Saugerties Village Audit

8/3/2019 Saugerties Village Audit

1/25

DIVISIONOF LOCAL GOVERNMENT

& SCHOOL ACCOUNTABILITY

O F F I C E O F T H E N E W YO R K ST A T E C O M P T R O L L E R

Report of Examination

Period Covered:

June 1, 2009 November 10, 2010

2011M-172

Village of Saugerties

Financial Condition and

Internal Controls OverSelected Financial Operations

Thomas P. DiNapoli


2/25

11DIVISIONOF LOCAL GOVERNMENTAND SCHOOLACCOUNTABILITY

Page

AUTHORITY LETTER 2

EXECUTIVE SUMMARY 3

INTRODUCTION 5

Background 5

Objectives 5

Scope and Methodology 5 Comments of Local Officials and Corrective Action 6

FINANCIAL CONDITION 7

General Fund 7

Records and Reports 9

Recommendations 10

USER CHARGES 11

Policies and Procedures 11 Segregation of Duties 12

Accounting Records and Reports to the Board 12

Recommendations 13

INFORMATION TECHNOLOGY 14

Policies and Procedures 14

Remote Access 15

Backups 15

Disaster Recovery Plan 16 Recommendations 16

APPENDIX A Response From Local Officials 17

APPENDIX B Audit Methodology and Standards 21

APPENDIX C How to Obtain Additional Copies of the Report 23

APPENDIX D Local Regional Office Listing 24

Table of Contents


3/25

2 OFFICEOFTHE NEW YORK STATE COMPTROLLER2

State of New York

Office of the State Comptroller

Division of Local Government

and School Accountability

November 2011

Dear Village Officials:

A top priority of the Office of the State Comptroller is to help local government officials manage

government resources efficiently and effectively and, by so doing, provide accountability for

tax dollars spent to support government operations. The Comptroller oversees the fiscal affairs of

local governments statewide, as well as compliance with relevant statutes and observance of good

business practices. This fiscal oversight is accomplished, in part, through our audits, which identify

opportunities for improving operations and Village governance. Audits also can identify strategies to

reduce costs and to strengthen controls intended to safeguard local government assets.

Following is a report of our audit of the Village of Saugerties, entitled Financial Condition and Internal

Controls Over Selected Financial Operations. This audit was conducted pursuant to Article V, Section

1 of the State Constitution and the State Comptrollers Authority as set forth in Article 3 of the General

Municipal Law.

This audits results and recommendations are resources for local government officials to use in

effectively managing operations and in meeting the expectations of their constituents. If you have

questions about this report, please feel free to contact the local regional office for your county, as listed

at the end of this report.

Respectfully submitted,


Division of Local Government

and School Accountability


4/25


Office of the State ComptrollerState of New York

EXECUTIVE SUMMARY

The Village of Saugerties (Village) is located in the Town of Saugerties in Ulster County and has a

population of approximately 5,000. The Village is governed by a Board of Trustees (Board) which

comprises six elected Trustees and an elected Mayor who serves as the chief executive officer. The

Village Treasurer (Treasurer) is the chieffiscal officer and is responsible for the custody of all Village

moneys.

The Village provides various services to its residents including fire protection, street maintenance,snow removal, water distribution, sewage treatment, and general government support.1 These services

are accounted for in the general, water, and sewer funds. The operating expenditures for the fiscal year

ended May 31, 2010 were $2.7 million in the general fund, $1.1 million in the water fund, and $1.0

million in the sewer fund. These expenditures were funded primarily with revenues from real property

taxes and departmental income, including water sales and sewer rents.

Scope and Objectives

The objectives of our audit were to review the Villages financial condition and internal controls over

user charges and information technology (IT) for the period June 1, 2009 to November 10, 2010. For

financial condition, we expanded the scope of our audit back to the 2005-06 fiscal year to review prior

years financial trends. Our audit addressed the following related questions:

Is the Board adequately managing the Villages financial condition?

Are internal controls over user charges appropriately designed and operating effectively to

adequately safeguard Village assets?

Are internal controls over IT appropriately designed to adequately safeguard Village assets?

