forensic accounting services, LLC

November 4, 2010

Board of Commissioners Housing Authority of the Town of Wallingford 45 Tremper Drive Wallingford, CT 06492

RE: Forensic Accounting and Internal Controls Evaluation

I was engaged to undertake an independent and objective evaluation of the internal controls, financial policies and accounting procedures in place within the Housing Authority of the Town of Wallingford, with the objective to identify areas for implementing stronger controls and procedures. During the course of my evaluation I was to identify any areas that raise potential concern to me, in order for you to determine how to proceed with each identified area of concern. Below is a description of the procedures performed along with the results of those procedures, including my observations and recommendations.

My engagement was performed in accordance with the Statement of Standards for Consulting Services established by the American Institute of Certified Public Accountants. The sufficiency of the procedures identified was solely the responsibility of the Housing Authority of the Town of Wallingford. Consequently, I make no representation regarding the sufficiency of the procedures described for the purpose of this engagement or for any other purpose.

Because this engagement did not constitute an audit, my report does not express any opinion regarding the design or effectiveness of the internal controls, financial policies and accounting procedures of the Housing Authority of the Town of Wallingford In addition, I have no obligation to perform any procedures beyond those identified below.

This engagement was not designed to detect fraud or fraudulent activity. Since concealment is an important element in fraudulent activity, it is possible for fraud to have existed within the Housing Authority of the Town of Wallingford and not be detected during my evaluation. It is also possible for fraudulent activity to occur subsequent to my evaluation even after provided recommendations have been implemented by the Housing Authority of the Town of Wallingford. Because of inherent limitations in any system of internal controls, material errors, fraud, or other illegal acts may occur and not be detected. Projections of my evaluation of the internal controls to future periods are subject to the risk that the internal controls may become inadequate because of changes in conditions or personnel, or that the degree of compliance within the controls may deteriorate.

My report is based on the descriptions and information provided by personnel through my interviewing process. VVhile I sampled transactions, forms, reports or other documentation as part of my evaluation, no detailed testing of transactions or the operating effectiveness was performed during this engagement.

My report is intended solely for the use of the Housing Authority of the Town of Wallingford's Board of Commissioners and management, and should not be used by any others for any other purpose without my prior written consent.

H- 2389 main street :it glastonbury, ct 06033 '* tel. 860.659.6550 * fax 860.659.1625 H- www.forensicaccountingservices.com t

DefinWons

Throughout my report, reference is made to the Housing Authority of the Town of Wallingford as well as certain groups within and agencies external to the Housing Authority of the Town of Wallingford. Certain names were reduced to shortened or abbreviated names for reporting purposes, as follows:

Housing Authority of the Town of Wallingford ("Organization")

Board of Commissioners ("Board")

Connecticut Housing Finance Authority ("CHFA")

Department of Economic and Community Development ("DECO")

Procedures Performed

I met with various members of the Organization to gain an understanding of the financial policies and procedures in place, including two Board members, the Executive Director, Finance Director, Maintenance Supervisor, and a Property Manager. Along with gaining an understanding of the internal controls and procedures through discussions, I also at times requested copies of policies, procedures, forms and other related information to better understand the policies and procedures.

Documented Policies and Procedures

At the commencement of my engagement I requested of the Organization copies of any documented financial or accounting policies or procedures currently being utilized and followed. I was provided the following two documents in response to my request. Organization personnel indicated there were no documented policies and procedures specific to the Organization, and that these two documents were what the Organization followed.

I. "Accounting Manual For DECO Financed Housing-Administration Funds and Other Programs", issued by State of Connecticut Department of Economic and Community Development with an effective date of July 1, 2002. I noted the version provided me was outdated, and a revision to the manual was issued with an effective date of August 1, 2006. I did not undertake any procedures to determine what if any changes were implemented between the two versions, and although I read the July 1, 2002 version, I relied upon the August 1, 2006 version for this engagement.

The full document can be found at httc//www clgov!ecd/cwP/vlcwasD'?a=3677&a=249680.

The following excerpts were taken from that document which pertain to observations and recommendations identified below:

1. {Page 4}. It is important that each Owner/sponsor observe the following fundamental requirements in establishing an effective system of internal control:

·An Organization plan, which provides for definite placement of responsibility and for specific lines of responsibility .

.A diVision of duties between authorization and record keeping so that the activity of one employee acts as a check on those of another. In cases where there is only one employee the Board Members or an outside fee accountant should perform necessary functions to provide adequate internal controls, such as performing bank reconciliations .

.The use of forms; documents, and procedures that facilitate control and provide for proper approvals.

.An auditing trail for documenting compliance with policies and procedures, particularly those

t Housing Authority of the Town of Wallingford Jim'"sie necfIlwt'"g .''Crl-ices, lie

Page 2 :\',"'<'mncr4.2()]O

relating to transactions reflected in the books and records.

2. {Page 4}. Controls:

(c) Bank statements are to be independently reconciled by someone other than employees who keep the cash record. The sequence of check numbers is to be accounted for when reconciling the bank statements.

(d) Checks should not be issued on the basis of verbal approval and a control should be maintained over blank and voided checks.

(I) Payroll checks should be distributed by someone other than personnel involved in the preparation of the payroll.

3. {Page 14}. Furniture and Equipment Ledger:

At least once a year, a physical inventory should be taken to ascertain that there are no missing items and also that all items are located as shown in the records. A physical inventory means a visual inspection and count of all furniture and equipment, except items of equipment (refrigerators and ranges) in occupied dwelling units covered by a tenant receipt. No visual inspection of equipment in occupied dwelling units is required; an inspection of the receipts covering such equipment is sufficient.

II. "Asset & Property Management Manual", issued in draft by Connecticut Housing Finance Authority ("CHFA"). In addition to the CHFA website, I was provided a copy of an email from Elizabeth Chasse of CHFA dated 11/17/2009 to Terry Ravizza, Assistant Director of the Organization, indicating "this is the one that we are using at the present time."

The full document can be found at: http://www.chfa.org/search.aspx?search=asset%20and%20property%20management%20manual.

The following excerpts were taken from that document which pertain to observations and recommendations identified below:

1. (Page 260). it is recommended that each owner shall formally adopt a Rent Collection Policy.

2. (Page 261). It is recommended that each owner shall formally adopt a Cash Receipts Policy. The employee responsible for performing each of the above functions (functions A - F omitted here) should be clearly designated in the owner's records. The person who will perform these functions in the employee's absence should also be designated.

3. (Page 262). It is recommended that the owner develop a written Personnel Policy with the following as a minimum:

a) Job description (items B - Gomitted here).

D. Flat rate per diem charges for travel are not allowed.

5. (Page 285). A conflict of interest exists when a Commissioner or Executive Director is in a position where his/her private interests, which includes the interests of his/her relatives, close friends and business associates, conflicts with his/her public duty.

A. Conflict of interest, as defined by Section 8-42 of the Connecticut General Statutes (C.G.S), includes any interest, direct or indirect, in any of the following:

1. Any housing project owned or managed by the Housing Authority;

2. Any property included or planned to be included in any housing project by the Housing Authority:

3. Any contract or proposed contract for materials or services in connection with Housing Authority operations; and

4. Occupancy of a dwelling unit owned, managed or assisted by the Housing Authority is not a conflict of interest.

B. A Commissioner must disclose, in writing, any conflict of interest, or the appearance of a conflict of interest, to the Housing Authority. The disclosure must be entered into the minutes of the Authority. Failure to disclose a conflict of interest constitutes misconduct in office under the provisions of Section 8-42, C.GS., and is grounds for removal from office under Section 8-43, C.G.S.

C. The President of CHFA will, at his/her discretion, investigate any conflict of interest, or the appearance of conflict of interest.

Results of Procedures Performed

Internal controls of any organization are required at every level, starting with the Board down through management and to all the employees. Each level of internal controls is critical to ensuring assets are safeguarded, transactions are properly approved and recorded, and the financial information prepared is complete, accurate and reliable. In order to ensure those goaJs, it is also critical that the financial policies and procedures are known and documented to ensure compliance, and to minimize the risk that a policy or procedures isn't known to everyone involved. Once documented and disseminated throughout the Organization, compliance can be measured by reviewing actual transactions against the Organization's expectations.

While my specific observations and recommendations are identified in detail below, I noted several themes during my procedures worth noting, all of which will be echoed within my recommendations. Those themes were as follows:

Transparency

Documentation

Consistency

Segregation of Duties

Checks and Balances

Transparency

The activity and actions of the Organization including the activity of the Board is public record, open for public discovery. Given the environment the Organization operates, it is incumbent of the Organization to conduct business with the theme of transparency and full disclosure, especially if the Organization desires to reduce the current level of contention and animosity

t Housing Authority of the Town of Wallingford !ore/l.\"ic llCCltJlflting .fl'rTicC's. lIe

Page 4 ;V,,",·mh .. ,.4, ::1110

between Board members, employees and members of the general public. Every transaction should be fully disclosed and documented following a formal documented set of policies and procedures specific to the Organization, and decisions should be made consistent with those documented policies and procedures.

