tailored
play

Tailored 685 Third Avenue Technologies LLC New York, NY 10017 - PDF document

Sep 06, 2023 •314 likes •377 views

Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date: January 19, 2017 To: To the file of Battery Park City From: Tailored Technologies LLC Technology Observations and Recommendations Resulting From the

  1. Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date: January 19, 2017 To: To the file of Battery Park City From: Tailored Technologies LLC Technology Observations and Recommendations Resulting From the October 31, 2016 Audit Marks Paneth LLP has issued a management letter under AU-C Section 265 indicating they did not observe any material weaknesses. The memo below represents our observations that are either minor in nature or represent best practices pertaining to technology. Matters in this memo are as of the date of this letter. If matters should arise between this date and the date of Marks Paneth LLP’s audit report on the financial statements, we will update this memo. Exhibit I of this memo lists new items that we noted during our work in connection with the Hugh L. Carey Battery Park City Authority’s financial statement audit for the year ending October 31, 2016. Exhibit II pertains to prior year recommendations that, based on our current procedures, appear to require further attention by management. Exhibit III are those observations and recommendations from the prior year’s letter that appear not to require further action. It should be noted that we will review management’s current year responses during Marks Paneth LLP’s next audit cycle. T ABLE OF C ONTENTS Overview ................................................................................................................................................ 2 Cyber Security ....................................................................................................................................... 3 Exhibit I – Current Year Recommendations 1) Data Restore Testing ....................................................................................................................... 4 Exhibit II – Prior Year Observations Requiring Further Attention There are no prior year observations and recommendations which require further attention. Exhibit III – Prior Year Recommendations That Appear Not to Require Further Action 2) Accounting System Permissions (Prior Year Observation #1) 3) Disaster Recovery Planning (Prior Year Observation #2) Tailored Technologies LLC is a wholly owned subsidiary of Marks Paneth LLP

  2. Tailored Technologies LLC O VERVIEW On December 9, 2016, Marks Paneth LLP’s Tailored Technologies met with the following individuals: 1. Robert Serpico, Chief Financial Officer 2. Karl Koenig, Controller 3. John Tam, Director of IT 4. Robert Quon, Deputy Director of IT 5. Neresa Gordon, Network Security Manager 6. Su May Ng, Senior Programmer Analyst 7. Leandro Lafuente, Senior Systems Administrator Our examination was performed in conjunction with the Hugh L. Carey Battery Park City Authority (BPCA) financial statement audit for the year ended October 31, 2016. We considered the internal controls within the Information Technology (IT) infrastructure and collected and evaluated evidence of BPCA’s information systems, practices, and operations in order to 1) assist the Marks Paneth LLP audit team to gain reliance on the computer controls for an effective and efficient audit process through the validation that information systems are safeguarding assets and maintaining data integrity and 2) provide recommendations as to whether the use of automation is being optimally utilized and operating effectively and efficiently to contribute to BPCA’s goals and objectives. Currently, BPCA has 28 physical and virtual servers running Microsoft Windows Server 2008 or 2012 or VMware ESXi 5.5. BPCA uses: 1. Microsoft’s Dynamics GP (Great Plains) version 2013 as its accounting software 2. Paramount’s WorkPlace version 12 for project accounting and procurement 3. Sage’s Abra version 9.01 as its Human Resources Information System 4. ADP’s online service to process payroll 5. ADP’s eTIME version 8 for time and attendance tracking 6. OpenText eDOCS 5.3.1 for document management The following observations and recommendations are focused on: 1. Data Restore Testing Page 2 of 5

  3. Tailored Technologies LLC C YBER S ECURITY We also considered BPCA’s cyber security protections and its ability to detect and prevent unauthorized internal and external access to BPCA's network. We looked at the policies and procedures in place to ensure secure processes are maintained, and BPCA staff is informed of current, secure practices. It would be impractical as part of this IT audit process to provide a full cyber security review. Cyber security protections at BPCA include: 1. A pair of SonicWALL NSA 3500 clustered firewall devices at the BPCA offices 2. Symantec’s Endpoint Protection version 12.5 to protect against viruses and malware 3. Spam filtering through US Internet, BPCA’s email provider, as well as through their SonicWALL firewall devices 4. Onsite and offsite backup of BPCA data and virtual services using QuorumLabs’ services 5. Penetration testing of the BPCA network performed twice a month by the New York State Office of Information Technology Services 6. VMware’s AirWatch mobile device management platform for BYOD protection of BPCA-provided portable devices, which includes the ability to delete (“wipe”) data on the mobile devices Page 3 of 5

