The URL can be used to link to this page

Home My WebLink AboutStaff Report 14949 City of Palo Alto (ID # 14949) City Council Staff Report Meeting Date: 12/5/2022 Report Type: Consent Calendar City of Palo Alto Page 1 Title: Approval of the Office of the City Auditor's Fiscal Year (FY) 2023 Task Orders From: City Manager Lead Department: City Auditor Recommendation The City Auditor and the Policy & Services Committee recommend that the City Council take the following action: Approve the following Task Orders, identified in Baker Tilly’s agreement with the City and the Audit Plan Report: 1) FY23-Task 03 – External Financial Auditor 2) FY23-Task 05 – Various Reporting & City Hotline 3) FY23-Task 06 – Evaluation and Benchmarking 4) Task 04.08 – Public Safety Building Construction Audit (Correction) 5) Task 04.16 – Review of ALPR Technology Contract Management 6) Task 04.17 – Investment Management Review 7) Task 04.18 – Ad Hoc Request – Janitorial Contract Compliance Review Discussion In accordance with our agreement with the Cityi, Baker Tilly is required to conduct recurring activities each year. Those recurring activities including the following tasks outlined in our agreement: • Task 3: Assist with Selection of a Financial Auditor and Assist in Managing the Financial Audit • Task 4: Execute Council approved Annual Audit Plan (Attachment B) • Task 5: Various Tasks including periodic reporting, fraud/waste/abuse hotline, office administrative functions • Task 6: Evaluation and Benchmarking The Office of the City Auditor (OCA) is seeking approval from the Policy & Services Committee of the Tasks Orders that correspond to the Tasks outlined above and recommendation to forward these task orders to the City Council for approval. The City of Palo Alto Page 2 Task Orders provide the contractual authority to begin this work in the new Fiscal Year 2023. An excerpt from the contract outlining these tasks is below for ease of reference. Task 3. Selection of External Financial Auditor and Annual Audit Coordination: Coordinate the annual external financial audit in each year of the contract term. Pursuant to the City Charter, the City Auditor shall oversee the selection process for the annual external financial auditor. Task 4. Execute Annual Audit Plan: Conduct a minimum number of internal audits in accordance with each approved annual audit planii based on the risk assessments. Each internal audit will commence only upon the City’s approval of a Task Order (which may be at the task or sub-task level) as required by this Agreement. Each internal audit requires the preparation of a written report for review by the City Manager, City Attorney and appropriate Council committee, and review/approval by the City Council as required. Task 5. Preparation of Quarterly Reports, Annual Status Report, Provision of City Hotline, and Other Ongoing Office Administrative Functions: Prepare and issue quarterly reports describing the status and progress toward audit completion, to be provided as information reports to the City Council and reviewed by the appropriate committee, unless other reporting methods are directed by Council. Prepare and issue an annual report in the first quarter of each fiscal year on the status of recommendations made in completed audits, to be provided as an information report to the City Council and reviewed by the appropriate committee, unless other reporting methods are directed by Council. Maintain and respond to the City’s employee “hotline” function provided through voicemail, email or written submissions. Coordinate referrals as appropriate to other City offices, departments or divisions and incorporate relevant referrals into future risk assessments, audit plans or audit activity as appropriate. This task provides for authorization of travel during the full 2023 fiscal year assuming one trip per month (total of 12 trips). Although the contract stipulated an on site presence every two weeks by the Office of the City Auditor, leveraging remote work efficiencies and ensuring economical use of contract authority and funds, this task order revises that frequency. BakerTilly will use discretion to ensure travel is used to minimize travel expenses and maximize effectiveness of time on site, ultimately ensuring alignment with audit work schedules and Council and Committee activities. Task 6: Undergo a peer evaluation following the guidelines of the Association of Local Government Auditors every two years (i.e., at the end of the initial contract term, then City of Palo Alto Page 3 every other year thereafter throughout the contract term), or as required by the City Council, so that performance of the internal audit function can be objectively assessed. Prepare a cost per audit analysis following the first completed fiscal year, to be submitted at the beginning of the second fiscal year and every year thereafter throughout the contract term, that includes benchmark agencies determined by the CITY, and obtain independent third-party certification of data accuracy. The cost per audit analysis will be used to evaluate the cost effectiveness of services provided by the CONSULTANT. This evaluation will be incorporated into