1 Adding Value to an Organization by Performing Front End Audits Edwin Young, Office of the City...

1

Adding Value to an Organization by Performing

Front End Audits

Edwin Young, Office of the City AuditorCity and County of Honolulu

October 16, 2012

2

Traditional Auditing Performed after a program,

project, or system is established Traditional audits Rely on historical data Audit existing operations Recommendations Require changes to existing

program May require reworking the program

3

What is front end auditing?

Audits programs, projects, or systems before they exist

Historical data may not exist Requires creative and innovative

auditing GAO: forward auditing involves

prospective analysis based on assumptions and events that may occur

4

Benefits to Management

Front end audits add value to management efforts by

Providing an external perspective before the program is established/

or while it is in development Identifies issues and deficiencies

not identified by management

5


Can re-affirm management decisions and actions

Can provide management some assurance on the work underway

Focuses management on controls and other improvements needed before the program is implemented

6


Improves the program, project, or system before it is operational

Improvements are less expensive to make before it is operational

Improvements require less retrofitting before it is operational

7

Audit Cautions Audit independence and objectivity

must be preserved Front end auditor has conflict of interest cannot audit the program, project, or

system after it is operational Potential conflicts of interest must

be disclosed May not be able to claim audit was

performed in accordance with generally accepted auditing standards (GAGAS or IIA Standards)

8

4 Case Studies

Implementation of SAP Enterprise Resource Planning (ERP) System

City Takeover of County Airport City On-Line Camping Permit

System Review of Proposed City

Environmental Services Center

9

Implementation of SAP Enterprise Resource Planning

(ERP) System

10

BACKGROUND City of Palo Alto Revenues: $440.5 million City expenditures: $460.8 million Staffing: 1,017 FTEs Account Payable Checks:

13,000

11

BACKGROUND Utilities include: electric, gas, water, wastewater collection, refuse, fiber optic, storm drain, and

wastewater treatment Utility Bills: 370,000 Utility Charges: $220.8 million

12

BACKGROUND July 2002: city selected and began

implementing SAP Enterprise Resource Planning (ERP) system

SAP ERP supported city core business functions

(accounting, finance, purchasing, human resources, and utilities)

$15 million to install $3 million for annual operations and

maintenance

13

AUDIT OBJECTIVES

Monitor the SAP ERP implementation

Determine if internal controls for the new SAP ERP system are adequate.

Determine if SAP ERP implementation follows best practices

14

HOW THE AUDIT WAS DONE

Reviewed SAP contract and scope of work

Reviewed SAP management reports and vendor progress reports

Reviewed project plans Monitored contract

administration files

15


Auditor attended project meetings participated in project testing monitored project team and

users’ activities maintained open and daily

communications with project team and users

16


Auditor identified best practices for

system development compared system development

with best practices became familiar with SAP ERP

system development practices

17

AUDIT RESULTS Phase 1: accounting, finance,

purchasing, and human resources modules.

Auditor identified need for improved internal controls, improved access controls, audit trails, and better authorization tables Phase 1 activated with few problems

18

AUDIT RESULTS Phase 2: utilities billing and on-line

payment preparations Auditor reported satisfactory project preparation Satisfactory workflow, blueprint,

and design changes Phase 2 project design and

development was satisfactory

19

AUDIT RESULTS

Phase 3: utilities testing and activation

Auditor reported problems

20

AUDIT RESULTS Auditor reported problems Transaction and integration testing

showed deficiencies; Problems found during testing not

resolved; User inputs were ignored; Concerns with system security Lack of contingency planning for

transition from the existing system to the new system

21

AUDIT RESULTS

Project managers planned to activate system (go on-line) by

target date regardless of deficiencies

fix problems after system is activated

22

AUDIT RESULTS Phase 3: Auditor advised not to

activate system; Auditor advice ignored by SAP

ERP steering committee, program management office,

and top level managers

23

AUDIT RESULTS To reaffirm auditor concerns,

auditor advised city to hire outside consultant to evaluate and test the new SAP ERP system

Outside consultant confirmed auditor findings

Outside consultant recommended the city should follow best practices

24

AUDIT RESULTS Outside consultant recommended the

city should: use audit logs, firewalls, encrypt cardholder data, use unique system administrator names, control the system change process, implement periodic vulnerability scans, ensure timely updates, implement NIST standards, comply with

PCI-DSS requirements, and improve system security

25

CITY OUTCOME Phase 3: system activated

despite auditor warnings.

