The URL can be used to link to this page

Home My WebLink AboutStaff Report 10384 CITY OF PALO ALTO OFFICE OF THE CITY AUDITOR June 11, 2019 The Honorable City Council Palo Alto, California Policy and Services Committee Recommends the City Council Accept the Auditor's Office Quarterly Reports as of December 31, 2018 and March 31, 2019 RECOMMENDATION The City Auditor’s Office recommends the Policy and Services Committee review and recommend to the City Council acceptance of the Auditor’s Office Quarterly Reports as of December 31, 2018 and March 31, 2019. SUMMARY OF RESULTS In accordance with the Municipal Code, the City Auditor prepares an annual work plan and issues quarterly reports to the City Council describing the status and progress towards completion of the work plan. These reports provide the City Council with an update on the second and third quarters for FY 2019. Respectfully submitted, Don Rhoads, CPA Special Advisor to the Office of the City Auditor Management Partners ATTACHMENTS: • Attachment A: Auditor's Office Quarterly Report as of December 31, 2018 (PDF) • Attachment B: Auditor's Office Quarterly Report as of March 31, 2019 (PDF) Department Head: Don Rhoads, Special Advisor to the Office of the City Auditor Page 2 Quarterly Report as of December 31, 2018 Office of the City Auditor “Promoting honest, efficient, effective, economical, and fully accountable and transparent city government.” Attachment A PAGE 2 Fiscal Year (FY) 2019 Second Quarter Update (October – December 2018) Overview The audit function is essential to the City of Palo Alto’s public accountability. The mission of the Office of the City Auditor, as mandated by the City Charter and Municipal Code, is to promote honest, efficient, effective, economical, and fully accountable and transparent city government. We conduct performance audits and reviews to provide the City Council and City management with information and evaluations regarding how effectively and efficiently resources are used; the adequacy of internal control systems; and compliance with policies, procedures, and regulatory requirements. Taking appropriate action on our audit recommendations helps the City reduce risks and protect its good reputation. Activity Highlights •Issued three audits: 1) ERP Planning – Separation of Duties, 2) ERP Planning – Data Standardization, and 3) Code Enforcement. •The external financial auditor completed the annual financial audit and federal single audit, which we presented to the Finance Committee in December 2018. •City Auditor Harriet Richardson announced that she plans to retire in February 2019. Audit and Project Work Below is a summary of our audit and project work for the second quarter of FY 2019: Title Objective(s) Start Date End Date Status Results/Comments Business Registry Evaluate the rules and processes used to establish the business registry and make recommendations to help clean up the data and ensure accuracy in the future. 02/18 Early 2019 In Progress This audit was presented to the Policy & Services Committee in September 2018. The Committee requested additional analysis, which we will bring back to the Committee in 2019. ERP Planning Audit: Data Reliability and Integrity – Data Standardization This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on identifying where standardizing data would be beneficial when implementing the new ERP system 05/17 10/18 Completed This audit was completed and presented to the Policy & Services Committee in October 2018. ERP Planning Audit: Separation of Duties Evaluate the adequacy of separation of duties for various activities in the current SAP system and make recommendations to ensure that identified deficiencies are corrected for the new ERP system. 05/17 10/18 Completed This audit was completed and presented to the Policy & Services Committee in October 2018. Attachment A PAGE 3 Title Objective(s) Start Date End Date Status Results/Comments Code Enforcement Audit Evaluate the timeliness and effectiveness of code enforcement actions, the effectiveness of communication with the public, and the accuracy and completeness of code enforcement case tracking for decision making purposes. We conducted a resident survey to help inform our audit recommendations, as described below. 05/17 11/18 Completed This audit was completed and presented to the Policy & Services Committee in November 2018. ERP Planning Audit: Data Reliability and Integrity – Personnel Data This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on assessing the accuracy of employee master data, such as name, address, birthdate, and social security number. 09/17 Early 2019 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in 2019. NOTE: We previously referred to this audit as “Human Resources/Payroll Data” but changed it to “Personnel Data” for clarification. ERP Planning Audit: Data Reliability and Integrity – Utilities Customer Data This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on assessing the accuracy of Utilities’ customer master data that is used for billing purposes, such as customer name, service and billing addresses, and move-in and move-out dates. 06/18 Early 2019 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in 2019. Mobile Device Inventory and Security Determine if the City accurately inventories and securely manages city- owned mobile devices, including laptops, tablets, cell/smart phones, and radios. 03/18 Early 2019 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in 2019. Nonprofit Service Agreements Audit Evaluate whether nonprofit organizations that receive City funding are achieving the outcomes we expect from the funding we provide and if City departments monitor the nonprofit service agreements to ensure that the required services are performed. The audit focuses primarily on nonprofit organizations that provide senior services. 