Audit Results

The Board is not adequately managing the Villages financial condition. Specifically, the Board has

continually included amounts of fund balance in excess of the amounts actually available as a

financing source in its annual general fund budgets, had to issue short-term debt to meet cash flow

needs, and relied on annual subsidies from both the water and sewer funds to finance general fund

operations. Because the Board did not adopt budgets that provided sufficient ongoing revenues

1 As of January 1, 2011, police protection is provided to Village residents by the Town rather than the Village.


5/25


to fund ongoing expenses or adopt reasonable methods for funding the general fund, the Villages

financial condition has deteriorated, and taxpayers have paid interest on money borrowed to pay

for operating costs. Further, because users of the water and sewer systems are subsidizing the

operations of the Villages general fund, these user fees may be higher than necessary to finance the

actual operations of these funds. We also found that fund balance in the Villages general fund was

overstated by more than $152,000.

We also identified weaknesses in the Villages internal controls over water and sewer user charges. The

Board has not adopted written policies and procedures for billing and collection, properly segregated

duties related to billing and collection, or ensured that user charges are correctly reported in Village

financial statements and reports. While our limited tests did not identify any instances of incorrect

bills, account entries, or deposits, the Board and Village officials should adopt billing and collection

policies and strengthen internal controls over these activities to reduce the risk that errors and/or

irregularities could occur and go undetected.

The Village also needs to improve its internal controls over IT. We found that the Village lacks Board-

adopted comprehensive IT policies and procedures. Further, Village officials do not monitor remote

access, do not routinely test data on backups or store them off-site, and do not have a disaster recoveryplan. As a result, the Villages IT system and electronic data are subject to increased risk of loss or

misuse.

Comments of Local Officials

The results of our audit and recommendations have been discussed with Village officials and their

comments, which appear in Appendix A, have been considered in preparing this report. Village

officials generally agreed with our recommendations and indicated they have initiated, or plan to

initiate, corrective action.


6/25


Background

Introduction

Objectives

Scope and

Methodology

The Village of Saugerties (Village) is located in the Town of

Saugerties in Ulster County and has a population of approximately

5,000. The Village is governed by a Board of Trustees (Board), which

comprises six elected Trustees and an elected Mayor who serves asthe chief executive officer. The Village Treasurer (Treasurer) is the

chieffiscal officer and is responsible for the custody of all Village

moneys.

The Village provides various services to its residents, including fire

protection, street maintenance, snow removal, water distribution,

sewage treatment, and general government support.2 These services

are accounted for in the general, water, and sewer funds. The

operating expenditures for the fiscal year ended May 31, 2010 were

$2.7 million in the general fund, $1.1 million in the water fund, and$1.0 million in the sewer fund. These expenditures were funded

primarily with revenues from real property taxes and departmental

income, including water sales and sewer rents.

The Village services approximately 1,600 water and sewer users and

bills for related services quarterly in June, September, December, and

March. For the fiscal year ending May 31, 2010, Village revenues

for user charges for the water and sewer funds totaled approximately

$1.7 million.

The objectives of our audit were to review the Villages financialcondition and to assess internal controls over selected financialoperations. Our audit addressed the following related questions:

Is the Board adequately managing the Villages financialcondition?

Are internal controls over user charges appropriatelydesigned and operating effectively to adequately safeguardVillage assets?

Are internal controls over IT appropriately designed toadequately safeguard Village assets?

We examined the Villages financial condition and internal controlsover user charges and IT for the period June 1, 2009 to November 10,2010. For financial condition, we expanded the scope of our auditback to the 2005-06 fiscal year to review prior years financial trends.

2 As of January 1, 2011, police protection is provided to Village residents by the

Town rather than the Village.


7/25


Our audit disclosed areas in need of improvement related to IT

controls. Certain vulnerabilities are not discussed in this report because

of their sensitivity, but we have communicated this information

separately to Village officials so they could take corrective action.

We conducted our audit in accordance with generally accepted

government auditing standards (GAGAS). More information on such

standards and the methodology used in performing this audit are

included in Appendix B of this report.