26

CITY OUTCOME Significant problems occurred: Inaccurate utility bills for many

customers Hundreds of customer

complaints to city and City Council

Customer service overwhelmed Long waits on the telephone

27

CITY OUTCOME Utility staff had to manually

review 30,000 utility bills each month

Staff overtime increased City suffered bad press and

criticism from press, media, city council, city residents, and many others

City credibility affected

28

CITY OUTCOME Inaccurate billings affected

accuracy of city ledgers and finance reports (general ledger, accounts receivable, etc.)

Accounting staff had to manually correct inaccuracies and spend overtime checking and resolving the inaccurate data

Additional staff hired to detect, correct, and resolve inaccurate billings and accounting data

29

CITY OUTCOME System solutions required

retroactive changes to system in 17 critical areas

System errors took months to correct

Post operations corrections were very, very costly

30

FOLLOW-UP AUDIT RESULTS

DIFFERENT AUDITOR PERFORMED FOLLOW-UP AUDIT ON SAP ERP SYSTEM

AUDITOR FOUND SAP SECURITY DEFECTS SAP ERP system not secured Security controls almost non-existent Generic, default password not disabled User access not restricted

31

FOLLOW-UP AUDIT RESULTS

Auditor could access sensitive and confidential data change data for payroll, pay, employee

promotions, employee status, and much more

NIST and PCI-DSS requirements violated

City vulnerable to significant losses and liabilities if data breached

32

Case Study:City Takeover of County

Airport

33

BACKGROUND

City of Palo Alto leased land to Santa Clara County

Land used for a general aviation airport

34

BACKGROUND Lease Terms: 50 years for total payment of $25 Lease expires in April 2017 County built airport County to be reimbursed for capital

costs Airport revenue used to repay County

for airport expenditures

35

BACKGROUND

County operates 3 general aviation airports

County overhead (county salaries, administration costs and expenses) prorated to each airport

Besides county costs, each airport pays its own operational costs

36

BACKGROUND County business plan Reports airport deficits will continue Recommends county to drastically increase airplane tie-

down fees (rental fees for parking aircraft)

limit capital investments to the airport

37

AUDIT OBJECTIVES

City Auditor asked to determine: Should the city take over operations

of the County airport? Audit Sub-objectives: Review airport financial statements, Evaluate County allocation of

expenses and overhead, and Determine financial viability of

airport

38


Auditor compiled history of profits, losses, and outstanding advances

Reviewed financial statements and County accounting data

Analyzed County method for assigning costs and overhead to the 3 County airports (direct, indirect, and pooled costs)

39


Auditor compared operating revenues, expenses and income for all County airports

Analyzed depreciation schedules Performed detailed review of

County accounting records

40


Reviewed the airport and airport business lessee leases

Reviewed County-City joint agreements (for maintaining airport levees, etc.)

Created a spreadsheet model and recalculated the direct and pooled charges assigned to each airport

41


Reviewed the airport master plan and the County business plan for each airport

Examined previous consultant reports

Compared proposed rate increase with rates for other airports

Visited each County airport and its operations

42


Interviewed County and airport staff and executives

Interviewed members of the airport commission, land use commission, and joint airport committee

43

AUDIT RESULTS Palo Alto airport was profitable. Airport generated more than

$400,000 in net income since the airport was constructed

Profits were used to repay the county for its capital startup costs

Principal balance for original $1 million investment was down to $680,000

44

AUDIT RESULTS Airport carried 1/3 of the pooled

airport costs for all 3 county airports

County charges for pooled and overhead costs was over 40% of the airport operating expenses

