The URL can be used to link to this page

Home My WebLink About2023-06-13 Policy & Services Committee AgendasPOLICY AND SERVICES COMMITTEE Special Meeting Tuesday, June 13, 2023 Council Chambers & Hybrid 7:15 PM Pursuant to AB 361 Palo Alto City Council meetings will be held as “hybrid” meetings with the option to attend by teleconference/video conference or in person. To maximize public safety while still maintaining transparency and public access, members of the public can choose to participate from home or attend in person. Information on how the public may observe and participate in the meeting is located at the end of the agenda. Masks are strongly encouraged if attending in person. The meeting will be broadcast on Cable TV Channel 26, live on YouTube https://www.youtube.com/c/cityofpaloalto, and streamed to Midpen Media Center https://midpenmedia.org. VIRTUAL PARTICIPATION CLICK HERE TO JOIN (https://cityofpaloalto.zoom.us/j/94618744621) Meeting ID: 946 1874 4621 Phone: 1(669)900‐6833 PUBLIC COMMENTS Public comments will be accepted both in person and via Zoom for up to three minutes or an amount of time determined by the Chair. All requests to speak will be taken until 5 minutes after the staff’s presentation. Written public comments can be submitted in advance to city.council@CityofPaloAlto.org and will be provided to the Council and available for inspection on the City’s website. Please clearly indicate which agenda item you are referencing in your subject line. PowerPoints, videos, or other media to be presented during public comment are accepted only by email to city.clerk@CityofPaloAlto.org at least 24 hours prior to the meeting. Once received, the Clerk will have them shared at public comment for the specified item. To uphold strong cybersecurity management practices, USB’s or other physical electronic storage devices are not accepted. CALL TO ORDER PUBLIC COMMENT Members of the public may speak to any item NOT on the agenda. ACTION ITEMS 1.Approval of the following changes to scope, compensation, and/or time: 1A.Approval of Office of City Auditor Task Order Change ‐ 04.16 ALPR Technology Contract Management 1B.Approval of Office of City Auditor Task Order Change ‐ 04.19 Disaster Recovery Preparedness 1C.Approval of Office of City Auditor Task Order Change ‐ FY23‐01 Citywide Risk Assessment & FY23‐02 Annual Audit Plan; CEQA Status – Not a Project 2.City Council Referral to Discuss and Recommend Council Procedures and Protocols on: Boards and Commissions‐Related Sections and other City Council referrals related to the City Council Procedures and Protocols FUTURE MEETINGS AND AGENDAS Members of the public may not speak to the item(s) ADJOURNMENT PUBLIC COMMENT INSTRUCTIONS Members of the Public may provide public comments to teleconference meetings via email, teleconference, or by phone. 1. Written public comments may be submitted by email to city.council@cityofpaloalto.org. 2. For in person public comments please complete a speaker request card located on the table at the entrance to the Council Chambers and deliver it to the Clerk prior to discussion of the item. 3. Spoken public comments using a computer or smart phone will be accepted through the teleconference meeting. To address the Council, click on the link below to access a Zoom‐based meeting. Please read the following instructions carefully. You may download the Zoom client or connect to the meeting in‐ browser. If using your browser, make sure you are using a current, up‐to‐date browser: Chrome 30 , Firefox 27 , Microsoft Edge 12 , Safari 7 . Certain functionality may be disabled in older browsers including Internet Explorer. Or download the Zoom application onto your smart phone from the Apple App Store or Google Play Store and enter in the Meeting ID below. You may be asked to enter an email address and name. We request that you identify yourself by name as this will be visible online and will be used to notify you that it is your turn to speak. When you wish to speak on an Agenda Item, click on “raise hand.” The Clerk will activate and unmute speakers in turn. Speakers will be notified shortly before they are called to speak. When called, please limit your remarks to the time limit allotted. A timer will be shown on the computer to help keep track of your comments. 4. Spoken public comments using a phone use the telephone number listed below. When you wish to speak on an agenda item hit *9 on your phone so we know that you wish to speak. You will be asked to provide your first and last name before addressing the Council. You will be advised how long you have to speak. When called please limit your remarks to the agenda item and time limit allotted. CLICK HERE TO JOIN Meeting ID: 946‐1874‐4621 Phone: 1‐669‐900‐6833 Americans with Disability Act (ADA) It is the policy of the City of Palo Alto to offer its public programs, services and meetings in a manner that is readily accessible to all. Persons with disabilities who require materials in an appropriate alternative format or who require auxiliary aids to access City meetings, programs, or services may contact the City’s ADA Coordinator at (650) 329‐2550 (voice) or by emailing ada@cityofpaloalto.org. Requests for assistance or accommodations must be submitted at least 24 hours in advance of the meeting, program, or service. 