The results of our audit and recommendations have been discussed

with Village officials and their comments, which appear in Appendix

A, have been considered in preparing this report. Village officials

generally agreed with our recommendations and indicated they have

initiated, or plan to initiate, corrective action.

The Board has the responsibility to initiate corrective action. A

written corrective action plan (CAP) that addresses the findings andrecommendations in this report should be prepared and forwarded

to our office within 90 days, pursuant to Section 35 of the General

Municipal Law. For more information on preparing and filing your

CAP, please refer to our brochure, Responding to an OSC Audit

Report, which you received with the draft audit report. We encourage

the Board to make this plan available for public review in the Clerks

office.

Comments of

Local Officials and

Corrective Action


8/25


Financial Condition

A local governments financial condition reflects its ability to provide

and finance services on a continuing basis. A local government is

considered to have sound financial health when it can consistently

generate sufficient revenues to finance anticipated expenditures, andmaintain sufficient cash flow to pay bills and other obligations when

due without relying on short-term borrowings or subsidies from other

operating funds. Accordingly, Village officials must adopt realistic

budgets that accurately estimate the revenues required to finance

expenditures, and monitor fund balance levels to ensure that the

Village has sufficient cash flow to maintain operations. While fund

balance can be used to help finance operations, using it repeatedly

for this purpose in place of ongoing revenue sources can deplete fund

balance, leaving the Village without enough cash flow to routinely

pay vendors and employees.

We found that the Board is not adequately managing the Villages

financial condition. Specifically, the Board continually appropriated

more fund balance in the general fund than was actually available

as a financing source, had to issue short-term debt to meet cash

flow needs, and relied on annual subsidies from both the water and

sewer funds to finance general fund operations. Because the Board

did not adopt budgets that provided sufficient ongoing revenues to

fund ongoing expenses or adopt reasonable methods for funding the

general fund, the Villages financial condition has deteriorated, and

taxpayers have paid interest on money borrowed to pay for operatingcosts. We also found that the amount of fund balance reported in

the Villages general fund was overstated by more than $152,000.

Therefore, the general fund balance as of May 31, 2010 is actually

only $46,885.

The Board is responsible for maintaining the Villages financial

health by adopting budgets with realistic estimates of revenues

and financing sources, including the fund balance available for

appropriation. Fund balance represents the differences between

revenues and expenditures that accumulate over time. Estimating

fund balance is an integral part of the budget process because a

reasonable level of fund balance is key to financing the Villages

operations and providing sufficient cash flow. Long-term planning

also helps the Board establish clear goals and methods for funding the

Villages general fund.

We found that the Board did not adequately manage the Villages

financial condition because it did not adopt structurally balanced

General Fund


9/25


budgets. The Board appropriated non-existent fund balance or used

subsidies from other funds to make up for insufficient revenue in the

general fund. The Board routinely appropriated general fund balance

in excess of amounts actually available, resulting in operating deficits

and unreserved, unappropriated fund balance deficits for the fiscal

years ending May 31, 2006 thru May 31, 2010, as shown in Table 1.

In 2007-08 and 2008-09, the Board appropriated fund balance when

fund balance was already in a deficit condition.

Table 1: General Fund Fiscal Years 2005-06 to 2009-10

2005-06 2006-07 2007-08 2008-09 2009-1

Beginning Fund Balance $165,923a $70,090a $35,355 ($55,598) ($64

Operating Surplus/(Deficit) ($398,943) ($274,656) ($495,953) ($226,621) ($141

Plus: Annual transfer from:

Water Fund $180,000 $112,761 $255,000 $180,000 $25

Sewer Fund $95,000 $127,160 $150,000 $37,500 $15

Total of Annual Transfers $275,000 $239,921 $405,000 $217,500 $40

Total Ending Fund Balance $41,980 $35,355 ($55,598) ($64,719) $19

Appropriated Fund Balance $189,616 $224,402 $127,460 $247,481 $3aIncludes a prior period adjustment

As a result of general fund operating deficits and unfavorable

economic conditions, the Village was forced to rely on short-term

borrowings to address cash flow problems and to provide sufficient

cash to finance operations. Specifically, the Board authorized the

issuance of a $150,000 revenue anticipation note3 in May 2008

and a $300,000 tax anticipation note in March 2009 in the general

fund. Although both debt issues were redeemed in a timely manner,financing ongoing expenses with short-term borrowing instead of

ongoing revenue can be expensive because the Village must pay

interest on borrowed monies. Village officials have not formulated

a written multi-year financial plan to address these budgeting

deficiencies and to match the costs of general fund operations to the

revenues necessary to sustain them.

