Loading...
HomeMy WebLinkAboutAudit Agenda - 2023-04-17Audit Committee Agenda Monday, April 17, 2023, 2:00 p.m. - 3:00 p.m. Council Chambers - Hybrid City of Kitchener 200 King Street W, Kitchener, ON N2G 4G7 People interested in participating in this meeting can register online using the delegation registration form at www.kitchener.ca/delegation or via email at deleaation(a)kitchener.ca. Please refer to the delegation section on the agenda below for registration in-person and electronic participation deadlines. Written comments received will be circulated prior to the meeting and will form part of the public record. The meeting live -stream and archived videos are available at www.kitchener.ca/watchnow. *Accessible formats and communication supports are available upon request. If you require assistance to take part in a city meeting or event, please call 519-741-2345 or TTY 1-866-969-9994.* Chair: Mayor B. Vrbanovic Pages 1. Commencement 2. Disclosure of Pecuniary Interest and the General Nature Thereof Members of Council and members of the City's local boards/committees are required to file a written statement when they have a conflict of interest. If a conflict is declared please visit www.kitchener.ca/conflict to submit your written form. 3. Delegations Pursuant to Council's Procedural By-law, delegations are permitted to address the Committee for a maximum of five (5) minutes. All Delegations where possible are encouraged to register prior to the start of the meeting. For Delegates who are attending in-person, registration is permitted up to the start of the meeting. Delegates who are interested in attending virtually must register by 12:OOpm on April 17, 2023, in order to participate electronically. 4. Discussion Items 4.1 1 st Quarter 2023 Audit Status Report, CAO -2023-128 Adjournment Mariah Blake Committee Administrator Page 2 of 33 Staff Report Chief Administrator's Office www.kitchener.ca REPORT TO: Audit Committee DATE OF MEETING: April 17, 2023 SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361 WARD(S) INVOLVED: All DATE OF REPORT: April 12, 2023 REPORT NO.: CAO -2023-128 SUBJECT: 1st Quarter 2023 Audit Status Report RECOMMENDATION: For information. REPORT HIGHLIGHTS: • The purpose of this report is to provide information regarding recent audits. • There are four audits included in this report as noted in the table below. • Results of the audits were positive, with no fraud detected. However, opportunities for improvement have been identified. • There are no financial implications. • Community engagement included this report posted to the city's website with the agenda in advance of the council / committee meeting. • This report supports the delivery of core services. EXECUTIVE SUMMARY: The following report provides a summary of the Internal Audit assurance and consulting services completed during the period of December 2022 to March 2023. The table below shows the audits contained in this report. Assurance work is in progress on the following topics: • Underground Locate Service organizational structure and capacity analysis Consulting work is in progress on the following reviews: • Training Documentation - process review *** This information is available in accessible formats upon request. *** Please call 519-741-2345 or TTY 1-866-969-9994 for assistance. Page 3 of 33 • Facility Booking Program Review The results of the technology field inventory audit show many discrepancies in the technology hardware asset database that have accumulated over many years. A renewed focus by both division management and Technology Innovation and Services staff (TIS) on ensuring the hardware asset database is up to date, and rotating cycle counts should ensure a more accurate picture of the assets on hand. The results of the parking and mileage expense audit show a few minor errors in employee mileage and parking claims that can be rectified with additional education of staff and management. However, they do not show pervasive issues that are cause for concern. The status update of the Stores inventory audit found that there are no serious outstanding inventory risks within the city's stock room operations at this time. Four recommendations were complete, one in progress, three not started yet, and one no longer required. This topic will remain on the rotation for periodic controls audits. The third -party Lean review of the Kitchener Market processes made recommendations that if implemented could result in 400-500 hours of staff time saved annually, an 8 -week reduction in lead time for onboarding new vendors, more efficient and easier to follow processes, and transparency for internal partners. Some of the recommendations are already complete or in process as referenced in the Implementation section of the consultant's report. The remaining recommendations will