milford

Document Sample
milford Powered By Docstoc
					OFFICE   OF THE   NEW YORK STATE COMPTROLLER
                  D IVISION OF LOCAL GOVERNMENT
                      & SCHOOL ACCOUNTABILITY




         Milford
 Central School District
  Information Technology

           Report of Examination
                   Period Covered:
           July 1, 2007 — October 8, 2008
                       2009M-5




              Thomas P. DiNapoli
                                Table of Contents



                                                                                Page

AUTHORITY LETTER                                                                 2


INTRODUCTION                                                                     3
           Background                                                            3
           Objective                                                             3
           Scope and Methodology                                                 3
           Comments of District Officials and Corrective Action                   4


INFORMATION TECHNOLOGY                                                           5
            User Access Rights                                                   5
            Passwords                                                            7
            Physical Security                                                    7
            Disaster Recovery                                                    8
            Computerized Signature Disk                                          8
            Computer Usage                                                       9
            Recommendations                                                      9


APPENDIX    A   Response From District Officials                                 11
APPENDIX    B   Audit Methodology and Standards                                 13
APPENDIX    C   How to Obtain Additional Copies of the Report                   15
APPENDIX    D   Local Regional Office Listing                                    16




                       DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY          1
                                                                                       1
                                                 State of New York
                                    Office of the State Comptroller


Division of Local Government
and School Accountability

May 2009

Dear School District Officials:

A top priority of the Office of the State Comptroller is to help school district officials manage their
districts efficiently and effectively and, by so doing, provide accountability for tax dollars spent to
support district operations. The Comptroller oversees the fiscal affairs of districts statewide, as well
as districts’ compliance with relevant statutes and observance of good business practices. This fiscal
oversight is accomplished, in part, through our audits, which identify opportunities for improving
district operations and Board of Education governance. Audits also can identify strategies to reduce
district costs and to strengthen controls intended to safeguard district assets.

Following is a report of our audit of the Milford Central School District, entitled Information
Technology. This audit was conducted pursuant to the Article V, Section 1 of the State Constitution,
and the State Comptroller’s authority as set forth in Article 3 of the General Municipal Law.

This audit’s results and recommendations are resources for district officials to use in effectively
managing operations and in meeting the expectations of their constituents. If you have questions about
this report, please feel free to contact the local regional office for your county, as listed at the end of
this report.


Respectfully submitted,


Office of the State Comptroller
Division of Local Government
and School Accountability




   2         OFFICE OF THE NEW YORK STATE COMPTROLLER
                           Introduction
Background         The Milford Central School District (District) is located in the
                   towns of Hartwick, Laurens, Maryland, Middlefield, Milford, and
                   Westford in Otsego County. The District is governed by the Board
                   of Education (Board) which comprises seven elected members. The
                   Board is responsible for the general management and control of the
                   District’s financial and educational affairs. The Superintendent of
                   Schools (Superintendent) is the chief executive officer of the District
                   and is responsible, along with other administrative staff, for the day-
                   to-day management of the District under the direction of the Board.
                   The District Treasurer (Treasurer) is responsible for managing the
                   District’s financial operations and overseeing the work of the Business
                   Office staff.

                   There is one school in operation within the District, with
                   approximately 453 students and 156 employees. The District’s
                   budgeted expenditures for the 2007-08 fiscal year were $9.1 million,
                   which were funded primarily with State aid, real property taxes, and
                   grants.

                   The Board is responsible for adopting policies and procedures and
                   developing controls to safeguard computerized data and assets. The
                   District uses one networked computer system to process and store
                   financial and non-financial data. The Information Technology (IT)
                   Director oversees the network system. The Board has established
                   a Technology Committee to assist in the development of IT-related
                   policies and procedures and oversee the IT function.

Objective          The objective of our audit was to determine if District officials were
                   properly managing District operations to safeguard District assets for
                   the period covering July 1, 2007, through October 8, 2008. Our audit
                   addressed the following related question:

                      •   Did the Board establish comprehensive policies and
                          procedures addressing the safeguarding of computerized data
                          and assets?