ongoing performance assessments as required and will help ensure that fees for service provision throughout the duration of the Agreement are objectively determined and mutually agreed upon. This evaluation and report from the peer evaluator will be presented to the Policy and Services Committee and City Council in alignment with typical audit reporting activities. Task 4 Details. The details of the four task orders (1 revisions and 3 new) are as follows: 04.08 Public Safety Building Construction Audit (Correction) The original task order to review monthly invoices from the Construction Manager, Architect and Waterproofing Inspector was prepared and approved in FY21. It has two different project end dates in error: the end date of 6/30/22 on the first page and the end date of 6/30/23 on page 3. The approved audit plan shows the project end date of June 2023 and the budget split between FY22 and FY23. A monthly review is expected to continue throughout FY23. The remaining budget is approximately $12,000, OCA corrected the end date on page 1 to 6/30/23. 04.16 Review of ALPR Technology Contract Management The preliminary audit objectives include: • Determine whether adequate policies and procedures are implemented effectively to protect the privacy of personal information gathered using ALPR technology for the City’s parking management. • Determine whether the City monitors the vendor’s performance to ensure the compliance with contract terms and applicable laws and regulations related to data privacy. 04.17 Investment Management Review The preliminary audit objectives include: • Determine whether adequate controls are in place and working effectively to ensure that investments are properly managed in accordance with the City of Palo Alto Page 4 investment policy. • Assess the efficiency and the effectiveness of the investment portfolio management against the best practice. 04.18 Ad Hoc Request – Janitorial Contract Compliance Review Ad Hoc Requests are included in the FY2022-2023 Audit Plan in anticipation of requests for review based on business needs. These requests can be generated from many sources, including management, Council, or through existing activities such as the hotline or other audit work. In October 2022, the City management identified and requested OCA to assist in a review of janitorial service contract compliance and provided letters received from politicians, an industry watchdog group, and a labor union requesting a review of the service provider’s employment practices regarding the City’s contract. The primary audit objectives include: • Determine whether the City requires its janitorial service providers to meet the responsible employment standards and monitors the providers' compliance with contract terms to ensure that the City receives effective and reliable janitorial services. • Determine whether the City's janitorial service providers comply with the contract terms in order to provide professional janitorial services to the City. The City Auditor understands this is a topic of interest of some City Council Members and management and has alerted the Policy and Services Chair regarding this request for consideration. Resource Impact Work recommended in these tasks is within both the approved scope and compensation of the contract with Baker Tilly and funding levels in the FY 2023 Operating Budget for the Office of the City Auditor. Environmental Review This action is exempt from CEQA and requires no further environmental review. Attachments: • OCA - FY23 Task Orders • FY2022-FY2023 Audit Workplan, Council approved 04.04.2022 i City agreement with Baker Tilly https://www.cityofpaloalto.org/files/assets/public/agendas-minutes- reports/reports/city-manager-reports-cmrs/year-archive/2020-2/id-11624.pdf?t=64761.15 ii Approved annual Audit Plan https://www.cityofpaloalto.org/files/assets/public/agendas-minutes- reports/agendas-minutes/city-council-agendas- minutes/2022/20220404/20220404pccsmamendedlinked1.pdf PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-03 External Financial Auditor Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-003 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: July 1, 2022 COMPLETION: June 30, 2023 4 TOTAL TASK ORDER PRICE: $15,000 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to the Office of the City Auditor’s role on the financial audit involves one (1) primary step in FY23: • Step 1: Assistance in Managing the Financial Audit Step 1 – Role in Managing the Financial Audit In FY23, the project team will assist in managing the financial audit and presenting financial audit results to the Finance Committee and to the City Council, in accordance with municipal code. Deliverables: Legislative documents will be prepared to present the financial statements and reports prepared by an external auditor to the Finance Committee Schedule of Performance Anticipated Start Date: July 1, 2022 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $15,000. The not-to-exceed budget is based on an estimate of 40 total project hours, of which 40 are estimated to be completed by the City Auditor. Reimbursable Expenses Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $5,700. The