The URL can be used to link to this page

Home My WebLink AboutStaff Report 10511 CITY OF PALO ALTO OFFICE OF THE CITY AUDITOR September 10, 2019 The Honorable City Council Palo Alto, California Staff Recommends the Policy and Services Committee Recommend the City Council Accept the Auditor's Office Quarterly Report as of June 30, 2019 RECOMMENDATION The City Auditor’s Office recommends the Policy and Services Committee review and recommend to the City Council acceptance of the Auditor’s Office Quarterly Report as of June 30, 2019. SUMMARY OF RESULTS In accordance with the Municipal Code, the City Auditor prepares an annual work plan and issues quarterly reports to the City Council describing the status and progress towards completion of the work plan. This report provides the City Council with an update on the fourth quarter for FY 2019. Respectfully submitted, Don Rhoads, CPA Special Advisor to the Office of the City Auditor Management Partners ATTACHMENTS: • Attachment A: Auditor's Office Quarterly Report as of June 30, 2019 (PDF) Department Head: Don Rhoads, Special Advisor to the Office of the City Auditor Page 2 Quarterly Report as of June 30, 2019 Office of the City Auditor “Promoting honest, efficient, effective, economical, and fully accountable and transparent city government.” Attachment A PAGE 2 Fiscal Year (FY) 2019 Fourth Quarter Update (April – June 2019) Overview The audit function is essential to the City of Palo Alto’s public accountability. The mission of the Office of the City Auditor, as mandated by the City Charter and Municipal Code, is to promote honest, efficient, effective, economical, and fully accountable and transparent city government. We conduct performance audits and reviews to provide the City Council and City management with information and evaluations regarding how effectively and efficiently resources are used; the adequacy of internal control systems; and compliance with policies, procedures, and regulatory requirements. Taking appropriate action on our audit recommendations helps the City reduce risks and protect its good reputation. Activity Highlights • The City Council appointed Management Partners, Inc. in March 2019 to serve as the City’s Interim Auditor for up to a six-month term. Management Partners assigned Don Rhoads, CPA as Special Advisor to the Office of the City Auditor. • Audit staff have reinitiated several audits that have been on hold given the vacancy in the City Auditor position. These include Nonprofit Service Agreements, additional analysis related to the Business Registry, and the Contract Risk and Oversight audits. • Significant progress was made in bringing required departmental status reports on the implementation of past audit recommendations to the Policy & Services Committee for approval. Nearly all status report (12 out of 13) were presented to and approved by the Committee in June. • One new audit from the 2019 Audit Plan, a look at the status of the City’s Transfer of Development Rights program, that had been on hold for almost a year was reinitiated during the 4th quarter. • A long-time Performance Auditor retired from her position at the end of June. This leaves staffing levels in the City Auditor’s Office at three performance auditor positions and the vacant City Auditor position, currently filled by Management Partners. Audit and Project Work Below is a summary of our audit and project work for the fourth quarter of FY 2019: Title Objective(s) Start Date End Date Status Results/Comments Business Registry Evaluate the rules and processes used to establish the business registry and make recommendations to help clean up the data and ensure accuracy in the future. 02/18 08/19 In Progress This audit was presented to the Policy & Services Committee in September 2018. The Committee requested additional analysis, which has been completed. The audit and additional analysis will be brought to City Council for approval in August 2019. Attachment A PAGE 3 Title Objective(s) Start Date End Date Status Results/Comments ERP Planning Audit: Data Reliability and Integrity – Personnel Data This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on assessing the accuracy of employee master data, such as name, address, birthdate, and social security number. 09/17 2020 On hold This audit is currently on hold pending arrival of the permanent City Auditor due to a current potential independence impairment. NOTE: We previously referred to this audit as “Human Resources/Payroll Data” but changed it to “Personnel Data” for clarification. ERP Planning Audit: Data Reliability and Integrity – Utilities Customer Data This is one of a series of audits that focus on evaluating the integrity and reliability of data in SAP and making recommendations to ensure that identified deficiencies are corrected prior to transferring data to the new ERP system. This audit focuses on assessing the accuracy of Utilities’ customer master data that is used for billing purposes, such as customer name, service and billing addresses, and move-in and move-out dates. 