New York State IT audit reveals major deficiencies in computer inventory management

The Senate Standing Committee on Internet and Technology convened on May 5, 2025, to discuss critical findings from recent audits concerning the management of IT assets and artificial intelligence (AI) systems within New York State agencies. The meeting highlighted significant gaps in inventory control and AI governance, raising concerns about accountability and operational efficiency.

The first major topic addressed was the IT inventory audit, which revealed that the New York State Office of Information Technology Services (ITS) could not confirm the location or secure disposal of thousands of computers and other equipment. The audit, covering the period from March 2020 to August 2024, found that nearly 18,000 workstations were marked as absent in the system. Additionally, there were issues with duplicated serial numbers and records lacking serial numbers altogether, leading to unreliable inventory data. This situation exposes the state to potential waste and cyber risks.

The audit also noted that over half of the stockrooms failed to conduct required quarterly inventories, with employees lacking the necessary skills to use the inventory system effectively. Many resorted to maintaining unofficial records, indicating a need for better training and guidance. The absence of accurate inventory management has fiscal implications, including overspending and increased risk of theft.

The discussion then shifted to the AI governance audit, which found that agencies deploying AI systems could not provide a comprehensive list of all AI systems in use. This lack of oversight complicates accountability and raises concerns about the accuracy and bias of AI applications. Both audits underscored the need for reliable data, human oversight, and transparency to identify weaknesses early and prevent larger issues in the future.

Comptroller DiNapoli emphasized the importance of learning from past crises, particularly the pandemic, to implement controls that ensure preparedness for future emergencies. The audits concluded that without proper enforcement and accountability, temporary practices adopted during emergencies could become permanent, leading to costly inefficiencies.

In response to the findings, the new Chief Information Officer (CIO) agreed to adopt all eight recommendations from the audit, which include improving inventory data validation, securing stockrooms, conducting regular counts, and establishing written emergency procedures. The agency has also initiated the creation of an IT asset management team and is rolling out a new asset management policy to enhance tracking from acquisition to disposal.

The meeting concluded with a commitment to address the identified weaknesses and improve the overall management of IT assets and AI systems within state agencies, aiming for greater accountability and efficiency moving forward.