following summarizes anticipated reimbursable expenses: • Round-trip Airfare – $1350 (2 round trip flights) • Ground Transportation (car rental or Uber/taxi) - $1350 • Hotel accommodation - $2,000 (8 nights) • Food and incidentals – $1,000 PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-05 Various Reporting & City Hotline Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-005 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: July 1, 2022 COMPLETION: June 30, 2023 4 TOTAL TASK ORDER PRICE: $60,000 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly will provide the following services in Task 5: • Quarterly Reports • Annual Status Report • Provision of the City Hotline • Office Administrative Functions Deliverables: Legislative documents will be prepared to present the financial statements and reports prepared by an external auditor to the Finance Committee • Quarterly Reports (4 in FY23) • Annual Status Report Schedule of Performance Anticipated Start Date: July 1, 2022 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $60,000. The not-to-exceed budget is based on an estimate of 185 total project hours, of which 135 are estimated to be completed by the City Auditor. Reimbursable Expenses Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $28,400. The following summarizes anticipated reimbursable expenses: • Round-trip Airfare – $6,700 (10 round trip flights) • Ground Transportation (car rental or Uber/taxi) - $6,700 • Hotel accommodation - $10,000 (40 nights) • Food and incidentals – $5,000 PROFESSIONAL SERVICES TASK ORDER TASK ORDER FY23-06 Evaluation and Benchmarking Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-006 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: June 1, 2022 COMPLETION: June 30, 2023 4 TOTAL TASK ORDER PRICE: $21,000 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to undergoing a peer review involves three (3) primary steps: • Step 1: Preparation for a peer review • Step 2: A peer review by an independent evaluator • Step 3: Cost per audit analysis Step 1 – Preparation for a peer review The Office of the City Auditor (OCA) will conduct a self-assessment before a peer review. Step 2 – A peer review by a qualified organization OCA will undergo a peer review conducted by an independent evaluator. In order to accomplish this task, OCA will: • Request a peer review from the Association of Local Government Auditors (ALGA) • Provide documents and answer questions as requested by ALGA • Obtain a peer review report from ALGA Step 3 – Cost per audit analysis OCA will prepare a cost per audit analysis. Deliverables: Legislative documents will be prepared to present a peer review report from an independent evaluator. Schedule of Performance Anticipated Start Date: June 1, 2022 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $21,000. The not-to-exceed budget is based on an estimate of 85 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses Baker Tilly anticipates no travel costs. All procedures including interviews and documentation reviews are expected to be completed remotely. PROFESSIONAL SERVICES TASK ORDER TASK ORDER 04.08 Public Safety Building-Construction Audit (CORRECTED) Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY21-001 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: March 1, 2021 COMPLETION: June 30, 2022 (est.) June 30, 2023 4 TOTAL TASK ORDER PRICE: $82,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Lydia Kou, Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting the Public Safety Building construction audit involves three (3) primary steps: • Step 1: Project Planning & Management • Step 2: Monthly Monitoring • Step 3: Reporting Step 1 – Project Planning & Management This step includes those tasks necessary to solidify mutual understanding of the construction audit scope, objectives, deliverables, and timing as well as ensuring that appropriate client and consultant resources are available and well-coordinated. Tasks include: • Conduct a formal kick off meetings with the City, the Construction Manager, Architect and Waterproofing Inspector. • Formalize the communication plan, reporting formats, status update schedule and deliverable milestone schedule • Distribute initial document request and check list • Review the contract documents related to each provider to identify key terms and develop a specific testing program for each contract Step 2 – Monthly monitoring During this step we will review monthly invoices from the Construction Manager, Architect and Waterproofing Inspector. We will focus on the following areas: • Monthly invoice review • Change order testing • Contingency and allowance testing • Lien waiver control • Compliance with insurance requirements • Closeout testing • Verify the City’s implementation and adherence to documented project controls Step 3 – Reporting We will prepare a monthly status update reflecting the testing performed during the current period and planned testing for the subsequent period(s). The monthly status update will also reflect any current audit issues, the status of any previously identified issues and any open requests for documentation. At the completion of the