Jericho Union Free School District Acceptable Use Policy
Division of Local Government and School Accountability
Jericho Union Free School
District
Acceptable Use Policy
2022M-194 l July 2023
Contents
Report Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Acceptable Use Policy. . . . . . . . . . . . . . . . . . . . . . . . . . .2
Why Should Officials Develop and Communicate an Acceptable
Use Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Officials Did Not Develop and Communicate a Comprehensive
Acceptable Use Policy. . . . . . . . . . . . . . . . . . . . . . . . . .2
What Do We Recommend?. . . . . . . . . . . . . . . . . . . . . . .4
Appendix A – Response From District Officials. . . . . . . . . . . . .5
Appendix B – OSC Comments on the District’s Response. . . . . . .8
Appendix C – Audit Methodology and Standards. . . . . . . . . . . .9
Appendix D – Resources and Services. . . . . . . . . . . . . . . . . 10
Office of the New York State Comptroller 1
Report Highlights
Audit Objective
Determine whether Jericho Union Free School District
(District) officials helped safeguard personal, private
and sensitive information (PPSI) by developing controls
and communicating an acceptable use policy (AUP) to
business office staff.
Key Findings
District officials did not help safeguard PPSI by developing
and communicating a comprehensive AUP to business
office staff. As a result, PPSI related to District employees
and finances could be exposed because some websites
may be malicious or contain code to compromise a user’s
computer or prompt the user to perform activities that may
result in malware infection or PPSI exposure. In addition
to sensitive information technology (IT) weaknesses that
were communicated confidentially to officials, we found:
l All nine business office employees, including the
Assistant Superintendent for Business Affairs (ASB),
were not aware that they were expected to follow the
Computer Network and Internet Student Acceptable
Use policy or what the District considers to be
appropriate and inappropriate Internet use.
l District officials did not periodically review web
histories to determine whether any employee’s web
browsing was inappropriate.
Key Recommendations
l Ensure the AUP is updated, or administrative
regulations are developed, to provide guidance for
business office staff that defines acceptable Internet
use and browsing.
l Ensure business office staff who utilize computers are
adequately informed of the regulations.
District officials disagreed with certain aspects of our findings and recommendations.
Appendix B includes our comments on issues raised in the District’s response letter.
Background
The District is located in the
Towns of Oyster Bay and North
Hempstead in Nassau County
and is governed by an elected
five-member Board of Education
(Board) responsible for the
general management and control
of financial and educational
affairs. The Superintendent of
Schools (Superintendent) is
the chief executive officer and
is responsible, along with other
administrative staff, for the
District’s day-to-day management
under the Board’s direction.
The Director of Educational
Technology (IT Director), along
with IT staff, is responsible
for managing the District’s IT
operations.
Audit Period
July 1, 2020 – June 2, 2022
Jericho Union Free School District
Quick Facts
District Business Office
Network User Accounts 9
Employees 9
Computers 12
2 Office of the New York State Comptroller
Why Should Officials Develop and Communicate an Acceptable Use
Policy?
Inappropriate Internet browsing and use can lead to inadvertent information being
disclosed, including PPSI, or introduce viruses, ransomware and other types
of malicious software into a school district’s computing environment. As such,
school district officials should address these risks by adopting an employee AUP
that defines, among other things, what constitutes appropriate and inappropriate
use of IT resources, including web browsing and Internet use, management’s
expectations concerning personal use and consequences for violating the AUP.
Inappropriate browsing or Internet use can include, but is not limited to:
l Viewing or sharing inappropriate or obscene material;
l Conducting activities for personal gain, such as private business or day
trading; and
l Hacking or downloading unauthorized software.
Officials should develop procedures for monitoring compliance with the AUP.
Procedures should include routinely monitoring Internet usage and requiring
web filtering software to block access to unacceptable websites and limit
access to sites that do not comply with a school district’s AUP. IT officials should
communicate the AUP to all employees and other individuals (e.g., consultants,
vendors) who utilize the school district’s computers and the Internet to perform
their job duties.