Scope and          Our overall goal was to assess the adequacy of the internal controls
Methodology        put in place by officials to safeguard District assets. To accomplish
                   this, we performed an initial assessment of the District’s internal
                   controls so that we could design our audit to focus on those areas
                   most at risk. Our initial assessment included evaluations of the
                   following areas: financial oversight, cash receipts and disbursements,
                   purchasing, payroll and personal services, and IT. Based on that

              DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY                 3
                                                                                     3
                           evaluation, we determined that controls appeared to be adequate and
                           limited risk existed in most of the financial areas that we reviewed.
                           We did determine that risk existed in the IT system, and therefore,
                           we examined the District’s IT policies and procedures for the period
                           July 1, 2007, to October 8, 2008. Certain observations and lesser
                           findings related to the District’s appointment of a claims auditor were
                           discussed with District officials.

                           We conducted our audit in accordance with generally accepted
                           government auditing standards (GAGAS). More information on such
                           standards and the methodology used in performing this audit are
                           included in Appendix B of this report.

Comments of District       The results of our audit and recommendations have been discussed
Officials and Corrective    with District officials and their comments, which appear in Appendix
Action                     A, have been considered in preparing this report. District officials
                           generally agreed with our recommendations and indicated they
                           planned to initiate corrective action.

                           The Board has the responsibility to initiate corrective action. Pursuant
                           to Section 35 of the General Municipal Law, Section 2116-a (3)(c)
                           of the Education Law, and Section 170.12 of the Regulations of the
                           Commissioner of Education, a written corrective action plan (CAP)
                           that addresses the findings and recommendations in this report must
                           be prepared and forwarded to our office within 90 days. To the extent
                           practicable, implementation of the CAP must begin by the end of
                           the next fiscal year. For more information on preparing and filing
                           your CAP, please refer to our brochure, Responding to an OSC Audit
                           Report, which you received with the draft audit report. The Board
                           should make the CAP available for public review in the District
                           Clerk’s office.




  4        OFFICE OF THE NEW YORK STATE COMPTROLLER
                         Information Technology

                          Computerized data is a valuable resource that District officials rely on
                          to make financial decisions and report to State and Federal agencies.
                          If the computers on which this data is stored fail, or the data is lost or
                          altered, either intentionally or unintentionally, the results could range
                          from an inconvenient to catastrophic event for the District. Even
                          small disruptions can require extensive time and effort to evaluate
                          and repair. For this reason, it is important that District officials control
                          and monitor computer system access and usage, establish a formal
                          disaster recovery plan, and ensure computerized data and assets are
                          physically secured. The Board is responsible for adopting policies
                          and procedures and developing controls to safeguard computerized
                          data and assets, and the Information Technology (IT) Director is
                          responsible for ensuring that District officials and employees adhere
                          to adopted policies and procedures.

                          We found that the Board has not effectively addressed the safeguarding
                          of computerized data and assets by establishing adequate policies
                          and procedures and monitoring their implementation. Specifically,
                          the District has not adopted comprehensive policies and procedures
                          relating to user access rights, passwords, computer usage, and
                          access controls over the Treasurer’s computerized signature disk.
                          The Board also has not developed a formal disaster recovery plan or
                          physically secured its computer assets. While our examination did
                          not identify any significant occurrences of unauthorized activity, the
                          IT weaknesses identified increase the risk that sensitive or critical
                          data may be lost or compromised, or that systems could be damaged
                          or disrupted.

User Access Rights        The Board is responsible for establishing adequate policies and
                          procedures to ensure that user access to the District’s financial software
                          resources is appropriately restricted. It is important that user access
                          rights in the financial software be based on the needs of particular
                          job duties. When properly designed, user access restrictions can
                          prevent District employees from being involved in multiple aspects
                          of a financial transaction and ensure that users are restricted from
                          unauthorized areas where they can intentionally or unintentionally
                          destroy or change critical financial data. District officials can help
                          preserve the proper segregation of duties by restricting user access
                          rights. A system administrator has the ability to add new users and
                          change users’ access rights. With this ability, system administrators
                          are able to control and use all aspects of the software. A good system
                          of controls would segregate the duties of administering access to
                          the computerized financial system and the functions of the Business

                     DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY                     5
                                                                                                5
                    Office to reduce the risk that District financial information or resources
                    could be misused. The administrator of the financial software must
                    be someone who is not involved in the day-to-day activities of the
                    Business Office, such as the IT Director. District officials also can
                    review audit logs and exception reports1 to ensure that employees are
                    not accessing areas of the financial software that are not related to
                    their job duties.