project, we will provide a final report detailing all procedures performed along with any observations and the applicable resolutions or recommendations. Deliverables: The following deliverable will be prepared as part of this engagement: • Written monthly status updates as described in Step 3 • Final report as described in Step 3 Schedule of Performance Anticipated Start Date: March 1, 2021 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum for this Task is $82,500. The not-to-exceed budget is based on an estimate of 4200 420 total project hours to be completed by Baker Tilly. Reimbursable Expenses We plan to complete the majority of the work remote including all required meetings and documentation review. If conditions allow, Baker Tilly will perform site visits once per year around key project milestones. Our travel expenses will be billed separately at actual cost. We will submit an estimate of our reimbursable expenses for the City’s approval prior to traveling to Palo Alto. PROFESSIONAL SERVICES TASK ORDER TASK ORDER 04.16 Review of ALPR Technology Contract Management Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-4.16 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: January 1, 2023 COMPLETION: June 30, 2023 4 TOTAL TASK ORDER PRICE: $82,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting an internal audit of Contract Management for ALPR Technology involves three (3) primary steps: • Step 1: Audit Planning • Step 2: Control Review and Testing • Step 3: Reporting Step 1 – Audit Planning This step consists of the tasks performed to adequately plan the work necessary to address the overall audit objective and to solidify mutual understanding of the audit scope, objectives, audit process, and timing between stakeholders and auditors. Tasks include: • Gather information to understand the environment under review o Understand the organizational structure and objectives o Review the City code, regulations, and other standards and expectations o Review prior audit results, as applicable o Review additional documentation and conduct interviews as necessary • Assess the audit risk • Write an audit planning memo and audit program o Refine audit objectives and scope o Identify the audit procedures to be performed and the evidence to be obtained and examined • Announce the initiation of the audit and conduct kick-off meeting with key stakeholders o Discuss audit objectives, scope, audit process, timing, resources, and expectations o Discuss documentation and interview requests for the audit Step 2 – Control Review and Testing This step involves executing the procedures in the audit program to gather information, interview individuals, and analyze the data and information to obtain sufficient evidence to address the audit objectives. The preliminary audit objective is to: (1) Determine whether adequate policies and procedures are implemented effectively to protect the privacy of personal information gathered using ALPR technology for the City’s parking management. (2) Determine whether the City monitors the vendor’s performance to ensure the compliance with contract terms and applicable laws and regulations related to data privacy. Procedures include, but not limited to: • Interview the appropriate individuals to understand the process, the information system used, and the internal controls related to data privacy. • Compare data privacy related policies and procedures as well as the regulations and standards to determine whether personally identifiable information (PII) has confidentiality, integrity, and availability as needed. • Review IT vendor performance monitoring practices to determine whether controls are implemented to ensure compliance with contract terms and data privacy standards. • Perform test procedures including observations of controls (such as governance, management and technical IT controls) and review of a sample of parking patrons (PII during the audit period). • Compare the process and controls against the best practices. Step 3 – Reporting In Step 3, the project team will perform tasks necessary to finalize audit working papers, prepare and review a draft report with the stakeholders, and submit a final audit report. Tasks include: • Develop findings, conclusions, and recommendations based on the supporting evidence gathered • Validate findings with the appropriate individuals and discuss the root cause of the identified findings • Complete supervisory review of working papers and a draft audit report • Distribute a draft audit report and conduct a closing meeting with key stakeholders o Discuss the audit results, finings, conclusions, and recommendations o Discuss management responses • Obtain written management responses and finalize a report • Review report with members of City Council and/or the appropriate Council Committee Deliverables: The following deliverable will be prepared as part of this engagement: • Audit Report Schedule of Performance Anticipated Start Date: January 1, 2023 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $82,500. The not-to-exceed budget is based on an estimate of 400 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $8,500. The following