1 Adding Value to an Organization by Performing Front End Audits Edwin Young, Office of the City...
-
Upload
clare-lane -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Adding Value to an Organization by Performing Front End Audits Edwin Young, Office of the City...
1
Adding Value to an Organization by Performing
Front End Audits
Edwin Young, Office of the City AuditorCity and County of Honolulu
October 16, 2012
2
Traditional Auditing Performed after a program,
project, or system is established Traditional audits Rely on historical data Audit existing operations Recommendations Require changes to existing
program May require reworking the program
3
What is front end auditing?
Audits programs, projects, or systems before they exist
Historical data may not exist Requires creative and innovative
auditing GAO: forward auditing involves
prospective analysis based on assumptions and events that may occur
4
Benefits to Management
Front end audits add value to management efforts by
Providing an external perspective before the program is established/
or while it is in development Identifies issues and deficiencies
not identified by management
5
Benefits to Management
Can re-affirm management decisions and actions
Can provide management some assurance on the work underway
Focuses management on controls and other improvements needed before the program is implemented
6
Benefits to Management
Improves the program, project, or system before it is operational
Improvements are less expensive to make before it is operational
Improvements require less retrofitting before it is operational
7
Audit Cautions Audit independence and objectivity
must be preserved Front end auditor has conflict of interest cannot audit the program, project, or
system after it is operational Potential conflicts of interest must
be disclosed May not be able to claim audit was
performed in accordance with generally accepted auditing standards (GAGAS or IIA Standards)
8
4 Case Studies
Implementation of SAP Enterprise Resource Planning (ERP) System
City Takeover of County Airport City On-Line Camping Permit
System Review of Proposed City
Environmental Services Center
9
Implementation of SAP Enterprise Resource Planning
(ERP) System
10
BACKGROUND City of Palo Alto Revenues: $440.5 million City expenditures: $460.8 million Staffing: 1,017 FTEs Account Payable Checks:
13,000
11
BACKGROUND Utilities include: electric, gas, water, wastewater collection, refuse, fiber optic, storm drain, and
wastewater treatment Utility Bills: 370,000 Utility Charges: $220.8 million
12
BACKGROUND July 2002: city selected and began
implementing SAP Enterprise Resource Planning (ERP) system
SAP ERP supported city core business functions
(accounting, finance, purchasing, human resources, and utilities)
$15 million to install $3 million for annual operations and
maintenance
13
AUDIT OBJECTIVES
Monitor the SAP ERP implementation
Determine if internal controls for the new SAP ERP system are adequate.
Determine if SAP ERP implementation follows best practices
14
HOW THE AUDIT WAS DONE
Reviewed SAP contract and scope of work
Reviewed SAP management reports and vendor progress reports
Reviewed project plans Monitored contract
administration files
15
HOW THE AUDIT WAS DONE
Auditor attended project meetings participated in project testing monitored project team and
users’ activities maintained open and daily
communications with project team and users
16
HOW THE AUDIT WAS DONE
Auditor identified best practices for
system development compared system development
with best practices became familiar with SAP ERP
system development practices
17
AUDIT RESULTS Phase 1: accounting, finance,
purchasing, and human resources modules.
Auditor identified need for improved internal controls, improved access controls, audit trails, and better authorization tables Phase 1 activated with few problems
18
AUDIT RESULTS Phase 2: utilities billing and on-line
payment preparations Auditor reported satisfactory project preparation Satisfactory workflow, blueprint,
and design changes Phase 2 project design and
development was satisfactory
19
AUDIT RESULTS
Phase 3: utilities testing and activation
Auditor reported problems
20
AUDIT RESULTS Auditor reported problems Transaction and integration testing
showed deficiencies; Problems found during testing not
resolved; User inputs were ignored; Concerns with system security Lack of contingency planning for
transition from the existing system to the new system
21
AUDIT RESULTS
Project managers planned to activate system (go on-line) by
target date regardless of deficiencies
fix problems after system is activated
22
AUDIT RESULTS Phase 3: Auditor advised not to
activate system; Auditor advice ignored by SAP
ERP steering committee, program management office,
and top level managers
23
AUDIT RESULTS To reaffirm auditor concerns,
auditor advised city to hire outside consultant to evaluate and test the new SAP ERP system
Outside consultant confirmed auditor findings
Outside consultant recommended the city should follow best practices
24
AUDIT RESULTS Outside consultant recommended the
city should: use audit logs, firewalls, encrypt cardholder data, use unique system administrator names, control the system change process, implement periodic vulnerability scans, ensure timely updates, implement NIST standards, comply with
PCI-DSS requirements, and improve system security
25
CITY OUTCOME Phase 3: system activated
despite auditor warnings.
