HomeMy WebLinkAboutAudit Agenda - 2023-04-17Audit Committee
Agenda
Monday, April 17, 2023, 2:00 p.m. - 3:00 p.m.
Council Chambers - Hybrid
City of Kitchener
200 King Street W, Kitchener, ON N2G 4G7
People interested in participating in this meeting can register online using the delegation registration
form at www.kitchener.ca/delegation or via email at deleaation(a)kitchener.ca. Please refer to the
delegation section on the agenda below for registration in-person and electronic participation
deadlines. Written comments received will be circulated prior to the meeting and will form part of the
public record.
The meeting live -stream and archived videos are available at www.kitchener.ca/watchnow.
*Accessible formats and communication supports are available upon request. If you require
assistance to take part in a city meeting or event, please call 519-741-2345 or TTY 1-866-969-9994.*
Chair: Mayor B. Vrbanovic
Pages
1. Commencement
2. Disclosure of Pecuniary Interest and the General Nature Thereof
Members of Council and members of the City's local boards/committees are
required to file a written statement when they have a conflict of interest. If a
conflict is declared please visit www.kitchener.ca/conflict to submit your written
form.
3. Delegations
Pursuant to Council's Procedural By-law, delegations are permitted to address
the Committee for a maximum of five (5) minutes. All Delegations where
possible are encouraged to register prior to the start of the meeting. For
Delegates who are attending in-person, registration is permitted up to the start
of the meeting. Delegates who are interested in attending virtually must register
by 12:OOpm on April 17, 2023, in order to participate electronically.
4. Discussion Items
4.1 1 st Quarter 2023 Audit Status Report, CAO -2023-128
Adjournment
Mariah Blake
Committee Administrator
Page 2 of 33
Staff Report
Chief Administrator's Office www.kitchener.ca
REPORT TO: Audit Committee
DATE OF MEETING: April 17, 2023
SUBMITTED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361
PREPARED BY: Corina Tasker, Internal Auditor, 519-741-2200 ext. 7361
WARD(S) INVOLVED: All
DATE OF REPORT: April 12, 2023
REPORT NO.: CAO -2023-128
SUBJECT: 1st Quarter 2023 Audit Status Report
RECOMMENDATION:
For information.
REPORT HIGHLIGHTS:
• The purpose of this report is to provide information regarding recent audits.
• There are four audits included in this report as noted in the table below.
• Results of the audits were positive, with no fraud detected. However, opportunities for
improvement have been identified.
• There are no financial implications.
• Community engagement included this report posted to the city's website with the agenda in
advance of the council / committee meeting.
• This report supports the delivery of core services.
EXECUTIVE SUMMARY:
The following report provides a summary of the Internal Audit assurance and consulting services
completed during the period of December 2022 to March 2023. The table below shows the audits
contained in this report.
Assurance work is in progress on the following topics:
• Underground Locate Service organizational structure and capacity analysis
Consulting work is in progress on the following reviews:
• Training Documentation - process review
*** This information is available in accessible formats upon request. ***
Please call 519-741-2345 or TTY 1-866-969-9994 for assistance.
Page 3 of 33
• Facility Booking Program Review
The results of the technology field inventory audit show many discrepancies in the technology
hardware asset database that have accumulated over many years. A renewed focus by both
division management and Technology Innovation and Services staff (TIS) on ensuring the
hardware asset database is up to date, and rotating cycle counts should ensure a more
accurate picture of the assets on hand.
The results of the parking and mileage expense audit show a few minor errors in employee
mileage and parking claims that can be rectified with additional education of staff and
management. However, they do not show pervasive issues that are cause for concern.
The status update of the Stores inventory audit found that there are no serious outstanding
inventory risks within the city's stock room operations at this time. Four recommendations were
complete, one in progress, three not started yet, and one no longer required. This topic will
remain on the rotation for periodic controls audits.