Operating income and profits for the other 2 County airports would be significantly reduced or become losses without Palo Alto airport

45

AUDIT RESULTS County incorrectly charged the

airport expenses for realigning the airport road repairing the airport levees Airport was improperly charged

for federal and state funded capital improvements

46

AUDIT RESULTS County overcharged airport for

some expenses Airport depreciation calculations

were questionable Airport cash flow was positive

47

AUDIT RESULTS The County outstanding balance

was not accurate as stated would be fully paid by

the end of the lease (without the 30% increase in fees)

No formal City-County loan agreement existed

I.e. the airport was technically not required to repay the County

48

AUDIT RESULTS Opportunities existed for

increasing airport revenues once the County subleases to airport business owners expired

The proposed aircraft tie-down fees would be higher than nearby airports and could threaten the viability of the airport

49

CITY OUTCOME County proposed fees hikes

were reduced The city agreed to the moderate

increase in the aircraft tie-down fee

50

CITY OUTCOME The City Council Encouraged the County to continue operating the airport maintain and improve the

airport City started negotiations to take

over the airport

51

Case Study: City On-Line Camping Permit System

CHARISMA FOJAS

52

BACKGROUND Department of Parks

and Recreation offers camping at 14 city parks

Permits free

Long lines & overnight camping for permits

53

BACKGROUND

Annual costs: $1.3 million New ordinance allows city to

charge for camping permits Permit fees: $10 per day

($30 for 3-day site, $50 for 5 day site)

Administrative fee: $2 per permit

54

BACKGROUND

Parks and Recreation Department on-line system for issuing

camping permits Payments to be made on-line System would be e-commerce for

city Reservation system launched March

2012 with no permit fees

55

AUDIT OBJECTIVES

Audit camping operations Provide information on:

costs, user demand for facilities, condition of campsites facilities, and management of the camping program

56


Cost of operations Audited reported (vs

actual) costs and revenues

User Demand of Facilities Audited camping permit

distribution data from FY 2008 to FY 2011

Observed and assessed permit tracking system

57


Condition of Campsite Facilities Best practices & other jurisdictions Camping area, restrooms, and

parking lot inspections Camper Surveys Complaints & issues lodged by

campers

58


Condition of Campsite FacilitiesInterviewed city

engineers & policeRisk analysis of

camping facilities Examined police

reports, and security logs

59


Audited the management and operations of the program Best practices Camping permit application and

distribution system Checked enforcement of camping

rules Evaluated internal controls Interviewed city staff & administrators

60


Audited the management and operations of the program Documents related to the on-line permit

system, data management, and system development

Interviewed vendors and information technology staff working on the on-line system

Evaluated system security, internet and intranet security, and

Assessed compliance with payment card industry requirements (PCI-DSS)

61

Camping Improvements Intended by City Ordinance Are Not Likely to Be Achieved Camping permit revenues will not be

used to improve the camping program

Formal plan to improve the program does not exist

Ancillary fees not justified

AUDIT RESULTS

62

Camping Improvements Intended by City Ordinance Are Not Likely to Be AchievedOperating expenses, revenues

and assumptions are inaccurate Potential revenues totaling up to

$366K were not collected

AUDIT RESULTS

63

Department vs. Auditor Projections

Parks and Recreation Dept.

Projections

Auditor Projection

s

Difference(+/-)

Grand Total-Costs

$1,308,267

$1,063,729

$244,538

Total Projected Revenues

$353,385 $366,451 $13,066

64

AUDIT RESULTS

Department Needs to Improve Security and Camping Facilities

Security is a top priority Police calls Enhanced security reduces

police calls Camping facilities damaged by

erosion need repairs or replacement

Beach erosion threat

66

AUDIT RESULTSDepartment Needs to Improve Security and Camping Facilities

Wastewater systems place the city at risk

Septic tanks could contaminate the water environment

Existing facilities place the city at risk

City plans to spend $4.9 million in wastewater system upgrades, but additional funds may be needed