06/18 Late 2019 In Progress This audit is completed, ready for City Auditor review, and will be presented to the Policy & Services Committee in late 2019. Mobile Device Inventory and Security Determine if the City accurately inventories and securely manages city- owned mobile devices, including laptops, tablets, and cell/smart phones. 03/18 Late 2019 In Progress This audit is completed, ready for City Auditor review, and will be presented to the Policy & Services Committee in late 2019. Nonprofit Service Agreements Audit Evaluate whether nonprofit organizations that receive City funding are achieving the outcomes we expect from the funding we provide and if City departments monitor the nonprofit service agreements to ensure that the required services are performed. The audit focuses primarily on nonprofit organizations that provide senior or nutrition services. 06/18 08/19 In Progress This audit is completed and will be presented to the Policy & Services Committee in September 2019. NOTE: We previously referred to this audit as “Nonprofit Organizations Audit” but changed it to “Nonprofit Service Agreements” for clarification. Contract Oversight Select a sample of contracts to evaluate the contract oversight process by determining if the City has adequate processes to ensure that the City receives the goods and services it paid for, that contracts did not result in unnecessary overlaps in services, and that contract extensions and change orders were appropriate. 06/18 Late 2019 In Progress This audit is in the field work phase and will be presented to the Policy & Services Committee in late 2019. Attachment A PAGE 4 Title Objective(s) Start Date End Date Status Results/Comments Transferable Development Rights (TDR) Program Determine if the City 1) maintains an accurate and complete record of the historic and seismic floor area bonuses that are eligible for the City’s TDR program; 2) certifies eligible floor area bonuses for transfer in accordance with Palo Alto Municipal Code; and 3) maintains a special fund to accurately and completely account for the sales of development rights.. 06/18 Late 2019 In Progress This audit was in the planning phase last year but had been on hold since July 2018 due to staff turnover. We resumed the audit in April 2019 and expect to complete it in late 2019. ERP Nonaudit Service Provide advisory services to the Department of Information Technology regarding its planning of a new ERP system. 09/16 N/A On hold This service has been on hold pending arrival of the permanent City Auditor, who will determine how we can assist the City with addressing the issues we identified during the ERP planning phase and prior audits. Performance Report Provides citywide information for key areas, including spending, staffing, workload, and performance. 10/18 06/19 Completed Departments provided data, which was compiled into the annual report. The report was published in June 2019. Citizen Centric Report Provides City and community information, performance results, and summary revenue and expenditure data in an easy‐to‐ready four‐page format. 10/18 06/19 Completed Data have been collected and were compiled into the report, which was published in June 2019. Other Monitoring and Administrative Assignments Below is a summary of other assignments as of June 30, 2019: Title Objective(s) Status Results/Comments City Auditor Advisory Roles Provide guidance and advice to key governance committees within the City. Ongoing The City Auditor serves as an advisor to the Utilities Risk Oversight Committee and Information Security Steering Committee. Attachment A PAGE 5 Title Objective(s) Status Results/Comments Sales and Use Tax Allocation Reviews 1) Identify businesses that do business in Palo Alto that may have underreported or misallo- cated their sales and use tax and submit inquiries to the state for review and tax reallocation. 2) Monitor sales taxes received from the Stanford University Medical Center Project and notify Stanford of any differences between their reported taxes and state sales tax information, in accordance with the development agreement. 3) Provide Quarterly Status Updates and Sales Tax Digest Summaries for Council review. Ongoing We are discussing the possibility of transitioning roles and responsibility for sales and use tax allocation reviews to the Administrative Services Department. A decision should be made by late 2019. 