2006 Audit Recommendations - Status Tracking

	Audit: Financial Control Environment		(EMC Lead: K. Kirkpatrick / Staff Lead: Marian Simulik)
	Audit Recommendation	Management Response			Budget Implications 2007 or Beyond	Related Council Motions	Status Update / Comments

		Audit Management Response	Action Required Based on DCM Implementation Plan	Management Timelines (Q1- Q4)	($$ if known)		(Status, risks, issues regarding implementation, etc)
	OMNIBUS RESPONSE
8	That Financial Services Branch assign the overall responsibility for oversight of the City’s financial controls to Accounting and Reporting Division or another division within the Branch. That Accounting and Reporting Division develop and implement financial procedures, which would include the practice of reviewing a predetermined percentage of invoices and other financial instruments on a continual basis	Management agrees with these recommendations. This is to be considered a consolidated management response, to address audit recommendations 1, 2, 4 (a), 5, 6, 7, 8, 11, 20, 23 (b), 27, 38 and 40. It deals with the recommendations focusing on internal co		Q1/08	n/a	None	Complete. • FSB in the process of acquiring Audit Control Language (ACL) • See discussion of Compliance Review Universe under #1. • Part (a) Management has created and filled a position of Deputy Treasurer/Controller that will exercise oversight responsibility on behalf of the Treasurer. • Part (b). See comments on Policy & Compliance Unit under Recomm. #5, above. • The scope of compliance testing is dependent on the number of resouces available.
23b)	That Financial Services Branch monitor and document all cases of fraudulent activities, including occurrences where a fraudulent attempt failed and the items were turned back by the bank, and that these cases be reported to Corporate Security.	Management agrees with these recommendations. This is to be considered a consolidated management response, to address audit recommendations 1, 2, 4 (a), 5, 6, 7, 8, 11, 20, 23 (b), 27, 38 and 40. It deals with the recommendations focusing on internal controls and the Financial Management Information System (FMIS).	None	none	none	None	Complete A Fraudulent Cheque procedure has been in place since 2006.
38	That Financial Services Branch require that the FSU verify the levels of employee authority prior to the purchase order being issued to prevent improperly authorized expenses.	Management agrees with these recommendations. This is to be considered a consolidated management response, to address audit recommendations 1, 2, 4 (a), 5, 6, 7, 8, 11, 20, 23 (b), 27, 38 and 40. It deals with the recommendations focusing on internal controls and the Financial Management Information System (FMIS).	• Same as # 27, above; This responsibility will be assigned to the FSU • A comprehensive signing/delegation of authority project is currently underway. ITS collaboration will be required to store the database in a centralized location for access by all Financial Services Staff.	Q4	n/a	PBL/Delegation of Authority B/L	Complete Lists already exist and the FSU undertake this verification for centralized support. Authorities are established and embedded in SAP that restrict transactions for decentralized staff who have access.
	SECTION TWO: ALL OTHER RECOMMENDATIONS
15	That Financial Services Branch in conjunction with Parks and Recreation Branch implement a procedure requiring cash deposits to be prepared by at least two individuals to the extent possible. Although this will not eliminate the risk of collusion, it will reduce the risk of fraud and theft.	Management agrees with this recommendation and it is already is place. The comprehensive Cash Management Policy and Procedures manual requires that more than one person prepare the cash deposits, to the extent possible. Financial Services will continue to work with Parks and Recreation to enforce this requirement except in facilities where there is only one employee working, in accordance with the existing manual. Financial Services will also expand the scope of compliance reviews to include cash collection and management processes.	Parks & Recreation will be reviewing roles and responsibilities of staff preparing deposits and make changes as required to ensure policy is implemented. At those sites where circumstances dictate that the policy cannot be followed (ie, only one staff person on site), the Branch, in conjunction with Financial Services, will document those sites including a risk assessment.	Q3	n/a	None	Complete The policy is in place and being followed at all locations whose staff structure allows for two individuals to prepare the deposits. The Branch policy and procedure is in the process of being revised and additional documentation will be provided to address any exceptions.
16a)	That Financial Services Branch in conjunction with Parks and Recreation Branch establish a refund policy and procedure, setting out clear cut-off dates for refunds and part refunds and that these do not extend past a program’s end date.	Management agrees with this recommendation and it is already in place. The Parks and Recreation branch already has an established refund policy that states that refunds are not permitted after 50% of the program has elapsed.	None	none	n/a	None	Complete. Policy has been in place since May 2003.
18	That Financial Services Branch in conjunction with Parks and Recreation Branch retain documentation on the pricing review. Support staff should retain support of their findings in order to ensure that the pricing is accurate throughout the year and correctly entered by the programmers.	Management agrees with this recommendation. The current practice by Parks and Recreation is to retain records of the pricing review process. The Guide Review process requires that programmers sign in/out and authorize all editing and pricing accuracy by signing off on guide reports. These reports are held until the next guide is released		none	n/a	None	Complete. At each registration session the Program Coordinators enter the pricing information into the CLASS system, adding and deleting data as required. CLASS support runs the report for PC's to verify and make any changes/corrections/updates as needed. The report is re-run and sent to the Guide Committee who edit the report and put it into the Guide format. The hard copy is circulated to all PC's to review and formally sign off. This is sent to the printers and one more review is completed on the final Blues by the PC's with a second sign off and then it goes to print. CLASS support keeps all documentation on file.