06/18 Early 2019 In Progress This audit is in the report writing phase and will be presented to the Policy * Services Committee in 2019. NOTE: We previously referred to this audit as “Nonprofit Organizations Audit” but changed it to “Nonprofit Service Agreements” for clarification. Attachment A PAGE 4 Title Objective(s) Start Date End Date Status Results/Comments Contract Oversight Select a sample of contracts to evaluate the contract oversight process by determining if the City has adequate processes to ensure that the City receives the goods and services it paid for, that contracts did not result in unnecessary overlaps in services, and that contract extensions and change orders were appropriate. 06/18 Early 2019 In Progress This audit is in the field work phase and will be presented to the Policy & Services Committee in early 2019. Transferable Development Rights Determine if the City maintains an accurate and complete record of the transferable development rights (both City-owned and non-City-owned) that have been certified, transferred, and used to date. 06/18 Mid- 2019 In Progress This audit is in the planning phase. We expect to complete the audit in mid-2019. ERP Nonaudit Service Provide advisory services to the Department of Information Technology regarding its planning of a new ERP system. 09/16 N/A On hold We have not provided this service in FY 2019. We will resume our service after the City decides how to move forward with its ERP project. We will then focus on assisting the City with addressing the issues we identified during the ERP planning phase and prior audits. National Citizen Survey™ Obtain resident opinions about the community and services provided by the City of Palo Alto and benchmark our results against other jurisdictions. 06/18 01/19 In Progress The National Research Center sent a draft report in December and the Auditor’s Office is analyzing the raw data. The results will be presented at the annual Council retreat in February 2019. Performance Report Provides citywide information for key areas, including spending, staffing, workload, and performance. 10/18 Early 2019 In Progress Departments provided data, which we are compiling into the annual report. The report will be published early in 2019. Citizen Centric Report Provides City and community information, performance results, and summary revenue and expenditure data in an easy-to-ready four-page format. 10/18 Early 2019 In Progress Data have been collected and are being compiled into the report, which will be published early in 2019. Attachment A PAGE 5 Other Monitoring and Administrative Assignments Below is a summary of other assignments as of December 31, 2018: Title Objective(s) Status Results/Comments City Auditor Advisory Roles Provide guidance and advice to key governance committees within the City. Ongoing The City Auditor serves as an advisor to the Utilities Risk Oversight Committee and Information Security Steering Committee. We are also serving as an advisor for the strategic and technical planning groups for planning the new ERP system (see comment in the Audit and Project Work section above). Sales and Use Tax Allocation Reviews 1)Identify businesses that do business in Palo Alto that may have underreported or misallo- cated their sales and use tax and submit inquiries to the state for review and tax reallocation. 2)Monitor sales taxes received from the Stanford University Medical Center Project and notify Stanford of any differences between their reported taxes and state sales tax information, in accordance with the development agreement. 3)Provide Quarterly Status Updates and Sales Tax Digest Summaries for Council review. Ongoing 1)Sales and use tax recoveries for the second quarter of FY 2019 were $7,635 from our inquiries and $35,535 from the consultant’s inquiries, for a total of $43,170 for the quarter and fiscal year to date. Due to processing delays at the State Board of Equalization, 56 potential misallocations are waiting to be researched and processed: 24 from our office and 32 from the consultant. 2)We receive prior calendar-year sales tax information for the Stanford Medicine development project several months after the end of the calendar year and report these on our June quarterly report. The City has received $3,681,743 for calendar years 2011 through 2017 as a result of the development agreement for this project. 3)Quarterly sales tax reports are published on the Office of the City Auditor website at www.cityofpaloalto.org/gov/depts/aud/reports/default.asp. Status of Audit Recommendations Forty-seven recommendations were open at the beginning of the second quarter of FY 2019, and none were closed. We added 13 recommendations during the quarter, which resulted in 60 recommendations open at the end of the quarter. Five status reports were presented during the quarter, and seven are due to be presented during the third quarter of FY 2019. Below is a summary of the open audit recommendations as of December 31, 2018: Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Citywide Cash Handling and Travel Expense Issued: 09/15/10 Due – 04/09/19 10/23/18 03/21/18 08/22/17 11/10/15 09/23/14 09/10/13 10/22/12 04/19/11 Recommendations: 11 Open: 1 Implemented during quarter: 0 •Review practice of reimbursing employee meals when not in a travel status and report the amounts as income to employees to conform to Internal Revenue Service requirements (ASD) Attachment A PAGE 6 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Inventory Management Issued: 02/18/14 Due – 04/09/19 10/23/18 11/02/17 09/23/14 Recommendations: 14 Open: 4 Implemented during quarter: 0 •Implement City’s inventory management policies and procedures (ASD/UTL/PWD/IT) •Update and enforce inventory count policies and procedures