summarizes anticipated reimbursable expenses (for three team members): • Round-trip Airfare – $2,000 (3 round trip flights) • Ground Transportation (car rental or Uber/taxi) - $2,000 • Hotel accommodation - $3,000 (12 nights) • Food and incidentals – $1,500 Note that, as the restrictions associated with COVID-19 change, the project team will work with the City to consider circumstances at the time. PROFESSIONAL SERVICES TASK ORDER TASK ORDER 04.17 Investment Management Review Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-4.17 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: December 1, 2022 COMPLETION: June 30, 2023 4 TOTAL TASK ORDER PRICE: $61,550 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT $TBD 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting a Review of Investment Management involves three (3) primary steps: • Step 1: Audit Planning • Step 2: Control Review and Testing • Step 3: Reporting Step 1 – Audit Planning This step consists of the tasks performed to adequately plan the work necessary to address the overall audit objective and to solidify mutual understanding of the audit scope, objectives, audit process, and timing between stakeholders and auditors. Tasks include: • Gather information to understand the environment under review o Understand the organizational structure and objectives o Review the City code, regulations, and other standards and expectations o Review prior audit results, as applicable o Review additional documentation and conduct interviews as necessary • Assess the audit risk • Write an audit planning memo and audit program o Refine audit objectives and scope o Identify the audit procedures to be performed and the evidence to be obtained and examined • Announce the initiation of the audit and conduct kick-off meeting with key stakeholders o Discuss audit objectives, scope, audit process, timing, resources, and expectations o Discuss documentation and interview requests for the audit Step 2 – Control Review and Testing This step involves executing the procedures in the audit program to gather information, interview individuals, and analyze the data and information to obtain sufficient evidence to address the audit objectives. The preliminary audit objective is to: (1) Determine whether adequate controls are in place and working effectively to ensure that investments are properly managed in accordance with the investment policy; (2) Assess the efficiency and the effectiveness of the investment portfolio management against the best practice. Procedures include, but not limited to: • Interview the appropriate individuals to understand the process, the information system used, and the internal controls related to investment management • Review policies and procedures as well as the regulations and standards to identify the criteria to be used for evaluation of control design and effectiveness • Perform test procedures including observation of controls (such as application controls) and review of selected documents (such as supporting documents for the recorded transactions) • Compare the process and controls against the best practices Step 3 – Reporting In Step 3, the project team will perform tasks necessary to finalize audit working papers, prepare and review a draft report with the stakeholders, and submit a final audit report. Tasks include: • Develop findings, conclusions, and recommendations based on the supporting evidence gathered • Validate findings with the appropriate individuals and discuss the root cause of the identified findings • Complete supervisory review of working papers and a draft audit report • Distribute a draft audit report and conduct a closing meeting with key stakeholders o Discuss the audit results, finings, conclusions, and recommendations o Discuss management responses • Obtain written management responses and finalize a report • Review report with members of City Council and/or the appropriate Council Committee Deliverables: The following deliverable will be prepared as part of this engagement: • Audit Report Schedule of Performance Anticipated Start Date: December 1, 2022 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $61,550. The not-to-exceed budget is based on an estimate of 350 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $8,500. The following summarizes anticipated reimbursable expenses (for three team members): • Round-trip Airfare – $2,000 (3 round trip flights) • Ground Transportation (car rental or Uber/taxi) - $2,000 • Hotel accommodation - $3,000 (12 nights) • Food and incidentals – $1,500 Note that, as the restrictions associated with COVID-19 change, the project team will work with the City to consider circumstances at the time. PROFESSIONAL SERVICES TASK ORDER TASK ORDER 04.18 Management Request – Janitorial Contract Compliance Review Consultant shall perform the Services detailed below in accordance with all the terms and conditions of the Agreement referenced in Item 1A below. All exhibits referenced in Item 8 below are incorporated into this Task Order by this reference. The Consultant shall furnish the necessary facilities, professional, technical and supporting personnel required by this Task