1) The City’s consultant inquiries resulted in about $950 in sales and use tax recoveries for the quarter. 2) We receive prior calendar-year sales tax information for the Stanford Medicine development project several months after the end of the calendar year and report these on our June quarterly report. The City has received $4,307,756 for calendar years 2011 through 2018 as a result of the development agreement for this project. 3) Quarterly sales tax reports have been published on the Office of the City Auditor website at www.cityofpaloalto.org/gov/depts/aud/reports/default.asp. Status of Audit Recommendations Fifty-nine recommendations were open at the beginning of the fourth quarter of FY 2019. Eighteen, or just over 30% of all outstanding audit recommendations, were closed during the fourth quarter and we did not add any recommendations during the quarter, which resulted in 41 recommendations open at the end of the quarter. Twelve of the thirteen status reports due were presented to the Policy and Services Committee during the quarter. The one remaining status report due will be presented in late 2019. Below is a summary of the open audit recommendations as of June 30, 2019: Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Citywide Cash Handling and Travel Expense Issued: 09/15/10 Due – 12/10/19 06/11/19 10/23/18 03/21/18 08/22/17 11/10/15 09/23/14 09/10/13 10/22/12 04/19/11 Recommendations: 11 Open: 1 Implemented during quarter: 0 • Review practice of reimbursing employee meals when not in a travel status and report the amounts as income to employees to conform to Internal Revenue Service requirements (ASD) Attachment A PAGE 6 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Inventory Management Issued: 02/18/14 Due – 12/10/19 06/11/19 10/23/18 11/02/17 09/23/14 Recommendations: 14 Open: 0 Implemented during quarter: 4 • Implement City’s inventory management policies and procedures (ASD/UTL/PWD/IT) • Update and enforce inventory count policies and procedures to ensure consistent and accurate inventory records (ASD) • Identify, formalize, and communicate inventory management goals and objectives to City departments (ASD) • Ensure staff identify and use key SAP inventory management reports and appropriately configure and update SAP parameters that affect inventory levels (ASD/IT) Parking Funds Issued: 12/15/15 Due – 03/12/19 06/21/18 11/14/17 Recommendations: 8 Open: 0 Implemented during quarter: 0 • Develop policies and procedures to clarify roles and responsibilities and ensure accurate calculation and reporting of parking-in-lieu fees (PCE, ASD, PWD, CLK) Disability Rates and Workers’ Compensation Issued: 05/10/16 Due – 12/10/19 06/11/19 10/23/18 02/13/18 Recommendations: 15 Open: 4 Implemented during quarter: 0 • Review departmental procedures and safety requirements to ensure they align with citywide policies and procedures (HR) • Identify and provide industry-specific ergonomics and general wellness training opportunities (HR) • Address the disability leave benefits incorrectly reported as compensation to CalPERS (HR) • Ensure that data for managing disability leave is accurately captured through SAP time reporting (HR) Cable Franchise and Public, Education, and Government (PEG) Fees Issued: 06/14/16 Due – 12/10/19 06/11/19 10/23/18 03/21/18 08/22/17 Recommendations: 9 Open: 4 Implemented during quarter: 2 • Assess ongoing need for PEG fees; place fees in restricted account until decisions are made about use of fees (CMO/ATTY/ASD/IT) • Determine whether to allocate unrestricted funds, instead of PEG fees, to subsidize the Media Center’s operations. (CMO/ATTY/ASD/IT) • Send letters to cable companies to demand payment of underpaid franchise and PEG fees (CMO/ATTY/ASD/IT) • Develop criteria for assessing the accuracy of future cable franchise and PEG fee payments and require more detail with payment remittances (ASD) • Assign responsibility for the cable communications program and provide effective oversight of the program (CMO/CLK) • Draft an ordinance to update the Palo Alto Municipal Code based on clarified assignment of responsibility (CMO/ASD/ATTY/CLK) Attachment A PAGE 7 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Community Services Department (CSD): Fee Schedule Audit Issued: 02/14/17 Due – 12/10/19 06/11/19 06/21/18 11/14/17 Recommendations: 3 Open: 1 Implemented during quarter: 1 • Revise City’s cost recovery policy to align with relevant laws and reconfigure the Questica budget system to support fees that recover more than 100 percent of costs (ASD) • Configure SAP or the new ERP system to align cost centers with CSD programs (CSD) Continuous Monitoring: Payments Issued: 04/13/17 Due – 12/10/19 06/11/19 10/23/18 