The general fund budget for the fiscal year ended May 31, 2010 again

included the appropriation of fund balance in excess of the amount

actually available as a financing source. While the Village ended

the 2009-10 year with a positive fund balance in the general fund,

this was primarily the result of subsidies from both the water and

sewer funds totaling $405,000 in the 2009-10 year. Over the five-

year period ended May 31, 2010, the general fund has received total

transfers of $1,543,000 from these funds: $983,000 from the water

fund and $560,000 from the sewer fund. This practice continued

3 This note was for anticipated aid/revenue for police cars and the Villages

streetscape project.


10/25


in the 2010-11 fiscal year, as transfers from the water and sewer

funds totaled $206,200.4 Although the transfers from the water fund

are legally permissible, General Municipal Law (GML) prohibits

revenues derived from sewer rents from being used for other than

specific sewer-related purposes. Therefore, the Village is not allowed

to transfer money from the sewer fund to the general fund.

Because the Board routinely transfers earnings from the water and

sewer funds to the general fund, users of the water and sewer systems

are being charged fees which, in effect, are subsidizing the operations

of the Villages general fund. As a result, these fees may be higher

than necessary to finance the actual operations of these funds.

Accurate recording and reporting offinancial activity are critical

to the effective management of the Villages operations. Accounting

records also serve as a basis for the Villages annual financial

statement, an important document that allows management and

the general public to assess the Villages financial operations andfinancial condition.

The Treasurer is responsible for maintaining appropriate accounting

records, as well as providing financial reports to the Board. The

Village contracts with a certified public accounting (CPA) firm to

prepare and file the annual financial report (also known as the annual

update document, or AUD) with the State Comptrollers Office, as

well as to audit the Villages financial statements.

We reviewed the Villages AUD, analyzed trends, and compared

reported amounts to supporting documentation including bankstatements, general ledgers, and other accounting records, focusing

on the fiscal year ending May 31, 2010. We found that the following

excluded accounts resulted in overstating the amount of the Villages

fund balance in the general fund by $152,186.

Deferred tax revenues are not accurately reported. The

Village consistently reports current and overdue taxes

receivable without properly recording a related liability for

deferred taxes. Deferred taxes should be used to account

for the amount of taxes remaining uncollected 60 days afterthe end of the fiscal year. The Villages financial statements

failed to report deferred taxes of $83,195 at May 31, 2010,

which resulted in overstating the reported fund balance for the

general fund by this amount.

Records and Reports

4 $155,000 from the water fund and $51,200 from the sewer fund


11/25


Current portions of certain long-term liabilities were not

reported in the Villages AUD. The report by the Villages CPA

showed 10 percent of the Villages compensated absences and

judgments and claims liabilities, totaling $68,991, as a current

liability of the general fund. The Villages AUD, however, did

not reflect this current liability. As a result, the fund balance

of the general fund was overstated at May 31, 2010 by this

amount.

Because of these excluded accounts, the fund balance in the Villages

general fund was overstated, hindering informed decision-making by

Village officials.

1. The Board should develop realistic and structurally balanced

annual budgets and ensure that surplus fund balance is actually

available prior to including any such surplus as a funding source.

2. The Board should develop a multi-year financial plan to establishclear goals and methods for funding the Villages general fund.

3. The Board should ensure that any operating subsidies from

other Village funds are in compliance with GML, and in the best

interests of Village taxpayers and ratepayers.

4. The Treasurer should maintain accurate records and ensure that

annual financial reports are accurate.