                    We found that the Board did not establish adequate policies and
                    procedures to restrict users’ access rights to only those areas of the
                    financial software needed to complete their job duties. The Treasurer
                    has system administrator rights in all modules2 of the District’s
                    financial software. Administrative rights allow the Treasurer to change
                    her own user access rights within the software system and the user
                    access rights of other District employees. In addition, the Treasurer
                    does not normally process payroll or accounts payables and does not
                    need access to those modules. The account clerk also has user access
                    rights to all functions3 within the accounts payable, human resources
                    and payroll modules, even though her job duties do not require her to
                    have access to every function. For example, the account clerk is not
                    responsible for adding new employees to the financial software, but
                    she has access to this function in the human resource module. Further,
                    District officials did not review audit logs and exception reports to
                    track employee activity within the financial software system.

                    The Treasurer told us that due to the size of the school and the limited
                    number of employees in the Business Office, she feels that she needs
                    user access rights to all areas in the financial software. For example,
                    she told us that if the account clerk is sick or on vacation, she may need
                    to process payroll or accounts payable checks, because there is no one
                    else in the Business Office who is trained to do so. However, when
                    the account clerk is absent and the Treasurer functions as her backup,
                    District officials do not provide adequate oversight of the Treasurer’s
                    work in this capacity. The Treasurer also told us that she has identified
                    the modules that the Business Office staff needs access to, but that she
                    has not further limited access by reviewing and limiting access to the
                    functions within each module.


                    ____________________
                    1
                      Audit logs and exception reports are computer-generated reports that show which
                    employee performed financial transactions and what they changed.
                    2
                      A module is a separate component of the financial software. The District currently
                    uses modules for payroll, accounts payable, human resources, cash receipts,
                    budgeting and system manager.
                    3
                      A function is a separate component of a module, such as the ability to create,
                    change, delete, or update a transaction. User access can be limited by function so
                    that a user has the ability to create a transaction, but not to change, delete, or update
                    it.

6   OFFICE OF THE NEW YORK STATE COMPTROLLER
                         Because of this internal control weakness, we reviewed audit logs
                         to determine if the Treasurer or account clerk were using functions
                         in the financial software that did not correspond with their job
                         duties. We also reviewed attendance history reports to verify that
                         the Treasurer performed the accounts clerk’s duties only on days the
                         clerk was absent. We did not identify any significant occurrences of
                         unauthorized activity. However, this lack of segregation of duties
                         between the accounting and financial software administration
                         functions increases the risk of unauthorized changes to the accounting
                         records, to the software security settings, and to user authorization
                         privileges without District officials’ knowledge or prior approval.
                         This weakness significantly increases the risk that inappropriate
                         disbursements could be initiated and concealed.

Passwords                Computer system users are required to enter user names and
                         passwords to gain access to networks, computers and applications.
                         To protect data, it is important that the Board adopt policies and
                         procedures that require the use of strong passwords4 and changes to
                         passwords every 30 to 90 days. If possible, the District’s network
                         must be set up to require complex passwords and periodic password
                         changes.

                         The Board has not adopted adequate policies and procedures to
                         address the use of passwords. Password selection depends on the
                         individual users – the only requirement is that passwords contain at
                         least five characters. In addition, users do not have to periodically
                         change their passwords. As a result, District employees could have
                         the same five-character password for several years. In addition, the
                         District’s network can be set up to require complex passwords and
                         enforce password changes, but these features were not being used.

                         The IT Director told us he does not think that District personnel need
                         to use more complex passwords, and he said that if passwords were
                         too complex that District employees might post the passwords onto
                         their computers. The failure to establish policies and procedures to
                         address the use of passwords increases the risk that an unauthorized
                         user could gain access to the District’s network and change, destroy,
                         or manipulate data.

Physical Security        The physical security over computerized assets is an important
                         component of adequate protection for computerized assets. Limiting
                         access to those assets and securing assets from fire and water damage
                         is necessary to physically secure the District’s computerized assets.

                         ____________________
                         4
                           Strong passwords contain a combination of upper- and lowercase letters,
                         punctuation, and at least eight characters.

                    DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY                   7
                                                                                             7
                           District officials have not adequately addressed the physical security
                           of their computerized assets. During a tour of the school, we identified
                           two wiring closets that were exposed and accessible to students and
                           staff. In addition, the wiring closets and server room were located
                           in areas that are not secure from fire and water damage (i.e., did not
                           have a fire-proof door).