The July 23, 2009 Special Meeting minutes provided an example of how transparency is not accomplished, which likely will lead to questions and potential issues raised about the Board's actions and why the detail of the activity was not being documented. On page 2, immediately after awarding the asbestos abatement proposal within item #3 and including the proposal bid amount, the next issue discussed was item #4 Review Proposals and Select Auditors. As part of the discussion, Commissioner Mezzei asked "why can't we just put the low bidder's name in the minutes and not the amounts. I ran into a problem before. We don't have to put it in there, do we?" Commissioner Prentice responded "It's public record. We don't have to put it in there. If the public wants to know they can call up and ask." He continued "Okay, so we'll just award it to the low bidder and leave out the price in the minutes." My reaction after reading those minutes would likely be consistent with any attendee's reaction, that of me wondering what the amount was and why it wasn't to be included, especially when other contract bid amounts were disclosed and recorded in the minutes during the same meeting.

Documentation

As previously discussed, the Organization should have a documented policies and procedures manual specific to the Organization, with such policies and procedures in compliance with any outside policies and procedures requirements, such as CHFA and DECO. The Organization should undertake documenting the procedures and practices currently in place, and once documented, the Board should approve the policies and procedures, creating the policies and procedures manual.

Consistency

Policies and procedures should ensure that activity and transactions are processed the same way every time, with sufficient detail to support each transaction. The first reaction of the Organization should an issue or allegation be raised regarding any activity or transactions should be to reference back to the policies and procedures manual, review the identified activity or transactions in question, and ensure the identified activity or transactions were in compliance with the Organizations expectations. If compliant, the documented policies and procedures together with the supporting information for the identified activity or transactions could be provided to resolve the issue or allegation. The goal should be to conduct transactions the same way every time - a standardized approach.

Segregation of Duties

The Organization, due to its size, has limited resources to conduct business, process transactions and both track and record the activity. However, even with limited resources, it is critical that the controls, policies and procedures include some level of segregation of duties within each financial area. Where segregation cannot be accomplished, compensating controls need to be implemented to minimize the risk to the Organization that too much control over anyone area resides within one individual.

Checks and Balances

Hand in hand with segregation of duties, every organization must ensure that there are checks and balances, measures in place to review and approve transactions and activity, within every financial area. As with segregation of duties, these are needed to both minimize the risk that unauthorized activity could occur without being detected, as well as ensure that required activity and procedures are in fact being performed,

t Housing Authority of the Town of Wallingford .!lJn·fl.\ir: ac('ouHrillg .\Oen'iC'c.\·, lle

Page 5 ;\-'o!'cmhcr.:l,20iO

ObserraUons and Recommendations

OBSERVATlON

The Organization does not have documented financial policies and procedures specific of the Organization. Much of the financial practices currently in place were derived from the Organization's By-Laws recently revised in December 2009, along with past practices, Board resolutions, union contracts, and various manuals or guides produced at the state or federal leve! applicable to the Organization.

The previous By-Laws provided me dated March 19, 1985 did not specifically identify any financial policies or procedures other than the Treasurer was responsible for signing checks, the Assistant Treasurer could sign in the Treasurer's absence, and the Board could appoint others as needed by resolution.

I was also provided with a large stack of Board resolutions dating back many, many years, possibly back to the formation of the Organization. I did not perform any procedures to ensure every resolution was provided. I noted that many of the resolutions covered financial issues, and in some instances subsequent resolutions often addressed the same financial issues. The resolutions provided were not organized by theme or financial area, but rather were provided in one large stack in numerical order, the same as date order.

There is a genuine need to identify the financial policies and procedures of the Organization, and document them to ensure strict and consistent compliance. In order to undertake this endeavor, the Organization will likely have to start by documenting the existing practices currently followed within each financial area, such as: tenant acceptance and vacancy fulfillment; collection of rents and other receipts; purchasing; cash disbursements; and payroll; to name a few.

Once documented, the financial policies and procedures should be presented in draft form to the Board for review. After discussions and revisions as needed are completed, incorporating the Board's input, the documented policies and procedures should be formally accepted by the Board and documented within the minutes. Once approved, the financial policies and procedures manual should be compiled, supported by resolutions and any other support, and disseminated to the appropriate employees. Measures should also be implemented to ensure the manual is updated on a regular basis and always reflects the current financial policies and procedures of the Organization.

RECOMMENDA TION

Documenting the Organization's financial policies and procedures will create the gUidance needed to not only ensure transactions will be processed in a consistent and authorized manner, but will also aid in the training of new and existing employees. The documentation will create the expectations of how transactions should be processed, and will also help protect employees by providing them written approved guidelines to follow. The documented policies and procedures should also be the first line of response if financial issues or allegations are raised over questioned transactions or activity of the Organization.

Creating the documentation, reviewing and approving the financial policies and procedures, establishing the manual and disseminating the approved policies and procedures throughout the Organization should be a priority for the Board and employees of the Organization.

t Housing Authority of the Town of Wallingford jiJr£'/uic flCc.:Ollllt{ng .ll:rvicex.. [{c

Page 6 ,\',"'emher 4. 20!O

OBSERVATION

As discussed earlier, transparency needs to be ensured with every transaction. Article II ­Commissioners, Section 8 of the By-Laws dated December 10, 2009 included "Conflict of Interest. No Authority Commissioner shall have any interest, direct or indirect, in any contract for materials or services to be furnished or used in connection with any Authority project."

While the Organization does not maintain or distribute a documented conflict of interest policy, it was my understanding that the Organization adheres to the conflict of interest policy applicable by state statute. I noted a nepotism statement was included within the personnel policies identified for the Organization, last updated in 1990.

To ensure transparency as well as compliance with applicable statutes and other requirements, the Organization needs to have a documented conflict of interest policy specific to the Organization, that once documented and approved, is distributed to every Board member, employee, contractor and vendor of the Organization, as well as to all applicants for housing.

The Organization's conflict of interest policy should require of any tenant applicant, employee applicant, vendor, bidder, contractor or anyone else doing business with the Organization, to identify any relationship, association or affiliation with any Board member, employee of the Organization or tenant. If disclosure is provided, the policy should not prohibit the individual or entity from inclusion for consideration, but should alert the Organization 'that a higher level of scrutiny and approval should be applied based on the disclosed relationship to ensure transparency over the decision-making process.

RECOMMENDA TI01\

The Organization should develop, document and approve a conflict of interest policy, and once approved by the Board, should distribute the policy to every existing employee and Board member, as well as to all future Board members, employees, tenants, vendors and contractors.

The Organization should update the various application forms currently in use to ensure that the forms include a question asking if the applicant has any relationships, associations or affiliations with any Board members, employees or tenants of the Organization, and if so, provide the details of the relationship, association or affiliation.

The Organization should also include similar language and disclosure on all future requests for proposals (RFPs) and sealed bid requests Respondents and bidders should be required to include a statement within their proposals and responses indicating if any relationships, associations or affiliations exist with any Board members, employees or tenants of the Organization, and if so, requiring the details of the relationship, association or affiliation.

Documenting, approving and implementing the conflict of interest policies should be a priority of the Organization.

OBSERVATION

The Organization maintains a small safe for securing certain records, documents and other financial information, with access to the safe limited to authorized employees. The Organization maintains several manual books, records and ledgers critical for tracking activity, such as the waiting lists and security deposits. These manual books, records and ledgers appeared invaluable to the Organization to ensure uninterrupted and consistent business, and were maintained by employees responsible for each area within their work areas. These

t Housing Authority of the Town of Wallingford jiJrc1l.rir accounting scn'i('e.\', llc

Page 7 .Vol'emner 4, :!(I/O

manual books, records and ledgers were not maintained and safeguarded within the safe when . not in use.

RECOMMENDA TION

The Organization should require that all manual books, records and ledgers critical to operations are maintained within the safe at all times when not in use to ensure these critical business records are properly safeguarded. Should the safe prove insufficient to accommodate the records that should be maintained, a larger safe or a fireproof file cabinet should be acquired to accommodate the safeguarding of a larger volume of information. Conversely, the Organization does maintain a fireproof file cabinet that could be used to safeguard these records, however the cabinet does not presently lock.

Access to the safe (or fireproof cabinet) should be maintained locked and access should be limited to authorized individuals. The Organization should also consider having the safe permanently affixed to the build ing to prevent theft.

OBSERVATION

A two-part receipt is generated from the Organization's accounting system ("CHAS") for any payment received. In the cases where a tenant pays the Organization in person, the payment is entered into CHAS and the receipt is handed to the tenant. A copy of the receipt is placed with the payment into the drawer maintained by individual property. When the payments are received other than in person, the payments are entered into CHAS, the receipt is generated, and the receipts are placed into the drawer.

During a new tenant move-in process, the first month's rent is collected at the time the lease is signed. These payments are posted into CHAS after the lease signing and move-in meeting is completed, and a handwritten receipt is provided to the new tenant for their payment. The receipt is comprised of a handwritten receipt written on a blank portion of the two-part paper.

RECOMMENDATION

The Organization should acquire and implement three-part receipt books to be used at the counter for any payments received for which a CHAS receipt can not be printed, such as when payments are received at the time of their move-in. The receipt should record the payment, and a copy of the receipt should be provided to the tenant and a copy placed into the drawer. The third copy should remain within the receipt book. The receipt book would also ensure consistent treatment in form and practice for providing a receipt when one cannot be generated directly from CHAS.

A second benefit from the manual receipt book is in the event of a power outage or the CHAS system being unavailable or unable to process tenant payments, manual receipts could be provided for any payments received, and the payments could be subsequently posted to CHAS.