Recommendations


12/25


User Charges

It is important that Village officials ensure that they accurately bill

water and sewer accounts, collect all the money due to the Village, and

correctly report revenues from user fees in the financial statements.

However, Village officials have little assurance that all user chargesare properly billed, collected, and reported because the Village lacks

effective internal controls over these functions. The Board has not

adopted written policies and procedures for billing and collection,

properly segregated duties related to billing and collection, or ensured

that user charges are correctly reported in Village financial statements

and reports. While our limited tests did not identify any instances

of incorrect bills, account entries, or deposits, the Board and Village

officials should adopt billing and collection policies and strengthen

internal controls over these activities to reduce the risk that errors

and/or irregularities could occur and go undetected.

It is the Boards responsibility to ensure that water and sewer user

charges are being appropriately billed, collected, enforced, and

accounted for by providing appropriate oversight over control

procedures. A written policy and procedures that identify the

responsibilities of key individuals, and that require independent

reconciliations of accounts can ensure that user charges are

appropriately billed, collected, enforced, and accounted for.

The Board has not adopted written policies and procedures for the

billing, collection, enforcement, and accounting for water and seweruser charges. While we identified Village local laws related to these

user charges, such laws were conflicting and inconsistent with Village

practices. For example, one law required a semiannual sewer rent but

another law requires that sewer user charges be billed quarterly with

water bills. Additionally, local laws require a 10 percent penalty if a

bill is not paid within 30 days, and an additional 2 percent interest

fee for each subsequent month the bill remains unpaid. However, in

practice, the Village does not charge the additional 2 percent interest

fee.5

Because the Board has not adopted and enforced conformance with

policies and procedures for billing and collecting user charges, the

Village may lose revenues due from user charges or fail to detect and

correct billing or reporting errors.

Policies and Procedures

5 None of the payments we tested were late enough to require the additional fee.


13/25


An important component of any internal control system is proper

segregation of duties to ensure that no one person controls all

phases of a transaction. Concentrating key duties (i.e., authorization,

recordkeeping, and custody) with one individual with little or no

oversight weakens internal controls and significantly increases the

risk that errors and/or irregularities might occur and go undetected

and uncorrected. If segregation of duties is not possible, the Board

should provide additional oversight of operations and implement

compensating controls.

The water clerk is responsible for preparing water and sewer bills,6

mailing bills, maintaining the detailed customer accounts, collecting

water and sewer bill payments, entering receipts in detail records,

preparing deposits, enforcing unpaid customer accounts, and adjusting

individual customer accounts. She also has the ability to change the

water rate in the computerized billing system. Although the Treasurer

maintains control accounts for water and sewer operations and

prepares bank reconciliations, the Treasurer uses records preparedby the water clerk to do the reconciliation. No one independent of

water and sewer billing processes reviews account detail information

or account adjustments to ensure that billing is accurate, receipts are

all accounted for, and adjustments are legitimate.

We reviewed 50 accounts7 to ensure that user charges were billed/

adjusted, collected, deposited, and enforced in accordance with legal

requirements and managements authorization. We found that all

billings were at approved rates, usage was supported, extensions were

correct, and deposits were made in a timely manner. The adjustments

we found were supported, but authorization for these adjustmentswas not documented. Although we did not identify any exceptions,

it is important that the Board and Village officials segregate critical

duties related to user charges or provide for increased review of the

water clerks activities, including authorizing adjustments, to reduce

the risk that errors and irregularities could occur without detection.

The Treasurer is responsible for maintaining complete, accurate, and

current accounting records related to water and sewer user charges.

These records provide the basis for periodic reports to the Board.

To help ensure the accuracy of such reports, the Treasurer shouldperiodically reconcile her report balances and activity to the detail

records maintained by the water clerk. However, the Treasurer does

Segregation of Duties

Accounting Records and

Reports to the Board

6 A Town employee helps with the process of generating bills. Specifically, this

employee runs a register of all customers, checks the totals for reasonableness, and

prints the bills.7 This sample included 40 accounts that were randomly selected using a random

number generator and 10 accounts (for key officials and others) deemed to have a

higher risk of unauthorized adjustments.