to ensure consistent and accurate inventory records (ASD) •Identify, formalize, and communicate inventory management goals and objectives to City departments (ASD) •Ensure staff identify and use key SAP inventory management reports and appropriately configure and update SAP parameters that affect inventory levels (ASD/IT) Parking Funds Issued: 12/15/15 Due – 03/12/19 06/21/18 11/14/17 Recommendations: 8 Open: 1 Implemented during quarter: 0 •Develop policies and procedures to clarify roles and responsibilities and ensure accurate calculation and reporting of parking-in-lieu fees (PCE, ASD, PWD, CLK) Disability Rates and Workers’ Compensation Issued: 05/10/16 Due – 04/09/19 10/23/18 02/13/18 Recommendations: 15 Open: 4 Implemented during quarter: 4 •Review departmental procedures and safety requirements to ensure they align with citywide policies and procedures (HR) •Identify and provide industry-specific ergonomics and general wellness training opportunities (HR) •Address the disability leave benefits incorrectly reported as compensation to CalPERS (HR) •Ensure that data for managing disability leave is accurately captured through SAP time reporting (HR) Cable Franchise and Public, Education, and Government (PEG) Fees Issued: 06/14/16 Due – 04/09/19 10/23/18 03/21/18 08/22/17 Recommendations: 9 Open: 6 Implemented during quarter: 0 •Assess ongoing need for PEG fees; place fees in restricted account until decisions are made about use of fees (CMO/ATTY/ASD/IT) •Determine whether to allocate unrestricted funds, instead of PEG fees, to subsidize the Media Center’s operations. (CMO/ATTY/ASD/IT) •Send letters to cable companies to demand payment of underpaid franchise and PEG fees (CMO/ATTY/ASD/IT) •Develop criteria for assessing the accuracy of future cable franchise and PEG fee payments and require more detail with payment remittances (ASD) •Assign responsibility for the cable communications program and provide effective oversight of the program (CMO/CLK) •Draft an ordinance to update the Palo Alto Municipal Code based on clarified assignment of responsibility (CMO/ASD/ATTY/CLK) Attachment A PAGE 7 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Community Services Department (CSD): Fee Schedule Audit Issued: 02/14/17 Due – 03/12/19 06/21/18 11/14/17 Recommendations: 3 Open: 2 Implemented during quarter: 0 • Revise City’s cost recovery policy to align with relevant laws and reconfigure the Questica budget system to support fees that recover more than 100 percent of costs (ASD) • Configure SAP or the new ERP system to align cost centers with CSD programs (CSD) Continuous Monitoring: Payments Issued: 04/13/17 Due – 04/9/19 10/23/18 03/21/18 Recommendations: 7 Open: 3 Implemented during quarter: 2 • Build a continuous monitoring process into the new ERP system to identify potential duplicate invoices and seek recovery of duplicate payments (ASD) • Build a continuous monitoring process into the new ERP system to identify duplicate, incomplete, or unused vendor records (ASD) • Clean vendor master file before merging data into new ERP system (ASD) Green Purchasing Practices Issued: 04/13/17 Due – 03/12/19 06/21/18 Recommendations: 8 Open: 6 Implemented during quarter: 0 • Clearly define department(s) responsible for implementing green purchasing policies and determine if additional staffing and funding are needed to implement the policies (ASD/CMO) • Develop consolidated procedures to implement green purchasing policies (CMO/ASD/PWD) • Educate City staff on green purchasing policies (ASD) • Evaluate potential for use of 40 percent post- consumer fiber paper towels/other green janitorial products and monitor janitorial contractor’s compliance with green purchasing requirements (PWD) • Evaluate if new e-procurement system or other technology solution can help with tracking and reporting green purchases and establish appropriate green purchasing performance measures (ASD/PWD) • Require vendors to provide data on amounts of green products and services that City purchases from them (ASD/PWD) Utilities Department: Cross Bore Inspection Contract Issued: 06/01/17 Due – 03/12/19 06/21/18 Recommendations: 4 Open: 4 Implemented during quarter: 0 • Prioritize uninspected sewer pipelines for inspection and disclose potential inspection challenges in future contract solicitations (UTL) • Identify and update missing data in laterals database (UTL) • Incorporate relevant provisions from National Association of Sewer Service Companies’ contract template in future sewer inspection contracts (UTL) • Identify gaps in staff expertise and develop a training and certification plan for field staff who will monitor field inspections (UTL) Attachment A PAGE 8 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Accuracy of Water Meter Billing Issued: 08/16/17 Due – 03/12/19 06/21/18 Recommendations: 11 Open: 7 Implemented during quarter: 0 •Review and correct meter records for meters larger than 2 inches (UTL) •Explore options for addressing equity in meter size rates (UTL) •Develop a policy and procedures to report significant, systemic infrastructure changes to Council and update City of Palo Alto Utilities’ (CPAU) Rules and Regulations as needed (UTL) •Seek direction from Council before proceeding with installing additional electronic meters (UTL) •Determine if installed eMeters should be replaced and if billing adjustments are required (UTL) •Clarify purchasing policy and procedures for product standardization and sole source (ASD) •Retrain staff on purchasing policies and procedures and completion of required forms (ASD) Continuous Monitoring: Overtime Issued: 09/06/17 Due – 03/12/19 None Recommendations: 2 Open: 2 Implemented during quarter: 0 •Explore potential of developing a continuous monitoring process for overtime (ASD) •Form a work group to