OBSERVATION

The Organization's procedures ensure a new tenant folder is created for each new tenant upon their move-in. Each folder is populated with the required documents during the move-in process. Under the current process the property managers are solely responsible for creating the tenant folders as well as ensuring each folder contains the required information.

t Housing Authority of the Town of Wallingford )(JI"elnic accoullcing .~"t.:.rFi(·('"\·, lie

Page 8 :\'m'cmhcI" -I, :!() I ()

The Organization also has procedures for the recertification of each tenant on an annual basis. The recertification process is completed during the beginning of each calendar year, and it is the sole responsibility of each property manager to complete the recertifications.

Under the existing procedures there is no independent review (i.e. checks and balances) of each new tenant folder or of the recertified folders, nor is there any independent monitoring to ensure all the required recertifications have been completed.

RECOMMENDATlON

The Organization should enhance existing practices to ensure each new tenant folder is independently reviewed prior to filing. Ideally each new tenant folder should be routed to the Executive Director for review and approval. Once reviewed, the Executive Director should indicate his review and approval right on the cover of the tenant folder (or any other area within the folder), and then forward the folder back to the property manager for filing. In the cases where the Executive Director acts as the property manager for certain units, the folders of those units should be forwarded to a Board member for similar review and approval.

Similar to the new tenant folder process recommended, once each tenant folder has been completed for recertification, the tenant folder should be routed to the Executive Director for review and approval. Evidence of approval should be made on the folder (or any other area within the folder). The Executive Director should generate a listing of every unit to be recertified at the time of recertification, and should use that report to monitor and ensure that all recertifications have been completed and approved Similarly, the Board member should be provided a list of the units managed by the Executive Director to track those units' recertifications.

OBSERVAT10N

The Organization has practices in place to complete the recertification of tenants. The measures include sending out a packet to each tenant, along with up to three follow-up letters when appointments are missed. After the fourth missed appointment, the procedures include converting the tenant's rent amount to 125% of market rent.

In certain cases the property managers are aware of hardships or extenuating circumstances preventing a tenant from recertifying in a timely fashion. Once known, alternative measures may be utilized including delaying the completion of recertification. No documented policies or procedures specific to the Organization exist to ensure that the property managers document in a consistent fashion the instances when the standard recertification process was not followed.

RECOMMENDATION

The Organization should require the property managers to follow the same documented recertification process for every tenant (transparency and consistency), and document in standardized form and fashion the reasons why a particular tenant did not adhere to the prescribed recertification process (i.e. hardship ... ) along with the identification of the alternative means by which the recertification was accomplished.

t Housing Authority of the Town of Wallingford jiJrell.ric- accounting .ren:ic('Y, llc

Page 9 :\'vl"'wner 4, ~OIn

OBSERVArrON

The Organization undertakes an annual budget process whereby the base rent is determined for the next fiscal year. Management indicated strict compliance to a formal process is required if an increase in base rent will occur, including Board approval of the new base rent amounts. In the years where no increases in base rent amounts will occur, the process is less stringent and Board approval is not required for the base rent amounts.

RECOMMENDA TION

Although not specifically required, the Organization should consider requiring Board approval of the base rent schedule for the Organization on an annual basis, regardless of whether an increase occurred or not. Ideally each year the base rent schedule for the next year (whether unchanged or increased) should be provided to the Board, and once approved, should be memorialized within the Board minutes.

OBSERVATION

The Organization has practices in place regarding the collection, recording and depositing of tenant rents and other forms of collections. Included in those measures are the matching of the receipts generated through CHAS to the cash receipts report, as well as the deposit slip to the bank deposit receipt. However, the process does not ensure that the receipts generated through CHAS and cash receipts report (currently matched) agree with the deposit slip and bank deposit receipt (separately matched)

The triangular matching of funds received, funds posted to CHAS and funds deposited to the bank on a daily basis is a critical control to ensure all funds received are properly receipted, posted and deposited into the Organization's bank accounts. Due to the small staff size and limited capacity, there is little to no segregation of duties over the cash receipts process, and most employees have access to collect and record payments received. Therefore, someone independent of collecting, recording and depositing cash receipts (i.e. Executive Director) should perform the triangular reconciling on a daily basis.

RECOMMENDA TION

The Organization should implement a new procedure to ensure that the cash receipts are reconciled on a daily basis. The cash receipts report together with the receipts generated through CHAS should be forwarded to the Executive Director on a daily basis, along with the daily deposit slip and bank deposit receipt

The Executive Director should match the daily cash receipts report and receipts generated through CHAS to the deposit slip and deposit receipt, and once agreed, should initial the cash receipts report and/or bank deposit receipt evidencing his review. Once approved, the cash receipts report, CHAS receipts, deposit slip and bank deposit receipt could then be routed back to the respective individuals for maintaining and filing.

OBSERVATION

In reviewing the approved budget for McKenna, I noted the budget included allocated costs of 9% with the exception of the Executive Director's salary, which is allocated to McKenna at 32%. Through inquiry of the Executive Director and Finance Director I learned the allocation was based on the Executive Director acting in the capacity of the property manager for McKenna.

f Housing Authority of the Town of Wallingford Page 10 SOI'I'lI/her 4.211111

Therefore, the Executive Director's compensation was allocated based on 25% plus an additional allocation of his time as he oversees all the properties, to equate to 32%. The allocation has been reviewed and approved annually by CHFA as well as the Organization's outside auditor. The Housing Authority Management Plan (annual budget) filed for the effective date of 7/1/2010 that included this allocation also contained the signature of William R. Fischer, dated 6/16/10.

I learned that McKenna comprises 30 of the total 317 units for the Organization, and that the vacancy list for McKenna had been frozen with no new applicants being accepted. It was unclear to me how 30 units with a frozen waiting list could comprise 25% of the Executive Director's time, to justify the allocation of his compensation to this program, and therefore recommend the Board conduct an independent study of the Executive Director's time and efforts to justify the 32% allocation to McKenna.

RECOMMENDA TION

The Board should consider implementing a daily timesheet tracking measure or other means to be used by the Executive Director to track the daily time and efforts of the Executive Director, to objectively identify the most appropriate allocation of his compensation to all of the programs including McKenna. The same timesheet tracking should be used to identify on a daily basis the use of any sick or vacation time, and the timesheets should be forwarded to payroll to be used in payroll and benefit processing.

OBSERVATlON

Employees with a need to access the accounting system (CHAS) are assigned a user id and password. Access to the system and areas within the system are based on employee's areas of responsibilities. However, access has not been assigned on a task level, and therefore employees may have more access than needed to complete their job responsibilities. Ideally the Organization should limit employees' access only to those specific areas they need.

One area of concern in particular pertains to non-cash credits or adjustments within accounts receivable. Under the current configuration any employee with access to accounts receivable has the ability to post non-cash credits and adjustments to tenant unpaid accounts (accounts receivable). Under this configuration employees with access to cash receipts could divert the payments and conceal their diversion by adjusting the tenant account balance off the books, thereby minimizing their risk of detection,

RECOMMENDATION

The Organization should establish user access levels within CHAS to specific tasks within each area, with task access limited to those areas needed to complete each employee's job responsibilities.

Specific to accounts receivable, non-cash credits and adjustments, access to post these transactions should be limited through the CHAS system to one designated individual, ideally an employee who does not regularly collect, record and post cash receipts or follow-up on unpaid tenant balances.

t Housing Authority of the Town of Wallingford j(J1"C1t.ric nCCOlllltillg .tcrn'cex.. flt

Page 11 SO"l"mncr -I, 20 1(/

OBSERVAnON

Due to the limited size and segregation of duties of the Organization, the Organization should implement a procedure whereby a report is generated each month through CHAS identifying every non-cash credit and adjustment posted during the month. The report should be reviewed and approved by the Executive Director, and preserved monthly evidencing compliance with this procedure. Any unknown or unusual transactions should be researched prior to approving.

RECOMMENDA TION

The Organization should require that a report is generated and reviewed by the Executive Director each month comprised of all the non-cash credits and adjustments posted to tenant accounts during the month. The report, once initialed and approved, should be saved as evidence the procedure was completed.

OBSERVATION

Once a year any old tenant unpaid balances are identified for writing off. Once identified, the tenant write-offs are presented to the Board for approval, and approval is documented in the Board minutes. Once approved, the tenant balances are written off the CHAS system. There are no measures currently in place to review the tenant balances actually written off against the

. balances approved for write-off, and therefore a risk exists that account balances not approved for write-off could be written off.

RECOMMENDA nON

The Board should require a report be generated through CHAS once the approved tenant balances have been written off, identifying the tenant balances actually written off, and the report should be reviewed and compared to ensure only the approved tenant balances were written off. The report should be reviewed and approved by the Executive Director, and once approved, should be initialed and dated providing evidence the procedure was completed. The initialed and dated report should be maintained as evidence of compliance.

OBSERVATION

Vacant units are currently tracked manually on ledgers, with limited information regarding vacancies maintained within CHAS. Ideally a report should be generated through CHAS on a periodic basis identifying all the vacant units, and someone independent of maintaining the unit occupancy and vacancy information should go out to the properties on an unannounced basis to verify all the reported vacant units are in fact vacant. Without such a procedure there is a risk that a unit could in fact be occupied and the corresponding monthly rent being diverted from the Organization without any risk of detection.