be prioritized by management for implementation throughout 2023. BACKGROUND: The overarching goal of internal audit is to protect the City's assets and interests. This includes, but is not limited to, protecting the long-term health of the organization, its financial and physical assets, its reputation, its ability to perform critical services and the safety and well-being of employees and citizens. Internal Audit provides assurance and consulting services in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards), IIA 2012. These services are independent, objective activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. • Assurance services provide an objective assessment of evidence to provide an independent opinion or conclusions regarding an entity, operation, function, process, system, or other subject matter. • Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. When performing consulting services, the internal auditor should maintain objectivity and not assume management responsibility. Audit topics are selected independently by the Internal Auditor and approved by Audit Committee on an annual basis. Audit results are brought back to Audit Committee in reports such as this on a quarterly basis as completed. Page 4 of 33 REPORT: 1. Technology Field Inventory — Physical Inventory Completed: February 24, 2023 Background In 2020 a physical inventory audit of hardware assets was done. The count only included surplus assets located in storage. One recommendation to come from the audit was to conduct a full audit of all assets deployed in the field following the post -pandemic return of staff to office work locations. As such this full audit was conducted in 2022 for the first time. This helped to verify the existence of assets for budgeting purposes and to assess whether field assets are at risk of theft or loss. Audit Objectives The overall goal of this audit was to count all in -scope field hardware assets and compare to the asset database and asset tags. Scope The following assets were within scope for this review: • Printers • Monitors • Docking stations • Laptops • Desktops The following assets were out of scope for this audit: • Smart phones • Desk phones • Keyboards • Mice • Projectors Methodology The following activities were completed for this review: • TIS staff created reports by location of all in -scope TIS assets which are listed in the database. Any assets that have connected to a City IP address from the recorded location were flagged, which indicates they are active and being used for work purposes. • The auditor and a team of TIS staff physically verified the asset tags of all existing assets at City Hall, Kitchener Operations Facility (KOF), and Fire Headquarters. This represented 81 % of all assets in the database. • Emails were sent to management of all remaining locations with their list of assets to verify. Page 5 of 33 • A report was compiled of all missing and verified assets. TIS will update the database with this information. Reserve fund divisional charge -back calculations will be updated by TIS / Finance based on the number of verified assets belonging to each division. Findings 84% of all assets in the database were found (3,325 of 3,945) o 60% of all assets (2,362 of 3,945) were found in the correct location, allocated to the correct employee, and associated with the correct assets. 0 22% of all assets (860 of 3,945) were found but were allocated to the wrong employee or associated with the wrong related asset. These were noted as changes and will be updated in the database by TIS. 0 3% of all assets (103 of 3,945) were found at a different location than what was listed in the database. The database will be updated with the current location. • 16% of all assets (620 or 3,945) were not found during the physical inventory. 421 assets were found in work areas but not listed on the database. The most likely reason for missing assets is assets which have been dispositioned at end of life but not updated in the database. There were also approximately 20 assets where the asset tag was missing or illegible. There was no way to discern if missing assets were stolen. Therefore, it is impossible to make comment on the security of TIS assets. Theft of laptops and desktop computers is unlikely due to security measures which have been implemented to render them unusable without valid City login credentials. Recommendations 1. TIS should develop a more robust process for keeping the database up to date. This should include training / reminders / standard operating procedures for all TIS staff to update the database for every asset they add, delete, or move. 2. TIS should share the updated spreadsheets with each division for information and instruct them to let the IT service desk know if any changes, swaps, etc. occur. Keeping the database up to date should be a shared responsibility. 