Niagara Falls Reporter
Home | Archive / Search
JULY 14 - JULY 22, 2015

State Comptroller Found There’s no Accounting for Dyster Fiscal Mysteries

By Anna Howard

JULY 14, 2015

The audit of city finances by the NYS Comptroller (released May 2013) included, in addition to the principal 26 page financial review, a confidential seven page letter called, “The IT letter.” That would be “I” for information and “T” for technology. The letter was sent to “City Officials” and was dated April 3, 2013.

That seven page document took a hard and detailed look at the city’s “weaknesses in your information and technology controls.”

In other words the letter/audit critiqued the lack of security of the city’s computer system and financial system. The upshot of the seven page finding was that the city’s computer/finance system was wide-open to attack or manipulation from both inside city hall and outside city hall.

The Reporter wants to emphasize that the IT document was deemed to be confidential and as such it was not publicly released, as was the 26-page audit. Instead it was held back as a need to know document. The Reporter has read the IT document.

The Reporter, fully aware of the sensitive nature of this IT audit, does not want to publish any portion of the IT audit that could harm the City.

And so those portions of the IT audit contained in this article are relatively white bread as the IT audit goes.

In fact the principal 26-page City audit itself contains surprising, if not shocking, publicly released information regarding the porous nature of the city’s finance and computer systems.

As we have written many times previously the 26 page city audit is available online through the NYS Comptroller’s website.

The IT audit is not available anywhere as far as we know. (Search simply online for the 26-page audit titled, “City of Niagara Falls Financial Management and Information Technology Report of Examination Period Covered January 1, 2009 – January 9, 2013.”)

While the State posted the 26-page report online the city has not posted the report.

Did the city formally respond to the 26-page May 2013 audit? We don’t know.

Did the city formally respond to the April 3, 2013 IT audit/letter? We don’t know.

Some quotes from the IT letter:

Page 1, April 3, 2013 cover letter)

Dear City Officials:

In conjunction with our audit of the City of Niagara Falls (City), we identified, weaknesses in your information technology security controls…due to the sensitive nature of these findings, we have excluded them from our audit report because of security concerns.

Page 2

“Password settings at the City are weak…without adequate password controls, unauthorized users could obtain and user passwords to gain access to the City’s computer network and applications…City officials have increased the risk of unauthorized individuals accessing critical business applications. Compromised accounts can be leveraged for internal or external attacks against the network and can result in the loss, manipulation, or corruption of sensitive data.”

Page 3

“The City has a significant number of vulnerabilities that pose risks to data interception, corruption, deletion, or other unauthorized consequences.”

“Of the 1,705 vulnerabilities identified, 240 were rated with a severity of 10.0 out of 10.0, and could result in a complete compromise of network and data confidentiality, integrity, and availability.”

Page 4

“The City is operating an IBM XXX XXX  XXXXXXX  XXXXX as its financial server. The XXXXX is an older computer system, first released in 19XX, and has its own programming language…as a result, customized security and auditing techniques must be used to assess the controls over the XXXXX.

The actual computer program was named in the IT document, but the Reporter is redacting it in the interest of protecting the city.

While the above comments of the NYS Comptroller’s office within this confidential audit/letter are troubling, consider the following quote from the publicly released 26-page city audit as contained on page 14, 15 under the heading, Information Technology:

“They (City) have not implemented adequate controls and restrictions over user access to the financial system…As a result of these controls weaknesses, the City’s IT assets are at an increased risk of possible theft, or compromise by intentional or unintentional manipulation or corruption…Effective access controls prevent users from being involved in multiple aspects of financial transactions and from accessing unauthorized areas where they can intentionally or unintentionally change or destroy critical data. The proper segregation of payroll, human resources, and accounts payable duties within the IT environment in an essential control to ensure that no one employee performs key aspects of payment processing, such as adding new vendors or employees to the City’s computer system, entering disbursements or payroll information, and processing checks…City officials stated that the financial software did not create an audit log and therefore they had no means of detecting inappropriate transactions and identifying the users responsible.”

The above paints a picture of a city financial system totally at risk to corruption and or manipulation.

Worse yet, if the system were to be corrupted there would be no way to prove who did the corrupting or manipulating. If we were to view city government as a publicly held business with an annual $96 million operating budget it would be fair to say that the business has left its front door open and the keys to the vault on the desk. 

 

 

 

 
Dyster Election Year Plan for ‘Business Park’ May Cost City Taxpayers More Than $1 Million
Szwedo Makes Point on Taxes! Stands up to Bullying at City Hall
Number One in Crime and Danger, Niagara Falls Residents Need Relief, and Change of Direction
No Contracts With Amtrak, Tour Companies To Occupy, Use New Train Station Here
Career Criminal, Rapist Undone By Overwhelming Stupidity Here
LaSalle Waterfront Park a Place Where Fingers Can be Bitten Off
WNYMuslims participates in ‘Kids 4 Kids’ Toy Drive
State Comptroller Found There’s no Accounting for Dyster Fiscal Mysteries
We Must Bring the City Back from the Edge of Insolvency
Temporary Maid of the Mist Shutdown Does Not Cause End of World, Life As We Know It.
Herbal Agriculture Inks Deal With Colorado
Mott’s the problem with Jayne Park grass maintenance Mott is going on with Jayne Park grass maintenance? Mott’s wrong with Jayne Park maintenance? Mott’s it all about Mayor Dyster?
Accardo Makes Waves at Steps of City Hall
Accardo, Dyster Take Different Approaches To Running Small Family Business Here
Challenges to Dyster, Pascoal Petitions Filed on Behalf of Choolokian, Szwedo
Error by Bomb Sniffing Dog Points Up Problematic Nature of Searches
Only in NT: Oliver Street Transformation Stagnant in North Tonawanda
Mark Levin Sounds “Death Panel” Alarm on Federal “End of Life” Consults! ‘I Am Becoming Increasingly Radicalized For Liberty’
Speaking Out Against the SAFE Act
Kristen Grandinetti Stands for Something So Does Planned Parenthood
Niagara Falls to Launch African American Male Wellness Walk Dr. Underwood Named Honorary Chairman
'A Hope and a Prayer From the Swamp' Sung to the tune of "she'll be comin' round the mountain"
Erie County Water Authority Is Haven for Politically Connected
Local Historian Gromosiak Honored with Park Plaque
City Hall Jokes

Contact Info

©2014 The Niagara Falls Reporter Inc.
POB 3083, Niagara Falls, N.Y. 14304
E-mail: info@niagarafallsreporter.com
Phone: (716) 284-5595

Publisher and Editor in Chief: Frank Parlato
Managing Editor: Dr. Chitra Selvaraj
Senior Editor: Tony Farina