RECOMMENDATION

The Board should require a report be generated through CHAS on a periodic basis identifying all the vacant units at that time. The Executive Director and/or a member of the Board should visit the properties on an unannounced basis, to independently and objectively verify that each listed vacant unit is in fact vacant. The report, once verified and initialed, should be maintained evidencing performance of this periodic verification process.

t Housing Authority of the Town of Wallingford IOJ"('lH"ic ae-counriug .w'rr;ccs. lle

Page 12 .\',,!'elllner 4, ~Ul(}

OBSERVATYON

The Organization currently does not have anyon-line access to monitor the bank accounts and banking activity via the Internet. A significant amount of fraudulent activity regularly occurs within bank accounts, and without the means to monitor the bank activity on a daily basis, any unauthorized or fraudulent activity posted to any Organizational account would not be detected until the physical receipt of the monthly bank statements. A minimum of one user should be established with the Organization's banks with read-only access, and procedures should be implemented to reqUire the monitoring of the Organization's primary bank accounts' activity on a daily basis. Ideally there should be two separate users established with read-only access to ensure the uninterrupted monitoring due to vacations and illnesses.

RECOM MENDA TION

The Board should consider working with the Organization's banks to establish users to allow read-only access to the Organization's primary bank accounts via the Internet, to enable the daily monitoring of bank activity for any unauthorized or fraudulent activity. Ideally the Organization should establish two designated users with read-only access to allow uninterrupted monitoring due to vacations and illness. The Organization's policies for on~line

banking should prohibit the sharing of banking user ids and passwords.

OBSERVATION

Under the existing practices all tenant security deposit information is maintained manually within ledgers. Ideally the tenant security deposit information should be maintained within the Organization's accounting system (CHAS), and reports should be generated through CHAS on a regular basis reporting the security deposit actiVity and balances. The CHAS reports should also be corroborated regularly to the manual ledgers historically maintained.

RECOMMENDATJON

The Organization should research the tenant security deposit capabilities of CHAS to determine if tracking and reporting of tenant security deposits can be accomplished through CHAS, and if so, how it can be accomplished directly within the CHAS, versus (or in addition to) the currently maintained manual ledgers. If such capabilities do exist, the Organization should implement policies and procedures to capture all tenant security deposit activity within CHAS, as well as report through CHAS on a monthly basis the tenant security deposit activity and balances.

OBSERVATION

Article IV - Meetings, Section 4, Item #5 of the By-Laws dated December 10, 2009 indicated "Bills in excess of $600 for Authority approval before payment." The way this section of the By­Laws is worded is ambiguous and may not reflect the intentions of the Board. In some cases an expense greater than $600 was approved in advance of making the purchase, and in some cases the expense was incurred but not paid until approved. The By-Laws should clearly state the requirement, such as "any expense to be incurred greater than $600 needs to be approved prior to incurring the expense."

RECOMMENDA TION

The Organization should revise the By-Laws to better articulate the purchase approval requirements, whether it is to require prior approval in advance of incurring any expenses greater than $600, or if it is to require purchases greater than $600 to be approved before

t Housing Authority of the Town of Wallingford jiJre1l.,-;ic (lcc.:mllilillg scrviC'l's, lEt

Page 13 .\'OI'l"f/lhcr 4, ::U I ()

payment is made. Once clarified, all future purchases should adhere to the specified requirement of the By-Laws.

OBSERVATrON

Article IV - Meetings, Section 13 of the By-Laws dated December 10, 2009 indicated in part "Sealed competitive bids. All contracts ... involve the expenditure of more than four thousand dollars ($4,000)."

Article IV - Meetings, Section 13a of the same By-Laws indicated in part "If the several parts of such work, supplies, or personal property shall, together, involve the cumulative expenditure of more than twenty-five thousand dollars ($25,000) in a given fiscal year, they too, shall be bid. Such bidding may be waived by vote of the Authority when the public interest so requires, provided the reasons for such waiver shall be set forth and made public. If the total cost to the Authority in a given fiscal year exceeds thirty thousand dollars, the bidding cannot be waived."

The way this section of the By-Laws is worded is ambiguous and may not reflect the intentions of the Board. Prior approval is required for purchases over $600, and sealed bids are required for purchases over $4,000. The aggregate of purchases over $25,000 require bidding, but can be waived with approval, but if the cost exceeds $30,000, the bidding cannot be waived. One gap is for aggregate purchases between $25,000 and $30,000 not presently addressed. The By-Laws should clearly state the requirement for each level, such as "expenses over $4,000 require a bid, and accumulated expenses in any given year totaling $25,000 or more require a bid. Obtaining bids can be waived with approval up to $25,000, however, no waiver is allowed for individual or aggregate purchases over $25,000."

RECOMMENDATION

The Organization should revise the By-Laws to better articulate the purchase requirements, and ensure that there are no gaps in the policy. One suggestion is as follows: All individual purchases below $600 do not require approval to incur the expense. For purchases between $600 and $4,000, prior approval is required before incurring the expense. Purchases over $4,000 require competitive bids to be obtained. Individual purchases below $4,000 but in the aggregate during the same fiscal year totaling $25,000 require bids, but such bidding can be waived with Board approval. Individual purchases in the aggregate during the same fiscal year totaling more than $25,000 cannot be waived.

Once clarified, all future purchases should adhere to the specified requirement of the By-Laws.

OBSERVATION

Under the existing controls, the Organization's blank check stock is maintained in a segregated drawer, however control is not limited to authorized individuals as the drawer is not locked. The Organization's check stock needs to be locked up when not in use, with access limited to authorized individuals. Securing the blank check stock in a locked drawer, limited accessing to authorized employees, is a requirement of the DECO Manual referenced earlier (Controls over blank check stock).

RECOMMENDATfON

The Organization should document and implement a policy whereby the blank check stock is to remain locked with access limited to authorized employees when the blank check stock is not in use. A similar policy should be documented and implemented over the maintenance of voided and returned checks (and/or check images).

t Housing Authority of the Town of Wallingford !orcl/.ric accounting ,n.:n:;ces. llc

Page 14

OBSERVAnON

Due to the Organization's size and limited capacity, the existing configuration possesses limited to no segregation of duties over cash disbursements, with the exception of check signing. The same individual is responsible for receiving and processing vendor invoices, entering vendor invoices into accounts payable, selecting invoices for payment, generating the checks, matching the checks with supporting invoices, mailing the payments to vendors and safeguarding the blank check stock. Under the existing configuration issues could occur within accounts payable and cash disbursements with limited to no means of detection.

One measure to segregate the duties and implement a compensating control is to re-engineer the vendor payment process to ensure that once the checks are signed they are not returned to the individual responsible for generating them. By having the Organization simply reverse the order of procedures currently completed, the checks do not have to be returned to the individual. Ideally the checks should be provided to the signers ready to be mailed to the vendors, with postage attached and the items required to be included with the payment already in the envelopes. Once signed, the checks can be added to the envelopes, the envelopes sealed and mailed out, and only the supporting vendor invoices need to be returned to the individual for filing.

RECOMMENDATION

The Organization should re-engineer the cash disbursement process to better segregate duties, and reqUire checks requiring signatures to be forwarded "mail ready" for the vendors. Once the checks are signed, the signed checks should be added to the envelopes and directly mailed out, and only the supporting invoices should be returned to the individual who processes accounts payable and generates the checks.

OBSERVAnON

Due to the Organization's size and limited capacity, the existing configuration possesses limited to no segregation of duties over cash disbursements, with the exception of check signing. Invoices are received and forwarded for approval, and once approved, are held until due for payment. Invoices to be paid are posted to accounts payable, selected for payment, checks are generated, and the supporting invoices and unpaid invoices are maintained by the same individual.

The Organization should consider adopting a new procedure whereby invoices are posted into accounts payable as they are received and approved for payment. All approved invoices should be entered along with "intuitive" due dates (i.e. when payment is likely due based on the terms). On a weekly basis the procedures should require a report be generated identifying invoices to be paid. The report should be forwarded to the Executive Director for review and approval, and once approved, the Executive Director should initial and date the report. The report should then be returned to accounts payable authoriZing the generation of checks, and the report should be saved as evidence of this control. Once the checks are generated, the checks should be matched to the report to ensure only the approved checks were generated,

RECOMMENDA TI0N

The Organization should consider adopting, documenting and implementing the procedure requiring all approved invoices be posted into accounts payabte, and that weekly the accounts payable report is generated, reviewed and approved by the Executive Director prior to generating any checks. The report should be initialed and dated by the Executive Director, and

t HOUSing Authority of the Town of Wallingford ji)rC'l1"ic accounting scrFic{!Y. {[c

Page 15 .\'(JI·embcr 4. ::010

saved in the files. Once checks are selected and generated, the checks should be matched to the report to ensure only the approved checks were generated.

OBSERVATYON

The Executive Director indicated there was a second individual who was capable of processing accounts payable and cash disbursements in the event the primary individual was unable to process. It was unclear to me what level of experience, if any, the backup individual had with accounts payable and cash disbursements, or when the last time the backup person processed either, if ever. The backup individual needs to be trained in these areas, needs to process transactions within both areas on a periodic basis to remain current, and needs to process transactions in both areas when the primary individual is unavailable, such as during vacations and illnesses.