design standardized overtime management processes in the new ERP environment (ASD) Information Technology and Data Governance Issued: 06/13/18 Due – 03/12/19 None Recommendations: 4 Open: 4 Implemented during quarter: 0 •Assign roles and responsibilities for IT governance to ensure that governance coveralls all key aspects of the City’s information systems (IT) •Adopt an industry standard IT governance framework and create a plan to achieve a process capability model of “established” or higher (IT) •Assign roles and responsibilities for data governance to ensure that governance coveralls all key aspects of the City’s information systems (IT) •Adopt an industry standard data governance framework and create a plan to achieve a process capability model of “established” or higher (IT) Business Registry Issued: 08/28/18 Will be determined after Council acceptance Recommendations: 3 Open: 3 Implemented during quarter: 0 •Clarify existing and potential uses and priorities for business registry data and update questions in business registry survey as appropriate (CMO, DSD, PCE, Trans) •Identify external data that can improve accuracy of data collected and provide the data to the business registry consultant (DSD) •Update business registry administrative manual to reflect current process, including roles and responsibilities (DSD and Attorney) Attachment A PAGE 9 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Code Enforcement Issued: 11/06/18 Will be determined after Council acceptance Recommendations: 7 Open: 7 Implemented during quarter: 0 •Clarify the City’s code enforcement strategy and priorities with the City Council; develop an updated enforcement procedure that is aligned with the strategy (CMO) •Update Municipal Code sections governing code enforcement, including combining, clarifying, and streamlining the administrative procedures and clarifying roles and responsibilities (CMO) •Hold regular meetings with staff who have code enforcement responsibilities to share information and develop collective and consistent enforcement action plans (CMO) •Identify what complaint and case data to capture, track, and share internally and externally; determine which system(s) to use to track data for each code enforcement function, including standardizing code enforcement terminology; design reporting processes capable of aggregating data into a citywide view; develop citywide performance measures for code enforcement (CMO) •Reconfigure Accela Code Enforcement to enhance data collection and reporting, to pave the way for other functions that may adopt Accela (CMO) •Provide general, citywide information on code enforcement in a central location on the City’s website and assign responsibility for ensuring that the information is kept up to date (CMO) •Assign staff to be responsible for citywide administration of PaloAlto311 to provide ongoing maintenance and support, including redefining PaloAlto311 issue types and reconfiguring workflows, managing user access and making training materials available for new users, and updating and maintaining the PaloAlto311 data and dashboard on the City’s Open Data Portal (CMO) ERP Planning – Separation of Duties Issued: 10/17/18 Will be determined after Council acceptance Recommendations: 2 Open: 2 Implemented during quarter: 0 •Transfer task of entering Accounts Payable’s invoices to ASD Administration; have Payroll redesign manual controls to mitigate high-risk areas of separation of duty conflicts; and share with Utilities relevant, adopted separation of duties practices to ensure consistency with ASD practices (ASD) •Revisit the design and definitions of profiles and roles according to the concept of least privilege, where possible (IT) Attachment A PAGE 10 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations ERP Planning – Data Standardization Issued: 10/17/18 Will be determined after Council acceptance Recommendations: 4 Open: 4 Implemented during quarter: 0 •Provide governance over data standardization, such as who is responsible and what is subject to data standardization (IT) •Review other systems and determine what is subject to data standardization, especially for data that feeds into the SAP system (IT) •Work with Departments to review the data within SAP and determine what will benefit most by standardizing data (IT) •Require Departments to implement data standardization requirements during data cleansing in the ERP transition (IT) Open Recommendations by Audit Issuance Date Fiscal Year Audit Title Number of Open Recommendations 2011 Citywide Cash Handling and Travel Expense 1 of 11 2014 Inventory Management 4 of 14 2016 Parking Funds 1 of 8 Cable Franchise and Public, Education, and Government (PEG) Fees 6 of 9 Disability Rates and Workers’ Compensation 4 of 15 2017 Community Services Department: Fee Schedule 2 of 3 Continuous Monitoring: Payments 3 of 7 Green Purchasing Practices 6 of 8 Utilities Department: Cross Bore Inspection Contract 4 of 4 2018 Accuracy of Water Meter Billing 7 of 11 Continuous Monitoring: Overtime 2 of 2 Information Technology and Data Governance 4 of 4 2019 Business Registry 3 of 3 Code Enforcement 7 of 7 ERP Planning – Separation of Duties 2 of 2 ERP Planning – Data Standardization 4 of 4 7 0 0 00 1 2 3 4 5 6 7 8 Q1 Q2 Q3 Q4 Number of Implemented Recommendations by Quarter 16 15 13 16 0 20 40 60 Number of Open Recommendations FY 19 FY 18 FY 17 Prior Fiscal Years Attachment A PAGE 11 Fraud, Waste, and Abuse Hotline Administration The hotline review committee, composed of the City Auditor, the City Attorney, and the City Manager, or their designees, meets as needed to review hotline-related activities. One complaint was received during the first quarter of FY 2019, which was closed during the second quarter due to lack of receipt of additional information from complainant. No complaints were received in the second quarter of FY 2019, and all prior-year complaints have been closed. The chart below summarizes the status of complaints received in each fiscal year since the hotline was implemented. 