26
CITY OUTCOME Significant problems occurred: Inaccurate utility bills for many
customers Hundreds of customer
complaints to city and City Council
Customer service overwhelmed Long waits on the telephone
27
CITY OUTCOME Utility staff had to manually
review 30,000 utility bills each month
Staff overtime increased City suffered bad press and
criticism from press, media, city council, city residents, and many others
City credibility affected
28
CITY OUTCOME Inaccurate billings affected
accuracy of city ledgers and finance reports (general ledger, accounts receivable, etc.)
Accounting staff had to manually correct inaccuracies and spend overtime checking and resolving the inaccurate data
Additional staff hired to detect, correct, and resolve inaccurate billings and accounting data
29
CITY OUTCOME System solutions required
retroactive changes to system in 17 critical areas
System errors took months to correct
Post operations corrections were very, very costly
30
FOLLOW-UP AUDIT RESULTS
DIFFERENT AUDITOR PERFORMED FOLLOW-UP AUDIT ON SAP ERP SYSTEM
AUDITOR FOUND SAP SECURITY DEFECTS SAP ERP system not secured Security controls almost non-existent Generic, default password not disabled User access not restricted
31
FOLLOW-UP AUDIT RESULTS
Auditor could access sensitive and confidential data change data for payroll, pay, employee
promotions, employee status, and much more
NIST and PCI-DSS requirements violated
City vulnerable to significant losses and liabilities if data breached
32
Case Study:City Takeover of County
Airport
33
BACKGROUND
City of Palo Alto leased land to Santa Clara County
Land used for a general aviation airport
34
BACKGROUND Lease Terms: 50 years for total payment of $25 Lease expires in April 2017 County built airport County to be reimbursed for capital
costs Airport revenue used to repay County
for airport expenditures
35
BACKGROUND
County operates 3 general aviation airports
County overhead (county salaries, administration costs and expenses) prorated to each airport
Besides county costs, each airport pays its own operational costs
36
BACKGROUND County business plan Reports airport deficits will continue Recommends county to drastically increase airplane tie-
down fees (rental fees for parking aircraft)
limit capital investments to the airport
37
AUDIT OBJECTIVES
City Auditor asked to determine: Should the city take over operations
of the County airport? Audit Sub-objectives: Review airport financial statements, Evaluate County allocation of
expenses and overhead, and Determine financial viability of
airport
38
HOW THE AUDIT WAS DONE
Auditor compiled history of profits, losses, and outstanding advances
Reviewed financial statements and County accounting data
Analyzed County method for assigning costs and overhead to the 3 County airports (direct, indirect, and pooled costs)
39
HOW THE AUDIT WAS DONE
Auditor compared operating revenues, expenses and income for all County airports
Analyzed depreciation schedules Performed detailed review of
County accounting records
40
HOW THE AUDIT WAS DONE
Reviewed the airport and airport business lessee leases
Reviewed County-City joint agreements (for maintaining airport levees, etc.)