RECOMMENDA TION

The Organization should ensure that the backup individual for accounts payable and cash disbursement processing is duly trained and efficient in both areas, to ensure minimal disruptions in processing in the absence of the individual primarily responsible for these areas. Ideally once the individual is trained, the individual should be required to process transactions in both areas on a periodic basis, as well as when the primary individual is unavailable during vacations and illnesses.

OBSERVATION

It was my understanding that the Organization does not currently have any traditional credit card accounts. However, four charge cards do exist and are in use by the Organization, including Citgo, Exxon, Home Depot and Lowe's. No written policies exist regarding the authorized use and limitations of the use of these cards by users, such as no personal use of these cards and any purchases with these cards require original supporting receipts for every purchase. In the event of an employee abuse or personal use of a card, there are no written and distributed policies identifying approved versus unapproved usage, as well as no documented consequences.

RECOMMENDA TION

The Organization should adopt, document and distribute a policy and procedure over the use of any credit card or corporate account maintained and/or paid by the Organization. The policy should prohibit any use for personal purchases, and should require that original receipts be provided in a timely fashion for any purchases on these cards or accounts. Once documented, each employee with access to these cards or accounts should be required to sign an acknOWledgement of the new policy and procedure, and the signed acknowledgment should be maintained within each employee's personnel file.

OBSERVATION

The Organization does not have any documented policies or procedures regarding reimbursing employees for expenses incurred or paid for or on behalf of the Organization. Under the existing configuration employees submit expenses or requests for reimbursement under different means. The Organization should utilize a standardized form for all employees to submit expenses for reimbursement The adopted policy and procedures should require employees to submit original receipts supporting every expense requested for reimbursement,

t Housing Authority of the Town of Wallingford jtJrell.n'c accoullting .'icn:i(,f:.'.\'.!lc

Page 16 '\'''I'emhcr 4, 20111

and the employee's supervisor should approve the form prior to payment. The adopted policy should be included right on the face of each form clearly informing the employee of the requirements each time a form is completed and submitted.

In addition, I noted the Executive Director's submitted expense reimbursement forms were approved by the Executive Director. The Organization's policies and procedures should ensure that no one individual has the authority to approve transactions involving themselves.

RECOMMENDA TION

The Organization should adopt, document, approve and disseminate a policy and procedures over employee expense reimbursements. The Organization should develop a standard form for use by all employees seeking reimbursement, and the policy and procedures should be incorporated on the face of each form. Employees seeking reimbursement should be required to complete a form, attach original receipts for each item submitted (with the exception of mileage), and forward the form to their supervisor for approval.

In the instance of forms submitted by the Executive Director, the form with attached supporting receipts should be approved by a Board member prior to payment. The policy and procedures should require that no individual can approve a form submitted for himself or herself.

OBSERVATION

I was provided many Board resolutions regarding travel and meal requirements, limits, policies and approvals, including: #1004 dated 12/15/81; #1157 dated 10/24/89; #1229 dated 6/23/92; #1234 dated 11/24/92; #1331 dated 9/24/96; mileage rate $.55 dated 2/24/09; and mileage rate $.50 dated 2/4/2010.

Based on a review of past travel expenses of the Organization, it appeared historically travel expenses included advances for daily allowances, or lump sum amounts. In the case of "travel" advances, an accounting was required of the advanced individual along with original supporting receipts, with any excess funds returned to the Organization and any shortages of funds reimbursed to the individual. The travel portion would qualify as an "accountable plan," as defined within IRS Publication 463, and based on the IRS requirements, would not be included within the individual's gross compensation for W-2 purposes.

However, for "meals", a daily allowance was provided as a lump sum, with no accounting or original receipts required to be submitted supporting how the funds were spent and any unspent funds returned to the Organization. The lack of accountability and supporting documentation would cause the lump sums paid for "meals" to fall with the IRS' definition of a "non-accountable plan" as defined within Publication 463. Under a non-accountable plan, any funds advanced to individuals are required to be included within the individual's gross compensation for W-2 purposes, and the individual could deduct any expenses incurred through Form 2106 attached to their Form 1040, provided they could support with original receipts their expenses.

I determined the amounts advanced to individuals by the Organization in lump sums as "meals" were not included in individuals' gross income for wage reporting purposes (Form W-2). The amount of the inclusion for these advances for the past years was not determined as part of this engagement. The last known travel reimbursement form submitted by the Executive Director was in 2007.

RECOMMENDA TION

The Organization should adopt, document, approve and implement a policy and procedures requiring employees to account for any business expenses incurred and/or paid, whether in

t Housing Authority of the Town of Wallingford !oreJJ,\'ic accou1lt.jug scrl"icrx. lie

Page 17 NOI'elllhcr':, ]O! ()

advance or in arrears, and require supporting original receipts for all expenses. If adopted, documented and implemented, there should be no instances where lump-sum amounts would be advanced without requiring a corresponding accounting and supporting receipts along with the return of any excess funds, and therefore the actiVity should remain within an "accountable plan", alleviating the Organization's requirement to include any advances on individuals' gross compensation for W-2 purposes.

OBSERVATION

Although presently parked at the Organization due to pending litigation, historically a vehicle was available for business and personal use by the Executive Director. An estimated business use was provided by the Executive Director at 50%, and no mileage logs have ever been maintained substantiating that business use percentage although required to be maintained per IRS requirements.

A calculation consistent with IRS Publication 15-8 was made to determine the personal use value for the vehicle, and the amount appeared to be appropriately calculated and included within the Executive Director's gross compensation for W-2 purposes. This amount covered the personal use of the vehicle itself, or the personal portion of the vehicle's fair value.

However, the Organization also paid for all the fuel used by the Executive Director, for both business and personal uses. IRS Publication 15-8 also required the Organization to include as gross income for W-2 purposes the personal portion of fuel costs paid by the Organization on the Executive Director's W-2. The personal portion of fuel was not included within the gross compensation for W-2 purposes of the Executive Director, although the requirement to include the amounts was highlighted on the Organization's copy of IRS Publication 15-8 (page 23) in their files. I was unable to determine why such required amounts were not included within the Executive Director's gross compensation for W-2 purposes. I did not undertake calculating the amounts that should have been included as part of this engagement.

Further, I determined no mileqge logs were maintained by the Executive Director, although required by the IRS, to objectively calculate the actual business versus personal use of the vehicle. In order for the vehicle to be considered a business vehicle, the business portion must exceed 50%. Mileage logs must be maintained to ensure the business mileage requirement is

.met, and if not maintained, or if the vehicle fails to meet the 50% business use, the vehicle will be considered a personal vehicle.

Mileage logs would once again be required to objectively determine the actual business miles that could be submitted for reimbursement to the Organization at the IRS rate, provided the costs were paid by the individual and not the Organization.

RECOMMENDATION

A mileage log must be maintained for every vehicle available for personal use of the Organization. The mileage logs should be used to calculate the business versus personal use of the vehicle, and satisfy the IRS requirement of greater than 50% business use. If the greater than 50% business use is satisfied annually, then the personal portion of the value of the vehicle and the personal portion of the costs must be calculated based on the logs and costs and included within the individual's gross compensation for W-2 purposes.

Conversely, if the mileage logs fail to satisfy the business use of the vehicle, then the vehicle would not meet the requirements of a business vehicle, the use would be considered personal use, and potentially the full value of the vehicle and the costs paid by the Organization would be included in the individual's gross compensation for W-2 purposes. If the vehicle was used for

t Housing Authority of the Town of Wallingford jine/Bie accuul1ting ....-en·;cl'.\·, lie

Page 18 N"l'~l1/hcr.f, lOll!

any business purposes, the business miles could be submitted to the Organization for reimbursement at the IRS applicable IRS mileage rate.

OBSERVATION

Due to the size of the Organization and limited capacity, there is no segregation of duties over bank reconciliations. The Organization's bank statements are received in the mail and opened by the same individual who is responsible for virtually all aspects of accounts payable and cash disbursements. There has been no review of the bank statements by someone independent prior to reconciling, and no review and approval of the completed bank reconciliations. Under the existing configuration unauthorized activity could occur within accounts payable or cash disbursements with little to no means of detection.

Ideally the bank statements should be received, opened and reviewed by someone independent of the accounts payable and cash disbursements processes, such as the Executive Director. Once received and opened, the designated individual should review all statements for reasonableness, initial and date the statements, and then forward the statements for reconciling.

"Bank statements are to be independently reconciled by someone other than employees who keep the cash record" is a requirement of the DECD Manual referenced earlier (Controls over bank reconciliations).

Once bank reconciliations are completed, they should be forwarded to the Executive Director for review and approval. This will ensure the bank reconciliations are in fact completed in a timely fashion each month. The reconciliations should be initialed and dated, evidencing the review had been completed, and then forwarded for filing.

RECOMMENDA TION

The Organization should adopt, document, approve and implement policies and procedures to ensure that all bank statements are received unopened and reviewed for reasonableness by someone independent of accounts payable and cash disbursements, ideally the Executive Director, each month. Once opened and reviewed, the statements should be initialed and dated evidencing the review.

The completed bank reconciliations should be forwarded to the Executive Director each month. Once received, the reconciliations should be reviewed, initialed and dated, and then returned for filing.