  4. Tailored Technologies LLC Exhibit I – Current Year Recommendations 1) Data Restore Testing Observation: We were informed BPCA does not perform periodic, scheduled test restores of backed up data. While user files are restored on an as-needed basis, the restored data, consisting of critical files and systems, is not formally tested. The concern is core financial and critical operational files could become unrecoverable, leaving the ability to restore and recover these files in doubt. Recommendation: BPCA should consider creating formal policies and procedures requiring the periodic review and testing of backup processes. The policies and procedures should address, at minimum: 1. The review of documentation and backup job configurations to ensure the proper capture of all financial and operational data 2. The identification of the staff members who are authorized to approve the restore of data 3. The identification of staff members who are authorized to access the data backup storage 4. The identification of the backup data stores which must be encrypted 5. The schedule and scope of each test restore of both onsite and offsite data and verification steps to ensure the backup media is sound, and the data is correct and not corrupt Files (such as Microsoft Word or Excel files): for testing the restore process and the integrity of backed up files and documents, we recommend: 1. Test restores of files occur at least once a quarter 2. IT, Finance, and operational staff prepare a list of critical files to be restored each quarter. We recommend a different list of files for each quarter 3. IT staff restore the identified files to a testing environment (either a separate directory or server) and have Finance and or operational staff open and inspect the files 4. The results of the test restores be documented and reported to senior management Applications and Databases: Best practices dictate financial and critical operational applications and databases should be periodically restored to ensure the database can be properly restored should the production equipment fail. We recommend BPCA perform restore testing for all components of the Microsoft Dynamics GP system. Testing should include, at minimum: 1. Identification of a set of key reports by the business process owner; the reports should be generated by the production application immediately before backing up the application database 2. A restore of the application database from backup to a physical or virtual recovery server. This should be performed for both onsite and offsite backups 3. The business process owner should run a set of key reports from the restored database and compare with the production reports to ensure the accuracy of the backed up / recovered data Management’s Response: Management agrees with the recommendations and will develop a policy and procedure for restore testing that follows the requirements outlined in the above discussion. The first restore will be conducted before 7/1/17. **END OF NEW RECOMMENDATIONS** Page 4 of 5

  5. Tailored Technologies LLC Exhibit II – Prior Year Observations Requiring Further Attention There are no prior year observations and recommendations which require further attention. ** END OF REPEAT RECOMMENDATIONS** Exhibit III – Prior Year Recommendations That Appear Not to Require Further Action 2) Accounting System Permissions (Prior Year Observation #1) 3) Disaster Recovery Planning (Prior Year Observation #2) **END** Page 5 of 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TAILORED Tender alert service www.jurismarches.com TAILORED TENDER ALERT SERVICE 2 J360 SEPAO

TAILORED Tender alert service www.jurismarches.com TAILORED TENDER ALERT SERVICE 2 J360 SEPAO

TAILORED Tender alert service www.jurismarches.com TAILORED TENDER ALERT SERVICE 2 J360 SEPAO IS PROPULSED BY DATA EXPLORER Who we are As a business intelligence expert since 2005, OctopusMind develops tools for a smart analysis of economic

521 views • 7 slides
Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date:

Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date:

Tailored 685 Third Avenue Technologies LLC New York, NY 10017 Tel: (212) 503-6300 Date: December 18, 2018 To: The File of the Hugh L. Carey Battery Park City Authority From: Tailored Technologies, LLC Technology Observations and

291 views • 6 slides
Toll of personal privacy in 2018 @KirilsSolovjovs http://kirils.org Privacy is dead 16

Toll of personal privacy in 2018 @KirilsSolovjovs http://kirils.org Privacy is dead 16

This presentation uses no cookies for analytics, ads or any other purposes. Content served is not personalized or tailored to each audience member however it may be tailored to the conference itself. By continuing to watch this presentation you

994 views • 41 slides
2020 2022 Funding Cycle Tailored for NSPs APPLICATION APPROACH 21 NOVEMBER 2019 Contents

2020 2022 Funding Cycle Tailored for NSPs APPLICATION APPROACH 21 NOVEMBER 2019 Contents

2020 2022 Funding Cycle Tailored for NSPs APPLICATION APPROACH 21 NOVEMBER 2019 Contents Part One Background Tailored for NSPs Part Two Funding Request Annexes 2 Background Application Approaches Program Tailored for NSP