                           The IT Director told us that one of the exposed wiring closets was
                           secured until last year, when the room it was in underwent some
                           modifications due to space limitations. Without proper physical
                           security, all other security measures may be meaningless. Physical
                           threats, whether internal or external, malicious or inadvertent could
                           lead to damaged or stolen hardware and the release of personal or
                           confidential information. These security breaches can cost thousands
                           of dollars and countless work hours to correct and possibly lead to
                           costly litigation for the District.

Disaster Recovery          District officials must establish a formal disaster recovery plan to
                           prevent the loss of computer data and equipment and to provide
                           staff with recovery procedures in the case of a disaster. Typically, a
                           disaster recovery plan involves an analysis of business processes and
                           continuity needs and precautions that are necessary to minimize the
                           effects of a disaster, so that critical functions can be maintained or
                           quickly resumed.

                           The District did not have a formal disaster recovery plan. The IT
                           Director maintains an emergency folder that contains information
                           needed to restore the network. The IT Director also told us that District
                           employees could go to the Broome-Tioga BOCES to process the
                           District’s financial transactions in the case of an emergency. In fact,
                           recently the District experienced an interruption to the network and
                           the account clerk traveled to the Broome-Tioga BOCES to process
                           the District’s payroll. In addition, beginning in August 2008, the
                           District began backing up non-financial data (i.e., student information
                           systems) with the Otsego Northern Catskill BOCES, thereby enabling
                           them to access this data offsite if needed.

                           While the District has not experienced a major loss in IT assets due to
                           this weakness, it would be unprepared in the event of a catastrophic
                           event, because it may not be able to recover necessary data and/or
                           promptly resume operations if a disaster were to occur.

Computerized Signature     The Treasurer is the official custodian of all District funds and is
Disk                       the authorized signatory for bank accounts. As such, the Treasurer’s
                           signature is required on all District checks. Because a computerized
                           signature disk is an extension of the Treasurer’s authority, it must be
                           password-protected and stored in a secure location.

  8        OFFICE OF THE NEW YORK STATE COMPTROLLER
                       The Treasurer did not properly safeguard her computerized signature
                       disk. Although the Treasurer’s signature disk was physically secured
                       in a locked safe, it was not password-protected. The account clerk
                       used the Treasurer’s signature disk to sign checks when needed.

                       We reviewed 60 payments processed by the account clerk totaling
                       $46,255 and found that the payments were approved, supported, and
                       reasonable. The Treasurer told us that she did not properly safeguard
                       her computerized signature disk because she feels that there are
                       adequate controls over the use of her electronic signature. For
                       example, she told us that she randomly examines the account clerk’s
                       work and that all vendor checks have to be reviewed and approved by
                       the District claims auditor. Although our testing disclosed no material
                       exceptions, if the Treasurer’s computerized signature disk is not
                       properly safeguarded, it could be accessed by unauthorized people
                       and result in the misuse of District funds.

Computer Usage         Good internal controls over computerized data include policies
                       governing acceptable computer usage. It is important that these polices
                       address computer usage for non-business purposes (i.e., personal
                       use) and require the IT Director to monitor District computers for
                       inappropriate usage.

                       The District’s adopted policies related to computer access and usage
                       were inadequate because they did not address whether employees
                       could use District-owned computers for non-business purposes. We
                       also found that the IT Director did not periodically monitor District
                       computers for inappropriate usage. We reviewed four laptops and
                       three desktops and found only minimal personal use on two desktop
                       computers.

                       The IT Director told us that he has not created a personal use policy
                       because the District has not had any problems with personal usage of
                       District-owned computers, and therefore, he has not seen a need to
                       develop a policy. While comprehensive computer usage policies do
                       not guarantee the safety of the District’s electronic information, the
                       lack of such policies significantly increases the risk that hardware and
                       software systems and the data they contain may be lost or damaged by
                       inappropriate use and leaves the District vulnerable to risks associated
                       with personal use, including computer viruses and spyware.

Recommendations        1. The Board should adopt policies and procedures over user access
                          rights to require that:

                          •   System administrator rights are assigned only to the IT
                              Director


                  DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY                  9
                                                                                          9
                         •   Access to the financial software modules and functions is
                             limited based on job duties

                         •   Audit logs and exception reports are periodically reviewed.

                      2. The IT Director should provide the Treasurer with access to
                         the modules of the financial software normally accessed by
                         the account clerk only when the account clerk is absent. When
                         the account clerk returns to the District, the IT Director should
                         rescind the Treasurer’s backup capacity access rights.

                      3. District officials should implement compensating controls to
                         review the Treasurer’s work when the account clerk is absent and
                         the Treasurer is performing as her backup.