7 3 2 13 9 0 10 2 4 6 8 10 12 14 FY 2013 FY 2014 FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 Status of Complaints Received by Fiscal Year Closed Complaints Open Complaints Attachment A Quarterly Report as of March 31, 2019 Office of the City Auditor “Promoting honest, efficient, effective, economical, and fully accountable and transparent city government.” Attachment B PAGE 2 Fiscal Year (FY) 2019 Third Quarter Update (January – March 2019) Overview The audit function is essential to the City of Palo Alto’s public accountability. The mission of the Office of the City Auditor, as mandated by the City Charter and Municipal Code, is to promote honest, efficient, effective, economical, and fully accountable and transparent city government. We conduct performance audits and reviews to provide the City Council and City management with information and evaluations regarding how effectively and efficiently resources are used; the adequacy of internal control systems; and compliance with policies, procedures, and regulatory requirements. Taking appropriate action on our audit recommendations helps the City reduce risks and protect its good reputation. Activity Highlights Published and presented the FY 2018 National Citizen Survey™ at the annual Council retreat. City Auditor Harriet Richardson retired in February 2019. Because of the turnover of this key position during the third quarter of FY 2019 and because the firm providing interim services, Management Partners, did not begin until the end of March, this Quarterly Report will be largely unchanged from the previous Quarterly Report as of December 31, 2018. The City Council appointed Management Partners, Inc. in March 2019 to serve as the City’s Interim Auditor for up to a six-month term. Management Partners assigned Don Rhoads, CPA as Special Advisor to the Office of the City Auditor. Audit and Project Work Below is a summary of our audit and project work for the third quarter of FY 2019: Title Objective(s) Start Date End Date Status Results/Comments Business Registry Evaluate the rules and processes used to establish the business registry and make recommendations to help clean up the data and ensure accuracy in the future. 02/18 08/19 In Progress This audit was presented to the Policy & Services Committee in September 2018. The Committee requested additional analysis, which we will bring back to the Committee in August 2019. ERP Planning Audit: Data Reliability and Integrity – Data Standardization This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on identifying where standardizing data would be beneficial when implementing the new ERP system. 05/17 10/18 Completed This audit was completed and presented to the Policy & Services Committee in October 2018. ERP Planning Audit: Separation of Duties Evaluate the adequacy of separation of duties for various activities in the current SAP system and make recommendations to ensure that identified deficiencies are corrected for the new ERP system. 05/17 10/18 Completed This audit was completed and presented to the Policy & Services Committee in October 2018. Attachment B PAGE 3 Title Objective(s) Start Date End Date Status Results/Comments Code Enforcement Audit Evaluate the timeliness and effectiveness of code enforcement actions, the effectiveness of communication with the public, and the accuracy and completeness of code enforcement case tracking for decision making purposes. We conducted a resident survey to help inform our audit recommendations. 05/17 11/18 Completed This audit was completed and presented to the Policy & Services Committee in November 2018. ERP Planning Audit: Data Reliability and Integrity – Personnel Data This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on assessing the accuracy of employee master data, such as name, address, birthdate, and social security number. 09/17 08/19 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in August 2019. NOTE: We previously referred to this audit as “Human Resources/Payroll Data” but changed it to “Personnel Data” for clarification. ERP Planning Audit: Data Reliability and Integrity – Utilities Customer Data This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on assessing the accuracy of Utilities’ customer master data that is used for billing purposes, such as customer name, service and billing addresses, and move-in and move-out dates. 06/18 2019 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in 2019. Mobile Device Inventory and Security Determine if the City accurately inventories and securely manages city- owned mobile devices, including laptops, tablets, and cell/smart phones. 03/18 2019 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in 2019. Nonprofit Service Agreements Audit Evaluate whether nonprofit organizations that receive City funding are achieving the outcomes we expect from the funding we provide and if City departments monitor the nonprofit service agreements to ensure that the required services are performed. The audit focuses primarily on nonprofit organizations that provide senior or nutrition services. 06/18 08/19 In Progress This audit is in the report writing phase and will be presented to the Policy & Services Committee in August 2019. NOTE: We previously referred to this audit as “Nonprofit Organizations Audit” but changed it to “Nonprofit Service Agreements” for clarification. Attachment B PAGE 4 Title Objective(s) Start Date End Date Status Results/Comments Contract Oversight Select a sample of contracts to evaluate the contract oversight process by determining if the City has adequate processes to ensure that the City receives the goods and services it paid for, that contracts did not result in unnecessary overlaps in services, and that contract extensions and change orders were appropriate. 