1.08k views • 43 slides
REGULATION UPDATE The Wheel | Tailored Training MAIREAD OCONNOR Training & Advice

REGULATION UPDATE The Wheel | Tailored Training MAIREAD OCONNOR Training & Advice

The Wheel | Tailored Training REGULATION UPDATE The Wheel | Tailored Training MAIREAD OCONNOR Training & Advice Coordinator The Wheel __________________________________ mairead@wheel.ie The Wheel | Tailored Training 3 MOST RECENT

656 views • 40 slides
Presentation 3 Getting personal: a tailored advertising experience Get Media Smart social

Presentation 3 Getting personal: a tailored advertising experience Get Media Smart social

Presentation 3 Getting personal: a tailored advertising experience Get Media Smart social media 2 Getting personal: a tailored advertising experience These ads are from one persons Facebook page what can we learn about them?

418 views • 15 slides
An Aggressive Plan fully Committed and Tailored to PR Needs By: Ariel Prez, P.E., M.E.

An Aggressive Plan fully Committed and Tailored to PR Needs By: Ariel Prez, P.E., M.E.

Highway Reconstruction Program An Aggressive Plan fully Committed and Tailored to PR Needs By: Ariel Prez, P.E., M.E. April 29, 2019 Jan 26, 2017 Introduction Current Challenges Our Top Priorities Key Infrastructure

519 views • 40 slides
Tailored Youth Marijuana Prevention Marketing (TYMPM) CAPAA Board Meeting November 18, 2017

Tailored Youth Marijuana Prevention Marketing (TYMPM) CAPAA Board Meeting November 18, 2017

Tailored Youth Marijuana Prevention Marketing (TYMPM) CAPAA Board Meeting November 18, 2017 APICAT for Healthy Communities Tailored Youth Marijuana Prevention Marketing Project The Department of Healths TYMPM was a pilot project to

422 views • 13 slides
A Simplified LCA methodology tailored A Simplified LCA methodology tailored to meet the challenge

A Simplified LCA methodology tailored A Simplified LCA methodology tailored to meet the challenge

Total Sustainability Management Total Sustainability Management A Simplified LCA methodology tailored A Simplified LCA methodology tailored to meet the challenge of Sustainable to meet the challenge of Sustainable Production. . Production

524 views • 33 slides
Tailored Cybersecurity Training in LVC Environments Presented by Jeremiah Folsom-Kovarik, Ph.D.

Tailored Cybersecurity Training in LVC Environments Presented by Jeremiah Folsom-Kovarik, Ph.D.

Tailored Cybersecurity Training in LVC Environments Presented by Jeremiah Folsom-Kovarik, Ph.D. On behalf of the co-authors: Denise Nicholson, Ph.D., Lauren Massey, Ryan OGrady and Eric Ortiz 5 November 2018 Outline What are trying

466 views • 17 slides
Preoperative Geriatric Assessment And Tailored Interventions In Frail Older Patients With

Preoperative Geriatric Assessment And Tailored Interventions In Frail Older Patients With

Preoperative Geriatric Assessment And Tailored Interventions In Frail Older Patients With Colorectal Cancer. A randomised controlled trial Nina Ommundsen Oslo University Hospital, Norway CONFLICT OF INTEREST DISCLOSURE I have no potential

387 views • 19 slides
More than preservation: Creating motivational designs and tailored incentives in research data

More than preservation: Creating motivational designs and tailored incentives in research data

More than preservation: Creating motivational designs and tailored incentives in research data repositories Sebastian S. Feger, Snje Dallmeier-Tiessen, Pamfilos Fokianos, Dinos Kousidis, Artemis Lavasa, Rokas Maciulaitis, Jan Okraska, Diego

612 views • 32 slides
Learn English in your teachers home An individual 1:1 course tailored to your learning needs

Learn English in your teachers home An individual 1:1 course tailored to your learning needs

Learn English in your teachers home An individual 1:1 course tailored to your learning needs Total immersion in English Practice your English through lessons and daily conversation Activities and excursions arranged to your interests

320 views • 16 slides
Company presentation November 2019 Product, Innovation and Realization includes Product,

Company presentation November 2019 Product, Innovation and Realization includes Product,

Company presentation November 2019 Product, Innovation and Realization includes Product, Innovation and Realization Independent supplier of tailored short Tailored Sonar technology to the global Tailored Sonar technology to the global