                      4. The Board should establish policies and procedures requiring
                         employees to use complex passwords and to routinely change
                         those passwords. The IT Director should enforce these procedures
                         by enabling these features on the District’s network.

                      5. The IT Director should ensure that the server room and wiring
                         closets are secure and protected from fire and water damage.

                      6. The Board should adopt a comprehensive disaster recovery
                         plan that includes specific guidelines to protect confidential and
                         essential data against damage, loss, or destruction.

                      7. The Treasurer should ensure that her computerized signature disk
                         is password-protected.

                      8. The Board should adopt policies and procedures governing
                         computer usage to ensure that staff use District computers only
                         for official business purposes. The IT Director should monitor
                         computer usage.




10   OFFICE OF THE NEW YORK STATE COMPTROLLER
                                          APPENDIX A

                      RESPONSE FROM DISTRICT OFFICIALS

The District officials’ response to this audit can be found on the following page.




                          DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY    11
                                                                                    11
12   OFFICE OF THE NEW YORK STATE COMPTROLLER
                                           APPENDIX B

                     AUDIT METHODOLOGY AND STANDARDS

Our overall goal was to assess the adequacy of the internal controls put in place by officials to safeguard
District assets. To accomplish this, we performed an initial assessment of the internal controls so
that we could design our audit to focus on those areas most at risk. Our initial assessment included
evaluations of the following areas: financial oversight, cash receipts and disbursements, purchasing,
payroll and personal services, and IT.

During the initial assessment, we interviewed appropriate District officials, performed limited tests
of transactions and reviewed pertinent documents, such as District policies and procedures manuals,
Board minutes, and financial records and reports. In addition, we obtained information directly from
the computerized financial databases and then analyzed it electronically using computer-assisted
techniques. This approach provided us with additional information about the District’s financial
transactions as recorded in its databases. Further, we reviewed the District’s internal controls and
procedures over the computerized financial databases to help ensure that the information produced by
such systems was reliable.

After reviewing the information gathered during our initial assessment, we determined where
weaknesses existed, and evaluated those weaknesses for the risk of potential fraud, theft and/or
professional misconduct. Based on that evaluation we determined that controls appeared to be adequate
and limited risk existed in most of the financial areas that we reviewed. We then decided upon the
reported objectives and scope by selecting for audit those areas most at risk. We selected the IT system
for further audit testing. Certain observations and lesser findings related to the District’s appointment
of a claims auditor were discussed with District officials.

To accomplish the objective of this audit, we performed the following steps:

   •   Interviewed officials and employees regarding existing internal control systems

   •   Interviewed employees in the Business Office and IT Department concerning access rights
       of the District’s financial software. We also reviewed those rights to determine if they were
       assigned in accordance with job duties.

   •   Reviewed audit logs to determine if District employees were accessing areas of the financial
       software that were outside of their job duties

   •   Reviewed attendance history reports to determine if the Treasurer performed the accounts
       clerk’s duties only on days that the clerk was absent

   •   Reviewed IT policies and procedures to determine if they were adequate

   •   Reviewed seven District computers for acceptable use

   •   Inquired about access into the network including the password system


                           DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY                   13
                                                                                                    13
     •   Inquired about data recovery protocols and procedures

     •   Reviewed the physical security over the District’s computerized data and assets

     •   Reviewed the safeguards in place over the Treasurer’s computerized signature disk

     •   Inquired about the claims auditor’s job duties and responsibilities

     •   Reviewed 25 claims totaling $13,535 that were initiated by the Superintendent or claims auditor5
         to verify whether the claims were adequately supported, were legitimate District expenditures,
         and were properly audited and approved

     •   Reviewed an additional 35 claims totaling $32,720 to determine if they were adequately
         supported, were legitimate District expenditures, and were properly audited and approved.

We conducted our performance audit in accordance with generally accepted government auditing
standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.




____________________
5
 As part of her other duties at the District, the claims auditor may initiate (i.e., fill out a purchase requisition) IT-related
purchases.