Created a spreadsheet model and recalculated the direct and pooled charges assigned to each airport
41
HOW THE AUDIT WAS DONE
Reviewed the airport master plan and the County business plan for each airport
Examined previous consultant reports
Compared proposed rate increase with rates for other airports
Visited each County airport and its operations
42
HOW THE AUDIT WAS DONE
Interviewed County and airport staff and executives
Interviewed members of the airport commission, land use commission, and joint airport committee
43
AUDIT RESULTS Palo Alto airport was profitable. Airport generated more than
$400,000 in net income since the airport was constructed
Profits were used to repay the county for its capital startup costs
Principal balance for original $1 million investment was down to $680,000
44
AUDIT RESULTS Airport carried 1/3 of the pooled
airport costs for all 3 county airports
County charges for pooled and overhead costs was over 40% of the airport operating expenses
Operating income and profits for the other 2 County airports would be significantly reduced or become losses without Palo Alto airport
45
AUDIT RESULTS County incorrectly charged the
airport expenses for realigning the airport road repairing the airport levees Airport was improperly charged
for federal and state funded capital improvements
46
AUDIT RESULTS County overcharged airport for
some expenses Airport depreciation calculations
were questionable Airport cash flow was positive
47
AUDIT RESULTS The County outstanding balance
was not accurate as stated would be fully paid by
the end of the lease (without the 30% increase in fees)
No formal City-County loan agreement existed
I.e. the airport was technically not required to repay the County
48
AUDIT RESULTS Opportunities existed for
increasing airport revenues once the County subleases to airport business owners expired
The proposed aircraft tie-down fees would be higher than nearby airports and could threaten the viability of the airport
49
CITY OUTCOME County proposed fees hikes
were reduced The city agreed to the moderate
increase in the aircraft tie-down fee
50
CITY OUTCOME The City Council Encouraged the County to continue operating the airport maintain and improve the
airport City started negotiations to take
over the airport
51
Case Study: City On-Line Camping Permit System
CHARISMA FOJAS
52
BACKGROUND Department of Parks
and Recreation offers camping at 14 city parks
Permits free
Long lines & overnight camping for permits
53
BACKGROUND
Annual costs: $1.3 million New ordinance allows city to
charge for camping permits Permit fees: $10 per day
($30 for 3-day site, $50 for 5 day site)
Administrative fee: $2 per permit
54
BACKGROUND
Parks and Recreation Department on-line system for issuing
camping permits Payments to be made on-line System would be e-commerce for
city Reservation system launched March
2012 with no permit fees
55
AUDIT OBJECTIVES
Audit camping operations Provide information on:
costs, user demand for facilities, condition of campsites facilities, and management of the camping program
56
HOW THE AUDIT WAS DONE
Cost of operations Audited reported (vs
actual) costs and revenues
User Demand of Facilities Audited camping permit
distribution data from FY 2008 to FY 2011
Observed and assessed permit tracking system
57
HOW THE AUDIT WAS DONE
Condition of Campsite Facilities Best practices & other jurisdictions Camping area, restrooms, and
parking lot inspections Camper Surveys Complaints & issues lodged by
campers
58
HOW THE AUDIT WAS DONE
Condition of Campsite FacilitiesInterviewed city
engineers & policeRisk analysis of
camping facilities Examined police
reports, and security logs
59
HOW THE AUDIT WAS DONE
Audited the management and operations of the program Best practices Camping permit application and
distribution system Checked enforcement of camping
rules Evaluated internal controls Interviewed city staff & administrators
60
HOW THE AUDIT WAS DONE
Audited the management and operations of the program Documents related to the on-line permit
system, data management, and system development
Interviewed vendors and information technology staff working on the on-line system
Evaluated system security, internet and intranet security, and
Assessed compliance with payment card industry requirements (PCI-DSS)
61
Camping Improvements Intended by City Ordinance Are Not Likely to Be Achieved Camping permit revenues will not be
used to improve the camping program
Formal plan to improve the program does not exist
Ancillary fees not justified
AUDIT RESULTS
62
Camping Improvements Intended by City Ordinance Are Not Likely to Be AchievedOperating expenses, revenues
and assumptions are inaccurate Potential revenues totaling up to
$366K were not collected
AUDIT RESULTS
63
Department vs. Auditor Projections
Parks and Recreation Dept.