03/21/18 Recommendations: 7 Open: 3 Implemented during quarter: 0 • Build a continuous monitoring process into the new ERP system to identify potential duplicate invoices and seek recovery of duplicate payments (ASD) • Build a continuous monitoring process into the new ERP system to identify duplicate, incomplete, or unused vendor records (ASD) • Clean vendor master file before merging data into new ERP system (ASD) Green Purchasing Practices Issued: 04/13/17 Due – 12/10/19 06/11/19 06/21/18 Recommendations: 8 Open: 5 Implemented during quarter: 1 • Clearly define department(s) responsible for implementing green purchasing policies and determine if additional staffing and funding are needed to implement the policies (ASD/CMO) • Develop consolidated procedures to implement green purchasing policies (CMO/ASD/PWD) • Educate City staff on green purchasing policies (ASD) • Evaluate potential for use of 40 percent post- consumer fiber paper towels/other green janitorial products and monitor janitorial contractor’s compliance with green purchasing requirements (PWD) • Evaluate if new e-procurement system or other technology solution can help with tracking and reporting green purchases and establish appropriate green purchasing performance measures (ASD/PWD) • Require vendors to provide data on amounts of green products and services that City purchases from them (ASD/PWD) Utilities Department: Cross Bore Inspection Contract Issued: 06/01/17 Due – 12/10/19 06/11/19 06/21/18 Recommendations: 4 Open: 0 Implemented during quarter: 4 • Prioritize uninspected sewer pipelines for inspection and disclose potential inspection challenges in future contract solicitations (UTL) • Identify and update missing data in laterals database (UTL) • Incorporate relevant provisions from National Association of Sewer Service Companies’ contract template in future sewer inspection contracts (UTL) • Identify gaps in staff expertise and develop a training and certification plan for field staff who will monitor field inspections (UTL) Attachment A PAGE 8 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Accuracy of Water Meter Billing Issued: 08/16/17 Due – 12/10/19 06/11/19 06/21/18 Recommendations: 11 Open: 3 Implemented during quarter: 4 • Review and correct meter records for meters larger than 2 inches (UTL) • Explore options for addressing equity in meter size rates (UTL) • Develop a policy and procedures to report significant, systemic infrastructure changes to Council and update City of Palo Alto Utilities’ (CPAU) Rules and Regulations as needed (UTL) • Seek direction from Council before proceeding with installing additional electronic meters (UTL) • Determine if installed eMeters should be replaced and if billing adjustments are required (UTL) • Clarify purchasing policy and procedures for product standardization and sole source (ASD) • Retrain staff on purchasing policies and procedures and completion of required forms (ASD) Continuous Monitoring: Overtime Issued: 09/06/17 Due – 12/10/19 06/11/19 Recommendations: 2 Open: 2 Implemented during quarter: 0 • Explore potential of developing a continuous monitoring process for overtime (ASD) • Form a work group to design standardized overtime management processes in the new ERP environment (ASD) Information Technology and Data Governance Issued: 06/13/18 Due – 12/10/19 06/11/19 Recommendations: 4 Open: 2 Implemented during quarter: 2 • Assign roles and responsibilities for IT governance to ensure that governance coveralls all key aspects of the City’s information systems (IT) • Adopt an industry standard IT governance framework and create a plan to achieve a process capability model of “established” or higher (IT) • Assign roles and responsibilities for data governance to ensure that governance coveralls all key aspects of the City’s information systems (IT) • Adopt an industry standard data governance framework and create a plan to achieve a process capability model of “established” or higher (IT) Business Registry Issued: 08/28/18 Will be determined after Council acceptance Recommendations: 3 Open: 3 Implemented during quarter: 0 • Clarify existing and potential uses and priorities for business registry data and update questions in business registry survey as appropriate (CMO, DSD, PCE, Trans) • Identify external data that can improve accuracy of data collected and provide the data to the business registry consultant (DSD) • Update business registry administrative manual to reflect current process, including roles and responsibilities (DSD and Attorney) Attachment A PAGE 9 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations Code Enforcement Issued: 11/06/18 Due – 12/10/19 None Recommendations: 7 Open: 7 Implemented during