Officials Did Not Develop and Communicate a Comprehensive
Acceptable Use Policy
In January 1998, the Board adopted the Staff Use of Computerized Information
Resources policy to address the acceptable use of computers, Internet and email.
Although this policy established parameters for acceptable computer and email
use and consequences for violating them, it did not describe what constitutes
appropriate and inappropriate Internet browsing or use. The IT Director said that,
in addition to the 1998 policy, employees were provided and expected to follow
the District’s Computer Network and Internet Student Acceptable Use policy that
was adopted by the Board in November 2020.
We interviewed all nine business office employees, including the ASB, and
found that no person was aware that they were expected to follow the Computer
Network and Internet Student Acceptable Use policy or what the District considers
to be appropriate and inappropriate Internet use. Responses from these
employees ranged from being unaware of AUP-related policies to being verbally
told that personal Internet browsing was acceptable during lunch and break times.
Acceptable Use Policy
Office of the New York State Comptroller 3
Additionally, District officials did not periodically review web histories to determine
whether any employee’s web browsing was inappropriate. The IT Director told us
that in addition to utilizing web filtering, the District contracts with a third-party that
monitors web traffic throughout the District and alerts IT staff of unusual activity.
While the web filtering and third-party monitoring can help mitigate instances of
inappropriate browsing or Internet use, periodic reviews of web history would
provide a more definitive review of activity to identity inappropriate use.
In June 2022, after discussions with District officials about the AUP, the IT Director
implemented a pre-login screen on District computers informing employees that,
“By signing into this device, using your Jericho user account, and/or connecting
to Jericho’s network, you agree to abide by our Acceptable Use Policy…”
However, the District did not have a policy specifically named Acceptable Use
Policy. Furthermore, District officials did not describe what constitutes appropriate
and inappropriate Internet browsing or use. In September 2022, after our audit
fieldwork was completed, the Board adopted a revised Staff Use of Computerized
Information Resources policy that included guidelines for the acceptable use
of social media websites. However, the revisions did not address other Internet
use, such as what constitutes inappropriate Internet browsing. Both the original
and revised policies included language directing the Superintendent or his/
her designee to develop administrative regulations to “implement the terms of
the policy, addressing general parameters of acceptable staff conduct as well
as prohibited activities.” The IT Director told us that he is the Superintendent’s
designee responsible for developing the administrative regulations, and he
acknowledged that the administrative regulations were necessary but had no
explanation for why they have not been developed.
Due to the lack of guidance for employees about Internet use, we reviewed the
Internet history on all 12 District computers used by business office employees
to determine whether Internet activity was appropriate. We reviewed employees
whose job duties required access to sensitive information related to employees
(e.g., addresses, social security numbers, and direct deposit bank information)
and the District’s finances (e.g., bank information), including the:
l ASB,
l Treasurer/Assistant Business Manager,
l Accounts payable and payroll clerks,
l Secretary, and
l Filing clerk.
We also analyzed over 8,700 web addresses visited by business office employees
and found no instances of inappropriate activity or indications that malware or
unwanted programs may have been installed from the web histories we reviewed.
4 Office of the New York State Comptroller
Although our Internet history review found no instances of inappropriate Internet
browsing or indication that malware or unwanted programs were installed, PPSI
related to District employees and finances could be exposed because the AUP
did not provide clear expectations from the Board and management regarding
acceptable Internet use. For example, some websites may be malicious or
contain code to compromise a user’s computer or prompt the user to perform
activities that may result in malware infection or PPSI exposure. The AUP should
dissuade actions such as visiting websites and downloading software or files from
unknown or untrusted sources as they increase the likelihood of computers being
exposed to malware.
What Do We Recommend?
The Board should:
1. Ensure that the AUP is updated, or the Superintendent or his/her designee
develops administrative regulations, to provide guidance for business
office staff that defines acceptable Internet use and browsing.