Order as described below. CONTRACT NO. C21179340 OR PURCHASE ORDER REQUISITION NO. (AS APPLICABLE) 1A. MASTER AGREEMENT NO. (MAY BE SAME AS CONTRACT / P.O. NO. ABOVE): C21179340 1B. TASK O RDER NO.: FY23-4.18 2. CONSULTANT NAME: Baker Tilly US, LLP 3. PERIOD OF PERFORMANCE: START: December 1, 2022 COMPLETION: June 30, 2023 4 TOTAL TASK ORDER PRICE: $73,500 BALANCE REMAINING IN MASTER AGREEMENT/CONTRACT $1,235,000 5. BUDGET CODE_______________ COST CENTER________________ COST ELEMENT______________ WBS/CIP__________ PHASE__________ 6. CITY PROJECT MANAGER’S NAME & DEPARTMENT: Greer Stone, Chair of the City Council’s Policy and Services Committee 7. DESCRIPTION OF SCOPE OF SERVICES (Attachment A) MUST INCLUDE:  SERVICES AND DELIVERABLES TO BE PROVIDED  SCHEDULE OF PERFORMANCE  MAXIMUM COMPENSATION AMOUNT AND RATE SCHEDULE (as applicable)  REIMBURSABLE EXPENSES, if any (with “not to exceed” amount) 8. ATTACHMENTS: A: Task Order Scope of Services B (if any): N/A I hereby authorize the performance of the work described in this Task Order. APPROVED: CITY OF PALO ALTO BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ I hereby acknowledge receipt and acceptance of this Task Order and warrant that I have authority to sign on behalf of Consultant. APPROVED: COMPANY NAME: ______________________ BY:____________________________________ Name __________________________________ Title___________________________________ Date ___________________________________ Attachment A DESCRIPTION OF SCOPE OF SERVICES Introduction Attachment A, the Description of Scope of Services, contains the following four (4) elements: • Services and Deliverables To Be Provided • Schedule of Performance • Maximum Compensation Amount and Rate Schedule (As Applicable) • Reimbursable Expenses, if any (With “Not To Exceed” Amount) Services & Deliverables Baker Tilly’s approach to conducting an internal audit of Contract Management for ALPR Technology involves three (3) primary steps: • Step 1: Audit Planning • Step 2: Control Review and Testing • Step 3: Reporting Step 1 – Audit Planning This step consists of the tasks performed to adequately plan the work necessary to address the overall audit objective and to solidify mutual understanding of the audit scope, objectives, audit process, and timing between stakeholders and auditors. Tasks include: • Gather information to understand the environment under review o Understand the organizational structure and objectives o Review the City code, regulations, and other standards and expectations o Review prior audit results, as applicable o Review additional documentation and conduct interviews as necessary • Assess the audit risk • Write an audit planning memo and audit program o Refine audit objectives and scope o Identify the audit procedures to be performed and the evidence to be obtained and examined • Announce the initiation of the audit and conduct kick-off meeting with key stakeholders o Discuss audit objectives, scope, audit process, timing, resources, and expectations o Discuss documentation and interview requests for the audit Step 2 – Control Review and Testing This step involves executing the procedures in the audit program to gather information, interview individuals, and analyze the data and information to obtain sufficient evidence to address the audit objectives. The preliminary audit objective is to: (1) Determine whether the City requires its janitorial service providers to meet the responsible employment standards and monitors the providers' compliance with contract terms to ensure that the City receives effective and reliable janitorial services. (2) Determine whether the City's janitorial service providers comply with the contract terms in order to provide professional janitorial services to the City. Procedures include, but not limited to: • Review the contract(s) and understand the contract terms and requirements set by the City. • Review the City’s performance monitoring practices for janitorial service contracts to determine whether controls are implemented to ensure service providers’ compliance with contract terms. • Perform test procedures including observations of monitoring controls to determine the control effectiveness. • Review the documents evidencing the service providers’ compliance with the contract terms, including the wage data, etc. • If possible, visit some of the buildings cleaned by the service providers to observe the conditions and inquire with the service providers’ employees. Alternatively, interview them remotely or send a survey as necessary to gather necessary information. • Compare the process and controls against the best practices. Step 3 – Reporting In Step 3, the project team will perform tasks necessary to finalize audit working papers, prepare and review a draft report with the stakeholders, and submit a final audit report. Tasks include: • Develop findings, conclusions, and recommendations based on the supporting evidence gathered • Validate findings with the appropriate individuals and discuss the root cause of the identified findings • Complete supervisory review of working papers and a draft audit report • Distribute a draft audit report and conduct a