14/25


not perform this type of reconciliation. We compared the Treasurers

records for water and sewer receivable accounts to the water clerks

detail records. While we found that collections were properly

recorded, we found that billings were not accurately recorded, and

that year-end balances were not supported by lists of unpaid customer

accounts.

The lack of routine reconciliation may result in inaccurate accounting

records, and preclude the Board from making sound financial

decisions. Further, the Village is at an increased risk that errors and/

or irregularities will occur and go undetected and uncorrected.

5. The Board should review the Villages local laws related to

water and sewer user charges and ensure such laws reflect

managements objectives and are not conflicting.

6. The Board should establish written policies and procedures for

billing, collecting, enforcing, and accounting for water and seweruser charges.

7. The Board should segregate the duties related to billing,

depositing, and accounting for water and sewer user charges or

establish compensating controls to mitigate risk.

8. The Treasurer should maintain accurate accounting records and

periodically reconcile those records to those of the water clerk.

Recommendations


15/25


Information Technology

The Board is responsible for designing and implementing a

comprehensive system of internal controls over IT resources including

policies and procedures that protect IT equipment, software, and data

from loss due to error, malicious intent or accidents (disasters).Village officials rely on their IT system to access the Internet,

communicate by email, store data, and maintain financial records.

It is essential that access to the Villages IT resources be controlled

and monitored to reduce the risk of misuse or alteration of data, and

that security roles and responsibilities be established and monitored.

It is also important that electronic data is backed up and a disaster

recovery plan is in place so that in the event of the loss of data or

equipment, operations can be restored completely and accurately.

The Village needs to improve its internal controls over IT.

Specifically, the Board has not adopted comprehensive IT policies

and procedures. Further, the Village does not monitor remote access,

store backups off site, or have a disaster recovery plan to follow in

the event of emergency. As a result, the Villages IT system and

electronic data are subject to increased risk of loss or misuse.

The Board is responsible for establishing policies and procedures

to protect the Villages computing environment and provide clear

guidance on all aspects of IT used. Such policies and procedures

should define security problems and include, but not be limited to,

acceptable computer use, the Internet and email, data safeguards,anti-virus protection, and password security. In addition, they should

address remote access controls, data backup systems, and disaster

recovery. Effective technology policies and procedures should be

regularly reviewed and updated to reflect changes not only in the

organizations technology environment, but those occurring in the

outside computing environment as well.

The Board has not established policies and procedures related to

acceptable use of computer resources. Also, Village officials do not

monitor computer use to determine whether staff are properly using

the Villages computer resources.

While comprehensive computer usage policies do not guarantee the

safety of the Villages electronic information, the lack of such policies

significantly increases the risk that hardware and software systems

and the data they contain may be lost or damaged by inappropriate

use. This leaves the Village vulnerable to risks associated with

personal use, including computer viruses and spyware.

Policies and Procedures


16/25


Remote access (from any source) must be controlled and monitored

so that only authorized individuals can use the Villages computer

system or retrieve data. It is essential that Village officials develop

and implement policies and procedures addressing how remote

access is granted, who is given remote access, and how remote access

will be monitored and controlled. For example, procedures should

ensure that someone is assigned to periodically print and review audit

logs to ensure that only authorized individuals have accessed the IT

system, and that their activities were appropriate. It is important

to retain documentation to indicate that the audit logs have been

reviewed. Additionally, if remote access users are not Village officials

or employees, but vendors who might be used as IT consultants, it

is important to establish agreements with these vendors regarding

expectations and consequences for violating such expectations.

The Village has two software vendors who have been granted remote

access to the IT system to provide support, technical services,

problem solving, and any other requests made by Village officials.Village officials do not adequately monitor these vendors remote

access to determine when and who has accessed the system remotely,

and for what reasons. There are no procedures to review audit logs to

monitor vendors work within the system. Additionally, the Village

has not secured a written agreement with these vendors regarding

expectations and consequences.

Without remote access agreements, there is no assurance that the

Villages interests are effectively protected. The lack of monitoring

also increases the risk that financial data can be manipulated, lost, or

misused without detection.