The third -party Lean review of the Kitchener Market processes made recommendations that if
implemented could result in 400-500 hours of staff time saved annually, an 8 -week reduction in
lead time for onboarding new vendors, more efficient and easier to follow processes, and
transparency for internal partners. Some of the recommendations are already complete or in
process as referenced in the Implementation section of the consultant's report. The remaining
recommendations will be prioritized by management for implementation throughout 2023.
BACKGROUND:
The overarching goal of internal audit is to protect the City's assets and interests. This
includes, but is not limited to, protecting the long-term health of the organization, its financial
and physical assets, its reputation, its ability to perform critical services and the safety and
well-being of employees and citizens.
Internal Audit provides assurance and consulting services in accordance with the International
Standards for the Professional Practice of Internal Auditing (Standards), IIA 2012. These
services are independent, objective activity designed to add value and improve an
organization's operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control, and governance processes.
• Assurance services provide an objective assessment of evidence to provide an
independent opinion or conclusions regarding an entity, operation, function, process,
system, or other subject matter.
• Consulting services are advisory in nature and are generally performed at the specific
request of an engagement client. When performing consulting services, the internal
auditor should maintain objectivity and not assume management responsibility.
Audit topics are selected independently by the Internal Auditor and approved by Audit Committee
on an annual basis. Audit results are brought back to Audit Committee in reports such as this on
a quarterly basis as completed.
Page 4 of 33
REPORT:
1. Technology Field Inventory — Physical Inventory
Completed: February 24, 2023
Background
In 2020 a physical inventory audit of hardware assets was done. The count only included
surplus assets located in storage. One recommendation to come from the audit was to
conduct a full audit of all assets deployed in the field following the post -pandemic return of staff
to office work locations. As such this full audit was conducted in 2022 for the first time. This
helped to verify the existence of assets for budgeting purposes and to assess whether field
assets are at risk of theft or loss.
Audit Objectives
The overall goal of this audit was to count all in -scope field hardware assets and compare to
the asset database and asset tags.
Scope
The following assets were within scope for this review:
• Printers
• Monitors
• Docking stations
• Laptops
• Desktops
The following assets were out of scope for this audit:
• Smart phones
• Desk phones
• Keyboards
• Mice
• Projectors
Methodology
The following activities were completed for this review:
• TIS staff created reports by location of all in -scope TIS assets which are listed in the
database. Any assets that have connected to a City IP address from the recorded
location were flagged, which indicates they are active and being used for work
purposes.
• The auditor and a team of TIS staff physically verified the asset tags of all existing
assets at City Hall, Kitchener Operations Facility (KOF), and Fire Headquarters. This
represented 81 % of all assets in the database.
• Emails were sent to management of all remaining locations with their list of assets to
verify.
Page 5 of 33
• A report was compiled of all missing and verified assets. TIS will update the database
with this information.
Reserve fund divisional charge -back calculations will be updated by TIS / Finance
based on the number of verified assets belonging to each division.
Findings
84% of all assets in the database were found (3,325 of 3,945)
o 60% of all assets (2,362 of 3,945) were found in the correct location, allocated to
the correct employee, and associated with the correct assets.
0 22% of all assets (860 of 3,945) were found but were allocated to the wrong
employee or associated with the wrong related asset. These were noted as
changes and will be updated in the database by TIS.
0 3% of all assets (103 of 3,945) were found at a different location than what was
listed in the database. The database will be updated with the current location.
• 16% of all assets (620 or 3,945) were not found during the physical inventory.
421 assets were found in work areas but not listed on the database.
The most likely reason for missing assets is assets which have been dispositioned at end of
life but not updated in the database. There were also approximately 20 assets where the asset
tag was missing or illegible. There was no way to discern if missing assets were stolen.
Therefore, it is impossible to make comment on the security of TIS assets. Theft of laptops and
desktop computers is unlikely due to security measures which have been implemented to
render them unusable without valid City login credentials.