06/18 Late 2019 In Progress This audit is in the field work phase and will be presented to the Policy & Services Committee in late 2019. Transferable Development Rights Determine if the City maintains an accurate and complete record of the transferable development rights (both City-owned and non-City-owned) that have been certified, transferred, and used to date. 06/18 Late 2019 On hold This audit was in the planning phase but has been on hold since July 2018 due to staff turnover. We will resume the audit in April 2019 and expect to complete it in late 2019. ERP Nonaudit Service Provide advisory services to the Department of Information Technology regarding its planning of a new ERP system. 09/16 N/A On hold We have not provided this service in FY 2019. We will resume our service after the City decides how to move forward with its ERP project. We will then focus on assisting the City with addressing the issues we identified during the ERP planning phase and prior audits. National Citizen Survey™ Obtain resident opinions about the community and services provided by the City of Palo Alto and benchmark our results against other jurisdictions. 06/18 02/19 Completed We presented the National Citizen Survey™ to the Council at the annual Council retreat on February 2, 2019. Performance Report Provides citywide information for key areas, including spending, staffing, workload, and performance. 10/18 05/19 In Progress Departments provided data, which have been compiled into the annual report. The report will be published in May 2019. Citizen Centric Report Provides City and community information, performance results, and summary revenue and expenditure data in an easy-to-ready four-page format. 10/18 05/19 In Progress Data have been collected and are being compiled into the report, which will be published in May 2019. Attachment B PAGE 5 Other Monitoring and Administrative Assignments Below is a summary of other assignments as of March 31, 2019: Title Objective(s) Status Results/Comments City Auditor Advisory Roles Provide guidance and advice to key governance committees within the City. Ongoing The City Auditor serves as an advisor to the Utilities Risk Oversight Committee and Information Security Steering Committee. We are also serving as an advisor for the strategic and technical planning groups for planning the new ERP system (see comment in the Audit and Project Work section above). Sales and Use Tax Allocation Reviews 1) Identify businesses that do business in Palo Alto that may have underreported or misallo- cated their sales and use tax and submit inquiries to the state for review and tax reallocation. 2) Monitor sales taxes received from the Stanford University Medical Center Project and notify Stanford of any differences between their reported taxes and state sales tax information, in accordance with the development agreement. 3) Provide Quarterly Status Updates and Sales Tax Digest Summaries for Council review. Ongoing 1) Sales and use tax recoveries for the third quarter of FY 2019 were $128,549 from our inquiries and $17,537 from the consultant’s inquiries, for a total of $146,086 for the quarter and $189,256 fiscal year to date. Due to processing delays at the State Board of Equalization, 57 potential misallocations are waiting to be researched and processed: 27 from our office and 30 from the consultant. 2) We receive prior calendar-year sales tax information for the Stanford Medicine development project several months after the end of the calendar year and report these on our June quarterly report. The City has received $3,681,743 for calendar years 2011 through 2017 as a result of the development agreement for this project. 3) Quarterly sales tax reports are published on the Office of the City Auditor website at www.cityofpaloalto.org/gov/depts/aud/reports/default.asp. Status of Audit Recommendations Sixty recommendations were open at the beginning of the third quarter of FY 2019. One was closed and we did not add any recommendations during the quarter, which resulted in 59 recommendations open at the end of the quarter. No status reports were presented during the quarter due to staff turnover, even though seven were due to be presented. These seven status reports along with five additional status reports due during the fourth quarter of FY 2019 will be presented in June 2019. Below is a summary of the open audit recommendations as of March 31, 2019: Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Citywide Cash Handling and Travel Expense Issued: 09/15/10 Due – 04/09/19 10/23/18 03/21/18 08/22/17 11/10/15 09/23/14 09/10/13 10/22/12 04/19/11 Recommendations: 11 Open: 1 Implemented during quarter: 0  Review practice of reimbursing employee meals when not in a travel status and report the amounts as income to employees to conform to Internal Revenue Service requirements (ASD) Attachment B PAGE 6 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Inventory Management Issued: 02/18/14 Due – 04/09/19 10/23/18 11/02/17 09/23/14 Recommendations: 14 Open: 4 Implemented during quarter: 0 Implement City’s inventory management policies and procedures (ASD/UTL/PWD/IT) Update and enforce inventory count policies and procedures to ensure consistent and accurate inventory records (ASD) Identify, formalize, and communicate inventory management goals and objectives to City departments (ASD) Ensure staff identify and use key SAP inventory management reports and appropriately configure and update SAP parameters that affect inventory levels (ASD/IT) Parking Funds Issued: 12/15/15 Due – 03/12/19 06/21/18 11/14/17 Recommendations: 