Projections
Auditor Projection
s
Difference(+/-)
Grand Total-Costs
$1,308,267
$1,063,729
$244,538
Total Projected Revenues
$353,385 $366,451 $13,066
64
AUDIT RESULTS
Department Needs to Improve Security and Camping Facilities
Security is a top priority Police calls Enhanced security reduces
police calls Camping facilities damaged by
erosion need repairs or replacement
Beach erosion threat
65
66
AUDIT RESULTSDepartment Needs to Improve Security and Camping Facilities
Wastewater systems place the city at risk
Septic tanks could contaminate the water environment
Existing facilities place the city at risk
City plans to spend $4.9 million in wastewater system upgrades, but additional funds may be needed
67
AUDIT RESULTS
Program improvements needed: Formal camping program & accurate
data Formal policies, procedures, &
operations manual Quality assurance program &
complaint follow-up system
68
Total Camping Permits Actually Issued Versus Reported
Fiscal Year
Camping Permits Issued
(Actual)
Camping Permits
Reported (Annual Report)
Discrepancy
FY 2008 9,298 [1] 5,956 3,342
FY 2009 9,972 6,486 3,486
FY 2010 10,236 [2] 10,400 (164)
FY 2011 8,927 10,107 (1,180)
69
Program improvements needed: On-line permitting system needs to
comply with e-commerce requirements
City exposed to financial liabilities and losses
Active on-line system monitoring needed
AUDIT RESULTS
70
CITY OUTCOME
City & parks and recreation department agreed with most recommendations
71
Case Study:Review of Proposed City
Environmental Services Center (ESC)
72
Review of Proposed City Environmental Services Center
(ESC)
BACKGROUND City of Palo Alto public works dept
proposed a 19 acre ESC center Project would offer multiple
services at landfill site City Council appropriated $3.6
million for project
73
BACKGROUND Project changed from 1998 to
2004 City staff updated alternatives in
2004 City staff claimed new ESC center
would save $1 million per year
74
BACKGROUND2004 ESC proposal included:
material recovery facility, refuse transfer station, composting, recycling facility, permanent hazardous waste
storage, asphalt and concrete storage, visitor/education center, administrative offices
75
Review of Proposed City Environmental Services Center
AUDIT OBJECTIVES Analyze and clarify the 2004
proposal Analyze acreages, tonnages,
and alternatives
76
HOW THE AUDIT WAS DONE
Worked with city staff Reviewed previous two studies Updated 2004 cost estimates for
the project Compared cost figures for
previous and latest alternatives (e.g. staffing, tonnage, etc)
77
HOW THE AUDIT WAS DONE
Analyzed project assumptions and financial implications
Assessed reasonableness of the information provided by the city staff
Reviewed staff reports, budget documents, and previous studies
78
HOW THE AUDIT WAS DONE
Reviewed landfill tonnage & recycling reports
Updated tonnages and costs in the reports
Interviewed public works staff and refuse contractor staff
79
HOW THE AUDIT WAS DONE
Visited nearby city of Sunnyvale SMaRT refuse transfer facilities
Solicited inputs from environmental advocates, solid waste professionals and community
80
AUDIT RESULTS Proposed 19 acre facility was
more expensive than using the existing Sunnyvale station ($8.5 million vs $6.5 million per year)
Alternative of 6.2 acre facility was more expensive than using the existing Sunnyvale station ($7.3 million vs $6.5 million per year)
81
AUDIT RESULTS City should: use Sunnyvale facility until
agreement expires ($6.5 million per year) and
operate minimal recycling and yard waste facilities on 6.2 acres after the landfill closes ($5.6 million per year)
82
AUDIT Observations Waste practices and strategies change over time, impact costs, and impact
savings (e.g. recycling construction and demolition debris)
Land costs affect project costs ($1 million per acre) Proposed project affects park
planned for the landfill
83
AUDIT Observations Proposed project raises
complicated land use issues City should modify project to: Reduce annual costs Reduce the acreage required Reduce the scope of services
84
CITY OUTCOME
City Council terminated proposed ESC project
City saved $500,000 in environmental impact study costs.
85
SUMMARY
It is possible to audit programs, projects, or systems before they exist
Historical data may or may not exist
Use your existing skill sets Front end audits are not new Front end audits require
creativity and innovation
86
SUMMARY Front end audits can add value to an organization help management to do their job
It is easier and cheaper to fix a system before it is implemented
(vs fixing an operational system)
87
Edwin Young Office of the City Auditor City and County of Honolulu 1001 Kamokila Blvd., Suite 216 Kapolei, HI 96707 Ph: 808-768-3134 E-mail: [email protected] http://www1.honolulu.gov/
council/auditor
Contact Information
88
THANK YOU Thank you for attending Questions and Answers?