Recommendations
1. TIS should develop a more robust process for keeping the database up to date. This
should include training / reminders / standard operating procedures for all TIS staff to
update the database for every asset they add, delete, or move.
2. TIS should share the updated spreadsheets with each division for information and
instruct them to let the IT service desk know if any changes, swaps, etc. occur. Keeping
the database up to date should be a shared responsibility.
3. The updated database should be used to verify and right size computer reserve charges
for each division for the 2024 budget cycle (i.e., complete the calculations prior to July
2023).
4. TIS could implement rotating cycle counts, administered via email and spreadsheets to
each division over a 2 -3 -year period. Management of each division would verify their
list of assets similar to what was done with remote locations in this audit. A full audit
involving TIS and Internal Audit could then be done every 5 years.
5. A bar code scanner process should be developed for the next full audit.
Page 6 of 33
Conclusion
The results of this audit show many discrepancies in the asset database that have
accumulated over many years. A renewed focus by both division management and TIS on
ensuring the database is up to date, and rotating cycle counts should ensure a more accurate
picture of the assets on hand.
Subsequent audits will provide a better picture of the security of the assets as there should be
significantly fewer missing assets.
2. Parking and Mileage Expenses — Compliance Audit
Completed: February 13, 2023
Background
The City reimburses staff for mileage and parking expenses incurred for business purposes,
subject to several rules and conditions. A compliance audit of parking and mileage claims is
part of the rotating schedule of compliance audits.
In addition to non-compliance issues which might normally be anticipated to arise, the
pandemic has created some new issues to review. During the pandemic many staff worked
from home. The City's Parking enterprise developed a new 60% parking rate which allowed
staff to retain parking access but reduce the days permitted to park and the amount they were
paying, since they were not attending the office 5 days per week. Alternatively, some staff
cancelled their parking altogether and have been paying the daily rate as required.
Now that staff have returned to the office a new hybrid work from home (WFH) pilot program
has been implemented which allows for some staff to work from home up to 3 days per week,
subject to several guidelines and conditions. As such some staff are still either paying the
daily rate or the reduced 60% rate at the City Hall and Duke & Ontario parking garages. This
adds complexity to employee expense claims when staff are travelling for business purposes.
Audit Objectives
The overall goal of this audit was to test compliance with parking and mileage reimbursement
policy.
Scope
The following areas are within scope for this review:
• Mileage and parking claim compliance
0 60% parking rate compliance
• WFH reimbursement practices
The following areas are out of scope for this audit:
• All other employee expense types
Methodology
The following activities were completed during this review:
Page 7 of 33
• Obtained a list of all employees who are signed up for the 60% parking rate. Cross
referenced these names to parking transponder data to determine if staff are parking
more than 3 days a week on a regular basis.
• Cross referenced the list of employees paying the 60% rate to the parking claims to
check if claiming more parking days in a week than paid for.
• For WFH participants, cross referenced monthly parking claims to WFH days (approved
days and calendar indicators) and parking transponder data to check if claiming parking
on days they are working from home.
• Took a 20% random sample of all employees who submit mileage claims. From this
sample reviewed and analyzed all parking and mileage claims for those individuals from
the period of May 2022 to November 2022 including checking for the following:
o Correct mileage has been calculated/inputted in the SAP Concur expense
system (not everyone uses the mileage calculator) and sufficient detail has been
provided regarding the purpose of the trip
o Claiming mileage from home to the site when the office to site would be a greater
distance (some exceptions apply)
o Number of parking days claimed does not exceed # of days mileage claimed
o Not claiming parking on Sundays when it is free
For those claiming eleven or more days of mileage per month (and thus are eligible for
full parking reimbursement) checked the total number of kilometres driven to determine
if reasonable or whether only minimal kilometres are claimed and spread over the
eleven days to get the parking paid for.
