The URL can be used to link to this page

Home My WebLink AboutStaff Report 2310-21743 3 9 7 Policy & Services Committee Staff Report From: City Manager Report Type: ACTION ITEMS Lead Department: City Auditor Meeting Date: December 12, 2023 Report #:2310-2174 TITLE Approval of Office of City Auditor Risk Assessment and Audit Plan (CEQA Status - Not a Project) RECOMMENDATION The City Auditor recommends that the Policy and Services Committee recommend City Council approve the following reports: 1) Fiscal Year 2023/24 Risk Assessment Report 2) Fiscal Year 2023/24 Audit Plan Report 3) Task Orders identified in the Audit Plan Report o TASK ORDER FY24-4.21 Purchasing Card Program o TASK ORDER FY24-4.22 ADA Compliance Review o TASK ORDER FY24-5 Various Reporting & City Hotline (Modified) EXECUTIVE SUMMARY Baker Tilly interviewed City Council members and executive leadership across 14 departments within the City. In addition, selected directors and managers were asked to complete a survey that provided their view of top risk areas to their departments and the City as a whole. Baker Tilly analyzed the results of the survey and other data and information gathered. The risk assessment involved scoring and ranking the 97 auditable units to identify the audit areas with high to moderate risks. The FY2023/24 Audit Plan was prepared based on the results of the risk assessment, conversations with leadership, and other matters. BACKGROUND The Palo Alto Municipal Code (Section 2.08.1301) requires the City Auditor prepare and submit an annual audit plan to the City Council for review and approval. In its capacity serving as the 1 https://codelibrary.amlegal.com/codes/paloalto/latest/paloalto_ca/0-0-0-60361 3 3 9 7 City Auditor function, and in accordance with Baker Tilly’s agreement with the City2, Baker Tilly performed a citywide risk assessment (Task 2 of the agreement). The purpose of the assessment was to identify and prioritize risks in order to develop the annual audit plan (Task 1). During the risk assessment, Baker Tilly assessed a wide range of risk areas, including strategic, financial, technology, human capital, operational, reputational, economic, and compliance risk categories. ANALYSIS Baker Tilly will provide a presentation to the Committee to discuss the results of the risk assessment and ask that the Committee recommend approval of the attached risk assessment report by City Council. Baker Tilly will also present the proposed audit plan and ask that the Committee recommend approval of the attached FY2024 audit plan report by City Council. For Baker Tilly to execute the approved audit plan, the Task Orders will need to be signed by the Policy & Services Committee Chair upon approval of the audit plan by City Council. Furthermore, one of the OCA’s responsibilities is to follow up on management’s corrective actions. The follow-up activities require periodic inquiries with management on outstanding corrective actions and verifying implementation of the corrective actions as well as testing of the effectiveness of the implemented controls. As Task 5 of Baker Tilly’s agreement with the City includes the OCA’s annual report on the status of recommendations made in completed audits, the estimated costs for the follow-up activities on recommendations need to be allocated to the Task 5 budget. Therefore, modified TASK ORDER FY24-5 Various Reporting & City Hotline has been prepared to transfer the amount for the estimated costs for the follow-up activities (as shown as a line item in the Proposed Audit Plan for FY2024) from Task 4 to Task 5. FISCAL/RESOURCE IMPACT Timeline for risk assessment and audit plan is for FY2024. The proposed audits in the audit plan are within the contract amount for FY2024. STAKEHOLDER ENGAGEMENT The Office of the City Auditor worked with Executive Leaders from 14 departments across the City and engaged the City Council. ENVIRONMENTAL REVIEW Environmental review is not applicable to this activity. 2 https://www.cityofpaloalto.org/files/assets/public/v/1/agendas-minutes-reports/reports/city-manager-reports- cmrs/year-archive/2020-2/id-11624.pdf?t=64761.15 3 3 9 7 ATTACHMENTS Late Packet Attachment A: OCA – F2023 Risk Assessment Report Late Packet Attachment B: OCA – FY2024 Annual Audit Plan APPROVED BY: Adriane D. McCoy, City Auditor