The IT Director should:
2. Ensure business office staff who utilize computers are adequately
informed of the regulations.
3. Develop procedures for monitoring compliance with the AUP, such as
routinely monitoring Internet usage.
Office of the New York State Comptroller 5
Appendix A: Response From District Officials
Portions of the District’s response were redacted for security concerns.
See
Note 1
Page 8
6 Office of the New York State Comptroller
See
Note 2
Page 8
See
Note 3
Page 8
Office of the New York State Comptroller 7
See
Note 2
Page 8
See
Note 4
Page 8
See
Note 5
Page 8
8 Office of the New York State Comptroller
Appendix B: OSC Comments on the District’s Response
Note 1
The report states the District adopted a Staff Use of Computerized Information
Resources policy in January 1998 to address the acceptable use of computers,
Internet and email. However, the policy did not meet the standard of a
comprehensive AUP. We updated our report to more clearly indicate the District
lacked a comprehensive AUP.
Note 2
The report was updated to include the implementation of the login screen notice.
Note 3
The AUP-related policy in place during audit fieldwork was missing specific
guidance on appropriate and inappropriate Internet browsing or use and the
Superintendent or his designee had not developed administrative regulations to
that effect, also required by policy. In addition, as noted in the body of our report,
the District directed staff to comply with its Acceptable Use Policy; however, the
District did not have a policy with that title.
Note 4
The Staff Use of Computerized Information Resources policy adopted in January
1998 directs the Superintendent or his/her designee to develop administrative
regulations addressing the parameters of acceptable staff conduct, as well as
prohibited activities, to provide appropriate guidelines for employee use of the
District’s computer system. When asked about the regulations that would provide
specific guidance to employees, the IT Director could not explain why these
regulations were never developed.
Note 5
The findings in the report are supported by the evidence collected during audit
fieldwork and are factually accurate.
Office of the New York State Comptroller 9
Appendix C: Audit Methodology and Standards
We conducted this audit pursuant to Article V, Section 1 of the State Constitution
and the State Comptroller’s authority as set forth in Article 3 of the New York
State General Municipal Law. To achieve the audit objective and obtain valid audit
evidence, our audit procedures included the following:
l We reviewed the District’s IT policies and procedures, specifically those for
user access controls over business office computers to safeguard PPSI, and
interviewed business office officials to determine the adequacy of the policies
and procedures.
l We interviewed business office employees to obtain an understanding of AUP
communication.
l We examined the Internet browsing histories as of June 3, 2022 on the 12
computers used by business office employees to determine any instances of
inappropriate Internet use and indications of malware or unwanted program
installation. Among other tests, we reviewed URLs for instances of keywords,
such as “install,” “download,” “malware,” “virus,” “pop-up,” “popup,” and
“uninstall,” that would indicate malware or unwanted programs may have been
installed.
Our audit also examined the adequacy of certain information technology controls.
Because of the sensitivity of some of this information, we did not discuss the results
in this report, but instead communicated them confidentially to District officials.
We conducted this performance audit in accordance with generally accepted
government auditing standards (GAGAS). Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objective. We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions
based on our audit objective.
Unless otherwise indicated in this report, samples for testing were selected based on
professional judgment, as it was not the intent to project the results onto the entire
population. Where applicable, information is presented concerning the value and/or
size of the relevant population and the sample selected for examination.
The Board has the responsibility to initiate corrective action. A written corrective
action plan (CAP) that addresses the findings and recommendations in this report
must be prepared and provided to our office within 90 days, pursuant to Section 35 of
General Municipal Law, Section 2116-a (3)(c) of New York State Education Law and
Section 170.12 of the Regulations of the Commissioner of Education. To the extent
practicable, implementation of the CAP must begin by the end of the next fiscal year.
For more information on preparing and filing your CAP, please refer to our brochure,
Responding to an OSC Audit Report, which you received with the draft audit report.
The CAP should be posted on the District’s website for public review.