Compared the total mileage and parking claims before, during, and after the pandemic
to check whether driving habits have returned to pre -pandemic levels or not.
Findings
• 8 employees (7% of those using the 60% parking rate) parked more than 14 days in one
or more months; 3 of those were identified by this audit and the remaining 5 had already
been flagged during a spot check by Parking staff.
• There were no instances of employees using the 60% parking rate claiming more than
the maximum parking amount.
• There were no instances where WFH participants who pay the full parking rate were
claiming more days of parking than they were at work for.
• For the 20% sample (58 employees) of all mileage and parking claims:
o All parking claims were correct
o No parking claims for Sundays
0 1 employee calculated mileage from home rather than the office, which would be
less.
0 2 employees had incorrect mileage calculated, which was more than addresses
would indicate
0 2 employees had insufficient description of the business reason for the trip
• For the 67 employees that claimed 11 or more days of mileage claims per month:
Page 8 of 33
o 5 instances where management was asked to verify if the trips were necessary
given the role and nature of work; all were justified.
The data shows that while mileage and parking expenses decreased significantly during the
pandemic, mileage expenses are now back to pre -pandemic levels. Parking, however, has
remained low, likely due to hybrid work from home arrangements, and more virtual meetings
resulting in less travel between work locations for meetings.
Total Expenses ($):
2018
2019
2020
2021
2022
Mileage 135,472.48
197,035.87
107,291.54
103,343.73
163,621.23
Parking 100 656.45
156 898.08
53 142.44
37 869.34
46 262.72
Total 236 128.93
353 933.95
160 433.98
141 213.07
209 883.95
250,000.00
200,000.00
1150,000.00
1,00,000.00
50,0 0.00
i illea e & Parking l,,.rend
201..€3 20192010 2021 2022
Recommendations
Mileage
Parld ng
1. Financial Operations should periodically remind staff who claim or approve mileage to
ensure there is a sufficient detail in the description to verify the distance travelled and
the validity of the trip, as well as ensuring the lesser of the distance from home or office
is taken.
2. In addition, while not required, staff should be encouraged to use the mileage calculator
within Concur.
Conclusion
The results of this audit show a few minor errors in mileage and parking claims that can be
rectified with additional education of staff and management. However, they do not show
pervasive issues that are cause for concern.
Page 9 of 33
3. Inventory Audit — Status Update
Completed: December 16, 2022
Overview:
A comprehensive audit of the Stores division was completed in November 2021. The overall
goal of the original audit was to analyze the Stores function to ensure adequate controls are in
place to protect assets and to ensure operations are as effective and efficient as possible.
Audit Objective:
All services which have undergone a service review in the past are subject to a status update,
not sooner than one year following the original audit. The purpose of status updates is to hold
staff accountable for addressing the audit findings and to identify any areas that have not seen
significant progress. In addition, if applicable, further testing or review may also be done to
test whether improvements have had the intended effect.
Status Definitions:
• Complete = the recommendation has been fully implemented.
• In progress = implementation has begun.
• Not started = no work has begun yet but will in the future.
• Not required = the recommendation either does not require any action, or it is no longer
relevant, and no work will be done to implement it.
Number of original recommendations:
9
Number of recommendations complete:
4
Number of recommendations in progress:
1
Number of recommendations not started:
3
Number of recommendations not required:
1
Outstanding recommendations include revisiting the tool loan program, making improvements
to the online ordering system, and working with finance to recalculate the current unit cost of
pickled sand and brine which is produced in-house. Work on these recommendations is
planned for 2023. The creation of standard operating procedures for all tasks is currently in
progress.
Conclusion / Next Steps:
There are no serious outstanding inventory risks at this time. This topic will remain on the
rotation for periodic controls audits.