OBSERVATION

To ensure controls at every level of the Organization, the bank statements and reconciliations should be organized into three ring binders, with one binder maintained for the primary operating account and a separate binder for all the other accounts Each binder should be established with tabs separating the information. The tabs for the operating binder should be by month, and the tabs for the second binder should be used to segregate each account.

Designated Board members should review the binders at least quarterly, ideally by one of the check signers, to identify any unusual or unauthorized activity or transactions. The Board member should initial the statements as they are reviewed to provide evidence of their review.

./iJrcJ I1Jic ({C("(lllllli"K xerFicl'.r. lief Housing Authority of the Town of Wallingford Page19 :\'ol·"lIIh"r-l. JOIn

RECOMt·/IENDA TION

The Organization should modify existing financial procedures to require the development and maintenance of binders containing the monthly bank statements and reconciliations. The binders, once established, should contain the statements for each account for the fiscal year, segregated by account.

The Organization should implement a policy and procedure whereby a designated Board member reviews the binders on a quarterly basis (or more frequently), ideally by one of the check signers. Once reviewed, the Board member should initial the statements evidencing their review. These added controls will help detect if any unauthorized activity occurred since the last review.

OBSERVAnON

The Organization does not have any documented personnel policies or procedures, nor a personnel handbook that has been distributed to all employees. Not only is this a best business practice of every employer, it is a specific recommendation identified within the "Asset & Property Management Manual" issued in draft by the Connecticut Housing Finance Authority ("CHFA").

RECOMMENDATION

The Organization should develop and document the employment policies and procedures, and once documented, should have counsel review them for adequacy prior to submitting them to the Board for review and approval. The Organization's counsel who primarily represents the Organization with personnel issues should be the counsel who reviews the drafted policies. Once reviewed by counsel and updated as needed, the policies (or employee handbook) should be reviewed and approved by the Board. Once approved, the policies should be distributed to all existing and new employees, with signed acknowledgements obtained and maintained within each employee's personnel file.

OBSERVATION

Payroll for the Organization is processed internally using the payroll system within CHAS. One designated individual is primarily responsible for all aspects of payroll processing. Under the existing configuration the Organization has limited to no segregation of duties over payroll. A second individual has been identified to process payroll in the event of an absence by the person primarily responsible. The back-up individual is knowledgeable of the payroll process, and has processed payroll in recent history

The back-up individual presently accesses the payroll system within CHAS using the user id and password assigned to the individual primarily responsible, The Organization should have policies in place to prohibit employees from sharing user ids and/or passwords. Individuals with access requirements should have the ability to access the areas needed using their assigned user ids.

RECOMMENDA TION

The Organization should identify, document, approve and implement policies that prohibit employees from sharing user ids and/or passwords. Ideally these policies should be incorporated with the other computer and personnel policies and procedures discussed throughout the report.

t Housing Authority of the Town of Wallingford IorClI.ric acc:orurcillg .\"erl.'ice.r. Ilc

Page 20 f\'rJl"'lIIbcr 4. :!O]II

The Organization should also ensure that each employee that requires access to the Organization's systems and applications has a unique user id and password assigned that enables each employee to complete their responsible tasks when logged in under their user id.

OBSERVATION

Article III - Officers, Section 9. of the By-Laws dated December 10, 2009 indicated "Wallingford has a civil service system. All appointments and promotions except the employment of the Secretary/Executive Director shall be based on examinations given and lists proposed under such laws and shall apply to the Housing Authority and it's personnel."

I inquired regarding the civil service procedures in place for the next full-time hire. I learned the Organization was in the process of determining what that process would be and how to follow it, and based on my inquires, there was no clear response on how it would work.

RECOMMENDATION

The Organization should continue to investigate how the civil service process works and how it will be implemented within the Organization's hiring process. Once identified, the process should be documented and incorporated with all the other documentation described throughout my report.

OBSERVATION

The Organization utilizes a form for any new hires, and the form is used to add the approved new hires onto payroll. For changes to existing employees and terminations, no such standardized form or document exists. The Organization should adopt a standardized form to memorialize any changes to employees, such as new hires, changes and terminations. The form should be completed and approved prior to making changes within payroll, and then maintained in the personnel files.

RECOMMENDA TlON

The Organization should develop and implement a single form to memorialize any changes made to any employees. One form with check boxes could be used for any new employees, as well as changes to existing employees a,nd terminations.

The form should be required to be completed and approved prior to forwarding to payroll. The payroll system should only be updated upon the receipt of an approved form, and the form should be maintained within the employee's personnel file.

OBSERVATION

The Organization utilizes a checklist for each new hire, and the checklist identifies all the steps or issues to be addressed with every new hire. However, the Organization does not utilize a similar checklist for terminated employees. The termination checklist should identify all the items and issues to be addressed with each termination, and would help ensure that steps are not missed with a termination, such as failing to remove an employee from the Organization's benefits .

.t Housing Authority of the Town of Wallingford jiJF('IIJic acalll1t,ing .H'rvh·es, Ill.'

Page 21 .\'()I'clllhcr -I. 2U}1I

RECOMMENOA T10N

The Organization should develop, document, approve and implement a termination checklist containing all the items and issues to be addressed as part of every termination. The checklist, once completed, should be maintained within the terminated employee's personnel file.

OBSERVATION

Under the existing practices, each payroll period the unsigned payroll checks are maintained in an unlocked desk drawer, and not locked and secured within the safe. Similarly, once the paychecks are signed, they are maintained in an unlocked drawer pending distribution to employees Under these practices the payroll checks are not secured with access limited to authorized employees.

RECOMMENDA TION

The Organization should modify existing practices and document a policy and procedures that require all checks to be maintained within the locked safe or fireproof cabinet pending signatures, and also for the signed checks pending distribution. Access to unsigned and signed checks should always be limited to authorized individuals.

OBSERVATION

As noted earlier, due to the limited size and capacity of the Organization there is little to no segregation of duties within the payroll process One compensating control the Organization should implement involves the independent review of payroll reports on a regular basis.

Payroll reports consisting of the payroll register, labor distribution report and payroll pay list should be generated each pay period and forwarded to the Executive Director for review and approval. Once reviewed, the Executive Director should initial the reports evidencing his review, and then the initialed reports should be saved for the fiscal year.

RECOMMENDA nON

The Organization should modify practices to ensure the payroll register, labor distribution report and payroll pay list are generated each pay period and forwarded to the Executive Director for review and approval. The Executive Director should initial the reports once reviewed evidencing his review process, and the reports should be maintained for the fiscal year. A second control should be considered whereby a Board member periodically reviews the reports as well to ensure adherence to the policies and procedures.

OBSERVATION

Employee sick and vacation time is tracked manually within Excel schedules. Upon my review of the Excel schedules I learned the Executive Director used 25.5 hours more of vacation time in 2009 than was earned and accrued in 2009, resulting in a deficit at the end of 2009 of 25.5 vacation hours for the Executive Director. For tracking purposes, I learned the deficit of 25.5 hours was rolled into the accrued vacation balance for 2010. No written evidence of approval to use vacation time beyond the earned and accrued amount was identified, and the Executive Director indicated Commissioner Prentice verbally approved the time taken.

I reviewed the Executive Director's sick and vacation tracking for the period 2004 through 2010, and independently verified the accuracy of the vacation tracking resulting in a deficit of 25.5 hours for 2009.

t Housing Authority of the Town of Wallingford Page 22 .\'ol"l'lIIbcr -I, ]11111

I reviewed the tracking of all the other employees fOI' the same time periods, and no other employees appeared to use vacation hours beyond their amounts earned.

RECOMMENDA TION

The Organization should verify that Commissioner Prentice approved in advance the excess time used by the Executive Director in 2009. The Organization should also implement policies and procedures to address requests of any employee to utilize benefits beyond those earned, to determine what levels of approval would be appropriate for such requests, and to require each request and approval be documented for the files.

OBSERVATION

I inquired of personnel and identified that no performance reviews have been performed for any employees, and as such no performance reviews were maintained within the employees' personnel files.

Article III - Officers, Section 1Gb. of the By-Laws dated December 10, 2009 indicated "The ED will conduct annual performance evaluations of each staff member for the proceeding year. Such evaluation will be conducted prior to the Authority's annual meeting. They will be based on a previously determined job description Prepared by the ED and approved by the Authority Commissioners and given to the appropriate staff member. The evaluations to be submitted to the Authority Commissioners at the Authority annual meeting for review."

The Organization should be completing and delivering employee performance reviews minimally on an annual basis, and maintaining the performance reviews within the employees personnel files. Under the new By-Laws, performance reviews should be expected this year.

RECOMMENDATION

The Organization should ensure that employee performance reviews are completed for, and delivered to, each employee in compliance with the By-Laws dated December 10,2009.

The Board should also discuss with counsel whether the requirement of the new By-Laws requiring each performance review to be presented at the Annual meeting is appropriate versus maintaining the performance reviews as confidential relating to each individual's employment, and revise the By-Laws if needed based on that determination.

OBSERVATION

I inquired of the Finance Director as well as the Maintenance Supervisor, and learned that no physical comparisons of listed fixed assets to actual assets on hand have occurred in recent history, perhaps not in the last 5-6 years per the Maintenance Supervisor. The annual comparison requirement is outlined as a requirement of the DECO Manual referenced earlier (Furniture and Equipment).

RECOMMENDATJON

The Organization needs to modify practices and adopt a new procedure Whereby at least annually the list of fixed assets is physically compared to actual assets on hand, and any discrepancies investigated and resolved.