67

AUDIT RESULTS

Program improvements needed: Formal camping program & accurate

data Formal policies, procedures, &

operations manual Quality assurance program &

complaint follow-up system

68

Total Camping Permits Actually Issued Versus Reported

Fiscal Year

Camping Permits Issued

(Actual)

Camping Permits

Reported (Annual Report)

Discrepancy

FY 2008 9,298 [1] 5,956 3,342

FY 2009 9,972 6,486 3,486

FY 2010 10,236 [2] 10,400 (164)

FY 2011 8,927 10,107 (1,180)

69

Program improvements needed: On-line permitting system needs to

comply with e-commerce requirements

City exposed to financial liabilities and losses

Active on-line system monitoring needed

AUDIT RESULTS

70

CITY OUTCOME

City & parks and recreation department agreed with most recommendations

71

Case Study:Review of Proposed City

Environmental Services Center (ESC)

72

Review of Proposed City Environmental Services Center

(ESC)

BACKGROUND City of Palo Alto public works dept

proposed a 19 acre ESC center Project would offer multiple

services at landfill site City Council appropriated $3.6

million for project

73

BACKGROUND Project changed from 1998 to

2004 City staff updated alternatives in

2004 City staff claimed new ESC center

would save $1 million per year

74

BACKGROUND2004 ESC proposal included:

material recovery facility, refuse transfer station, composting, recycling facility, permanent hazardous waste

storage, asphalt and concrete storage, visitor/education center, administrative offices

75

Review of Proposed City Environmental Services Center

AUDIT OBJECTIVES Analyze and clarify the 2004

proposal Analyze acreages, tonnages,

and alternatives

76


Worked with city staff Reviewed previous two studies Updated 2004 cost estimates for

the project Compared cost figures for

previous and latest alternatives (e.g. staffing, tonnage, etc)

77


Analyzed project assumptions and financial implications

Assessed reasonableness of the information provided by the city staff

Reviewed staff reports, budget documents, and previous studies

78


Reviewed landfill tonnage & recycling reports

Updated tonnages and costs in the reports

Interviewed public works staff and refuse contractor staff

79


Visited nearby city of Sunnyvale SMaRT refuse transfer facilities

Solicited inputs from environmental advocates, solid waste professionals and community

80

AUDIT RESULTS Proposed 19 acre facility was

more expensive than using the existing Sunnyvale station ($8.5 million vs $6.5 million per year)

Alternative of 6.2 acre facility was more expensive than using the existing Sunnyvale station ($7.3 million vs $6.5 million per year)

81

AUDIT RESULTS City should: use Sunnyvale facility until

agreement expires ($6.5 million per year) and

operate minimal recycling and yard waste facilities on 6.2 acres after the landfill closes ($5.6 million per year)

82

AUDIT Observations Waste practices and strategies change over time, impact costs, and impact

savings (e.g. recycling construction and demolition debris)

Land costs affect project costs ($1 million per acre) Proposed project affects park

planned for the landfill

83

AUDIT Observations Proposed project raises

complicated land use issues City should modify project to: Reduce annual costs Reduce the acreage required Reduce the scope of services

84

CITY OUTCOME

City Council terminated proposed ESC project

City saved $500,000 in environmental impact study costs.

85

SUMMARY

It is possible to audit programs, projects, or systems before they exist

Historical data may or may not exist

Use your existing skill sets Front end audits are not new Front end audits require

creativity and innovation

86

SUMMARY Front end audits can add value to an organization help management to do their job

It is easier and cheaper to fix a system before it is implemented

(vs fixing an operational system)

87

Edwin Young Office of the City Auditor City and County of Honolulu 1001 Kamokila Blvd., Suite 216 Kapolei, HI 96707 Ph: 808-768-3134 E-mail: [email protected] http://www1.honolulu.gov/

council/auditor

Contact Information

88

THANK YOU Thank you for attending Questions and Answers?

1 Adding Value to an Organization by Performing Front End Audits Edwin Young, Office of the City...

Documents

Transcript of 1 Adding Value to an Organization by Performing Front End Audits Edwin Young, Office of the City...