    14         OFFICE OF THE NEW YORK STATE COMPTROLLER
                                           APPENDIX C

           HOW TO OBTAIN ADDITIONAL COPIES OF THE REPORT


To obtain copies of this report, write or visit our web page:




                                    Office of the State Comptroller
                                    Public Information Office
                                    110 State Street, 15th Floor
                                    Albany, New York 12236
                                    (518) 474-4015
                                    http://www.osc.state.ny.us/localgov/




                           DIVISION OF LOCAL GOVERNMENT AND SCHOOL ACCOUNTABILITY   15
                                                                                    15
                                                    APPENDIX D
                             OFFICE OF THE STATE COMPTROLLER
                              DIVISION OF LOCAL GOVERNMENT
                               AND SCHOOL ACCOUNTABILITY
                                            Steven J. Hancox, Deputy Comptroller
                                            John C. Traylor, Assistant Comptroller

                                      LOCAL REGIONAL OFFICE LISTING
BUFFALO REGIONAL OFFICE                                      GLENS FALLS REGIONAL OFFICE
Robert Meller, Chief Examiner                                Karl Smoczynski, Chief Examiner
Office of the State Comptroller                               Office of the State Comptroller
295 Main Street, Suite 1032                                  One Broad Street Plaza
Buffalo, New York 14203-2510                                 Glens Falls, New York 12801-4396
(716) 847-3647 Fax (716) 847-3643                            (518) 793-0057 Fax (518) 793-5797
Email: Muni-Buffalo@osc.state.ny.us                          Email: Muni-GlensFalls@osc.state.ny.us

Serving: Allegany, Cattaraugus, Chautauqua, Erie,            Serving: Clinton, Essex, Franklin, Fulton, Hamilton,
Genesee, Niagara, Orleans, Wyoming counties                  Montgomery, Rensselaer, Saratoga, Warren, Washington
                                                             counties

ROCHESTER REGIONAL OFFICE                                    ALBANY REGIONAL OFFICE
Edward V. Grant, Jr., Chief Examiner                         Kenneth Madej, Chief Examiner
Office of the State Comptroller                               Office of the State Comptroller
The Powers Building                                          22 Computer Drive West
16 West Main Street – Suite 522                              Albany, New York 12205-1695
Rochester, New York 14614-1608                               (518) 438-0093 Fax (518) 438-0367
(585) 454-2460 Fax (585) 454-3545                            Email: Muni-Albany@osc.state.ny.us
Email: Muni-Rochester@osc.state.ny.us
                                                             Serving: Albany, Columbia, Dutchess, Greene,
Serving: Cayuga, Chemung, Livingston, Monroe,                Schenectady, Ulster counties
Ontario, Schuyler, Seneca, Steuben, Wayne, Yates
counties

SYRACUSE REGIONAL OFFICE                                     HAUPPAUGE REGIONAL OFFICE
Eugene A. Camp, Chief Examiner                               Jeffrey P. Leonard, Chief Examiner
Office of the State Comptroller                               Office of the State Comptroller
State Office Building, Room 409                               NYS Office Building, Room 3A10
333 E. Washington Street                                     Veterans Memorial Highway
Syracuse, New York 13202-1428                                Hauppauge, New York 11788-5533
(315) 428-4192 Fax (315) 426-2119                            (631) 952-6534 Fax (631) 952-6530
Email: Muni-Syracuse@osc.state.ny.us                         Email: Muni-Hauppauge@osc.state.ny.us

Serving: Herkimer, Jefferson, Lewis, Madison,                Serving: Nassau, Suffolk counties
Oneida, Onondaga, Oswego, St. Lawrence counties

BINGHAMTON REGIONAL OFFICE
Patrick Carbone, Chief Examiner                              NEWBURGH REGIONAL OFFICE
Office of the State Comptroller                               Christopher Ellis, Chief Examiner
State Office Building, Room 1702                              Office of the State Comptroller
44 Hawley Street                                             33 Airport Center Drive, Suite 103
Binghamton, New York 13901-4417                              New Windsor, New York 12553-4725
(607) 721-8306 Fax (607) 721-8313                            (845) 567-0858 Fax (845) 567-0080
Email: Muni-Binghamton@osc.state.ny.us                       Email: Muni-Newburgh@osc.state.ny.us

Serving: Broome, Chenango, Cortland, Delaware,               Serving: Orange, Putnam, Rockland, Westchester
Otsego, Schoharie, Sullivan, Tioga, Tompkins                 counties
counties



  16            OFFICE OF THE NEW YORK STATE COMPTROLLER

				
Fighting Yank Fighting Yank
About These documents were primarily taken from government websites as part of a personal project to archive political and governmental documents on Docstoc. Please email gov.archive.project@gmail.com for prompt removal if you discover a copyrighted document. Thank you!