8 Open: 0 Implemented during quarter: 1 Develop policies and procedures to clarify roles and responsibilities and ensure accurate calculation and reporting of parking-in-lieu fees (PCE, ASD, PWD, CLK) Disability Rates and Workers’ Compensation Issued: 05/10/16 Due – 04/09/19 10/23/18 02/13/18 Recommendations: 15 Open: 4 Implemented during quarter: 0 Review departmental procedures and safety requirements to ensure they align with citywide policies and procedures (HR) Identify and provide industry-specific ergonomics and general wellness training opportunities (HR) Address the disability leave benefits incorrectly reported as compensation to CalPERS (HR) Ensure that data for managing disability leave is accurately captured through SAP time reporting (HR) Cable Franchise and Public, Education, and Government (PEG) Fees Issued: 06/14/16 Due – 04/09/19 10/23/18 03/21/18 08/22/17 Recommendations: 9 Open: 6 Implemented during quarter: 0 Assess ongoing need for PEG fees; place fees in restricted account until decisions are made about use of fees (CMO/ATTY/ASD/IT) Determine whether to allocate unrestricted funds, instead of PEG fees, to subsidize the Media Center’s operations. (CMO/ATTY/ASD/IT) Send letters to cable companies to demand payment of underpaid franchise and PEG fees (CMO/ATTY/ASD/IT) Develop criteria for assessing the accuracy of future cable franchise and PEG fee payments and require more detail with payment remittances (ASD) Assign responsibility for the cable communications program and provide effective oversight of the program (CMO/CLK) Draft an ordinance to update the Palo Alto Municipal Code based on clarified assignment of responsibility (CMO/ASD/ATTY/CLK) Attachment B PAGE 7 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Community Services Department (CSD): Fee Schedule Audit Issued: 02/14/17 Due – 03/12/19 06/21/18 11/14/17 Recommendations: 3 Open: 2 Implemented during quarter: 0  Revise City’s cost recovery policy to align with relevant laws and reconfigure the Questica budget system to support fees that recover more than 100 percent of costs (ASD)  Configure SAP or the new ERP system to align cost centers with CSD programs (CSD) Continuous Monitoring: Payments Issued: 04/13/17 Due – 04/9/19 10/23/18 03/21/18 Recommendations: 7 Open: 3 Implemented during quarter: 0  Build a continuous monitoring process into the new ERP system to identify potential duplicate invoices and seek recovery of duplicate payments (ASD)  Build a continuous monitoring process into the new ERP system to identify duplicate, incomplete, or unused vendor records (ASD)  Clean vendor master file before merging data into new ERP system (ASD) Green Purchasing Practices Issued: 04/13/17 Due – 03/12/19 06/21/18 Recommendations: 8 Open: 6 Implemented during quarter: 0  Clearly define department(s) responsible for implementing green purchasing policies and determine if additional staffing and funding are needed to implement the policies (ASD/CMO)  Develop consolidated procedures to implement green purchasing policies (CMO/ASD/PWD)  Educate City staff on green purchasing policies (ASD)  Evaluate potential for use of 40 percent post- consumer fiber paper towels/other green janitorial products and monitor janitorial contractor’s compliance with green purchasing requirements (PWD)  Evaluate if new e-procurement system or other technology solution can help with tracking and reporting green purchases and establish appropriate green purchasing performance measures (ASD/PWD)  Require vendors to provide data on amounts of green products and services that City purchases from them (ASD/PWD) Utilities Department: Cross Bore Inspection Contract Issued: 06/01/17 Due – 03/12/19 06/21/18 Recommendations: 4 Open: 4 Implemented during quarter: 0  Prioritize uninspected sewer pipelines for inspection and disclose potential inspection challenges in future contract solicitations (UTL)  Identify and update missing data in laterals database (UTL)  Incorporate relevant provisions from National Association of Sewer Service Companies’ contract template in future sewer inspection contracts (UTL)  Identify gaps in staff expertise and develop a training and certification plan for field staff who will monitor field inspections (UTL) Attachment B PAGE 8 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Accuracy of Water Meter Billing Issued: 08/16/17 Due – 03/12/19 06/21/18 Recommendations: 11 Open: 7 Implemented during quarter: 0  Review and correct meter records for meters larger than 2 inches (UTL)  Explore options for addressing equity in meter size rates (UTL)  Develop a policy and procedures to report significant, systemic infrastructure changes to Council and update City of Palo Alto Utilities’ (CPAU) Rules and Regulations as needed (UTL)  Seek direction from Council before proceeding with installing additional electronic meters (UTL)  Determine if installed eMeters should be replaced and if billing adjustments are required (UTL)  Clarify purchasing policy and procedures for product standardization and sole source (ASD)  Retrain staff on purchasing policies and procedures and completion of required forms (ASD) Continuous Monitoring: Overtime Issued: 09/06/17 Due – 03/12/19 None Recommendations: 2 Open: 2 Implemented during quarter: 0  Explore potential of developing a continuous monitoring process for overtime (ASD)  Form a work group to design standardized overtime management processes in the new ERP environment (ASD) Information Technology and Data Governance Issued: 06/13/18 Due – 03/12/19 None Recommendations: 4 Open: 4 Implemented during quarter: 0  Assign roles and responsibilities for IT governance to ensure that governance coveralls all key aspects of the City’s information systems (IT)  Adopt an industry standard IT governance framework and create a plan to