Audit committee requests cybersecurity update and reviews bank-account signatory procedures

A committee member asked that town and school officials provide an update on cybersecurity at a future audit committee meeting, suggesting a joint session with the Board of Finance and noting that certain operational details may need to be discussed in executive session.

The request followed committee discussion about ransomware incidents in Connecticut and an assertion that the town had experienced ransomware activity: "We have had known of ransomware in New Canaan," a committee member said. Members agreed cybersecurity is a major area of risk and proposed scheduling a briefing (the committee discussed June 17 as a potential date) with enough detail to evaluate controls while protecting sensitive information.

Separately, the committee discussed bank-account structure and signatory authority after a recent bank consolidations; town finance staff explained account openings are processed based on a request and supporting documentation with signatory cards and that some consolidation is already underway to reduce the number of accounts. Committee members requested a written policy or schematic clarifying who can open or close accounts, what authorizations are required, and recommended the finance office put such procedures in a policy manual.

Next steps: committee to schedule a cybersecurity briefing (possibly joint with the Board of Finance and with an executive-session component for controls) and for staff to provide a written description of bank-account signatory authorities and account-opening/closing procedures ahead of the June meeting.