24	That Financial Services Branch maintain a log of all cheque supplies whereabouts and perform periodical inventories and reconciliation of cheques on hand.	Management agrees with this recommendation and it was already in place prior to this audit. The cheque stock log is maintained inside the vault. All movement of cheque stock is duly noted in the presence of a second attendant. The log is maintained by Printing Services who is in custody of the cheque stock. A desk audit of cheque stock usage has been and will continue to be performed by the Financial Services. Management would also like to provide additional information on the cheque stock. The cheque stock is special bond paper that contains several security features, the City of Ottawa logo and a serial number on the reverse side. It does not contain any banking information or MICR coding, it is essentially a blank piece of paper. The print operation provides the additional text and characters necessary to convert the piece of paper into a cheque.	None	n/a	n/a	None	Complete
25	That Financial Services Branch consider separate cheque orders for locations where cheques are printed.	Management agrees with this recommendation. This recommendation will be implemented in Q2 2007.	This requirement will be undertaken in conjunction with the ordering of new cheque stock to co-coincide with the new CBA standards that will come into effect this Fall.	Q4	None	None	Complete Process established
28	That Employee Services Branch require a supervisor sign and approve all Requests for Personnel Action before any action is undertaken.	Management agrees with this recommendation and it is already the current practice. The Request for Personnel Action form is an electronic form that must be sent from the supervisor's/manager's desktop. The electronic release of the form from the supervisor's/manager's desktop is considered the authority to action.	None	n/a	n/a	None	Complete Employee Services will continue to follow our current practice.
29	That Employee Services Branch require that Employment Offer Letters be prepared by the Human Resources Consultants (HRC) for all Requests for Personnel Action and signed by the hiring program manager or supervisor and the employee being hired. The signed copy should also be forwarded to the employee personnel file.	Management agrees with this recommendation. This recommendation reflects the current practice at the City with the exception of part-time and casual hires. For efficiency reasons, Employee Services has provided the client departments with a standard employment letter template for part-time and casual hires, which is signed by the hiring manager/supervisor and acknowledged by the employee. A copy is placed on the employee personnel file.	None	n/a	n/a	None	Complete Employee Services will continue to follow our current practice.
32b)	That Information Technology Services Branch in conjunction with Employee Services Branch review the Corporate Financial Management System (SAP) design and configuration to assess the viability of restricting uncertified sick leave days in excess of allowable limits.	Management does not agree with this recommendation. Currently, all managers have access to an SAP-generated report that provides accumulative sick leave information. Once staff has reached their sick leave limit, based on their collective agreement requirements, it is the responsibility of all managers to ensure that staff are providing a doctor’s certificate within the required timelines. The Payroll division will work with ITS to determine the viability of building the system to meet this requirement based on the rules of the various collective agreements in the 2008 workplan. The delay in exploring this initiative is because Employee Services is concentrating on the overtime initiatives from the 2006 Deloitte Branch-by-Branch Overtime Review. As in interim measure, Employee Services will immediately send out a communiqué to all management reminding them of the sick leave requirements.	None	begin in 2008		None	Complete Sept. 2007: The AG has agreed with Management Response that this will be added to the ES workplan in 2008 to determine the feasibility of implementing this recommendation.
		Since the audit, staff have conducted a detailed analysis of outstanding vacation leave banks for all City staff. Staff will be reporting back to Committee and Council by the end of Q2 2007 on a plan to eliminate the outstanding liability associated with the excess carry over of vacation credits. Management will also be reminded through a communiqué that they are responsible to monitor staff vacation, encourage staff to take vacation, and ensure that a letter of approval is submitted to the employee’s file if vacation leave is in excess of entitlement.
