State Comptroller DiNapoli Releases Municipal & School Audits

New York State Comptroller Thomas P. DiNapoli today announced the following local government and school audits were issued.

Lawrence Union Free School District - Financial Management (Nassau County)

The board and district officials did not properly manage fund balance. For the 2021-22 through 2023-24 fiscal years, the district's reported surplus fund balance ranged from approximately 7 to 15% of the upcoming year's budget, which was $3.5 million to $11.1 million over the 4% statutory limit. The district did not exceed the statutory limit for the 2024-25 fiscal year primarily due to an unbudgeted $15 million transfer to the capital projects fund. Additionally, for the 2021-22 through 2023-24 fiscal years, the board adopted budgets that annually overestimated appropriations by an average of $9.4 million per year, or a cumulative total of approximately $28.2 million after adjusting for unplanned transfers. The majority of the overestimated appropriations were for instruction, health insurance benefits and special education services totaling $17 million.

Syracuse City School District - Information Technology (IT) (Onondaga County)

District officials did not adequately manage nonstudent network user accounts. As of Nov. 15, 2024, 488 of the district's 6,386 enabled nonstudent network user accounts were not needed and should have been disabled. Auditors determined that 433 of the unneeded accounts had never been logged into or had not been logged into for over six months, including some that have not been logged into for at least five years. These accounts are additional entry points into the district's network and, if accessed by an attacker, could be used to inappropriately access the network to view personal, private and sensitive student and staff information, make unauthorized changes to district records or deny legitimate access to the network and records. Compromised network user accounts with administrative permissions could cause greater damage because they have full control over the network. During the audit, IT department officials initiated corrective action to disable unnecessary accounts.

Town of Horseheads - Information Technology (Chemung County)

Town officials did not adequately manage network and local user accounts, develop and adopt a written IT contingency plan, or provide IT security awareness training to staff. Although the town board paid $14,790 to a vendor for IT-related services, officials did not enter into a written contract or service level agreement to define the scope of services. As a result, the board cannot be assured that the town's IT systems are secured from unauthorized use and access or that critical data would be preserved and operations restored in the event of an interruption.

Great River Fire District - Treasurer Reports (Suffolk County)

Auditors determined that the treasurer did not always provide the board with complete and accurate financial reports. As a result, the board did not have adequate information to properly monitor the district's financial operations. The treasurer manually prepared financial reports that contained errors. The treasurer's calculated book balances for the general fund checking account varied from the accounting records by $12 to $4,701 without documentation supporting the calculations. In addition, the listings of claims included in the treasurer's reports were inaccurate or incomplete for 28 of 279 claims totaling $4,464 of $340,597 reviewed.