GLOVERSVILLE - The Gloversville Enlarged School District Board of Education did not exercise adequate oversight of financial operations for almost two years, according to a non-final draft audit from the Office of the State Comptroller.
The audit - which has not been officially released and is a draft of the initial findings - covered a period of time from July 1, 2011 to March 31, 2013.
The comptroller's draft audit said district officials said there was no audit committee active at the district. Although the board had been established as an audit committee in 2005, the draft audit said, the members did not perform the duties required of such a committee.
The audit also revealed the district has not received an internal audit report since 2010-11 and the district did not appoint an internal auditor for the 2012-13 school year.
"As a result, the taxpayers do not have adequate assurance that risk is being effectively monitored and that internal control weaknesses are identified and addressed," the draft audit results read.
The recent draft audit doesn't include comments from the school district and those will be presented when the audit becomes final in about a month, school board President Richard Carlson.
Since the audit obtained by The Leader-Herald is a draft, Carlson declined to comment on the findings or what the district will do to address the issues presented by the Comptroller's Office.
However, Carlson said the Board of Education appointed an audit committee this summer.
The comptroller said in the draft audit that board members do not audit individual claims and haven't appointed a claims auditor.
As a result, the audit said, none of the 50 claims tested by the Comptroller's Office - totaling $967,570 - had been audited.
In addition, the audit said, one claim totaling $48,998 was for a truck that had no documentation to show the purchase was subject to competition.
Also, five claims totaling $3,317 were for credit card charges where the credit card company electronically debited payments directly from the District's bank account.
"As a result, there is an increased risk that goods and services will not be purchased in the manner most beneficial for the taxpayer and that unauthorized or improper transactions could occur," the comptroller's draft audit reads.
Also the draft audit states that the board did not adequately design and implement policies over the security of information technology. The draft audit said because of this, the district does not have a written disaster recovery plan.
In addition, the draft audit said, the district treasurer has administrative rights in the financial software that allow access to all aspects of the system and district officials do not produce or review activity logs.
"There is an increased risk of loss of computer equipment and data, and that unauthorized or inappropriate transactions could occur," the draft audit said.
The comptroller does make a number of recommendations to the district in the draft audit, including:
The board should annually appoint an audit committee and enumerate its responsibilities in a charter. The audit committee should ensure there is a written record of its activities, including a review of any risk assessments or corrective action plans and monitoring the implementation of recommendations of external auditors.
The board should ensure the internal audit function is performed and documented.
The board should audit all claims against the district prior to payment or appoint a claims auditor to do so and would ensure all claims are properly supported by itemized invoices and, where applicable, competition has been solicited for purchases.
If the board wants to allow claims to be paid prior to audit that are allowable under Education Law, it should pass a resolution authorizing this action.
The district should not allow third parties (such as a credit card company) to electronically debit its bank accounts to obtain payment and any electronic payments made should be authorized in each instance by the treasurer or other district official after the board has audited the claim.
The board should adopt a formal written disaster recovery plan.
District officials should assign the treasurer only those user permissions that are essential to their job duties.
District officials should periodically produce and review activity logs for all users in the financial management system to detect unauthorized or inappropriate transactions and the user who is responsible.
The school district declined to comment on the draft.
"The comptroller's audit of the Gloversville Enlarged School District is still in draft form - its release at this time is premature and, because of that, district officials cannot comment on any of the specific details contained in the draft," district Communications Specialist Emily Donohue said in a news release. "The comptroller's draft is not an official report and district officials still have the opportunity to clarify and explain our policies and procedures. Those clarifications may change the comptroller's ultimate findings."
District officials, the release said, including Superintendent Michael Vanyo, will discuss the draft audit with the Board of Education this week and begin to work on their response to the findings.
The school board is scheduled to meet tonight.
The district expects to have the response sent to the Comptroller's Office by the Sept. 18 deadline and the audit will be made public after that.