33	That Employee Services Branch in conjunction with Long Term Care facilities review their time report processes.	Management agrees with the recommendation. Long Term Care in conjunction with Employee Services has conducted a review of the time report processes. Effective November 2006, time reports in the four Long Term Care Homes are being prepared and summarized by the program administrative clerk and not the staffing coordinator. Reports are then forwarded to a centralized payroll clerk for inputting.	None	n/a	n/a	None	Complete
34a)	That Employee Services Branch require that Time and Transaction Assistants (TTA) perform a complete review of the Audit “Time” Report of another TTA. This will ensure an independent review of correctness and completeness of time entered in the Corporate Financial Management System (SAP) against the source document.	Management agrees with the recommendation and it has already been implemented. Since mid 2006, reviews are conducted where one TTA audits the majority of the work of his/her peer. These reviews are done daily and concentrate on the higher risk areas, such as additional payments for overtime, on-call, mileage etc. A complete or 100% review would not be cost effective or practical with existing resources.	None	n/a	n/a	None	Complete
34b)	That Employee Services Branch ensure appropriate controls are in place for processing of all ELR/TR forms to ensure appropriate authorization is present and ensure incomplete, or ELR/TR forms with errors, are not accepted and returned to the client group for complete information before processing.	Management agrees with this recommendation and it has already been implemented. Management agreed with this recommendation in the 2005 Auditor General’s Audit of Overtime Report, which resulted in Employee Services branch implementing changes. In 2006, time/leave forms were enhanced to include a specific area for the authorizing manager/supervisor to print his/her name, title and extension number. Authorization lists have been developed in conjunction with operations that identify the individuals who are authorized to complete timesheets. All time leave forms are currently being reviewed for proper authorization and completeness and are returned to the business for follow up when required. In mid 2006, peer audits were introduced where one TTA audits the majority of work of another TTA.	None	n/a	n/a	None	Complete
35a)	That Information Technology Services Branch in conjunction with Employee Services Branch review the Corporate Financial Management System (SAP) design/configuration and restrict annual leave carry-over in excess of employees’ yearly entitlement.	Management does not agree with this recommendation. The various collective agreements allow for carry forward of more than one year’s entitlement, therefore it is not recommended that the SAP system be redesigned to restrict this carry over. Management already has access to SAP-generated reports to monitor excess vacation leave.	None	n/a	n/a	None	Complete
35b)	That Employee Services Branch address the increasing balance of annual leave in excess of employees' entitlement by requiring employees carrying excess leave to identify the period in which they will take the excess leave (in addition to their yearly entitlement) or have the excess leave balance paid out before the end of the 2007 calendar year.	Management does not agree with this recommendation. The issue of financial liability regarding vacation leave balances was already brought to the attention of Council in the 2005 management letter from the City's external financial Auditors and was discussed at Corporate Services Economic Development Committee February 6, of 2007. The audit identified that City staff are carrying forward a significant amount of unused vacation leave, which results in a considerable financial liability for the City. At any time this liability includes: * Accumulated vacation credits for employees in the current year as per the terms and conditions of employment and collective agreements	• Employee Services is preparing the following: - a memo to the City Manager and Deputy City Managers which encourages directors and managers to continually monitor their staffs' leave balances, and develop a plan to address all vacation leave excesses within the corporation; - a summary listing of the impact of excess vacation days by department and branch; - a management bulletin to be sent that refers to the above-mentioned plan; and a sample letter to be used by the manager with affected employees to initiate development of individual plans by 15 September 2007.	Q3	n/a	None	Complete Sept. 2007: The AG agrees with the Management Response. This item has also been addressed through the LRFP sub committee by Finance and a proposal is being developed by ES on how to reduce the financial liability from the sick leave bank.
35b)		* Carry-forward of vacation credits by employees from prior years in keeping with the terms and conditions of employment and collective agreements * Additional vacation credits from prior years carried forward in excess of the above The City policy accommodates the first two components of this liability. The third component is addressed in the collective agreements which allows for excess carry forward of unused vacation leave beyond the regular entitlement under exceptional circumstances provided that appropriate approvals are obtained. Furthermore, the leave balances of some members of the management group include a large amount of excess carry forward of unused vacation leave that were primarily brought forward to the new City at amalgamation from positions held in the former municipalities. Furthermore, the leave balances of some members of the management group include a large amount of excess carry forward of unused vacation leave that were primarily brought forward to the new City at amalgamation from positions held in the former municipalities.
37a)	That Employee Services Branch ensure that access to the Corporate Financial Management System (SAP) transaction code for Subsequent Processes Off-Cycle Activities (where cheques are processed and printed) be restricted in all test and Quality Assurance (QA) of the Corporate Financial Management System (SAP) environment.	Management agrees with this recommendation and it has already been implemented. The test environment is restricted to allow only certain payroll staff access to produce a facsimile of a pay cheque to verify test results.	None	n/a	n/a	None	Complete
37b)	That Financial Services Branch require that unused cheques be stored in a secure location at all times.	Management agrees with this recommendation and it was implemented prior to this audit. The audit finding in this section relates to an isolated case. It has been the observation of Financial Services that Employee Services has diligently met these requirements.				None	Complete
39	That Financial Services Branch in conjunction with Parks and Recreation Branch review the provided reports to ensure that results are within expectations and are in line with the current practices as well as their knowledge of current operations.	Management agrees with this recommendation. Accounts with zero balances are a positive reflection that clients are conforming to the policy and paying for programs and services before they occur. A review to determine if “aged” accounts with zero balances can be purged from the database could be considered, however it is not recommended that we purge the accounts of customers who are regular users. A definition of “aged” is required. since many clients may only frequent our services on an annual basis, for example each summer for camp registrations only, as reflected in the review under Section 5.6.2 Revenue Stream Analysis. This will be implemented in Q2 2007.	See Accounts Receivable process under item 17 above. This will be incorporated into the procedure for review of outstanding accounts receivables.	Q4		None	Complete. The system is unable to purge old customer accounts. The Branch will review this in the next upgrade. See also #17.