NEW YORK STATE (WRGB) — The New York State Comptroller has released a report on the Information Technology Services Office stating that thousands of computers and other costly equipment are unaccounted for, and new and barely used devices are destroyed instead of being donated or sold.
“Information Technology Services needs to do a better job of keeping an accurate inventory of its equipment to avoid wasting taxpayer dollars and to protect any sensitive information stored on these devices,” says New York State Comptroller Thomas DiNapoli. “The findings in this audit are very concerning and the agency needs to overhaul its operations.”
Information Technology Services (ITS) was created in 2012 to oversee and centralize IT services for NYS executive agencies.
It oversees 57 state entities, operates 83 stockrooms statewide while servicing/purchasing/maintaining equipment, and is responsible for keeping an accurate inventory of hardware and software.
The inventory is managed through the Information Technology Service Management (ITSM) software.
According to the Comptroller’s office, from March 2020 to 2024, ITS spent nearly $62 million on workstations and associated equipment.
The Comptroller’s audit discovered some inventories were inaccurate, ITSM records from stockrooms didn’t match, devices like laptops were missing, and the stockrooms filled with equipment holding potentially sensitive information had “lax” security.
The audit also says stockroom employees are not properly trained, with employees not knowing how to properly use the software to locate items or provide auditors with inventory reports.
While Comptroller auditors were investigating, during the first and second months of work, ITS officials placed unwarranted restrictions on access to records and agency staff which hindered the audit process.
Additionally, when information was eventually provided, the comptroller’s office said it was altered.
One concern being the ITSM inventory of laptop and desktop computers has been changed, resulting in the data remaining unreliable.
MORE: NYS report shows schools under fiscal stress
At the conclusion of the audit, restrictions were removed and information was made available by ITS.
Additional information provided by the audit:
- ITS initiated a cleanup of its inventory data during the audit and reclassified as “absent” 11,000 devices that were unaccounted for but had an “In-Stock” or other designation. In total, auditors found 17,887 items, including thousands of laptop and desktop computers, listed in ITSM as “absent,” mostly because their location wasn’t known (82%). Auditors searched for a sample of 102 devices with listed stockrooms, but stockroom employees couldn’t find 94 of them.
- Auditors identified 36 pallets of used equipment that could contain sensitive or confidential information – laptops, hard drives, monitors – in a shared storage area, easily accessed by employees from other agencies, as well as three boxes of hard drives taken from state computers stored behind an ITS employee’s desk.
- Auditors found 924 lightly used or new-in-box desktop and laptop computers, estimated value over $500,000, marked to be discarded. Previously, new, unused, and lightly used equipment was sometimes donated or sold at state auctions, but ITS now destroys discarded equipment, even in new or like-new condition.
- Auditors found that employees at ITS’ central distribution center, where purchased devices are first received and sent out to stockrooms around the state, said stockrooms often did not scan the devices as they were supposed to on arrival. Some 2,500 devices were listed as “In-transit” because stockrooms never confirmed their receipt.
- Auditors found that stockrooms around the state could not match their records with ITSM data, with some devices listed in the software but not in stockrooms and vice versa. A check of 606 laptop and desktop computers found 58 (9.6%) couldn’t be reconciled between stockrooms and ITSM records.
ITS Chief Communications Officer Scott Reif says:
“While we recognize there is always room for improvement, it’s important to note that ITS does have robust controls and security in place to fully protect its assets. In fact, we recently established a specific and dedicated IT Asset Management Team, which is now responsible for ensuring assets are accounted for during every step of the asset lifecycle. In addition, we implemented a new and more comprehensive asset management policy, and will routinely update it to reflect the complex and ever-evolving asset environment we support and manage on behalf of 57 state agencies. Among other issues, this policy has been strengthened to address unauthorized devices connected to the State network, inactive devices which may have been lost or reassigned, and it requires regular device verification. We take our responsibility to our client agencies and all New Yorkers very seriously, and will continue to improve and strengthen our processes to serve them better and more efficiently.”
MORE: Comptroller reminds New Yorkers to claim their lost or forgotten funds