The written procedures should require fixed asset forms to be completed by Maintenance, and once completed be forwarded to finance for adding the new items to the fixed asset listing (currently Excel spreadsheets).

t Housing Authority of the Town of Wallingford Page 23 ,'\'OI·('",I>C,. 4,20/11

OBSERVATION

The same fixed asset form utilized by Maintenance includes a disposal section. A form is completed for each item to be disposed, and the Board must approve all asset disposals. Once the disposals are approved, each form should be initialed by a Board member and be forwarded to finance to enable the disposed asset to be removed from the fixed asset listings.

RECOMMENDATION

The Organization should adopt a policy and procedures to require a form be completed for every asset item to be disposed. Once approved for disposal by the Board, each form should be initialed by a Board member and forwarded to the finance department to ensure the approved disposed items are removed from the detailed asset listings (spreadsheets).

OBSERVATION

Through inquiry of various personnel I learned no written or formal policy existed regarding approved or prohibited use of any tools or equipment of the Organization by any individual working outside of the Organization. The Organization needs to decide if employees can use tools and equipment outside the scope of the Organization. Once decided, a written policy is needed to inform all employees regarding the policies and procedures over the use (or prohibited use) of any of the Organization's tools and equipment outside the scope of the Organization.

RECOMMENDATION

The Organization needs to determine whether tools and equipment can be used by employees outside the scope of the Organization, and if available, the procedures to follow when borrowing items. Once determined, the policy and procedures should be documented, approved, and distributed to all existing and new employees, and can be incorporated within all the other documented policies and procedures.

OBSERVArJON

One designated individual is solely responsible for completing the month-end accounting as well as producing the monthly financial reports. Each month certain reconciliations are required to be performed, as well as journal entries and adjustments, prior to generating the financial reports. There is no checklist or other documentation identifying the process of the individual steps needed at the end of each month, and therefore the Organization is at risk that should there be an unexpected absence by the designated individual, there could be an interruption in the regular monthly close and reporting. The Organization needs to document and implement a month-end financial checklist to be utilized at the end of each month through generating the financial reports. The checklist should be in sufficient detail (step by step) so that someone else could perform the month-end procedures and reporting in a consistent fashion.

RECOMMENDA TION

The Organization should identify the required steps to process the monthly accounting information through generating the monthly financial reports. Once documented, the checklist should be used each month evidencing that each step was completed, and the checklist should become part of the monthly package reviewed by the Executive Director.

Additionally, the Organization needs to identify who would process the monthly accounting and financial reconciliations, entries and adjustments should the individual presently performing

f Housing Authority of the Town of Wallingford .lil/('/II;" (/(CII/I/II;lIgW'l';"e,\',/Ic

Page 24 .\'0",'",ha 4, 211111

those responsibilities be unexpectedly unavailable to complete a month-end close and the associated reporting,

OBSERVATTON

The financial reports are generated primarily by one designated individual with little to no independent review of the monthly reports prior to finalization, The Organization should have a

,process at the end of each month whereby draft financial reports are generated and then forwarded to the Executive Director for review, The Executive Director and the Finance Director should review the financial reports and post any adjustments as needed prior to finalizing the reports, The Executive Director should retain the draft financial reports reviewed evidencing that the review was in fact completed each month,

RECOMMENDA TJON

The Organization should document the monthly financial reporting procedures and include provisions to ensure that draft financial reports are generated and provided to the Executive Director each month, The procedures should require the Executive Director to review the draft reports, make any changes as needed, and retain the draft reports evidencing that the procedures were completed each month,

OBSERVATTON

The current financial reporting package provided to the Board each month is comprised of income statements with budgeted and actual results for each property, income statements and balance sheets for each property, a voucher detail report (the equivalent of a detailed general ledger report), and a vacancy report. The monthly financial package provided to the Board should be expanded to include additional information to enable the Board to oversee the financial health and operations of the Organization, a critical component of the Organization's internal control system, Additional information that should be provided would a listing of the delinquencies (accounts receivable), a listing of the accounts payable (who does the Organization owe) and any other pertinent financial information.

Ideally the financial package should be provided to the Board members in advance of their regular meetings, and it would then be incumbent on each Board member to review the detailed information provided and be prepared to discuss the reports and information at the regular meeting,

RECOMMENDA TJON

The Organization should expand the financial reporting proVided to Board members on a monthly basis. Board members should expand their level of review to include additional reports and information. The Board is an integral component of the internal control structure of the Organization, and is the control to review and approve transactions completed by all levels of employees below the Board. The expanded reporting coupled with the Board's review will also ensure that the employees are performing the required procedures in a complete and timely manner as well as ensure transactions and activity are completed in compliance with the Organization's documented policies and procedures,

t Housing Authori'tY of the Town of Wallingford fore/lsic rlr-colIl/ling .rcrvice.r, lie

Page 25 ,\'",'e/llhcr./, ]01 IJ

OBSERVATrON

No written policies and procedures were identified within the Maintenance area. Current practices dictate when individuals can access the maintenance building, and each employee has been assigned a separate access code and security system code. Documented and approved policies need to be approved and distributed defining when access is allowed to the buildings.

Recent system changes will allow the monitoring of actual employee access to determine if employees are in compliance with access policies and procedures. No such monitoring has commenced as of my procedures.

No policies exist regarding how employees should handle and report on-call activity, including punching in and out and completing work orders. Documented and approved policies and procedures are needed to ensure all employees perform on-call work in a consistent manner, including punching in and out and completing work orders.

RECOMMENDATION

The Organization should document and approve policies and procedures over the maintenance areas, including approved access to the buildings, monitoring actual access on a regular basis, and the on-call procedures and expectations of employees. Once approved, the policies and procedures should be distributed to all existing and new employees, and a signed acknowledgement should be obtained and maintained within the employees' personnel files.

Further, the Organization should ensure the Maintenance Supervisor generates and reviews access logs and reports on a regular basis to ensure employees are in compliance with access policies and procedures, and that no employees accessed the building without proper authorization.

OBSERVATION

The Maintenance Supervisor identified one maintenance employee who was currently working part-time and a second maintenance worker who was working closer to, if not, full-time, due to one of the permanent maintenance employees being out of work on workers compensation. The Maintenance Supervisor indicated neither employee was being paid through the collective bargaining agreement in place for maintenance employees. The current collective bargaining agreement covering maintenance employees expired on June 30, 2010, and I learned negotiations were in process for a new agreement. Upon reading the agreement that expired on June 30, 2010 I noted provisions for full-time and part-time employees performing maintenance responsibilities that excluded the Maintenance Supervisor and summer seasonal employees amongst others specified. The agreement did not further define "summer seasonal" and as these two employees continue working for the Organization after the summer season has ended, it was unclear to me why the two employees were not included and paid consistent to the expired agreement.

RECOMMENDA TION

The Organization should review the activities of the two individuals currently performing maintenance functions, and determine if either of these two individuals should or should not be appropriately paid consistent with the expired collective bargaining agreement currently being followed for the other maintenance employees.

, Housing Authority of the Town of Wallingford jIJrL'I1,\ic flCl'Olillfillg .n:n';ces, {{c

Page 26 S"","",hcr 4, :COlO

OBSERVATION

The Maintenance department, housed in a separate building, does not currently have access to the Internet or to email. On a regular (daily) basis the Maintenance Supervisor travels to the main building to deliver paperwork and to check emails, as well as access the Internet if needed. The Maintenance department should consider purchasing on-line access as well as a scanner, and once implemented, should modify their practices to eliminate the need to travel to the main building on a daily basis. Forms currently delivered could be scanned and sent via email to the main building, and communications could be sent via email versus in person.

RECOMMENDA nON

The Organization should consider adding Internet and email access to the Maintenance building as well as implementing a scanner to allow documents currently delivered and copied to be scanned and sent electronically via email to the main building. Policies, procedures and safeguards should be implemented to ensure only authorized individuals have access to the Internet and email. Internet and email activity should be monitored to ensure no individuals are abusing their access for personal and/or inappropriate and/or unauthorized purposes.

OBSERVATION

The maintenance department's work order system ("WorkPro") currently resides on the hard drive of the computer maintained in the maintenance department. The system is currently not on the Organization's file server, and is not backed up with other programs via the server tape backups. Rather, the system is backed up on CDs on a regular basis. A plan is in the works to move the program (and perhaps the entire computer) to the main building. If the entire computer is relocated, maintenance will need a new computer to continue operating the department, with access to email and the Internet as discussed earlier. Ideally the Organization should install and relocate the WorkPro system and data files onto the Organization's file server, to enable access from any computer on the network as well as allow the system and files to be backed up on the server tapes. As discussed elsewhere, the Organization should move away from installing and running programs from any individual computer's hard drive, and also maintaining all files on the server versus individual hard drives.

RECOMMENDA TION

The Organization should investigate the feasibility of relocating the WorkPro system onto the file server, and if feasible, transfer the associated data files onto the server as well. If not feasible due to system limitations or the age of the Word Pro system, the WordPro system should be installed onto the hard drive of a computer maintained in the main location. A backup strategy should be implemented whereby the data files are copied to a designated location on the file server on a regular basis to be included on the file server backup tapes.