10 Office of the New York State Comptroller
Appendix D: Resources and Services
Regional Office Directory
www.osc.state.ny.us/files/local-government/pdf/regional-directory.pdf
Cost-Saving Ideas – Resources, advice and assistance on cost-saving ideas
www.osc.state.ny.us/local-government/publications
Fiscal Stress Monitoring – Resources for local government officials experiencing fiscal problems
www.osc.state.ny.us/local-government/fiscal-monitoring
Local Government Management Guides – Series of publications that include technical information
and suggested practices for local government management
www.osc.state.ny.us/local-government/publications
Planning and Budgeting Guides – Resources for developing multiyear financial, capital, strategic and
other plans
www.osc.state.ny.us/local-government/resources/planning-resources
Protecting Sensitive Data and Other Local Government Assets – A non-technical cybersecurity
guide for local government leaders
www.osc.state.ny.us/files/local-government/publications/pdf/cyber-security-guide.pdf
Required Reporting – Information and resources for reports and forms that are filed with the Office of
the State Comptroller
www.osc.state.ny.us/local-government/required-reporting
Research Reports/Publications – Reports on major policy issues facing local governments and State
policy-makers
www.osc.state.ny.us/local-government/publications
Training – Resources for local government officials on in-person and online training opportunities on a
wide range of topics
www.osc.state.ny.us/local-government/academy
Contact
Office of the New York State Comptroller
Division of Local Government and School Accountability
110 State Street, 12th Floor, Albany, New York 12236
Tel: (518) 474-4037 • Fax: (518) 486-6479 • Email: [email protected]
www.osc.state.ny.us/local-government
Local Government and School Accountability Help Line: (866) 321-8503
HAUPPAUGE REGIONAL OFFICE – Ira McCracken, Chief of Municipal Audits
NYS Office Building, Room 3A10 • 250 Veterans Memorial Highway • Hauppauge, New York
11788-5533
Tel (631) 952-6534 • Fax (631) 952-6091 • Email: [email protected]
Serving: Nassau, Suffolk counties
osc.state.ny.us
Jericho Union Free School
District
Acceptable Use Policy
2022M-194 l July 2023
Contents
Report Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Acceptable Use Policy. . . . . . . . . . . . . . . . . . . . . . . . . . .2
Why Should Officials Develop and Communicate an Acceptable
Use Policy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Officials Did Not Develop and Communicate a Comprehensive
Acceptable Use Policy. . . . . . . . . . . . . . . . . . . . . . . . . .2
What Do We Recommend?. . . . . . . . . . . . . . . . . . . . . . .4
Appendix A – Response From District Officials. . . . . . . . . . . . .5
Appendix B – OSC Comments on the District’s Response. . . . . . .8
Appendix C – Audit Methodology and Standards. . . . . . . . . . . .9
Appendix D – Resources and Services. . . . . . . . . . . . . . . . . 10
Office of the New York State Comptroller 1
Report Highlights
Audit Objective
Determine whether Jericho Union Free School District
(District) officials helped safeguard personal, private
and sensitive information (PPSI) by developing controls
and communicating an acceptable use policy (AUP) to
business office staff.
Key Findings
District officials did not help safeguard PPSI by developing
and communicating a comprehensive AUP to business
office staff. As a result, PPSI related to District employees
and finances could be exposed because some websites
may be malicious or contain code to compromise a user’s
computer or prompt the user to perform activities that may
result in malware infection or PPSI exposure. In addition
to sensitive information technology (IT) weaknesses that
were communicated confidentially to officials, we found:
l All nine business office employees, including the
Assistant Superintendent for Business Affairs (ASB),
were not aware that they were expected to follow the
Computer Network and Internet Student Acceptable
Use policy or what the District considers to be
appropriate and inappropriate Internet use.
l District officials did not periodically review web
histories to determine whether any employee’s web
browsing was inappropriate.
Key Recommendations
l Ensure the AUP is updated, or administrative
regulations are developed, to provide guidance for
business office staff that defines acceptable Internet
use and browsing.
l Ensure business office staff who utilize computers are
adequately informed of the regulations.
