Audit Report On The Development And Implementation Of The S-Elect Project By The New York City Board Of Elections
AUDIT REPORT IN BRIEF
This office performed an audit on the New York City Board of Elections (Board) development and implementation of the S-Elect Project. The objective of the Board’s S-Elect Project was to develop and implement new information technology systems to support the Board’s election and poll-worker activities and to provide a framework for the eventual integration of all Board applications. These new systems would replace the Candidate Processing and Rotation/Entry and Certification of Official Election Results (CPR/ENCORE) and Poll Worker Election Administration System (EASY) mainframe applications.
Audit Findings and Conclusions
The Board, having successfully handled the 2005 election events using the new systems, has completed the S-Elect Project. Therefore, as a finished product, S-Elect met the overall goals as stated in the system justification. The system also met its initial business and system requirements; and the design of the system allows for enhancements and upgrades. Further, a formal system development methodology was followed in developing the system; S-Elect functions reliably; and information recorded in the database is accurate. The Board procured S-Elect in accordance with the provisions of the City Charter and the PPB rules.
However, the Board has not incorporated written security procedures into the Board’s policies and procedure manual for S-Elect. The absence of such policies exposes the system to unauthorized access. Also, the Board has not included S-Elect into its disaster-recovery plan or arranged for an alternate processing site. In that regard, the lack of these policies and plans increases the likelihood that the system will be vulnerable to unauthorized access, abuse, theft of equipment, and the loss of mission-critical information, especially in the case of a disaster.
Audit Recommendations
To address these issues, we recommend that the Board:
- Develop written policies and procedures for tracking system users and terminating user IDs for long-inactive users and for former employees. In addition, the Board should periodically review the status of inactive user accounts and terminate access, when appropriate.
- Ensure that the various duties of the administration of the S-Elect system are segregated and an appropriate backup system is in place in accordance with DOI Directives.
- Create an overall disaster recovery plan that includes S-Elect, conduct a comprehensive test of the plan, and schedule annual tests, as required by DOI Directives.
The S-Elect Project is comprised of two separate systems the Candidate Processing and Election Support System (CPESS) and the Poll Worker Requirements Support System (PWRSS).
CPR maintains a database of all candidates for public office in New York City and is used to create ballots for each election. ENCORE automatically tabulates, verifies, and certifies the results of each election using election night polling machine totals provided by the Police Department and information on affidavit, absentee, military, and federal ballots.
EASY is an inventory system of all registered voters, poll sites, and poll workers in all five boroughs. It has the ability to modify, add, and delete information in all Board sub-systems.