574 views • 18 slides
Automated Scenario Generation Toward Tailored and Optimized Military Training in Virtual

Automated Scenario Generation Toward Tailored and Optimized Military Training in Virtual

Entertainment Intelligence Lab Automated Scenario Generation Toward Tailored and Optimized Military Training in Virtual Environments Alex Zook Stephen Lee-Urban, Mark Riedl, Heather Holden, Robert Sottilare, Keith Brawner Scenario-based

399 views • 23 slides
diseases through an innovative and tailored web-based digital pathology program with Philips

diseases through an innovative and tailored web-based digital pathology program with Philips

Improving medical students understanding of pediatric diseases through an innovative and tailored web-based digital pathology program with Philips Pathology Tutor (formerly PathXL) Cathy Chen 1 , Bradley Clifford 2 , Matthew OLeary 2 ,

813 views • 17 slides
Accounting for Growth (AfG) Update Presentation to MACO September 27, 2017 Why an AfG Policy?

Accounting for Growth (AfG) Update Presentation to MACO September 27, 2017 Why an AfG Policy?

Accounting for Growth (AfG) Update Presentation to MACO September 27, 2017 Why an AfG Policy? EPA requires states to provide certainty that increased nutrient and 1. sediment loads resulting from growth have been accounted for and will be

469 views • 10 slides
PowerGen Maintenance-Free Electrical Power for the O&G Industry 1 Company Overview Decades

PowerGen Maintenance-Free Electrical Power for the O&G Industry 1 Company Overview Decades

PowerGen Maintenance-Free Electrical Power for the O&G Industry 1 Company Overview Decades of technology excellence led to a Maintenance Free Generator The emerging leader in Reliable Distributed Power for the 1-10 KW range, based on a

471 views • 27 slides
DAVE YOST Ohio Auditor of State UAN Year End Update { 1 Welcome 2 Agenda Session Agenda 7:00

DAVE YOST Ohio Auditor of State UAN Year End Update { 1 Welcome 2 Agenda Session Agenda 7:00

DAVE YOST Ohio Auditor of State UAN Year End Update { 1 Welcome 2 Agenda Session Agenda 7:00 a.m. 8:00 a.m. Registration 8:00 a.m. 8:10 a.m. Welcome and Introduction 8:10 a.m. 8:30 a.m. Cyber Security 8:30 a.m. 9:00 a.m.

651 views • 30 slides
Four steps in an effective workflow... 1. Cleaning data Things to do: Verify your data are

Four steps in an effective workflow... 1. Cleaning data Things to do: Verify your data are

WS_Workflow_Presentation Outline Part 1 Krista K. Payne July 24, 2017 Four steps in an effective workflow... 1. Cleaning data Things to do: Verify your data are accurate Variables should be well named Variables should be properly

148 views • 10 slides
Welcome to the Texas Department of Slide 1 Transportation San Antonio Districts virtual

Welcome to the Texas Department of Slide 1 Transportation San Antonio Districts virtual

Welcome to the Texas Department of Slide 1 Transportation San Antonio Districts virtual public meeting for the SH 16 Helotes Project. This presentation will discuss the proposed improvements to the stretch of SH SH 16 Helotes 16 from

374 views • 16 slides
Claredale Environmental Assessment Overview Problem Solving Process Alternative 3B Evaluation

Claredale Environmental Assessment Overview Problem Solving Process Alternative 3B Evaluation

Claredale Environmental Assessment Overview Problem Solving Process Alternative 3B Evaluation Next Steps Alternative 3A Preferred Solution Why is the Claredale EA Project taking place? The objective of the Claredale EA project is to

574 views • 9 slides
VESTESEN A/S PRESENTATION wind/diesel desalination Introduction Stand-alone wind/diesel (WD)

VESTESEN A/S PRESENTATION wind/diesel desalination Introduction Stand-alone wind/diesel (WD)

VESTESEN A/S PRESENTATION wind/diesel desalination Introduction Stand-alone wind/diesel (WD) power stations plans with high wind penetration of up to 100%, integrated with desalination systems for continuous production of electric power and

305 views • 3 slides
Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia

Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia

Efficiently Backing up Terabytes of Data with pgBackRest David Steele Crunchy Data PGDay Russia 2017 July 6, 2017 Agenda 1 Why Backup? 2 Living Backups 3 Design 4 Features Performance 5 Changes to Core 6 In The Pipeline 7 8

376 views • 25 slides

More recommend