1 Regular Meeting June 13, 2023 Materials related to an item on this agenda submitted to the Board after distribution of the agenda packet are available for public inspection at www.CityofPaloAlto.org. POLICY AND SERVICES COMMITTEESpecial MeetingTuesday, June 13, 2023Council Chambers & Hybrid7:15 PMPursuant to AB 361 Palo Alto City Council meetings will be held as “hybrid” meetings with theoption to attend by teleconference/video conference or in person. To maximize public safetywhile still maintaining transparency and public access, members of the public can choose toparticipate from home or attend in person. Information on how the public may observe andparticipate in the meeting is located at the end of the agenda. Masks are strongly encouraged ifattending in person. The meeting will be broadcast on Cable TV Channel 26, live onYouTube https://www.youtube.com/c/cityofpaloalto, and streamed to Midpen MediaCenter https://midpenmedia.org.VIRTUAL PARTICIPATION CLICK HERE TO JOIN (https://cityofpaloalto.zoom.us/j/94618744621)Meeting ID: 946 1874 4621 Phone: 1(669)900‐6833PUBLIC COMMENTSPublic comments will be accepted both in person and via Zoom for up to three minutes or anamount of time determined by the Chair. All requests to speak will be taken until 5 minutesafter the staff’s presentation. Written public comments can be submitted in advance tocity.council@CityofPaloAlto.org and will be provided to the Council and available for inspectionon the City’s website. Please clearly indicate which agenda item you are referencing in yoursubject line. PowerPoints, videos, or other media to be presented during public comment are accepted only by email to city.clerk@CityofPaloAlto.org at least 24 hours prior to the meeting. Once received, the Clerk will have them shared at public comment for the specified item. To uphold strong cybersecurity management practices, USB’s or other physical electronic storage devices are not accepted. CALL TO ORDER PUBLIC COMMENT Members of the public may speak to any item NOT on the agenda. ACTION ITEMS 1.Approval of the following changes to scope, compensation, and/or time: 1A.Approval of Office of City Auditor Task Order Change ‐ 04.16 ALPR Technology Contract Management 1B.Approval of Office of City Auditor Task Order Change ‐ 04.19 Disaster Recovery Preparedness 1C.Approval of Office of City Auditor Task Order Change ‐ FY23‐01 Citywide Risk Assessment & FY23‐02 Annual Audit Plan; CEQA Status – Not a Project 2.City Council Referral to Discuss and Recommend Council Procedures and Protocols on: Boards and Commissions‐Related Sections and other City Council referrals related to the City Council Procedures and Protocols FUTURE MEETINGS AND AGENDAS Members of the public may not speak to the item(s) ADJOURNMENT PUBLIC COMMENT INSTRUCTIONS Members of the Public may provide public comments to teleconference meetings via email, teleconference, or by phone. 1. Written public comments may be submitted by email to city.council@cityofpaloalto.org. 2. For in person public comments please complete a speaker request card located on the table at the entrance to the Council Chambers and deliver it to the Clerk prior to discussion of the item. 3. Spoken public comments using a computer or smart phone will be accepted through the teleconference meeting. To address the Council, click on the link below to access a Zoom‐based meeting. Please read the following instructions carefully. You may download the Zoom client or connect to the meeting in‐ browser. If using your browser, make sure you are using a current, up‐to‐date browser: Chrome 30 , Firefox 27 , Microsoft Edge 12 , Safari 7 . Certain functionality may be disabled in older browsers including Internet Explorer. Or download the Zoom application onto your smart phone from the Apple App Store or Google Play Store and enter in the Meeting ID below. You may be asked to enter an email address and name. We request that you identify yourself by name as this will be visible online and will be used to notify you that it is your turn to speak. When you wish to speak on an Agenda Item, click on “raise hand.” The Clerk will activate and unmute speakers in turn. Speakers will be notified shortly before they are called to speak. When called, please limit your remarks to the time limit allotted. A timer will be shown on the computer to help keep track of your comments. 4. Spoken public comments using a phone use the telephone number listed below. When you wish to speak on an agenda item hit *9 on your phone so we know that you wish to speak. You will be asked to provide your first and last name before addressing the Council. You will be advised how long you have to speak. When called please limit your remarks to the agenda item and time limit allotted. CLICK HERE TO JOIN Meeting ID: 946‐1874‐4621 Phone: 1‐669‐900‐6833 Americans with Disability Act (ADA) It is the policy of the City of Palo Alto to offer its public programs, services and meetings in a manner that is readily accessible to all. Persons with disabilities who require materials in an appropriate alternative format or who require auxiliary aids to access City meetings, programs, or services may contact the City’s ADA Coordinator at (650) 329‐2550 (voice) or by emailing ada@cityofpaloalto.org. Requests for assistance or accommodations must be submitted at least 24 hours in advance of the meeting, program, or service. 