OBSERVATION

One designated individual (Maintenance Supervisor) is responsible for coordinating all the maintenance activities, including prioritizing work orders and repairs, and delegating work orders to employees to be completed. There are no written policies or procedures within the maintenance department outlining how the maintenance department operates, and due to the lack of segregation of duties as well as lack of documented policies and procedures, there is a risk that maintenance activities could be interrupted in the unexpected absence of the individual primarily responsible for these activities (Maintenance Supervisor). Maintenance needs to

, Housing Authority of the Town of Wallingford jilrell.n'c aCl.'oulfrillg \'errin'x, llc

Page 27 .vO'·I·II/ncr -I, :!OIO

document their policies and procedures, including how work orders are received, accumulated, tracked, prioritized, assigned, completed and recorded so in the event the individual primarily responsible is not available, the person designated to fill that role would be able to continue maintenance activities in a consistent fashion with little risk of interruption, The documentation would also be beneficial to the Organization should there be a change in maintenance personnel,

RECOMMENDA TION

The maintenance department should document their policies and procedures, and once documented, should forward the documentation to the Board for review and approval. The documentation should include how work orders are received, accumulated, tracked, prioritized, assigned, completed and recorded, Once approved, the documented policies and procedures should be distributed to all existing and any new maintenance personnel, to ensure compliance with the policies and procedures, A copy of the policies and procedures should also be maintained outside of maintenance by the individual designated as the backup person to the primarily responsible individual (Maintenance Supervisor),

OBSERVATION

The Organization's practice is to schedule required annual inspections based on each individual property, Once inspected, a form similar to a work order is completed, documenting the inspection as well as identifying any required repairs. The inspection forms are posted as work orders into the maintenance software system ("WorkPro"), and once entered, the forms are maintained by maintenance in their file cabinets, Under the current practice there is no independent review process in place to ensure that maintenance does in fact inspect all the units annually, Since all inspection forms are entered into the WorkPro system, a report should be generated and reviewed on a regular basis to ensure inspections have been completed, and on a periodic basis inspections identified per the report should be traced back to the underlying inspection forms evidencing the annual inspections were in fact completed.

RECOMMENDA TION

The Organization should generate a report on a regular basis from the WorkPro system identifying the inspections that have been completed. The report should be reviewed by someone independent of maintenance, ideally the Executive Director, and on a sample basis, the supporting inspection forms should also be reviewed to ensure inspections have in fact been completed. The reports should be initialed and saved evidencing the independent review was performed.

The Organization should also consider implementing a two-part NCR (carbon less) form for future inspections, The form would continue to be completed as the inspection was completed, and the tenant should initial the form evidencing the inspection was completed, The yellow copy of the form would be left for the tenant's records, and the white copy 'used in place of the existing form. In the event the tenant was not present during the scheduled inspection, the yellow copy should be left for the tenant evidencing the inspection was in fact completed in their absence.

.t(Jrl'u.~·ic flCCOlI1Jfillg .\-{!rn'c('x, liet Housing Authority of the Town of Wallingford Page 28 :\'III'flllha 4. ~()l(}

OBSERVATION

Along the theme of transparency discussed earlier, the Organization should strive to avoid the appearance of less than full and meaningful disclosure. One example of this was found within maintenance or repair invoices, where the term "redecking" was used to identify renovation work to be completed. Such a term has no specific meaning or commonly known meaning, and when I inquired for a definition, I learned it basically meant renovations or redecorating based upon who I inquired.

The use of an ambiguous term or language will cause a reader to question what it means as well as ask why the understandable language was simply not used. If the work will comprise renovations to a unit, the description should not simply state that, rather than potentially mask the full description under a term readers will not recognize.

RECOMMENDATION

The Organization should develop and implement a policy that requires the work to be performed, whether on a contract, proposal or bid, to be spelled out in plain language, detailing what procedures and work will be performed. The policy should not allow the use of general or ambiguous terms unless they are specifically defined within the document, and in defining what the term means, should simply write a brief description rather than use a single term, such as "redecking. "

OBSERVATION

Under the current configuration of the Organizations computer systems, certain users maintain programs as well as data files on their individual computer hard drive. These individuals back up the files residing on their hard drives independently using USB jump drives (flash drives). Ideally, all programs and files used by, or created by, employees of the Organization should be maintained on the file server for both access and back-up purposes. The Organization should have computer policies and procedures that require employees to save all files onto areas within the file server so that the files are included on the tape backups.

RECOMMENDA TJON

The Organization should review the current system configuration, and create areas on the file server to enable all programs and files to be saved and accessed through the file server. User directories and user rights can be established at the file server level to control which users have access to which areas. The changes would ensure all systems and files were backed up daily onto the backup tapes, and employees could discontinue the present practice of backing up their individual workstations onto USB flash drives.

OBSERVATION

The Organization does not have any written policies regarding the approved use of the Organization's computer systems and software, including employees' use of the Organization's email and the Internet. The Organization should document policies and procedures r~garding

the approved and prohibited use of the computers, systems and applications, and once documented, should distribute the computer policies to all employees. The Organization should consult counsel on what issues should be covered within such documented policies. Employees should be required to sign an acknowledgement when providing the documented

t Housing Authority of the Town of Wallingford ./i'U'I/.\"l'C /lCClIlllHillg ,\'en'ic('s, Iff

Page 29 .\"1I1·"llIner-l,2010

policies and procedures, and the signed acknowledgements should reside within each employee's personnel file.

RECOMMENDA TfON

The Organization should identify and document policies and procedures governing the approved and prohibited use of the Organizations computer hardware and software. The Organization should consult counsel on what should or should not be included, and once documented and approved by the Board, the documented policies and procedures should be distributed to all employees. Employees should sign an acknowledgment when receiving the policies and procedures, and the signed acknowledgement should be filed within each employee's personnel file.

OBSERVATION

The Organization's file server is currently backed up onto tape backups, with two tapes currently in rotation. Both tapes are more than a year old, and no permanent archive tapes have been made or maintained off-site in the event of a disaster. The tapes are maintained on-site within the fire-proof safe. The Organization does not have any policies and procedures in place to regularly test the backup tapes, to ensure the backups are in fact valid and reliable should restoring from tape ever become a necessity. Ideally the Organization should have tapes less than a year old in rotation, the most recent tape removed from the Organization's premise each evening, and regular sample file restorations should be completed to ensure the backup system is reliable and working as designed.

RECOMMENDA TJON

The Organization should evaluate the backup and contingency policies and procedures regarding the computer systems, and ensure that full backups are being completed and removed off-site on a daily basis. Ideally the most recent tape should be brought home with a designated employee, and brought back in the following morning. The tapes in rotation should always be less than a year old, and the older tapes can be used as permanent archive backups when reaching more than a year old.

The Organization should perform regular restorations of files off the tapes to ensure the backup solutions are reliable and working as designed. The individuals responsible for these file restorations need to be trained on how to perform this function, and the steps should be documented similar to the accounting procedures.

OBSERVATION

It was my understanding that the software vendor (CHAS) maintains remote access to the Organization's system, primarily to conduct maintenance and repairs to the CHAS system when needed. It was unknown by what means CHAS gains access to the Organization's system, or whether the access is constant or upon request with their access controlled by the Organization. Any means of outside access by any authorized party to the Organization's systems should be controlled by the Organization, and the outside access should only be made available when access is required (versus having the outside access open and accessible all the time).

t Housing Authority of the Town of Wallingford .!{J}'CllU·C flC("oll/1{ing Jllr!:icC!J, lie

Page 30 SU"ell/her4, :111/11

RECOMMENDATION

The Organization should review their computer systems and determine what outside access points are available, as well as who has access through each identified access point. Ideally the Organization's systems should be configured so that outside access is not constantly available, but rather the Organization controls when someone can gain outside access to' any of the systems. The Organization should also have a system in place to monitor when outside access was utilized, along with who utilized the access.

OBSERVATrON

As part of my procedures, I met with Commissioner Hogan who provided me documents she indicated were provided to her by the Executive Director. The box of documents consisted of copies of resolutions as well as folders containing meeting minutes and other information. Commissioner Hogan indicated the documents provided her were in response to her request for copies of all financial policies and procedures, and that the records were copies for her to keep.

Upon my review of the records provided to Commissioner Hogan, I noted that there were original documents included in the information. I shared my finding and reviewed the documents with the Finance Director who confirmed the documents were in fact originals. I arranged for the return of copies of the records to Commissioner Hogan as well as the return of any original documents to the Organization to be maintained within their files.

The Organization should have policies that prohibit the release of original documents.

RECOMMENDATION

The Organization sllould adopt a policy and procedures whereby original documents are maintained and never released, and only copies of documents are provided upon request

* * *

Please review my report in detail, discuss my observations and recommendations with the Board and the Organization's personnel, solicit responses and action plans for each identified item, and follow up to ensure each recommendation has been satisfactorily addressed. Feel free to contact me with any questions. I am prepared to discuss the engagement and my report at a Board meeting should one that be desired.

Thank you for the opportunity to assist The Housing Authority of the Town of Wallingford

~ r1. '

edneau' , CPAfCFF, CFE, FCPA

ully SUbmittpfbtt

Ste he Member of the Firm

'/;JreJf.ric llC('/Illfllil1g .n:rricl'.\ I liet Housing Authority of the Town of Wallingford Page 31 ;Y,lI'ell/ner", ~(jJ(1