District officials disagreed with certain aspects of our findings and recommendations.
Appendix B includes our comments on issues raised in the District’s response letter.
Background
The District is located in the
Towns of Oyster Bay and North
Hempstead in Nassau County
and is governed by an elected
five-member Board of Education
(Board) responsible for the
general management and control
of financial and educational
affairs. The Superintendent of
Schools (Superintendent) is
the chief executive officer and
is responsible, along with other
administrative staff, for the
District’s day-to-day management
under the Board’s direction.
The Director of Educational
Technology (IT Director), along
with IT staff, is responsible
for managing the District’s IT
operations.
Audit Period
July 1, 2020 – June 2, 2022
Jericho Union Free School District
Quick Facts
District Business Office
Network User Accounts 9
Employees 9
Computers 12
2 Office of the New York State Comptroller
Why Should Officials Develop and Communicate an Acceptable Use
Policy?
Inappropriate Internet browsing and use can lead to inadvertent information being
disclosed, including PPSI, or introduce viruses, ransomware and other types
of malicious software into a school district’s computing environment. As such,
school district officials should address these risks by adopting an employee AUP
that defines, among other things, what constitutes appropriate and inappropriate
use of IT resources, including web browsing and Internet use, management’s
expectations concerning personal use and consequences for violating the AUP.
Inappropriate browsing or Internet use can include, but is not limited to:
l Viewing or sharing inappropriate or obscene material;
l Conducting activities for personal gain, such as private business or day
trading; and
l Hacking or downloading unauthorized software.
Officials should develop procedures for monitoring compliance with the AUP.
Procedures should include routinely monitoring Internet usage and requiring
web filtering software to block access to unacceptable websites and limit
access to sites that do not comply with a school district’s AUP. IT officials should
communicate the AUP to all employees and other individuals (e.g., consultants,
vendors) who utilize the school district’s computers and the Internet to perform
their job duties.
Officials Did Not Develop and Communicate a Comprehensive
Acceptable Use Policy
In January 1998, the Board adopted the Staff Use of Computerized Information
Resources policy to address the acceptable use of computers, Internet and email.
Although this policy established parameters for acceptable computer and email
use and consequences for violating them, it did not describe what constitutes
appropriate and inappropriate Internet browsing or use. The IT Director said that,
in addition to the 1998 policy, employees were provided and expected to follow
the District’s Computer Network and Internet Student Acceptable Use policy that
was adopted by the Board in November 2020.
We interviewed all nine business office employees, including the ASB, and
found that no person was aware that they were expected to follow the Computer
Network and Internet Student Acceptable Use policy or what the District considers
to be appropriate and inappropriate Internet use. Responses from these
employees ranged from being unaware of AUP-related policies to being verbally
told that personal Internet browsing was acceptable during lunch and break times.
Acceptable Use Policy
Office of the New York State Comptroller 3
Additionally, District officials did not periodically review web histories to determine
whether any employee’s web browsing was inappropriate. The IT Director told us
that in addition to utilizing web filtering, the District contracts with a third-party that
monitors web traffic throughout the District and alerts IT staff of unusual activity.
While the web filtering and third-party monitoring can help mitigate instances of
inappropriate browsing or Internet use, periodic reviews of web history would
provide a more definitive review of activity to identity inappropriate use.
In June 2022, after discussions with District officials about the AUP, the IT Director
implemented a pre-login screen on District computers informing employees that,
“By signing into this device, using your Jericho user account, and/or connecting
to Jericho’s network, you agree to abide by our Acceptable Use Policy…”
However, the District did not have a policy specifically named Acceptable Use
Policy. Furthermore, District officials did not describe what constitutes appropriate
and inappropriate Internet browsing or use. In September 2022, after our audit
fieldwork was completed, the Board adopted a revised Staff Use of Computerized
Information Resources policy that included guidelines for the acceptable use
of social media websites. However, the revisions did not address other Internet
use, such as what constitutes inappropriate Internet browsing. Both the original
and revised policies included language directing the Superintendent or his/
her designee to develop administrative regulations to “implement the terms of
the policy, addressing general parameters of acceptable staff conduct as well
as prohibited activities.” The IT Director told us that he is the Superintendent’s
designee responsible for developing the administrative regulations, and he
acknowledged that the administrative regulations were necessary but had no
explanation for why they have not been developed.