4. Market Modernization — Lean Review
Completed: January 26, 2022
Background
Through the Audit and Accountability Fund, the Ontario government has offered funding to
large municipalities to conduct service delivery and administrative expenditure reviews to find
efficiencies while protecting important front-line services. Funding recipients used the funding
Page 10 of 33
to hire an independent third -party reviewer to review municipal service delivery expenditures to
find efficiencies. The third -party reviewer was required to submit a final report which outlined
their analysis, findings, and actionable recommendations.
To date the Province of Ontario has administered three rounds of funding. In Round 3 (2022),
the City of Kitchener received $91,117 in funding which was used to complete a review of
service modernization for the Kitchener Market.
A link to the complete report can be found on the City website. The views expressed within this
report represent the views of the author and do not represent the views of the Province of
Ontario, City of Kitchener, or the Internal Auditor.
Overview and Problem Statement
The City of Kitchener Market (the Market) is one of the oldest operating markets in Canada.
The Market provides numerous services including client -run programs and market-driven
events such as cooking classes, workshops, special events and more. Additionally, the Market
offers daily food court vendors, and a weekly "Farmers Market" is held every Saturday.
Current vendor onboarding, contracting and event management processes are not optimal,
resulting in redundant steps or waste for both staff and customers. Such inefficiencies result in
lost opportunities for the City and mistrust with vendors and partners. The goal is to streamline
and digitize key processes which will reduce administrative burdens and save time and money,
achieving quicker turnaround times and faster customer service delivery for the public,
vendors, and partners. By improving and modernizing administrative processes, the aim is to
increase capacity among staff members so that they can have more time to focus on delivering
the key strategic goals and objectives for the Market.
Summary of Estimated Benefits
Leading Edge Group was contracted to conduct a Lean process review of four Market
processes:
1. Saturday market vendor contracts and City -vendor transactions
2. In-house, staff -led programs (e.g., classes, festivals, etc.)
3. Third -party event and rental contracts
4. Management of community -driven and partnered programming and stakeholder
relationships on-site
If implemented the expected benefits of the recommendations include:
• 400-500 hours of staff time saved annually
0 8 -week reduction in lead time for on -boarding new vendors
• More efficient and easy to follow processes
• Transparency for internal partners
Page 11 of 33
Next Steps
Some of the recommendations are already complete or in process as referenced in the
Implementation section of the report. The remaining recommendations will be prioritized by
management for implementation throughout 2023.
STRATEGIC PLAN ALIGNMENT:
This report supports the delivery of core services.
FINANCIAL IMPLICATIONS:
Capital Budget — The recommendation has no impact on the Capital Budget.
Operating Budget — The recommendation has no impact on the Operating Budget.
COMMUNITY ENGAGEMENT:
INFORM — This report has been posted to the City's website with the agenda in advance of the
council / committee meeting.
PREVIOUS REPORTS/AUTHORITIES:
0 CAO -2022-494 2023 Internal Audit Work Plan
APPROVED BY: Dan Chapman, CAO
ATTACHMENTS: none
Page 12 of 33
0
a
�J
M
M
O
M
^T'
W
LL
}
0H
Z
W
i
z
O
W
LL
}
O
J
0
Z
U
W
H
M
M
O
LO
^T'
W
0)
/gym
n
0
Q)
V)
ca
c6
m
V)
cc
O
CL
O
4-J^^
CL
m
N
O
T
cc
V
O
ILOI
0
•
i
`f
9 �
CL
O
4-J^^
CL
m
N
O
T
cc
V
O
ILOI
0
•
`f
,J
CL
O
4-J^^
CL
m
N
O
T
cc
V
O
ILOI
0
00
a--)
0
0 0 0
OOOMN1
W
O
N
u
ro
(,
W
V
�
��
L
O
O
0
4-j
ra
cJ�
X
00
(U
*ftftm000
N
p
i
co
0
Ci)
L
ca
N
cu=
>
Vcr
•—
>
4—J�o
_
>
Jc:
a
• —
LL
�,
70
E
U
�
E
ca
ca
(U
+�
t�A
�
+�
V)
4—J.