3. The updated database should be used to verify and right size computer reserve charges for each division for the 2024 budget cycle (i.e., complete the calculations prior to July 2023). 4. TIS could implement rotating cycle counts, administered via email and spreadsheets to each division over a 2 -3 -year period. Management of each division would verify their list of assets similar to what was done with remote locations in this audit. A full audit involving TIS and Internal Audit could then be done every 5 years. 5. A bar code scanner process should be developed for the next full audit. Page 6 of 33 Conclusion The results of this audit show many discrepancies in the asset database that have accumulated over many years. A renewed focus by both division management and TIS on ensuring the database is up to date, and rotating cycle counts should ensure a more accurate picture of the assets on hand. Subsequent audits will provide a better picture of the security of the assets as there should be significantly fewer missing assets. 2. Parking and Mileage Expenses — Compliance Audit Completed: February 13, 2023 Background The City reimburses staff for mileage and parking expenses incurred for business purposes, subject to several rules and conditions. A compliance audit of parking and mileage claims is part of the rotating schedule of compliance audits. In addition to non-compliance issues which might normally be anticipated to arise, the pandemic has created some new issues to review. During the pandemic many staff worked from home. The City's Parking enterprise developed a new 60% parking rate which allowed staff to retain parking access but reduce the days permitted to park and the amount they were paying, since they were not attending the office 5 days per week. Alternatively, some staff cancelled their parking altogether and have been paying the daily rate as required. Now that staff have returned to the office a new hybrid work from home (WFH) pilot program has been implemented which allows for some staff to work from home up to 3 days per week, subject to several guidelines and conditions. As such some staff are still either paying the daily rate or the reduced 60% rate at the City Hall and Duke & Ontario parking garages. This adds complexity to employee expense claims when staff are travelling for business purposes. Audit Objectives The overall goal of this audit was to test compliance with parking and mileage reimbursement policy. Scope The following areas are within scope for this review: • Mileage and parking claim compliance 0 60% parking rate compliance • WFH reimbursement practices The following areas are out of scope for this audit: • All other employee expense types Methodology The following activities were completed during this review: Page 7 of 33 • Obtained a list of all employees who are signed up for the 60% parking rate. Cross referenced these names to parking transponder data to determine if staff are parking more than 3 days a week on a regular basis. • Cross referenced the list of employees paying the 60% rate to the parking claims to check if claiming more parking days in a week than paid for. • For WFH participants, cross referenced monthly parking claims to WFH days (approved days and calendar indicators) and parking transponder data to check if claiming parking on days they are working from home. • Took a 20% random sample of all employees who submit mileage claims. From this sample reviewed and analyzed all parking and mileage claims for those individuals from the period of May 2022 to November 2022 including checking for the following: o Correct mileage has been calculated/inputted in the SAP Concur expense system (not everyone uses the mileage calculator) and sufficient detail has been provided regarding the purpose of the trip o Claiming mileage from home to the site when the office to site would be a greater distance (some exceptions apply) o Number of parking days claimed does not exceed # of days mileage claimed o Not claiming parking on Sundays when it is free For those claiming eleven or more days of mileage per month (and thus are eligible for full parking reimbursement) checked the total number of kilometres driven to determine if reasonable or whether only minimal kilometres are claimed and spread over the eleven days to get the parking paid for. Compared the total mileage and parking claims before, during, and after the pandemic to check whether driving habits have returned to pre -pandemic levels or not. Findings • 8 employees (7% of those using the 60% parking rate) parked more than 14 days in one or more months; 3 of those were identified by this audit and the remaining 5 had already been flagged during a spot check by Parking staff. • There were no instances of employees using the 