quarter: 0 • Clarify the City’s code enforcement strategy and priorities with the City Council; develop an updated enforcement procedure that is aligned with the strategy (CMO) • Update Municipal Code sections governing code enforcement, including combining, clarifying, and streamlining the administrative procedures and clarifying roles and responsibilities (CMO) • Hold regular meetings with staff who have code enforcement responsibilities to share information and develop collective and consistent enforcement action plans (CMO) • Identify what complaint and case data to capture, track, and share internally and externally; determine which system(s) to use to track data for each code enforcement function, including standardizing code enforcement terminology; design reporting processes capable of aggregating data into a citywide view; develop citywide performance measures for code enforcement (CMO) • Reconfigure Accela Code Enforcement to enhance data collection and reporting, to pave the way for other functions that may adopt Accela (CMO) • Provide general, citywide information on code enforcement in a central location on the City’s website and assign responsibility for ensuring that the information is kept up to date (CMO) • Assign staff to be responsible for citywide administration of PaloAlto311 to provide ongoing maintenance and support, including redefining PaloAlto311 issue types and reconfiguring workflows, managing user access and making training materials available for new users, and updating and maintaining the PaloAlto311 data and dashboard on the City’s Open Data Portal (CMO) ERP Planning – Separation of Duties Issued: 10/17/18 Due – 12/10/19 None Recommendations: 2 Open: 2 Implemented during quarter: 0 • Transfer task of entering Accounts Payable’s invoices to ASD Administration; have Payroll redesign manual controls to mitigate high-risk areas of separation of duties conflicts; and share with Utilities relevant, adopted separation of duties practices to ensure consistency with ASD practices (ASD) • Revisit the design and definitions of profiles and roles according to the concept of least privilege, where possible (IT) Attachment A PAGE 10 Audit Title and Report Date Due Date and Prior Status Report Dates Total Recommendations/ Number Open Summary of Open Recommendations ERP Planning – Data Standardization Issued: 10/17/18 Due – 12/10/19 None Recommendations: 4 Open: 4 Implemented during quarter: 0 • Provide governance over data standardization, such as who is responsible and what is subject to data standardization (IT) • Review other systems and determine what is subject to data standardization, especially for data that feeds into the SAP system (IT) • Work with Departments to review the data within SAP and determine what will benefit most by standardizing data (IT) • Require Departments to implement data standardization requirements during data cleansing in the ERP transition (IT) Open Recommendations by Audit Issuance Date Fiscal Year Audit Title Number of Open Recommendations 2011 Citywide Cash Handling and Travel Expense 1 of 11 2014 Inventory Management 0 of 14 2016 Parking Funds 0 of 8 Cable Franchise and Public, Education, and Government (PEG) Fees 4 of 9 Disability Rates and Workers’ Compensation 4 of 15 2017 Community Services Department: Fee Schedule 1 of 3 Continuous Monitoring: Payments 3 of 7 Green Purchasing Practices 5 of 8 Utilities Department: Cross Bore Inspection Contract 0 of 4 2018 Accuracy of Water Meter Billing 3 of 11 Continuous Monitoring: Overtime 2 of 2 Information Technology and Data Governance 2 of 4 2019 Business Registry 3 of 3 Code Enforcement 7 of 7 ERP Planning – Separation of Duties 2 of 2 ERP Planning – Data Standardization 4 of 4 7 0 1 18 0 5 10 15 20 Q1 Q2 Q3 Q4 Number of Implemented Recommendations by Quarter 9 9 7 16 0 20 40 60 Number of Open Recommendations FY 19 FY 18 FY 17 Prior Fiscal Years Attachment A PAGE 11 Fraud, Waste, and Abuse Hotline Administration The hotline review committee, composed of the City Auditor, the City Attorney, and the City Manager, or their designees, meets as needed to review hotline-related activities. One complaint was received during the first quarter of FY 2019, which was closed during the second quarter due to lack of receipt of additional information from complainant. No complaints were received in the quarter of FY 2019, and all prior-year complaints have been closed. The chart below summarizes the status of complaints received in each fiscal year since the hotline was implemented. 7 3 2 13 9 0 10 2 4 6 8 10 12 14 FY 2013 FY 2014 FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 Status of Complaints Received by Fiscal Year Closed Complaints Open Complaints Attachment A