2 Regular Meeting June 13, 2023 Materials related to an item on this agenda submitted to the Board after distribution of the agenda packet are available for public inspection at www.CityofPaloAlto.org. POLICY AND SERVICES COMMITTEESpecial MeetingTuesday, June 13, 2023Council Chambers & Hybrid7:15 PMPursuant to AB 361 Palo Alto City Council meetings will be held as “hybrid” meetings with theoption to attend by teleconference/video conference or in person. To maximize public safetywhile still maintaining transparency and public access, members of the public can choose toparticipate from home or attend in person. Information on how the public may observe andparticipate in the meeting is located at the end of the agenda. Masks are strongly encouraged ifattending in person. The meeting will be broadcast on Cable TV Channel 26, live onYouTube https://www.youtube.com/c/cityofpaloalto, and streamed to Midpen MediaCenter https://midpenmedia.org.VIRTUAL PARTICIPATION CLICK HERE TO JOIN (https://cityofpaloalto.zoom.us/j/94618744621)Meeting ID: 946 1874 4621 Phone: 1(669)900‐6833PUBLIC COMMENTSPublic comments will be accepted both in person and via Zoom for up to three minutes or anamount of time determined by the Chair. All requests to speak will be taken until 5 minutesafter the staff’s presentation. Written public comments can be submitted in advance tocity.council@CityofPaloAlto.org and will be provided to the Council and available for inspectionon the City’s website. Please clearly indicate which agenda item you are referencing in yoursubject line.PowerPoints, videos, or other media to be presented during public comment are accepted onlyby email to city.clerk@CityofPaloAlto.org at least 24 hours prior to the meeting. Once received,the Clerk will have them shared at public comment for the specified item. To uphold strongcybersecurity management practices, USB’s or other physical electronic storage devices are notaccepted.CALL TO ORDERPUBLIC COMMENT Members of the public may speak to any item NOT on the agenda. ACTION ITEMS1.Approval of the following changes to scope, compensation, and/or time:1A.Approval of Office of City Auditor Task Order Change ‐ 04.16 ALPR TechnologyContract Management1B.Approval of Office of City Auditor Task Order Change ‐ 04.19 Disaster RecoveryPreparedness1C.Approval of Office of City Auditor Task Order Change ‐ FY23‐01 Citywide RiskAssessment & FY23‐02 Annual Audit Plan; CEQA Status – Not a Project2.City Council Referral to Discuss and Recommend Council Procedures and Protocols on:Boards and Commissions‐Related Sections and other City Council referrals related to theCity Council Procedures and ProtocolsFUTURE MEETINGS AND AGENDASMembers of the public may not speak to the item(s) ADJOURNMENT PUBLIC COMMENT INSTRUCTIONS Members of the Public may provide public comments to teleconference meetings via email, teleconference, or by phone. 1. Written public comments may be submitted by email to city.council@cityofpaloalto.org. 2. For in person public comments please complete a speaker request card located on the table at the entrance to the Council Chambers and deliver it to the Clerk prior to discussion of the item. 3. Spoken public comments using a computer or smart phone will be accepted through the teleconference meeting. To address the Council, click on the link below to access a Zoom‐based meeting. Please read the following instructions carefully. You may download the Zoom client or connect to the meeting in‐ browser. If using your browser, make sure you are using a current, up‐to‐date browser: Chrome 30 , Firefox 27 , Microsoft Edge 12 , Safari 7 . Certain functionality may be disabled in older browsers including Internet Explorer. Or download the Zoom application onto your smart phone from the Apple App Store or Google Play Store and enter in the Meeting ID below. You may be asked to enter an email address and name. We request that you identify yourself by name as this will be visible online and will be used to notify you that it is your turn to speak. When you wish to speak on an Agenda Item, click on “raise hand.” The Clerk will activate and unmute speakers in turn. Speakers will be notified shortly before they are called to speak. When called, please limit your remarks to the time limit allotted. A timer will be shown on the computer to help keep track of your comments. 4. Spoken public comments using a phone use the telephone number listed below. When you wish to speak on an agenda item hit *9 on your phone so we know that you wish to speak. You will be asked to provide your first and last name before addressing the Council. You will be advised how long you have to speak. When called please limit your remarks to the agenda item and time limit allotted. CLICK HERE TO JOIN Meeting ID: 946‐1874‐4621 Phone: 1‐669‐900‐6833 Americans with Disability Act (ADA) It is the policy of the City of Palo Alto to offer its public programs, services and meetings in a manner that is readily accessible to all. Persons with disabilities who require materials in an appropriate alternative format or who require auxiliary aids to access City meetings, programs, or services may contact the City’s ADA Coordinator at (650) 329‐2550 (voice) or by emailing ada@cityofpaloalto.org. Requests for assistance or accommodations must be submitted at least 24 hours in advance of the meeting, program, or service. 