60% parking rate claiming more than the maximum parking amount. • There were no instances where WFH participants who pay the full parking rate were claiming more days of parking than they were at work for. • For the 20% sample (58 employees) of all mileage and parking claims: o All parking claims were correct o No parking claims for Sundays 0 1 employee calculated mileage from home rather than the office, which would be less. 0 2 employees had incorrect mileage calculated, which was more than addresses would indicate 0 2 employees had insufficient description of the business reason for the trip • For the 67 employees that claimed 11 or more days of mileage claims per month: Page 8 of 33 o 5 instances where management was asked to verify if the trips were necessary given the role and nature of work; all were justified. The data shows that while mileage and parking expenses decreased significantly during the pandemic, mileage expenses are now back to pre -pandemic levels. Parking, however, has remained low, likely due to hybrid work from home arrangements, and more virtual meetings resulting in less travel between work locations for meetings. Total Expenses ($): 2018 2019 2020 2021 2022 Mileage 135,472.48 197,035.87 107,291.54 103,343.73 163,621.23 Parking 100 656.45 156 898.08 53 142.44 37 869.34 46 262.72 Total 236 128.93 353 933.95 160 433.98 141 213.07 209 883.95 250,000.00 200,000.00 1150,000.00 1,00,000.00 50,0 0.00 i illea e & Parking l,,.rend 201..€3 20192010 2021 2022 Recommendations Mileage Parld ng 1. Financial Operations should periodically remind staff who claim or approve mileage to ensure there is a sufficient detail in the description to verify the distance travelled and the validity of the trip, as well as ensuring the lesser of the distance from home or office is taken. 2. In addition, while not required, staff should be encouraged to use the mileage calculator within Concur. Conclusion The results of this audit show a few minor errors in mileage and parking claims that can be rectified with additional education of staff and management. However, they do not show pervasive issues that are cause for concern. Page 9 of 33 3. Inventory Audit — Status Update Completed: December 16, 2022 Overview: A comprehensive audit of the Stores division was completed in November 2021. The overall goal of the original audit was to analyze the Stores function to ensure adequate controls are in place to protect assets and to ensure operations are as effective and efficient as possible. Audit Objective: All services which have undergone a service review in the past are subject to a status update, not sooner than one year following the original audit. The purpose of status updates is to hold staff accountable for addressing the audit findings and to identify any areas that have not seen significant progress. In addition, if applicable, further testing or review may also be done to test whether improvements have had the intended effect. Status Definitions: • Complete = the recommendation has been fully implemented. • In progress = implementation has begun. • Not started = no work has begun yet but will in the future. • Not required = the recommendation either does not require any action, or it is no longer relevant, and no work will be done to implement it. Number of original recommendations: 9 Number of recommendations complete: 4 Number of recommendations in progress: 1 Number of recommendations not started: 3 Number of recommendations not required: 1 Outstanding recommendations include revisiting the tool loan program, making improvements to the online ordering system, and working with finance to recalculate the current unit cost of pickled sand and brine which is produced in-house. Work on these recommendations is planned for 2023. The creation of standard operating procedures for all tasks is currently in progress. Conclusion / Next Steps: There are no serious outstanding inventory risks at this time. This topic will remain on the rotation for periodic controls audits. 4. Market Modernization — Lean Review Completed: January 26, 2022 Background Through the Audit and Accountability Fund, the Ontario government has offered funding to large municipalities to conduct service delivery and administrative expenditure reviews to find efficiencies while protecting important front-line services. Funding recipients used the funding Page 10 of 33 to hire an independent third -party reviewer to review municipal service delivery expenditures to find efficiencies. The third -party reviewer was required to submit a final report which outlined their analysis, findings, and actionable recommendations. To date the Province of Ontario has administered three rounds of funding. In Round 3 (2022), the City of Kitchener received $91,117 in funding which was used to complete a review of service