achieve a process capability model of “established” or higher (IT)  Assign roles and responsibilities for data governance to ensure that governance coveralls all key aspects of the City’s information systems (IT)  Adopt an industry standard data governance framework and create a plan to achieve a process capability model of “established” or higher (IT) Business Registry Issued: 08/28/18 Will be determined after Council acceptance Recommendations: 3 Open: 3 Implemented during quarter: 0  Clarify existing and potential uses and priorities for business registry data and update questions in business registry survey as appropriate (CMO, DSD, PCE, Trans)  Identify external data that can improve accuracy of data collected and provide the data to the business registry consultant (DSD)  Update business registry administrative manual to reflect current process, including roles and responsibilities (DSD and Attorney) Attachment B PAGE 9 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Code Enforcement Issued: 11/06/18 Will be determined after Council acceptance Recommendations: 7 Open: 7 Implemented during quarter: 0  Clarify the City’s code enforcement strategy and priorities with the City Council; develop an updated enforcement procedure that is aligned with the strategy (CMO)  Update Municipal Code sections governing code enforcement, including combining, clarifying, and streamlining the administrative procedures and clarifying roles and responsibilities (CMO)  Hold regular meetings with staff who have code enforcement responsibilities to share information and develop collective and consistent enforcement action plans (CMO)  Identify what complaint and case data to capture, track, and share internally and externally; determine which system(s) to use to track data for each code enforcement function, including standardizing code enforcement terminology; design reporting processes capable of aggregating data into a citywide view; develop citywide performance measures for code enforcement (CMO)  Reconfigure Accela Code Enforcement to enhance data collection and reporting, to pave the way for other functions that may adopt Accela (CMO)  Provide general, citywide information on code enforcement in a central location on the City’s website and assign responsibility for ensuring that the information is kept up to date (CMO)  Assign staff to be responsible for citywide administration of PaloAlto311 to provide ongoing maintenance and support, including redefining PaloAlto311 issue types and reconfiguring workflows, managing user access and making training materials available for new users, and updating and maintaining the PaloAlto311 data and dashboard on the City’s Open Data Portal (CMO) ERP Planning – Separation of Duties Issued: 10/17/18 Will be determined after Council acceptance Recommendations: 2 Open: 2 Implemented during quarter: 0  Transfer task of entering Accounts Payable’s invoices to ASD Administration; have Payroll redesign manual controls to mitigate high-risk areas of separation of duties conflicts; and share with Utilities relevant, adopted separation of duties practices to ensure consistency with ASD practices (ASD)  Revisit the design and definitions of profiles and roles according to the concept of least privilege, where possible (IT) Attachment B PAGE 10 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations ERP Planning – Data Standardization Issued: 10/17/18 Will be determined after Council acceptance Recommendations: 4 Open: 4 Implemented during quarter: 0  Provide governance over data standardization, such as who is responsible and what is subject to data standardization (IT)  Review other systems and determine what is subject to data standardization, especially for data that feeds into the SAP system (IT)  Work with Departments to review the data within SAP and determine what will benefit most by standardizing data (IT)  Require Departments to implement data standardization requirements during data cleansing in the ERP transition (IT) Open Recommendations by Audit Issuance Date Fiscal Year Audit Title Number of Open Recommendations 2011 Citywide Cash Handling and Travel Expense 1 of 11 2014 Inventory Management 4 of 14 2016 Parking Funds 0 of 8 Cable Franchise and Public, Education, and Government (PEG) Fees 6 of 9 Disability Rates and Workers’ Compensation 4 of 15 2017 Community Services Department: Fee Schedule 2 of 3 Continuous Monitoring: Payments 3 of 7 Green Purchasing Practices 6 of 8 Utilities Department: Cross Bore Inspection Contract 4 of 4 2018 Accuracy of Water Meter Billing 7 of 11 Continuous Monitoring: Overtime 2 of 2 Information Technology and Data Governance 4 of 4 2019 Business Registry 3 of 3 Code Enforcement 7 of 7 ERP Planning – Separation of Duties 2 of 2 ERP Planning – Data Standardization 4 of 4 7 0 1 00 1 2 3 4 5 6 7 8 Q1 Q2 Q3 Q4 Number of Implemented Recommendations by Quarter 15 15 13 16 0 20 40 60 Number of Open Recommendations FY 19 FY 18 FY 17 Prior Fiscal Years Attachment B PAGE 11 Fraud, Waste, and Abuse Hotline Administration The hotline review committee, composed of the City Auditor, the City Attorney, and the City Manager, or their designees, meets as needed to review hotline-related activities. One complaint was received during the first quarter of FY 2019, which was closed during the second quarter due to lack of receipt of additional information from complainant. No complaints were received in the third quarter of FY 2019, and all prior-year complaints have been closed. The chart below summarizes the status of complaints received in each fiscal year since the hotline was implemented. 7 3 2 13 9 0 10 2 4 6 8 10 12 14 FY 2013 FY 2014 FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 Status of Complaints Received by Fiscal Year Closed Complaints Open Complaints Attachment B