The New York State Comptroller conducted an audit of the Village of Alfred – Information Technology (2017M-236). Their report was released on April 6, 2018 — [read the complete report here: pdf]. Here’s the summary:
Purpose of Audit
The purpose of our audit was to assess the Village’s information technology (IT) environment for the period June 1, 2015 through July 7, 2017.
Background
The Village of Alfred is located in the Town of Alfred in Allegany County and has a population of approximately 4,200. The Village is governed by an elected five-member Board of Trustees. Budgeted appropriations for the 2016-17 fiscal year totaled approximately $2.3 million.
Key Findings
- The Village did not have written policies or procedures detailing the acceptable use of IT assets and the backing up of critical data.
- The Village did not have a recovery plan or breach notification plan.
- The Village did not provide adequate IT security training to employees.
Key Recommendations
Develop and adopt an acceptable use policy and comprehensive policies and procedures for backing up data and disposing of IT assets.
Develop and adopt a disaster recovery plan and a breach notification policy or local law.
Ensure that all necessary Village personnel receive IT security awareness training and that the training is updated whenever the IT policies are updated.
My question is why did it take 2 years to audit 9 computers? Not to mention the additional 6 months to complete the audit report.
Probably the same part time retired guy who does all the IT work had to write up the audit as well.