closing meeting with key stakeholders o Discuss the audit results, finings, conclusions, and recommendations o Discuss management responses • Obtain written management responses and finalize a report • Review report with members of City Council and/or the appropriate Council Committee Deliverables: The following deliverable will be prepared as part of this engagement: • Audit Report Schedule of Performance Anticipated Start Date: December 1, 2022 Anticipated End Date: June 30, 2023 Maximum Compensation Amount and Rate Schedule The not-to-exceed maximum, inclusive of reimbursable expenses (as summarized below) for this Task is $73,500. The not-to-exceed budget is based on an estimate of 350 total project hours, of which 20 are estimated to be completed by the City Auditor. Reimbursable Expenses If circumstances allow, Baker Tilly anticipates planning one on-site fieldwork week. Given this possibility, Baker Tilly could incur reimbursable expenses for this Task. The not-to-exceed maximum for reimbursable expenses for this Task is $5,700. The following summarizes anticipated reimbursable expenses (for two team members): • Round-trip Airfare – $1,350 (2 round-trip flights) • Ground Transportation (car rental or Uber/taxi) - $1,350 • Hotel accommodation - $2,000 (8 nights) • Food and incidentals – $1,000 Note that, as the restrictions associated with COVID-19 change, the project team will work with the City to consider circumstances at the time. FY2022/2023 Audit Plan 5 Proposed Audit Activities for FY2022-2023 Included in the tables below are the proposed audit activities for the remainder of FY2022 and FY2023. Each audit activity corresponds to a risk rated as High or Moderate in the Risk Assessment Report and selected based on other factors outlined on page 3. The preliminary audit objectives are described for each audit listed. These objectives and scope of each audit activity will be further defined based on the result of a project planning risk assessment processes performed at the beginning of each activity. Audits are planned in three overall phases – note that the timing may differ slightly for each audit activity: –Phase I – Activities projected to start before March 2022 and end by June 2022 –Phase II – Activities projected to start in March 2022 and end by December 2022 –Phase III – Activities projected to start in June 2022 or January 2023 and end by June 2023 Amendments to the proposed audit plan will be proposed either as needed or after conducting an annual risk assessment and update the audit plan, as needed, during FY23. Amendments may be proposed in response to changes in the City’s environment such as organizational structure, operations, risks, systems, and controls. Please note that the City Auditor will actively manage projects and overall budgets and workload in its execution of the workplan. For each audit activity, a task order is submitted to the City Council for approval before the work is commenced. We have prepared and attached to this report multiple task orders that correspond to audit activities we have prioritized (e.g., those in Phase I). Those audit activities for are marked with an “X” in the ‘Seeking Approval’ column of the table below, and the Task Orders are included in the Appendix. 7.b Packet Pg. 99 ATTACHMENT B: Excerpt OCA FY 2023 Audit Workplan FY2022/2023 Audit Plan 6 Phase I Activities Seeking Approval Function Project Title Audit Objectives Timeline Estimated Hours FY22 Cost FY23 Cost (*) Total Cost FY21+22+23 _ Administrative Services Economic Recovery Advisory (Task Order 4.7) ● Review the City’s long-term financial planning model and offer recommendations for improvement. ● Identify and evaluate key revenue sources categories that present long term risk to the City's financial sustainability. ● Perform scenario analysis and advise in the development of long term financial projections. March - December 2021 400 $64,663 $64,663 Public Works Public Safety Building -Construction Audit (Task Order 4.8) ● Monthly invoice review ● Change order testing ● Contingency and allowance testing ● Lien waiver control ● Compliance with insurance requirements ● Closeout testing ● Verify the City’s implementation and adherence to documented project controls March 2021 -June 2023 420 $26,633 $26,633 $51,266 Planning and Development Services Building Permit & Inspection Process Review (Task Order 4.9) ● Identify highest impact area to focus the assessment (e.g., specific permit type(s), specific sub-processes, etc.). ● Document corresponding process(es) and evaluate for efficiency and effectiveness. ● Benchmark operational performance against industry practices and established standards. April – September 2021 360 $48,300 $48,300 Citywide Nonprofit Agreements Risk Management Review (Task Order 4.10) ● Evaluate controls in place to ensure that nonprofit organizations are properly vetted prior to selection and monitored through the life of an agreement. ● Assess the performance monitoring process against the best practice. ● Follow up on relevant audit findings from past audit work. May – September 2021 400 $55,246 $55,246 Utilities Utility Work Order & Process Review (Task Order 4.11) ● Determine