The Villages electronic data should be backed up (duplicate copies

made) on a routine basis and the copies should be stored in a secure

off-site location. Periodically, Village personnel should verify the

integrity of the copied data and test the effectiveness of the restoration

process by restoring data from the backups.

The Villages electronic data is backed up daily to tapes. The tapes,

however, are not stored at a secure off-site location, but rather,

are stored in the Villagesfi

re-proof, water-proof safe (that is keptopen throughout the day). Additionally, Village personnel do not

periodically restore/test the data from these backup tapes.

In the event that a fire or other disaster were to occur, both the server

and backups could be destroyed or damaged resulting in a loss of

essential financial data that may not be recoverable. Also, since

Village officials do not periodically restore/test the backups, they

have no assurance about the effectiveness of the backup process.

Remote Access

Backups


17/25


A disaster recovery plan is intended to identify and describe how

the Village plans to deal with potential disasters. Such disasters may

include any sudden, catastrophic event (e.g., fire, computer virus,

power outage, or inadvertent employee action) that compromises

the integrity of the IT system and data. An effective plan includes

precautions, including the routine backup of critical data, to minimize

the effects of a disaster and to enable the Village to either maintain or

quickly resume its critical functions.

The Village does not have a formal disaster recovery plan.

Consequently, in the event of a disaster, Village personnel have no

guidelines or plan to follow to help minimize or prevent the loss of

equipment and data, or guidance on how to implement data recovery

and resume operations as efficiently as possible.

9. The Board should establish written IT policies and procedures

to address acceptable computer use, remote access controls, data

backup systems, and disaster recovery.

10. Village officials should secure agreements with vendors

regarding expectations and consequences. Village officials

should also establish procedures for granting and monitoring

user access.

11. Village officials should ensure that backups are stored at a secure

off-site location. Officials should verify integrity of the data by

periodically testing/restoring the backups.

12. Village officials should establish a formal disaster recoveryplan. This plan should be distributed to all responsible parties,

periodically tested, and updated as needed.

Disaster Recovery Plan

Recommendations


18/25


APPENDIX A

RESPONSE FROM LOCAL OFFICIALS

The local officials response to this audit can be found on the following pages.


19/25



20/25



21/25



22/25


APPENDIX B

AUDIT METHODOLOGY AND STANDARDS

Our overall goal was to assess the adequacy of the internal controls put in place by officials to

safeguard Village assets. In order to accomplish this, we performed an initial assessment of internal

controls so that we could design our audit to focus on those areas most at risk. Our initial assessment

included evaluations of the following areas: financial condition, control environment, cash receipts,

deposits, investments, cash disbursements, purchasing, claims processing, payroll, billed receivables,

fuel inventory, equipment, capital assets, capital projects, and information technology.

During the initial assessment, we interviewed Village officials and employees, performed limited tests

of transactions, and reviewed pertinent documents such as adopted policies and procedures, Board

minutes, and financial records and reports. After reviewing the information gathered during our initial

assessment, we determined where weaknesses existed, and evaluated those weaknesses for inherent

control risks. We then decided upon the reported objectives and scope by selecting for audit those areas

most at risk. We selected financial condition, user charges, and information technology for furtheraudit testing.

To determine if the Village Board was adequately managing the Villages financial condition, we

interviewed Village officials to obtain an understanding of internal controls. We also reviewed various

records and reports including general ledgers, budgets, balance sheets, bank statements, and other

supporting documentation to analyze the Villages financial condition and ensure that reported figures

were recorded, supported, proper, and authorized.

To assess the effectiveness of internal controls over user charges, we interviewed Village officials and

employees to obtain an understanding of internal controls. We reviewed 50 accounts to ensure that

user charges were billed/adjusted, collected and remitted, and enforced [when unpaid] in accordancewith legal requirements and managements authorization. These 50 accounts include 40 accounts that

were randomly selected using the total number of billed accounts and a random number generator. The

remaining 10 accounts reviewed were made up of key officials and other accounts with a higher risk of

unauthorized adjustments. Our procedures included examination of the following records:

Customer Transaction Summaries

Rate Code Lists

Billing Edit Lists

Reading Edit Lists

Edit Lists

Closing Total Reports


23/25


Bank Statements

Deposit Slips.