Due to the lack of guidance for employees about Internet use, we reviewed the
Internet history on all 12 District computers used by business office employees
to determine whether Internet activity was appropriate. We reviewed employees
whose job duties required access to sensitive information related to employees
(e.g., addresses, social security numbers, and direct deposit bank information)
and the District’s finances (e.g., bank information), including the:
l ASB,
l Treasurer/Assistant Business Manager,
l Accounts payable and payroll clerks,
l Secretary, and
l Filing clerk.
We also analyzed over 8,700 web addresses visited by business office employees
and found no instances of inappropriate activity or indications that malware or
unwanted programs may have been installed from the web histories we reviewed.
4 Office of the New York State Comptroller
Although our Internet history review found no instances of inappropriate Internet
browsing or indication that malware or unwanted programs were installed, PPSI
related to District employees and finances could be exposed because the AUP
did not provide clear expectations from the Board and management regarding
acceptable Internet use. For example, some websites may be malicious or
contain code to compromise a user’s computer or prompt the user to perform
activities that may result in malware infection or PPSI exposure. The AUP should
dissuade actions such as visiting websites and downloading software or files from
unknown or untrusted sources as they increase the likelihood of computers being
exposed to malware.
What Do We Recommend?
The Board should:
1. Ensure that the AUP is updated, or the Superintendent or his/her designee
develops administrative regulations, to provide guidance for business
office staff that defines acceptable Internet use and browsing.
The IT Director should:
2. Ensure business office staff who utilize computers are adequately
informed of the regulations.
3. Develop procedures for monitoring compliance with the AUP, such as
routinely monitoring Internet usage.
Office of the New York State Comptroller 5
Appendix A: Response From District Officials
Portions of the District’s response were redacted for security concerns.
See
Note 1
Page 8
6 Office of the New York State Comptroller
See
Note 2
Page 8
See
Note 3
Page 8
Office of the New York State Comptroller 7
See
Note 2
Page 8
See
Note 4
Page 8
See
Note 5
Page 8
8 Office of the New York State Comptroller
Appendix B: OSC Comments on the District’s Response
Note 1
The report states the District adopted a Staff Use of Computerized Information
Resources policy in January 1998 to address the acceptable use of computers,
Internet and email. However, the policy did not meet the standard of a
comprehensive AUP. We updated our report to more clearly indicate the District
lacked a comprehensive AUP.
Note 2
The report was updated to include the implementation of the login screen notice.
Note 3
The AUP-related policy in place during audit fieldwork was missing specific
guidance on appropriate and inappropriate Internet browsing or use and the
Superintendent or his designee had not developed administrative regulations to
that effect, also required by policy. In addition, as noted in the body of our report,
the District directed staff to comply with its Acceptable Use Policy; however, the
District did not have a policy with that title.
Note 4
The Staff Use of Computerized Information Resources policy adopted in January
1998 directs the Superintendent or his/her designee to develop administrative
regulations addressing the parameters of acceptable staff conduct, as well as
prohibited activities, to provide appropriate guidelines for employee use of the
District’s computer system. When asked about the regulations that would provide
specific guidance to employees, the IT Director could not explain why these
regulations were never developed.
Note 5
The findings in the report are supported by the evidence collected during audit
fieldwork and are factually accurate.
