The URL can be used to link to this page

Home My WebLink AboutStaff Report 2305-14632 1 8 5 Policy & Services Committee Staff Report From: City Auditor Report Type: ACTION ITEMS Lead Department: City Auditor Meeting Date: June 13, 2023 Report #:2305-1463 TITLE Approval of Office of City Auditor Task Order Change - 04.16 ALPR Technology Contract Management RECOMMENDATION The City Auditor recommends that the Policy & Services Committee recommend that the City Council approve the change to the Task Order 04.16 ALPR (Automated License Plate Reader) Technology Contract Management. DISCUSSION This task order with the period of performance from January 1, 2023, to June 30, 2023, was fully executed on January 20, 2023, and the audit was commenced in late January 2023. This audit requires information gathering from multiple departments (Transportation, Human Resources, and IT) and a contractor, Duncan Solutions. Although some departments responded to OCA’s requests and questions in a timely manner, OCA has not been able to make progress on the audit because OCA has not received the requested documentation and has been unable to conduct walkthroughs after multiple follow-ups. OCA requests the period of performance to be extended to October 31, 2023. The total not-to-exceed budget remains the same. FISCAL/RESOURCE IMPACT Work recommended in these tasks is within both the approved scope and compensation of the contract with Baker Tilly and funding levels in the FY 2023 Operating Budget for the Office of the City Auditor. STAKEHOLDER ENGAGEMENT No stakeholder outreach was necessary for this report, as it is an internal decision made by the OCA the reallocate resources for audit functions. 2 1 8 5 ENVIRONMENTAL REVIEW Council action on this item is not a project as defined by CEQA because the audit activities do not involve any commitment to any specific project which may result in a potentially significant physical impact on the environment. CEQA Guidelines section 15378(b)(4). ATTACHMENTS Attachment A: TASK ORDER FY23-04.16 Review of ALPR Technology Contract Management (Extension) APPROVED BY: Adriane D. McCoy, City Auditor PROFESSIONAL SERVICES TASK ORDER TASK ORDER 04.16 Review of ALPR Technology Contract Management Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-4.16 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: January 1, 2023 COMPLETION: June 30October 31, 2023 4 TOTAL TASK ORDER PRICE: $82,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greg Tanaka, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements:  Services and Deliverables To Be Provided  Schedule of Performance  Maximum Compensation Amount and Rate Schedule (As Applicable)  Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting an internal audit of Contract Management for ALPR Technology involves three (3) primary steps:  Step 1: Audit Planning  Step 2: Control Review and Testing  Step 3: Reporting Step 1 – Audit Planning This step consists of the tasks performed to adequately plan the work necessary to address the overall audit objective and to solidify mutual understanding of the audit scope, objectives, audit process, and timing between stakeholders and auditors. Tasks include:  Gather information to understand the environment under review o Understand the organizational structure and objectives o Review the City code, regulations, and other standards and expectations o Review prior audit results, as applicable o Review additional documentation and conduct interviews as necessary  Assess the audit risk  Write an audit planning memo and audit program o Refine audit objectives and scope o Identify the audit procedures to be performed and the evidence to be obtained and examined  Announce the initiation of the audit and conduct kick-off meeting with key stakeholders o Discuss audit objectives, scope, audit process, timing, resources, and expectations o Discuss documentation and interview requests for the audit Step 2 – Control Review and Testing This step involves executing the procedures in the audit program to gather information, interview individuals, and analyze the data and information to obtain sufficient evidence to address the audit objectives. The preliminary audit objective is to: (1) Determine whether adequate policies and procedures are implemented effectively to protect the privacy of personal information gathered using ALPR technology for the City’s parking management. (2) Determine whether the City monitors the vendor’s performance to ensure the compliance with contract terms and applicable laws and regulations related to data privacy. Procedures include, but not limited to:  Interview the appropriate individuals to understand the process, the information system used, and the internal controls related to data privacy.  Compare data privacy related policies and procedures as well as the regulations and standards to determine whether personally identifiable information (PII) has confidentiality, integrity, and availability as needed.  Review IT vendor performance monitoring practices to determine whether controls are implemented to ensure compliance with contract terms and data privacy standards.  Perform test procedures including observations of controls (such as governance, management and technical IT controls) and review of a sample of parking patrons (PII during the audit period).  Compare the process and controls against the best practices. Step 3 – Reporting In Step 3, the project team will perform tasks necessary to finalize audit working papers, prepare and review a draft report with the stakeholders, and submit a final audit report. Tasks include:  Develop findings, conclusions, and recommendations based on the supporting evidence gathered  Validate findings with the appropriate individuals and discuss the root cause of the identified findings  Complete supervisory review of working papers and a draft audit report  Distribute a draft audit report and conduct a closing meeting with key stakeholders o Discuss the audit results, finings, conclusions, and recommendations o Discuss management responses  Obtain written management responses and finalize a report  Review report with members of City Council and/or the appropriate Council Committee Deliverables: The following deliverable will be prepared as part of this engagement:  Audit Report Schedule of Performance Anticipated Start Date: January 1, 2023 Anticipated End Date: June 30October 31, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $82,500. The not-to-exceed budget is based on an estimate of 400 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $8,500. The following summarizes anticipated reimbursable expenses (for three team members):  Round-trip Airfare – $2,000 (3 round trip flights)  Ground Transportation (car rental or Uber/taxi) - $2,000  Hotel accommodation - $3,000 (12 nights)  Food and incidentals – $1,500 Note that, as the restrictions associated with COVID-19 change, the project team will work with the City to consider circumstances at the time.