whether adequate controls are in place and working effectively around the work order process ● Assess the work order process against best practices January - December 2022 400 $81,400 $81,400 Administrative Services / Information Technology Wire Payment Process and Controls (Task Order 4.12) ● Determine whether adequate controls are in place and working effectively to ensure that all disbursements are valid and properly processed in compliance with City’s policies and procedures ● Determine whether end user security awareness training is sufficient to prevent erroneous payments caused by phishing February - June 2022 270 $54,550 $54,550 Phase I Sub Total 2,250 $329,792 $26,633 $355,425 *For the purpose of audit plan preparation, OCA used the FY22 budget amount for FY23 7.b Packet Pg. 100 FY2022/2023 Audit Plan 7 Phase II Activities Seeking Approval Function Project Title Audit Objectives (preliminary objectives for audits not currently subject to approval) Timeline Estimated Hours FY22 Cost FY23 Cost (*) Total Cost X Human Resources Remote and Flexible Work Study ● Assess employee and management perspectives for long-term remote and flexible work viability and associated challenges ● Evaluate positive outcomes and challenges for managing a mixed location workforce ● Identify policies, processes, management practices and work culture improvements that may improve the City’s ability to manage a remote workforce March - December 2022 285 $50,000 $10,000 $60,000 X Information Technology Cybersecurity Assessment ● Map current state security capabilities to the NIST Cybersecurity Framework and evaluate the maturity of current security processes ● Identify current risks related to weaknesses in the City’s cybersecurity program ● Identify target state objectives utilizing the Capability Maturity Model (CMMI) and develop recommendation to meet the objectives March - December 2022 525 $90,000 $20,000 $110,000 X Public Works Wastewater Treatment Plant Agreement Audit ● Evaluate whether direct and indirect costs incurred by the City are properly allocated to the operation of the Wastewater Treatment Plant. ● Review whether costs are properly allocated to the various parties to the Wastewater Treatment Plant Agreement. March 2022 - December 2022 400 $60,000 $2,250 $62,250 Phase II Sub Total 1,210 $194,000 $38,250 $232,250 * For the purpose of audit plan preparation, OCA used the FY22 budget amount for FY23 7.b Packet Pg. 101 FY2022/2023 Audit Plan 8 Phase III Activities Seeking Approval Function Project Title Preliminary Audit Objectives Timeline Estimated Hours FY22 Cost FY23 Cost (*) Total Cost Transportation Contract Management - ALPR Technology ● Determine whether policies and procedures are implemented effectively to protect the privacy of personal information gathered using ALPR technology for the City's parking management. ● Determine whether the City monitors the vendor's performance to ensure the compliance with contract terms and applicable laws and regulations related to data privacy. June 2022 - January 2023 400 $82,500 $82,500 Administrative Services Investment Management ● Determine whether adequate controls are in place and operating effectively to ensure that investments are managed in accordance with the investment management and other relevant policies. ● Assess the organizational structure and operations of the investment portfolio management function against best practice. June 2022 - January 2023 350 $61,550 $61,550 Information Technology Disaster Recovery Preparedness ● Determine whether a formal disaster recovery plan exists and aligns with the City's needs for business continuity ● Determine whether a disaster recovery plan is periodically tested and updated to ensure a successful recovery January - June 2023 400 $87,500 $87,500 Administrative Services Procurement Process ● Determine whether adequate controls are in place and working effectively to ensure that the appropriate vendors are selected properly to achieve desired objectives ● Identify the opportunities to improve the efficiency and effectiveness of the procurement process January - June 2023 350 $61,550 $61,550 Planning and Development Services Long Range Planning ● Review progress against intended goals and identify any gaps ● Determine whether an effective control environment exists for the Long Range Planning group to maintain City's Comprehensive Plan ● Determine whether adequate controls are in place and working effectively for data analyses January - June 2023 400 $82,500 $82,500 Public Works ADA Compliance ● Determine whether improvements have been made to make facilities, programs, and services accessible in accordance with the Transition Plan and Self-Evaluation Final Study to ensure compliance with the Americans with Disabilities Act (ADA) OF 1990 January - June 2023 350 $61,550 $61,550 TBD TBD / Ad Hoc Requests TBD TBD TBD Phase III Sub Total 2,300 $0 $458,100 $458,100 Phase I + II + III TOTAL 5,760 $523,792 $521,983 $1,045,775 FY22 - FY23 Budget $600,000 $560,000 $1,160,000 FY23 Ad Hoc / Contingency $76,208 $38,017 $114,225 * For the purpose of audit plan preparation, OCA used the FY22 budget amount for FY23 7.b Packet Pg. 102