Eames, Chief Examiner
Office of the State Comptroller
State Office Building - Suite 1702
44 Hawley Street
Binghamton, New York 13901-4417
(607) 721-8306 Fax (607) 721-8313
Email: [email protected]
Serving: Broome, Chenango, Cortland, Delaware,
Otsego, Schoharie, Sullivan, Tioga, Tompkins Counties
BUFFALO REGIONAL OFFICE
Robert Meller, Chief Examiner
Office of the State Comptroller
295 Main Street, Suite 1032
Buffalo, New York 14203-2510
(716) 847-3647 Fax (716) 847-3643
Email: [email protected]
Serving: Allegany, Cattaraugus, Chautauqua, Erie,
Genesee, Niagara, Orleans, Wyoming Counties
GLENS FALLS REGIONAL OFFICE
Jeffrey P. Leonard, Chief Examiner
Office of the State Comptroller
One Broad Street Plaza
Glens Falls, New York 12801-4396
(518) 793-0057 Fax (518) 793-5797
Email: [email protected]
Serving: Albany, Clinton, Essex, Franklin,
Fulton, Hamilton, Montgomery, Rensselaer,
Saratoga, Schenectady, Warren, Washington Counties
HAUPPAUGE REGIONAL OFFICEIra McCracken, Chief Examiner
Office of the State Comptroller
NYS Office Building, Room 3A10
Veterans Memorial Highway
Hauppauge, New York 11788-5533
(631) 952-6534 Fax (631) 952-6530
Email: [email protected]
Serving: Nassau and Suffolk Counties
NEWBURGH REGIONAL OFFICE
Christopher Ellis, Chief Examiner
Office of the State Comptroller
33 Airport Center Drive, Suite 103
New Windsor, New York 12553-4725
(845) 567-0858 Fax (845) 567-0080
Email: [email protected]
Serving: Columbia, Dutchess, Greene, Orange,
Putnam, Rockland, Ulster, Westchester Counties
ROCHESTER REGIONAL OFFICE
Edward V. Grant, Jr., Chief Examiner
Office of the State Comptroller
The Powers Building
16 West Main Street Suite 522
Rochester, New York 14614-1608
(585) 454-2460 Fax (585) 454-3545
Email: [email protected]
Serving: Cayuga, Chemung, Livingston, Monroe,
Ontario, Schuyler, Seneca, Steuben, Wayne, Yates Counties
SYRACUSE REGIONAL OFFICE
Rebecca Wilcox, Chief Examiner
Office of the State Comptroller
State Office Building, Room 409
333 E. Washington Street
Syracuse, New York 13202-1428
(315) 428-4192 Fax (315) 426-2119
Email: [email protected]
Serving: Herkimer, Jefferson, Lewis, Madison,
Oneida, Onondaga, Oswego, St. Lawrence Counties
STATEWIDE AND REGIONAL PROJECTSAnn C. Singer, Chief Examiner
State Office Building - Suite 1702
44 Hawley Street
Binghamton, New York 13901-4417
(607) 721-8306 Fax (607) 721-8313