_
ca
un
V
C6
Q
V)
C6
C
C6
LL
00
a--)
0
0 0 0
U
ul
Iwwww�
9
ul
ul
m
+�+
c"
lO
O
LO
m
O
O
N
M
R*
oN
M
M
Q
O
4 -
CU
N
V
C6
O
y
m
m
4-0N
o
O
O
C
m
+N+
a
U
�
i
U
dA
O
0
qA
O
O
+-
Z
N
Q
H
M
M
O
00
T
�iwwNrugi, ^'
LL
w
4--,
,x
GJ
�„"�'u
Illlllllf .�
4-J
p
`oo
N
E
"r
'W. p
N
+
�l^
buo
aj
i
(1) O
3: ,vz:
_ I
Ln O
E
O
N
W cn
cn ca
4-' V
O
ONO Ln
� O
I
bn
ro
a�
V)
cJ�
Ca
4�
t-0
O
buo
cn
.c—
G
4-
0
M
c6
Ln
•
M
M
O
O
N
N
(B
hPI
�
O
C6
V
cn
�
V
�
O
`~
cn
>
. —
Ln
E
_0
ca
a --j
E
O
O
Ln
V
V
ELnO
Q
•—
V
Ln
O
bA
m
-0
06•—
C6a--�
W
L
a--�
U
O
O
}'
Ul
V
0
�
cn
Ln
•
M
M
O
O
N
N
(B
N
W
H
Z
W
a
x
W
W
Q
W
J
G
co
Z
Y
a
M
M
O
V -
C14
N
(B
n
w
M
M
O
N
N
N
(B
n
W
4-j
C�
L
0
O
Qo
ca
L
O
E
E
C6
V
c/1
_O
7a
E
w
LL
W
Wj
0 0 0
M
•
E
m
V
ca
Q
M
M
O
It
N
N
(B
M
M
O
LO
N
N
(B
n
O
V
..
�
O
MO
V
V
O
Q)
.—
—
�0
L
-C
E
V
Q
}'
-0
O
>
E
O
0
LnV
OE
cn
4-1
0
�
O
-0
4J
V)
w
to
-Ui
O
Co
c�
�
u
._Ln
�
Ln
J
W
No
M
M
O
LO
N
N
(B
n
M
M
O
co
N
N
(B
n
MA/u/
4-j
4-a
c
ro
V
MO
L
O
ro
V
m
CL
I
V)
O
CL
c6
ok
M
M
O
I--
C14
N
N
(B
m � � m �
Ln
C
O
E
E
O
V
L
O
z
0
Om
is
•
M
M
O
00
N
N
(B
n
Z
O
Q
N
Z
ccW
o
WW CC
Y CC
OC Z
Q Q
c W
G J
M
M
O
07
N
N
(B
n
O
4-J ro
> Q
ca
>
.v 70 Q
-c: 0 E
O
4-j
0
4-j
N D E
-0 tnO
C: C: V
O X O 4�
LL (a) LL v
>
c�
UO
M
M
O
O
M
N
(B
V /
n ,
W O
0 E -0
C� >
bn 4�
V w �
ca Ln Un
4-j �..�
O
V Q � i
O O N +,
V 4 -,WIN c�
Q c/1 w • —
�+ O '0
4-0
a� E '0 Ln CD
=3 ftN
EV un
O � �
w .0 - Lu
ow
�w OtA 4-j
ca
E +—j—
� a--� O
C: Q -0
4> > Cl 0
O > (3.) O oC O c�
LM
a
M
M
O
M
N
(B
-j (A
W
U
CSA
LU
buo 4-) O
c to
J —
V � Q
=3
� � L
4--j
O cn C�
u O (L) ca
+-' cn a --j
I =3
� =3 - V cn
.> O O
4L 0 O
or. V V 0. U
0 0 0
M
M
O
N
M
N
(B
M
M
O
M
M
N
(B