modernization for the Kitchener Market. A link to the complete report can be found on the City website. The views expressed within this report represent the views of the author and do not represent the views of the Province of Ontario, City of Kitchener, or the Internal Auditor. Overview and Problem Statement The City of Kitchener Market (the Market) is one of the oldest operating markets in Canada. The Market provides numerous services including client -run programs and market-driven events such as cooking classes, workshops, special events and more. Additionally, the Market offers daily food court vendors, and a weekly "Farmers Market" is held every Saturday. Current vendor onboarding, contracting and event management processes are not optimal, resulting in redundant steps or waste for both staff and customers. Such inefficiencies result in lost opportunities for the City and mistrust with vendors and partners. The goal is to streamline and digitize key processes which will reduce administrative burdens and save time and money, achieving quicker turnaround times and faster customer service delivery for the public, vendors, and partners. By improving and modernizing administrative processes, the aim is to increase capacity among staff members so that they can have more time to focus on delivering the key strategic goals and objectives for the Market. Summary of Estimated Benefits Leading Edge Group was contracted to conduct a Lean process review of four Market processes: 1. Saturday market vendor contracts and City -vendor transactions 2. In-house, staff -led programs (e.g., classes, festivals, etc.) 3. Third -party event and rental contracts 4. Management of community -driven and partnered programming and stakeholder relationships on-site If implemented the expected benefits of the recommendations include: • 400-500 hours of staff time saved annually 0 8 -week reduction in lead time for on -boarding new vendors • More efficient and easy to follow processes • Transparency for internal partners Page 11 of 33 Next Steps Some of the recommendations are already complete or in process as referenced in the Implementation section of the report. The remaining recommendations will be prioritized by management for implementation throughout 2023. STRATEGIC PLAN ALIGNMENT: This report supports the delivery of core services. FINANCIAL IMPLICATIONS: Capital Budget — The recommendation has no impact on the Capital Budget. Operating Budget — The recommendation has no impact on the Operating Budget. COMMUNITY ENGAGEMENT: INFORM — This report has been posted to the City's website with the agenda in advance of the council / committee meeting. PREVIOUS REPORTS/AUTHORITIES: 0 CAO -2022-494 2023 Internal Audit Work Plan APPROVED BY: Dan Chapman, CAO ATTACHMENTS: none Page 12 of 33 0 a �J M M O M ^T' W LL } 0H Z W i z O W LL } O J 0 Z U W H M M O LO ^T' W 0) /gym n 0 Q) V) ca c6 m V) cc O CL O 4-J^^ CL m N O T cc V O ILOI 0 • i `f 9 � CL O 4-J^^ CL m N O T cc V O ILOI 0 • `f ,J CL O 4-J^^ CL m N O T cc V O ILOI 0 00 a--) 0 0 0 0 OOOMN1 W O N u ro (, W V � �� L O O 0 4-j ra cJ� X 00 (U *ftftm000 N p i co 0 Ci) L ca N cu= > Vcr •— > 4—J�o _ > Jc: a • — LL �, 70 E U � E ca ca (U +� t�A � +� V) 4—J. _ ca un V C6 Q V) C6 C C6 LL 00 a--) 0 0 0 0 U ul Iwwww� 9 ul ul m +�+ c" lO O LO m O O N M R* oN M M Q O 4 - CU N V C6 O y m m 4-0N o O O C m +N+ a U � i U dA O 0 qA O O +- Z N Q H M M O 00 T �iwwNrugi, ^' LL w 4--, ,x GJ �„"�'u Illlllllf .� 4-J p `oo N E "r 'W. p N + �l^ buo aj i (1) O 3: ,vz: _ I Ln O E O N W cn cn ca 4-' V O ONO Ln � O I bn ro a� V) cJ� Ca 4� t-0 O buo cn .c— G 4- 0 M c6 Ln • M M O O N N (B hPI � O C6 V cn � V � O `~ cn > . — Ln E _0 ca a --j E O O Ln V V ELnO Q •— V Ln O bA m -0 06•— C6a--� W L a--� U O O }' Ul V 0 � cn Ln • M M O O N N (B N W H Z W a x W W Q W J G co Z Y a M M O V - C14 N (B n w M M O N N N (B n W 4-j C� L 0 O Qo ca L O E E C6 V c/1 _O 7a E w LL W Wj 0 0 0 M • E m V ca Q M M O It N N (B M M O LO N N (B n O V .. � O MO V V O Q) .— — �0 L -C E V Q }' -0 O > E O 0 LnV OE cn 4-1 0 � O -0 4J V) w to -Ui O Co c� � u ._Ln � Ln J W No M M O LO N N (B n M M O co N N (B n MA/u/ 4-j 4-a c ro V MO L O ro V m CL I V) O CL c6 ok M M O I-- C14 N N (B m � � m � Ln C O E E O V L O z 0 Om is • M M O 00 N N (B n Z O Q N Z ccW o WW CC Y CC OC Z Q Q c W G J M M O 07 N N (B n O 4-J ro > Q ca > .v 70 Q -c: 0 E O 4-j 0 4-j N D E -0 tnO C: C: V O X O 4� LL (a) LL v > c� UO M M O O M N (B V / n , W O 0 E -0 C� > bn 4� V w � ca Ln Un 4-j �..� O V Q � i O O N +, V 4 -,WIN c� Q c/1 w • — �+ O '0 4-0 a� E '0 Ln CD =3 ftN EV un O � � w .0 - Lu ow �w OtA 4-j ca E +—j— � a--� O C: Q -0 4> > Cl 0 O > (3.) O oC O c� LM a M M O M N (B -j (A W U CSA LU buo 4-) O c to J — V � Q =3 � � L 4--j O cn C� u O (L) ca +-' cn a --j I =3 � =3 - V cn .> O O 4L 0 O or. V V 0. U 0 0 0 M M O N M N (B M M O M M N (B