3 Regular Meeting June 13, 2023 Materials related to an item on this agenda submitted to the Board after distribution of the agenda packet are available for public inspection at www.CityofPaloAlto.org. 2 1 8 5 Policy & Services Committee Staff Report From: City Auditor Report Type: ACTION ITEMS Lead Department: City Auditor Meeting Date: June 13, 2023 Report #:2305-1463 TITLE Approval of Office of City Auditor Task Order Change - 04.16 ALPR Technology Contract Management RECOMMENDATION The City Auditor recommends that the Policy & Services Committee recommend that the City Council approve the change to the Task Order 04.16 ALPR (Automated License Plate Reader) Technology Contract Management. DISCUSSION This task order with the period of performance from January 1, 2023, to June 30, 2023, was fully executed on January 20, 2023, and the audit was commenced in late January 2023. This audit requires information gathering from multiple departments (Transportation, Human Resources, and IT) and a contractor, Duncan Solutions. Although some departments responded to OCA’s requests and questions in a timely manner, OCA has not been able to make progress on the audit because OCA has not received the requested documentation and has been unable to conduct walkthroughs after multiple follow-ups. OCA requests the period of performance to be extended to October 31, 2023. The total not-to-exceed budget remains the same. FISCAL/RESOURCE IMPACT Work recommended in these tasks is within both the approved scope and compensation of the contract with Baker Tilly and funding levels in the FY 2023 Operating Budget for the Office of the City Auditor. STAKEHOLDER ENGAGEMENT No stakeholder outreach was necessary for this report, as it is an internal decision made by the OCA the reallocate resources for audit functions. 2 1 8 5 ENVIRONMENTAL REVIEW Council action on this item is not a project as defined by CEQA because the audit activities do not involve any commitment to any specific project which may result in a potentially significant physical impact on the environment. CEQA Guidelines section 15378(b)(4). ATTACHMENTS Attachment A: TASK ORDER FY23-04.16 Review of ALPR Technology Contract Management (Extension) APPROVED BY: Adriane D. McCoy, City Auditor PROFESSIONAL SERVICES TASK ORDER TASK ORDER 04.16 Review of ALPR Technology Contract Management Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-4.16 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: January 1, 2023 COMPLETION: June 30October 31, 2023 4 TOTAL TASK ORDER PRICE: $82,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greg Tanaka, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements:  Services and Deliverables To Be Provided  Schedule of Performance  Maximum Compensation Amount and Rate Schedule (As Applicable)  Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting an internal audit of Contract Management for ALPR Technology involves three (3) primary steps:  Step 1: Audit Planning  Step 2: Control Review and Testing  Step 3: Reporting Step 1 – Audit Planning This step consists of the tasks performed to adequately plan the work necessary to address the overall audit objective and to solidify mutual understanding of the audit scope, objectives, audit process, and timing between stakeholders and auditors. Tasks include:  Gather information to understand the environment under review o Understand the organizational structure and objectives o Review the City code, regulations, and other standards and expectations o Review prior audit results, as applicable o Review additional documentation and conduct interviews as necessary  Assess the audit risk  Write an audit planning memo and audit program o Refine audit objectives and scope o Identify the audit procedures to be performed and the evidence to be obtained and examined  Announce the initiation of the audit and conduct kick-off meeting with key stakeholders o Discuss audit objectives, scope, audit process, timing, resources, and expectations o Discuss documentation and interview requests for the audit Step 2 – Control Review and Testing This step involves executing the procedures in the audit program to gather information, interview individuals, and analyze the data and information to obtain sufficient evidence to address the audit objectives. The preliminary audit objective is to: (1) Determine whether adequate policies and procedures are implemented effectively to protect the privacy of personal information gathered using ALPR technology for the City’s parking management. (2) Determine whether the City monitors the vendor’s performance to ensure the compliance with contract terms and applicable laws and regulations related to data privacy. Procedures include, but not limited to:  Interview the appropriate individuals to understand the process, the information system used, and the internal controls related to data privacy.  Compare data privacy related policies and procedures as well as the regulations and standards to determine whether personally identifiable information (PII) has confidentiality, integrity, and availability as needed.  Review IT vendor performance monitoring practices to determine whether controls are implemented to ensure compliance with contract terms and data privacy standards.  Perform test procedures including observations of controls (such as governance, management and technical IT controls) and review of a sample of parking patrons (PII during the audit period).  Compare the process and controls against the best practices. Step 3 – Reporting In Step 3, the project team will perform tasks necessary to finalize audit working papers, prepare and review a draft report with the stakeholders, and submit a final audit report. Tasks include:  Develop findings, conclusions, and recommendations based on the supporting evidence gathered  Validate findings with the appropriate individuals and discuss the root cause of the identified findings  Complete supervisory review of working papers and a draft audit report  Distribute a draft audit report and conduct a closing meeting with key stakeholders o Discuss the audit results, finings, conclusions, and recommendations o Discuss management responses  Obtain written management responses and finalize a report  Review report with members of City Council and/or the appropriate Council Committee Deliverables: The following deliverable will be prepared as part of this engagement:  Audit Report Schedule of Performance Anticipated Start Date: January 1, 2023 Anticipated End Date: June 30October 31, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $82,500. The not-to-exceed budget is based on an estimate of 400 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $8,500. The following summarizes anticipated reimbursable expenses (for three team members):  Round-trip Airfare – $2,000 (3 round trip flights)  Ground Transportation (car rental or Uber/taxi) - $2,000  Hotel accommodation - $3,000 (12 nights)  Food and incidentals – $1,500 Note that, as the restrictions associated with COVID-19 change, the project team will work with the City to consider circumstances at the time. 2 1 8 6 Policy & Services Committee Staff Report From: City Auditor Report Type: ACTION ITEMS Lead Department: City Auditor Meeting Date: June 13, 2023 Report #:2305-1464 TITLE Approval of Office of City Auditor Task Order Change - 04.19 Disaster Recovery Preparedness RECOMMENDATION The City Auditor recommends that the Policy & Services Committee recommend that the City Council approve the change to the Task Order 04.19 Disaster Recovery Preparedness. DISCUSSION The agreement between Baker Tilly and the City requires that each internal audit commence only upon the City’s approval of a Task Order. The Office of the City Auditor (OCA) presented Task Order 04.19 – Disaster Recovery Preparedness, and the task order was recommended for approval by the Policy & Services Committee on February 28, 2023, and accepted by the City Council during the City Council meeting on March 13, 2023. This task order with the period of performance from March 1, 2023 to June 30, 2023, has not been signed since it was approved on March 13, 2023. As a result, OCA has not been able to start an audit of Disaster Recovery Preparedness. The OCA requests the period of performance to be extended to November 30, 2023. The total not-to-exceed budget remains the same. FISCAL/RESOURCE IMPACT Work recommended in these tasks is within both the approved scope and compensation of the contract with Baker Tilly and funding levels in the FY 2023 Operating Budget for the Office of the City Auditor. STAKEHOLDER ENGAGEMENT No stakeholder outreach was necessary for this report, as it is an internal decision made by the OCA to reallocate resources for audit functions. 2 1 8 6 ENVIRONMENTAL REVIEW Council action on this item is not a project as defined by CEQA because the audit activities do not involve any commitment to any specific project which may result in a potentially significant physical impact on the environment. CEQA Guidelines section 15378(b)(4). ATTACHMENTS Attachment A: TASK ORDER FY23-4.19 Disaster Recovery Preparedness (Extension) APPROVED BY: Adriane D. McCoy, City Auditor PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-4.19 Disaster Recovery Preparedness Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): 1B. TASK O RDER NO.: FY23-4.19 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: March 1May 22, 2023 COMPLETION: June 30November 30, 2023 4 TOTAL TASK ORDER PRICE: $87,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT $TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greg Tanaka, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements:  Services and Deliverables To Be Provided  Schedule of Performance  Maximum Compensation Amount and Rate Schedule (As Applicable)  Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Disaster Recovery Assessment Baker Tilly’s approach to conducting a disaster recovery assessment involves four (4) primary steps:  Step 1: Assessment Planning and Kick-off  Step 2: Information Gathering  Step 3: Disaster Recovery Analysis and Recommendations  Step 4: Reporting Step 1 – Assessment Planning and Kick-off This step consists of the tasks performed to adequately plan the work necessary to address the overall assessment objective and to solidify mutual understanding of the assessment scope, objectives, assessment process, and timing between stakeholders and assessors. Tasks include:  Baker Tilly will work with the City to finalize the assessment scope and project timeline. Baker Tilly will also provide the City with an initial interview and documentation request list.  Finally, Baker Tilly will perform a project kick-off discussion with the City to ensure alignment with the project timeline, interview schedule, and deliverables. Step 2 – Information Gathering This step involves conducting interviews with identified IT security personnel and key stakeholders to gain an understanding of the operating environment and understand the desired outcome of the disaster recovery plan. Baker Tilly will also review current IT disaster recovery policy and procedure documentation, as well as review current infrastructure in place. Step 3 – Disaster Recovery Analysis and Recommendations This step involves assessing the documentation of current disaster recovery plan for high priority application and supporting infrastructure to identify the adequacy of the documentation and identify additional documentation requirements. Baker Tilly will perform a gap assessment between the current disaster recovery capabilities, desired disaster recovery strategy, and industry best practices. Baker Tilly develop recommendation to remediate the identified documentation and capability gaps. Baker Tilly will provide recommendations to update the disaster recovery documentation to address the gaps identified. Step 4 – Reporting The project team will perform tasks necessary to finalize the initial draft disaster recovery assessment report and review a draft report with the stakeholders. Additionally, the team will submit a final assessment report to the City. Tasks include:  Develop findings, conclusions, and recommendations based on the supporting evidence gathered  Validate findings with the appropriate individuals  Distribute a draft assessment report and conduct a closing meeting with key stakeholders o Discuss the assessment results, findings, conclusions, and recommendations  Obtain written management responses and finalize a report Deliverables: The following deliverable will be prepared as part of this engagement:  Disaster Recovery Assessment Report Schedule of Performance Anticipated Start Date: March 1May 22, 2023 Anticipated End Date: June 30November 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $87,500. The not-to-exceed budget is based on an estimate of 400 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork. The maximum compensation amount reflected above will be inclusive of any travel related expenses. Note that, if current restrictions associated with COVID-19 continue, an on-site visit may not be possible. The project team will work with the City to consider circumstances at the time. 2 3 0 7 Policy & Services Committee Staff Report From: City Auditor Report Type: ACTION ITEMS Lead Department: City Auditor Meeting Date: June 13, 2023 Report #:2305-1527 TITLE Approval of Office of City Auditor Task Order Change - FY23-01 Citywide Risk Assessment & FY23-02 Annual Audit Plan; CEQA Status – Not a Project RECOMMENDATION The City Auditor recommends that the Policy & Services Committee recommend City Council approve the change to the Task Orders FY23-01 Citywide Risk Assessment and FY23-02 Annual Audit Plan. DISCUSSION The agreement between Baker Tilly and the City requires that each internal audit be commenced only upon the City’s approval of a Task Order. The Office of the City Auditor (OCA) presented Task Order FY23-01 – Citywide Risk Assessment and Task Order FY23-02 – Annual Audit Plan and the task orders were recommended for approval by the Policy & Services Committee on February 28, 2023, and accepted by the City Council during the City Council meeting on March 13, 2023. These task orders with the period of performance from March 1, 2023, to June 30, 2023, have not been signed since they were approved on March 13, 2023. As a result, OCA has not been able to start FY 2023 Risk Assessment and Annual Audit Plan. The OCA requests the period of performance to be extended to October 31, 2023. The total not-to-exceed budget remains the same. FISCAL/RESOURCE IMPACT Work recommended in these task orders is within both the approved scope and compensation of the contract with Baker Tilly and funding levels in the Funding levels in the FY 2023 Operating Budget for the Office of the City Auditor. 2 3 0 7 STAKEHOLDER ENGAGEMENT The Office of the City Auditor will coordinate with the Executive Leadership Team. ENVIRONMENTAL REVIEW Council action on this item is not a project as defined by CEQA because the audit activities do not involve any commitment to any specific project which may result in a potentially significant physical impact on the environment. CEQA Guidelines section 15378(b)(4). ATTACHMENTS Attachment A: TASK ORDER FY23-01 Citywide Risk Assessment (Extension) Attachment B: TASK ORDER FY23-02 Annual Audit Plan (Extension) APPROVED BY: Adriane D. McCoy, City Auditor PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-01 Citywide Risk Assessment Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-01 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: March 1, 2023 COMPLETION: June 30 October 31, 2023 4 TOTAL TASK ORDER PRICE: $55,000 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT: TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greg Tanaka, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting the Citywide Risk Assessment involves four (4) primary steps: • Step 1: Project Planning & Management • Step 2: Information Gathering • Step 3: Analysis • Step 4: Reporting Step 1 – Project Planning & Management This step includes those tasks necessary to solidify mutual understanding of the risk assessment scope, objectives, deliverables, and timing as well as ensuring that appropriate client and consultant resources are available and well-coordinated. Tasks include: • Finalize project design – The first project activities will be to: o Identify communication channels and reporting relationships and responsibilities of project staff o Review and confirm project timelines o Review and confirm deliverables • Arrange logistics/administrative support – Matters to be addressed include schedules for interviews and data collection, contact persons in the departments, any other logistical matters, etc. • Conduct kick-off meeting with key project stakeholders Step 2 – Information Gathering This step involves gathering information, through various means, that will enable the project team to understand the various risks facing the City. Tasks include: • Request and review background information – the project team will develop an information request(s) in order to obtain various background information from the City. The request will include, but not be limited to: o Strategic plan(s) o Financial reports, including the most recent City Budget and Comprehensive Annual Financial Report (CAFR) o Operational policies and procedures o Municipal code o Consulting reports o Other relevant information and reports • Conduct interviews with City Council and management o Risk assessment interviews, aimed at understanding City functions and identifying risks, will be conducted with City Council members as well as department and division • Conduct a risk assessment survey, if necessary • Conduct research into key risks in order to identify relevant information to assess risks Overall, the project team will consider the following risk types: • Strategic • Financial • Operational • Technology • Compliance • Reputational • Political Step 3 – Risk Analysis In Step 3, the project team will develop a risk matrix consisting of auditable areas (also referred to as an audit or risk universe). The risk matrix will include the following risk categories: • Environment, Strategy, and Governance – risks that have an organization wide impact and are not subject to a specific department or function (e.g., ethics) • Significant Projects and Initiatives – risks associated with large projects (e.g., capital projects, technology implementation) or City initiatives (e.g., employee engagement initiative). • Function Specific Risks – risks associated with a specific department or function (e.g., procurement policy compliance) After assembling a risk matrix, the project team will assess the likelihood and impact of potential adverse events in order to quantitatively score each auditable area for purposes of prioritizing audit activities. Step 4 – Reporting In Step 4, the project team will finalize the draft Risk Matrix and prepare a draft Risk Assessment Report. The project team will ask for input (general completeness, risk scoring) on the Risk Matrix from key project stakeholders. Upon finalization of the Risk Matrix, the project team will finalize the Risk Assessment Report. Deliverables: The following deliverables will be prepared as part of this engagement: • Risk Matrix • Risk Assessment Report • Presentation of Results to City Council (note that this may be combined with presentation of the Task 2 Annual Audit Plan) Schedule of Performance Anticipated Start Date: March 1, 2023 Anticipated End Date: June 30 October 31, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $55,000. The not-to-exceed budget is based on an estimate of 250 total project hours, of which 40 are estimated to be completed by the City Auditor. Reimbursable Expenses We plan to complete all work remote including all interviews and documentation review. If at any point the City and Baker Tilly mutually determine it will be beneficial to perform a portion of the work on-site, we will submit an estimate of our reimbursable expenses for the City’s approval prior to traveling to Palo Alto. PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-02 Annual Audit Plan Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-01 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: March 1, 2023 COMPLETION: June 30 October 31, 2023 4 TOTAL TASK ORDER PRICE: $10,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT: TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greg Tanaka, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to preparing the Annual Audit Plan involves two (2) primary steps: • Step 1: Consultation with City Council and Management • Step 2: Reporting Step 1 – Consultation with City Council and Management The Risk Matrix and Risk Assessment Report will serve as the primary drivers of the Annual Audit Plan. The project team will initiate discussions over Risk Assessment results, potential audit activities, and audit coverage with City Council and Management. The purpose of those conversations will be to understand the priorities of City Council, and to develop a Draft Annual Audit Plan: The Draft Annual Audit Plan will identify the following components for each audit activity: • Audit activity type – audit or consulting activity • Audit objectives and scope • Anticipated budget – both in terms of hours and budget • Anticipated timeline Step 2 – Reporting The project team will present the Draft Annual Audit Plan to the City Council in order to obtain input on each potential audit activity. Upon refining the plan, the project team will finalize the Annual Audit Plan for presentation to City Council. Deliverables The following deliverable will be prepared as part of this engagement: • Annual Audit Plan Schedule of Performance Anticipated Start Date: March 1, 2023 Anticipated End Date: June 30 October 31, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $10,500. The not-to-exceed budget is based on an estimate of 50 total project hours, of which 10 are estimated to be completed by the City Auditor. Reimbursable Expenses We plan to complete all work remote including all interviews and documentation review. If at any point the City and Baker Tilly mutually determine it will be beneficial to perform a portion of the work on-site, we will submit an estimate of our reimbursable expenses for the City’s approval prior to traveling to Palo Alto. Item No. 2.Page 1 of 2 Policy & Services Committee Staff Report From: Chantal Gaines, Deputy City Manager Meeting Date: June 13, 2023 Report #: 2305-1587 TITLE City Council Referral to Discuss and Recommend Council Procedures and Protocols on: Boards and Commissions-Related Sections and other City Council referrals related to the City Council Procedures and Protocols BACKGROUND Staff recommends that the Policy and Services Committee discuss the referrals from the City Council related to the Boards and Commissions-Related Referral Sections and make a recommendation to the Council for inclusion in the City Council Procedures and Protocols Handbook. If time allows, the Committee can also discuss any other referral related to the City Council Procedures and Protocols Handbook. BACKGROUND AND ANALYSIS The City Council discussed the City Council Procedures and Protocols Handbook on January 30, March 20, and April 24, 2023 and referred a few discussion topics to the Policy and Services Committee. The referrals included the following: 1. Procedures Section 1.1: Annual Organization of City Council (P&S Discussed on May 9, 2023) 2. Procedures Section 5.1a(4): Video Participation for Public Comment. As an alternative, staff included text in the revised Handbook to simply note that if feasible this will be implemented. If Council is not satisfied with this clause, this text can be deleted and the item fully evaluated at committee. 3. Procedures Section 8.2: Censure language was referred to committee for review. 4. Protocols Section 2.2: Refrain from Lobbying Board and Commission Members. 5. Protocols Section 2.8: The Role of Council Liaison to Boards or Commissions. Council recommended involving the Board/Commission Chairs in this process. 6. Protocols Section 4: International Travel (P&S Discussed on April 26, 2023) 7. Protocols Section 4.1: Miscellaneous Expenditures. Council referral for the committee to discuss the establishment of appropriate parameters for Council discretionary Item No. 2.Page 2 of 2 expenditures and whether to allocate $2,000 annually from the Council contingency fund for each Council member to decide its purpose. These topics will be scheduled throughout the year at the Committee to balance workload. The topics highlighted for Committee discussion at the June 2023 committee meeting are items 4 and 5: ”Refrain from Lobbying Board and Commission Members” and ”The Role of Council Liaison to Boards and Commissions.” The City Council recommended the involvement of the Board/Commission Chairs in this process for those Commissions with a Council liaison. The Board/Commission Chairs have been invited to the June P&S Committee meeting. If time allows, the Committee can discuss any other of the referral topics listed above, though the Committee stated at the May 9, 2023 meeting that they would like to provide staff time to prepare a few additional materials for discussion of other items on the referral list. For the discussion of the Board/Commission items today, the Procedures and Protocols handbook adopted by the City Council on April 24, 2023 states the following is the existing Protocols language related to the two Board/Commission-related referrals above: And The Committee asked for this discussion as a collaboration dialogue with Board/Commission Chairs and that is the discussion today. FISCAL/RESOURCE IMPACT No fiscal impact.