New York State Comptroller Thomas P. DiNapoli has released a series of audits addressing operations and oversight in several state agencies and organizations.
The Metropolitan Transportation Authority’s (MTA) Long Island Rail Road (LIRR) Engineering Department was found to have made limited progress following a previous audit in May 2023. That earlier review highlighted the lack of written policies for vehicle fleet management, incomplete preventive maintenance, missed state inspections, and insufficient analysis regarding the cost-effectiveness of leasing versus purchasing vehicles. One leased vehicle was found to have cost $81,000 more over 58 months than if it had been purchased outright. In response to these findings, the MTA implemented three out of thirteen recommendations from the initial report, partially implemented four, and did not implement six.
A separate audit examined compliance with an April 2019 legislative mandate requiring the MTA and its affiliates to develop a personnel and reorganization plan by June 30, 2019. The goal was to streamline processes, eliminate redundancies, foster collaboration, improve customer service, increase efficiency, and achieve cost savings. Auditors reported that “the MTA did not have a working plan for Transformation that identified the tasks to be completed and included specific dates and cost savings.” They also noted that “Full Transformation and delivery of the goals the Transformation Plan promised—improved customer service, process efficiencies, and cost reductions—were not supported by the work completed or based on documentation provided by the six departments reviewed.”
The Department of Corrections and Community Supervision (DOCCS) contracted with Securus and JPay Inc. to provide tablets and kiosks at no charge to incarcerated individuals for educational materials access, media purchases, and fee-based secure messaging with family members. A prior audit from May 2023 cited issues such as inadequate tracking of program participation rates among incarcerated individuals; insufficient monitoring of active tablets; unverified identities in secure messaging communications; gaps in risk management through message screening; weak oversight over security configurations; and failure to maintain systems at vendor-supported levels necessary for data integrity. DOCCS stated it was not responsible for managing this tablet program but has since addressed some concerns: one recommendation from seven was fully implemented while three were partially addressed.
An audit concerning prescription drug rebates under Empire Plan Medicare Rx revealed that CVS Caremark recovered $419,233 in rebates owed to Civil Service after auditors previously identified $10.7 million due as of June 2023. Of two recommendations made in that report regarding rebate recovery procedures between CVS Caremark—a contractor administering prescription coverage—and Civil Service staff overseeing benefits administration for New York State employees enrolled in both Empire Plan coverage and Medicare—one recommendation was partially fulfilled while another remained unaddressed.
Another review focused on Medicaid recipients who appeared eligible but were not enrolled in Medicare between July 2016 through June 2021—a gap affecting over 13,000 individuals based on age eligibility alone—which could have resulted in potential Medicaid savings totaling $294.4 million if claims had been paid primarily by Medicare instead of Medicaid. At follow-up auditors observed minimal progress from Department of Health officials: only one out of three recommendations had been fully implemented.
Audits also covered special education providers’ compliance with reporting requirements for reimbursable costs under State Education Department preschool programs serving children ages three through five with disabilities:
– UCPA of Cayuga County d.b.a E. John Gavras Center reported approximately $4.3 million across three years ending June 30th 2021 but auditors disallowed $625,534 due to noncompliance.
– The Arc Franklin-Hamilton d.b.a The Adirondack Arc reported about $3.9 million during the same period; auditors found $76,812 noncompliant.
Erie County Medical Center Corporation (ECMCC), an academic medical center in Western New York focusing on IT security architecture principles such as least privilege access controls and data classification practices received eight confidential recommendations aimed at reducing risks related to unauthorized system access after auditors identified areas needing improvement within ECMCC’s security framework.
“ECMCC officials generally agreed with the findings and recommendations and, in several instances, indicated they were planning actions to address them,” according to information provided by DiNapoli’s office.