Office of the New York State Comptroller 9
Appendix C: Audit Methodology and Standards
We conducted this audit pursuant to Article V, Section 1 of the State Constitution
and the State Comptroller’s authority as set forth in Article 3 of the New York
State General Municipal Law. To achieve the audit objective and obtain valid audit
evidence, our audit procedures included the following:
l We reviewed the District’s IT policies and procedures, specifically those for
user access controls over business office computers to safeguard PPSI, and
interviewed business office officials to determine the adequacy of the policies
and procedures.
l We interviewed business office employees to obtain an understanding of AUP
communication.
l We examined the Internet browsing histories as of June 3, 2022 on the 12
computers used by business office employees to determine any instances of
inappropriate Internet use and indications of malware or unwanted program
installation. Among other tests, we reviewed URLs for instances of keywords,
such as “install,” “download,” “malware,” “virus,” “pop-up,” “popup,” and
“uninstall,” that would indicate malware or unwanted programs may have been
installed.
Our audit also examined the adequacy of certain information technology controls.
Because of the sensitivity of some of this information, we did not discuss the results
in this report, but instead communicated them confidentially to District officials.
We conducted this performance audit in accordance with generally accepted
government auditing standards (GAGAS). Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objective. We believe that
the evidence obtained provides a reasonable basis for our findings and conclusions
based on our audit objective.
Unless otherwise indicated in this report, samples for testing were selected based on
professional judgment, as it was not the intent to project the results onto the entire
population. Where applicable, information is presented concerning the value and/or
size of the relevant population and the sample selected for examination.
The Board has the responsibility to initiate corrective action. A written corrective
action plan (CAP) that addresses the findings and recommendations in this report
must be prepared and provided to our office within 90 days, pursuant to Section 35 of
General Municipal Law, Section 2116-a (3)(c) of New York State Education Law and
Section 170.12 of the Regulations of the Commissioner of Education. To the extent
practicable, implementation of the CAP must begin by the end of the next fiscal year.
For more information on preparing and filing your CAP, please refer to our brochure,
Responding to an OSC Audit Report, which you received with the draft audit report.
The CAP should be posted on the District’s website for public review.
10 Office of the New York State Comptroller
Appendix D: Resources and Services
Regional Office Directory
www.osc.state.ny.us/files/local-government/pdf/regional-directory.pdf
Cost-Saving Ideas – Resources, advice and assistance on cost-saving ideas
www.osc.state.ny.us/local-government/publications
Fiscal Stress Monitoring – Resources for local government officials experiencing fiscal problems
www.osc.state.ny.us/local-government/fiscal-monitoring
Local Government Management Guides – Series of publications that include technical information
and suggested practices for local government management
www.osc.state.ny.us/local-government/publications
Planning and Budgeting Guides – Resources for developing multiyear financial, capital, strategic and
other plans
www.osc.state.ny.us/local-government/resources/planning-resources
Protecting Sensitive Data and Other Local Government Assets – A non-technical cybersecurity
guide for local government leaders
www.osc.state.ny.us/files/local-government/publications/pdf/cyber-security-guide.pdf
Required Reporting – Information and resources for reports and forms that are filed with the Office of
the State Comptroller
www.osc.state.ny.us/local-government/required-reporting
Research Reports/Publications – Reports on major policy issues facing local governments and State
policy-makers
www.osc.state.ny.us/local-government/publications
Training – Resources for local government officials on in-person and online training opportunities on a
wide range of topics
www.osc.state.ny.us/local-government/academy
Contact
Office of the New York State Comptroller
Division of Local Government and School Accountability
110 State Street, 12th Floor, Albany, New York 12236
Tel: (518) 474-4037 • Fax: (518) 486-6479 • Email: [email protected]
www.osc.state.ny.us/local-government
Local Government and School Accountability Help Line: (866) 321-8503
HAUPPAUGE REGIONAL OFFICE – Ira McCracken, Chief of Municipal Audits
NYS Office Building, Room 3A10 • 250 Veterans Memorial Highway • Hauppauge, New York
11788-5533
Tel (631) 952-6534 • Fax (631) 952-6091 • Email: [email protected]
Serving: Nassau, Suffolk counties
osc.state.ny.us