For information technology, we obtained an understanding of system controls through interviews

and observations of the Villages computerized data system. We reviewed available documents and

spoke with Village officials regarding vendors supporting the Villages IT infrastructure and financial

software systems.

We conducted this performance audit in accordance with generally accepted government auditing

standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient,

appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit

objectives. We believe that the evidence obtained provides a reasonable basis for our findings and

conclusions based on our audit objectives.


24/25


APPENDIX C

HOW TO OBTAIN ADDITIONAL COPIES OF THE REPORT


Public Information Office

110 State Street, 15th Floor

Albany, New York 12236

(518) 474-4015

http://www.osc.state.ny.us/localgov/

To obtain copies of this report, write or visit our web page:


25/25

APPENDIX D

OFFICE OF THE STATE COMPTROLLER

DIVISION OF LOCAL GOVERNMENT

AND SCHOOL ACCOUNTABILITY

Steven J. Hancox, Deputy Comptroller

Nathaalie N. Carey, Assistant Comptroller

LOCAL REGIONAL OFFICE LISTING

BINGHAMTON REGIONAL OFFICE

H. Todd Eames, Chief Examiner


State Office Building - Suite 1702

44 Hawley Street

Binghamton, New York 13901-4417

(607) 721-8306 Fax (607) 721-8313

Email: [email protected]

Serving: Broome, Chenango, Cortland, Delaware,

Otsego, Schoharie, Sullivan, Tioga, Tompkins Counties

BUFFALO REGIONAL OFFICE

Robert Meller, Chief Examiner


295 Main Street, Suite 1032

Buffalo, New York 14203-2510

(716) 847-3647 Fax (716) 847-3643


Serving: Allegany, Cattaraugus, Chautauqua, Erie,

Genesee, Niagara, Orleans, Wyoming Counties

GLENS FALLS REGIONAL OFFICE

Jeffrey P. Leonard, Chief Examiner


One Broad Street Plaza

Glens Falls, New York 12801-4396

(518) 793-0057 Fax (518) 793-5797


Serving: Albany, Clinton, Essex, Franklin,

Fulton, Hamilton, Montgomery, Rensselaer,

Saratoga, Schenectady, Warren, Washington Counties

HAUPPAUGE REGIONAL OFFICEIra McCracken, Chief Examiner


NYS Office Building, Room 3A10

Veterans Memorial Highway

Hauppauge, New York 11788-5533

(631) 952-6534 Fax (631) 952-6530


Serving: Nassau and Suffolk Counties

NEWBURGH REGIONAL OFFICE

Christopher Ellis, Chief Examiner


33 Airport Center Drive, Suite 103

New Windsor, New York 12553-4725

(845) 567-0858 Fax (845) 567-0080


Serving: Columbia, Dutchess, Greene, Orange,

Putnam, Rockland, Ulster, Westchester Counties

ROCHESTER REGIONAL OFFICE

Edward V. Grant, Jr., Chief Examiner


The Powers Building

16 West Main Street Suite 522

Rochester, New York 14614-1608

(585) 454-2460 Fax (585) 454-3545


Serving: Cayuga, Chemung, Livingston, Monroe,

Ontario, Schuyler, Seneca, Steuben, Wayne, Yates Counties

SYRACUSE REGIONAL OFFICE

Rebecca Wilcox, Chief Examiner


State Office Building, Room 409

333 E. Washington Street

Syracuse, New York 13202-1428

(315) 428-4192 Fax (315) 426-2119


Serving: Herkimer, Jefferson, Lewis, Madison,

Oneida, Onondaga, Oswego, St. Lawrence Counties

STATEWIDE AND REGIONAL PROJECTSAnn C. Singer, Chief Examiner

State Office Building - Suite 1702

44 Hawley Street

Binghamton, New York 13901-4417

(607) 721-8306 Fax (607) 721-8313

Documents

Saugerties Village Audit