Sunday, May 10, 2009

State audit cites financial risks, computer security issues at UCCC


STONE RIDGE — Ulster County Community College is being urged to reduce financial risks and eliminate computer security problems found in a state comptroller’s audit for the 15-month period ending April 22, 2008.

The findings were released by Ulster County Comptroller Elliott Auerbach, who said college officials are being advised to better safeguard the school’s $26.69 million budget, which includes $6.28 million in county funding.

“Of the 15 findings (in the audit), nine of them spoke directly to financial activities, including bank reconciliation, payroll certification, tuition collection and claims processing,” Auerbach said. “The (state comptroller) made some bold recommendations, including policy and procedure adoption, auditing of all claims and procurement measures. In addition, the Comptroller’s Office made six recommendations directed at information technology and computer access.”

Among other things, the office of state Comptroller Thomas DiNapoli recommended UCCC review payroll account procedures after finding that three checks totaling $1,265 had not been reviewed by the dean’s office and 11 checks totaling $6,248 were not listed in any payroll register.

State officials also said effective internal control systems for purchase orders are needed after finding that “none of the 140 claims we reviewed, totaling $637,523, had evidence of being audited by the (college) board before they were paid.”

The audit also recommended better documentation of expenses after three claims totaling $7,063 were found to have no explanation and 19 claims were found to have “insufficient” explanations for expenditures totaling $12,691.

Among the claims were “three meal events” totaling $2,598, without including the business purpose or a list of attendees for two of the events, while travel logs for 13 claims totaling $3,384 did not include “sufficient itemization, such as departure and destination details,” the audit stated.

Protecting information technology was recommended after auditors found that access rights had not been deleted for employees whose authorization level had changed or been discontinued.

“Of 10 former employee accounts that we tested, four remained active on the network, seven for up to four months after the users left college service, and one such user account logged onto the network 53 days after separation from service,” the auditors wrote. “Additionally, the access rights to the financial software application for one of these user accounts remained open for eight months after the employee’s separation from service, and the financial software was accessed through this account two months after separation.”

UCCC President Donald Katt said on Saturday that college officials have begun updating procedures to meet the state’s recommendations.

“We are very pleased that no waste, fraud, abuse of taxpayer dollars or financial malfeasance took place, and that no breaches of security, either paper or electronic, were identified,” Katt said of the audit.

“Since brought to the college’s attention, the college’s administration and board of trustees have already taken significant steps to put a number of the recommendations in place,” Katt added. “We will be filing with the Comptroller’s Office a complete comprehensive action plan and implement all the recommendation that the comptroller included in the report.”

In a prepared statement on Saturday, DiNapoli spoke highly of the college.

“Ulster County Community College plays a vital role in providing New Yorkers with an affordable, accessible education,” the comptroller said. “UCCC officials are taking the steps needed top continue to fulfill that role. They are implementing our recommendations to be sure they are making the best use of tuition and tax dollars needed to keep the college the top-notch institution that it is.”

No comments: