HomeMy WebLinkAboutStaff Report 9584
CITY OF PALO ALTO OFFICE OF THE CITY AUDITOR
September 11, 2018
The Honorable City Council
Palo Alto, California
Staff Recommendation That the Policy and Services Committee
Review and Recommend to the City Council Acceptance of the Fiscal
Year 2019 Audit Work Plan
The Palo Alto Municipal Code requires the City Auditor to submit an annual audit work plan to
the City Council for review and approval. The attached report presents the proposed audit work
plan for Fiscal Year 2019, prepared based on Council priorities, risk, and the City Auditor’s
professional judgment. Once approved, we will issue quarterly reports summarizing the status
of each assignment. The work plan may be amended during the fiscal year subject to approval
of the City Council.
Respectfully submitted,
Harriet Richardson
City Auditor
ATTACHMENTS:
Attachment A: Fiscal Year 2019 Audit Work Plan (PDF)
Department Head: Harriet Richardson, City Auditor
Page 2
Attachment A
Fiscal Year 2019 Audit Work Plan
Office of the City Auditor
“Promoting honest, efficient, effective, economical, and fully
accountable and transparent city government”
Attachment A
Fiscal Year 2019 Audit Work Plan 2
Overview
The Palo Alto Municipal Code requires the City Auditor to submit an annual audit work plan to the City
Council for approval. This proposed audit work plan represents ongoing administrative responsibilities
of the Office of the City Auditor, as well as required audit and nonaudit service responsibilities. It
estimates approximately 8,900 hours of direct time1 for six full‐time staff. The hours allotted to each
audit and nonaudit service reflect our efforts to continue to increase our efficiency in conducting
performance audits.
The proposed audit work plan considers risk factors that, if addressed, will provide opportunities to
mitigate those risks and improve operations:
Operational – Are City programs/activities performed and City services delivered in the most
efficient, effective, and economical manner possible, and do they represent sound business
decisions, including appropriate responses to changes in the business environment?
Financial – Is there an opportunity to improve how the City manages, invests, spends, and
accounts for its financial resources?
Regulatory – Do City programs and activities comply with applicable laws and regulations?
Health and Safety – Are City services delivered in a manner that protects our residents and
employees from injury or unnecessary exposure to factors that can affect an individual’s
health?
Information Security – Is City, resident, and employee information (electronic or physical)
protected against unauthorized access, use, disclosure, disruption, modification, inspection,
recording, or destruction?
In addition, the proposed audit work plan considers several factors:
Relevance – Does the audit have the potential to affect Council or City management decision‐
making or impact City residents?
Best Practices – Does the audit provide the opportunity to compare current performance to
best practices?
Return on Investment – Does the audit have the potential for cost savings, cost avoidance, or
revenue generation?
Improvement – Does the audit have the potential to result in meaningful improvement in how
the City does its business?
Actionable – Is it likely that the audit will produce actionable recommendations that are
feasible and practical?
Manageable – Is the audit scope narrow enough to ensure it is completed in a timely manner?
The audit work plan also considers risks related to major functions within the Utilities Department, as
identified through a 2011 Utilities Risk Assessment, a 2013 Utilities Organizational Assessment
conducted by external consultants, and prior audits, as well as potential risks related to the planned
implementation of a new Enterprise Resource Planning (ERP) system.2
1 The estimated hours consider available time after accounting for holidays, vacation, required training, and administrative time.
2 An ERP System is the software and technology used to manage core business processes, such as accounting, payroll, and
human resources in an integrated manner.
Attachment A
Fiscal Year 2019 Audit Work Plan 3
Nonaudit Services and Special Projects
The following table lists nonaudit services and special projects for the FY 2019 audit work plan:
Project Scope Planned Hours
Annual Performance
Report
Annual. The annual performance report provides the City Council, City staff,
Palo Alto residents, and other stakeholders with relevant information and data
regarding the performance of City programs, functions, and activities.
275
Annual Performance
Report Transition
One Time. Provide training and assistance to departments on how to develop
relevant and meaningful performance measures and work with the City
Manager’s Office to develop a reporting process in preparation for
transitioning performance reporting to the City Manager’s Office.
125
Annual Citizen
Centric Report
Annual. The four‐page report highlights key financial data and data from the
annual Performance Report, and provides an overview of our City's economic
outlook. The Citizen Centric Report follows the Association of Government
Accountants' recommended format, which is designed to provide information
to the public about Palo Alto’s financial condition and performance in an easy‐
to‐understand and visually appealing format.
12
National Citizen
Survey
Annual. The National Research Center (NRC) conducts The National Citizen
Survey™ on behalf of the City of Palo Alto. The survey contains a series of
standardized questions that the NRC uses to benchmark Palo Alto residents’
opinions of City services against other jurisdictions, as well as several custom
questions. In addition to the NRC’s report, we analyze the results of key quality
of living indicators and tabulate the survey results in Tableau software to allow
users of the Palo Alto Open Data website to perform an interactive analysis of
the results (e.g., how people within different demographic categories
answered a question).
150
Sales Tax Allocation
Reviews
Ongoing. We identify misallocations and underreporting of local sales and use
tax through in‐house monitoring and a contract with an outside vendor
(currently MuniServices, LLC). We also look for opportunities to receive direct
allocation of sales and use tax on large commercial construction projects. We
report sales and use tax recoveries in quarterly reports to Council, and also
provide a quarterly sales and use tax information report which includes
information from MuniServices, LLC.
230
Fraud, Waste, and
Abuse Hotline
Administration and
Training
Ongoing. We receive notification of complaints filed through the hotline, reply
to the complainant, route and monitor cases for investigation, and convene
the Hotline Review Committee (City Manager, City Attorney, and City Auditor)
to determine the routing of cases and their closing upon completion of an
investigation. The hours include time to develop marketing materials that will
encourage employees to report fraud, waste, or abuse when they see it.
40
Annual External
Financial Audit
Annual. The Palo Alto Municipal Code requires the Office of the City Auditor to
contract with an independent certified public accounting firm (currently
Macias, Gini, & O’Connell, LLP) to conduct the annual external audit of the
City’s financial statements. The firm also conducts the federally required Single
Audit. We coordinate those efforts between the Administrative Services
Department and Macias, Gini, & O’Connell, LLP.
30
Enterprise Resource
Planning (ERP)
Advisory Project
Ongoing. Provide advisory services to the Department of Information
Technology regarding its planning of a new ERP system.
70
Attachment A
Fiscal Year 2019 Audit Work Plan 4
Project Scope Planned Hours
Review and Monitor
the Implementation
Status of Prior Audit
Recommendations
Ongoing. Review and provide feedback to departments on their reports of the
implementation status of prior audit recommendations. We include a
summary of the status in our Quarterly Reports.
220
Office of the City
Auditor Quarterly
Reports
Quarterly. Prepare and issue quarterly reports to the City Council to provide
the status and progress toward completion of our annual work plan, as
required by the Palo Alto Municipal Code.
60
Advisory Roles Ongoing. The City Auditor is a nonvoting, advisory member of the Utilities Risk
Oversight Committee, the Information Technology Governance Review Board,
the Information Security Steering Committee, and ERP Strategic and Technical
Planning Committees.
15
Grant Management/
Internal Control
Training
One‐time. Provide grant management and internal control training to
department staff who manage federal grants.
25
Total Hours for Special and Ongoing Projects 1252
Performance Audits
The following audits from our FY 2018 audit work plan are in progress and will continue into the
FY 2019 audit work plan. The hours shown represent the remaining hours expected for FY 2019.
Audit Department Audit Objective(s) Planned
Hours
Code Enforcement Planning and
Community
Environment
Evaluate code enforcement policies and practices for
responsiveness, consistency, and follow‐up, particularly for
repeat offenders and complex cases.
160
ERP Planning:
Separation of Duties
Information
Technology
Evaluate the adequacy of separation of duties for various
activities in the current SAP system and make
recommendations to ensure that any identified deficiencies
are corrected for the new ERP system.
50
ERP Planning: Data
Integrity and
Reliability – Data
Standardization
Information
Technology and
Citywide
Determine if the city has procedures that govern the
standardization of master data in SAP and to give examples
for types of standardization that would be beneficial when
implementing the new ERP system.
70
ERP Planning: Data
Integrity and
Reliability – Human
Resources Data
Information
Technology,
Human
Resources, and
Administrative
Services
Assess the reliability of employee data that Human
Resources maintains in the City’s SAP system and make
recommendations to help ensure that deficiencies are
corrected prior to transferring data to the new ERP system.
50
ERP Planning: Data
Integrity and
Reliability – Utility
Customer Data
Information
Technology and
Utilities
Assess the reliability of Utilities’ customer data in the City’s
SAP system and make recommendations to help ensure that
deficiencies are corrected prior to transferring data to the
new ERP system.
580
Business Registry
(limited scope)
City Manager Evaluate the rules and processes used to establish the
business registry and make recommendations to help clean
up the data and ensure accuracy in the future.
85
Attachment A
Fiscal Year 2019 Audit Work Plan 5
Audit Department Audit Objective(s) Planned
Hours
Mobile Device
Inventory and Security
Information
Technology and
Citywide
Determine if the City accurately inventories and securely
manages city‐owned mobile devices.
610
Transferrable
Development Rights
Planning and
Community
Environment
Determine if the City maintains an accurate and complete
record of the transferable development rights (both City‐
owned and non‐City‐owned) that have been certified,
transferred, and used to date.
575
Nonprofit Services
Agreements
Community
Services,
Transportation,
Public Works,
and
Development
Services
Evaluate whether nonprofit organizations that receive City
funding are achieving the outcomes we expect from the
funding we provide. The audit focuses primarily on nonprofit
organizations that provide senior services.
575
Contract Risk and
Oversight
Administrative
Services
Department
Develop a systematic, data‐driven process to identify high‐
risk expenditures and revenues that occur under formal
contracts. Select a sample of high‐risk contracts to
determine if the City has received the goods and/or services
it paid for and/or the revenues to which it is entitled, that
the contracts are needed and do not result in unnecessary
overlaps in services, and that potential contract extensions
are appropriately disclosed in the original contract
documents.
700
Total Hours for In‐Progress Performance Audits 3,455
The following audits are proposed for the FY 2019 audit work plan; some of these may not be
completed until FY 2020:
Audit Department Preliminary Audit Objective(s)3 Planned Hours
ERP Planning: Data
Integrity and
Reliability – Utilities
Bill/Price Class and
Rate Schedule Data
Information
Technology and
Utilities
Assess the reliability of utilities bill/price class and rate
schedule data in the City’s SAP system and make
recommendations to help ensure that deficiencies are
corrected prior to transferring data to the new ERP system.
380
ERP Planning: Data
Integrity and
Reliability – Payroll
Rates and Deductions
Data
Information
Technology,
Human
Resources, and
Administrative
Services
Assess the reliability of payroll rates and deductions data in
the City’s SAP system and make recommendations to help
ensure that deficiencies are corrected prior to transferring
data to the new ERP system.
380
ERP Planning: Data
Integrity and
Reliability – Inventory
Materials Data
Information
Technology and
Administrative
Services
Assess the reliability of Human Resources Department data
in the City’s SAP system and make recommendations to help
ensure that deficiencies are corrected prior to transferring
data to the new ERP system.
380
3 The preliminary scope and planned hours may change after completing the planning phase of the audit.
Attachment A
Fiscal Year 2019 Audit Work Plan 6
Audit Department Preliminary Audit Objective(s)3 Planned Hours
ERP Planning: Data
Integrity and
Reliability –
Accounting General
Ledger Data
Information
Technology and
Administrative
Services
Assess the reliability of accounting general ledger data in the
City’s SAP system and make recommendations to help
ensure that deficiencies are corrected prior to transferring
data to the new ERP system.
350
Parking Assessment
Districts
Examine the City’s parking assessment districts to assess the
equity of costs and benefits to the City and property owners
in the districts.
345
Residential Parking
Permit Program and
City Parking Facilities
Evaluate the effectiveness of how the residential parking
permit programs were implemented to identify where
efficiencies can be gained in how the program is managed,
both financially and operationally, by looking at the program
citywide rather than by neighborhoods (or sections thereof).
Audit would also evaluate whether the number of employer
parking permits is appropriate based on proximity of
available parking garages and their usage in an RPP area.
720
Construction Audit Assess the effectiveness of the City’s construction
management practices as they relate to the bidding and
change order processes.
700
SCADA System and
Security Audit
Evaluate the effectiveness of processes related to installing,
maintaining, and securing SCADA operations.
340
Procurement/Request
for Proposals (RFP)
Bidding Process
Assess the effectiveness of the procurement process, with
a focus on consistency in application of processes,
compliance with City regulations and policies, and cost
estimating practices.
460
Total Hours for New Performance Audits 4,055
Other Suggested Topics Not Included Above
The following lists other suggested topics for which we do not expect to have capacity to do during
FY 2019. However, we will start audits from this list if time allows.
Citywide Audits:
Asset Management
Direct (FV 60) Payments
Facilities Management
Facilities Rental Fees and Usage
Financial Condition Report
Impact Fees
Long‐term Liabilities, Including Infrastructure
Permitting Processes
Planning Codes
Public Benefits
Succession Planning
Attachment A
Fiscal Year 2019 Audit Work Plan 7
Utilities Audits:
Accuracy of Gas Utility Billings
Accuracy of Electric Utility Billings
Utility Meter Routes
Net Metering Program