HomeMy WebLinkAboutAudit Agenda - 2025-04-071
KITc�ivER
Audit Committee
Agenda
Monday, April 7, 2025, 4:00 p.m. - 4:30 p.m.
Council Chambers - Hybrid
City of Kitchener
200 King Street W, Kitchener, ON N2G 4G7
People interested in participating in this meeting can register online using the delegation registration
form at www.kitchener.ca/delegation or via email at delegation(a)kitchener.ca. Please refer to the
delegation section on the agenda below for registration in-person and electronic participation
deadlines. Written comments received will be circulated prior to the meeting and will form part of the
public record.
The meeting live -stream and archived videos are available at www.kitchener.ca/watchnow.
*Accessible formats and communication supports are available upon request. If you require
assistance to take part in a city meeting or event, please call 519-741-2345 or TTY 1-866-969-9994.*
Chair: Mayor B. Vrbanovic
Pages
1. Commencement
2. Disclosure of Pecuniary Interest and the General Nature Thereof
Members of Council and members of the City's local boards/committees are
required to file a written statement when they have a conflict of interest. If a
conflict is declared please visit www.kitchener.ca/conflict to submit your written
form.
3. Delegations
Pursuant to Council's Procedural By-law, delegations are permitted to address
the Committee for a maximum of five (5) minutes. All delegations, where
possible, are encouraged to register prior to the start of the meeting. For
delegates who are attending in person, registration is permitted up to the start of
the meeting. Delegates who are interested in attending virtually must register by
2:00 p.m. on April 7, 2025, in order to participate electronically.
4. Status Updates
4.1 First Quarter 2025 Audit Status Report, CAO- 30 m 3
2025-095
5. Adjournment
Marilyn Mills
Committee Coorinator
Page 2 of 26
Staff Report
Chief Administrator's Office
REPORT TO: Audit Committee
DATE OF MEETING: April 7, 2025
SUBMITTED BY: Corina Tasker, Internal Auditor, 519-783-8154
PREPARED BY: Corina Tasker, Internal Auditor, 519-783-8154
WARD(S) INVOLVED: ALL
DATE OF REPORT: March 24, 2025
REPORT NO.: CAO -2025-095
SUBJECT: First Quarter 2025 Audit Status Report
RECOMMENDATION:
For information.
www.kitchener.ca
REPORT HIGHLIGHTS:
• The purpose of this report is to provide information regarding recent audits.
• There are three audits included in this report.
• Audit results were positive, with no fraud detected.
• There are no financial implications.
• Community engagement included this report posted to the city's website with the agenda in
advance of the council / committee meeting.
• This report supports the delivery of core services.
EXECUTIVE SUMMARY:
The following report provides a summary of the Internal Audit assurance and consulting services
completed or underway during the period of January and March 2025.
Work in -progress:
Consulting work is in progress on the following topics and will be reported on at a future Audit
Committee meeting:
• Custodial at Community Centres — service delivery review (consulting services)
• Concrete Maintenance — service delivery and Lean review (consulting services)
Work completed:
The table below shows the assurance audits contained in this report.
Division / Topic
Scope
1. Fire Life Safety Systems
Compliance and Controls
2. Cash Deposits
Controls
3. Employee Parking Tax Exemption
Compliance
*** This information is available in accessible formats upon request. ***
Please call 519-741-2345 or TTY 1-866-969-9994 for assistance.
Page 3 of 26
The following is a summary of the key highlights of each audit:
• The Fire Life Safety Systems audit found that all inspections were completed, staff
continue to be satisfied with the current vendor, and adequate controls are in place to
monitor performance and invoicing accuracy. Only minor errors were found, resulting in
a net undercharge to the City. There are recommendations to add clarity to the next tender
document to allow for easier verification of invoices. This topic will remain on the list of
recurring assurance audits and will be repeated in 5-6 years.
• The cash deposits audit found that cash is adequately protected from theft. The areas
receiving most of the cash have solid controls in place, and the areas that do have control
weaknesses are low dollar and therefore low risk. Over time it is anticipated that the use
of cash will diminish even further, reducing this risk even more. There are no
recommendations from this audit. This topic will remain on the list of recurring assurance
audits and will be repeated in 5-6 years.
• The employee parking tax exemption audit found that 5 of 47 staff who were listed as
being eligible for tax exemption did not appear to meet the exemption criteria. As a result,
three positions were removed from the list because they didn't meet the tax exemption
criteria and two positions have been flagged as requiring improved record keeping, but
are in fact eligible for tax exemption. In the future, any new positions added to the tax-
exempt list should be monitored by Financial Operations for a period of one year to
confirm that eligibility thresholds are met. In addition, Financial Operations should
continue to remind all staff on the list that it is their responsibility to either claim mileage
and / or record their trips in a logbook.
BACKGROUND:
The overarching goal of internal audit is to protect the City's assets and interests. This
includes, but is not limited to, protecting the long-term health of the organization, its financial and
physical assets, its reputation, its ability to perform critical services and the safety and well-being
of employees and citizens.
Internal Audit provides assurance and consulting services in accordance with the International
Standards for the Professional Practice of Internal Auditing (Standards), IIA 2024. These
services include independent, objective activities/reviews designed to add value and improve an
organization's operations. It helps an organization accomplish its objectives by bringing a
systematic, disciplined approach to evaluate and improve the effectiveness of risk management,
control, and governance processes.
• Assurance services provide an objective assessment of evidence to provide an
independent opinion or conclusions regarding an entity, operation, function, process,
system, or other subject matter.
• Consulting services are advisory in nature and are generally performed at the specific
request of an engagement client. When performing consulting services, the internal
auditor should maintain objectivity and not assume management responsibility.
Page 4 of 26
Audit topics are selected independently by the Internal Auditor and approved by Audit Committee
on an annual basis. Audit results and updates are brought back to Audit Committee in reports
such as this on a quarterly basis as completed.
REPORT:
1. Fire Life Safety Systems — Compliance and Controls Audit
Completed. February 19, 2025
Background
During the Fall 2018 Municipal Internal Auditors Association workshop, the City of Toronto's
Auditor General gave a presentation on recent audit findings related to fire life safety system
inspection services provided by third parties. The audit found widespread fraud by a third -party
vendor operating under several business names, one of which was York Fire.
The investigation brought awareness for the need to ensure that when inspecting life safety
systems, it is the building owner's responsibility to ensure that the work is carried out properly
and that inspection reports be retained as required under the Code. The Auditor General
recommended that all other municipalities check to see whether they were currently using York
Fire or any of the related business names. In addition, it was noted that this is a lucrative
industry, and other companies may also be overbilling and under -delivering. Therefore, due
diligence should be done in relation to all vendors in this industry to ensure public safety.
A previous audit was conducted at the City of Kitchener in 2019. The audit found that appropriate
due diligence was being done with regards to fire life safety systems vendor selection, work
performance, and invoicing. However, this topic was added to the list of recurring assurance
audits, and it is now time to repeat this audit.
Audit Objectives
The objectives of this audit were to:
• Confirm whether the City of Kitchener uses York Fire or related companies to inspect fire
life safety systems;
• Assess vendor selection due diligence processes; and
• Verify that current inspections have been completed and billed correctly.
The overall goal is to ensure that our buildings are not at risk due to ineffective inspections.
Scope
• Fire life safety inspections and repair work completed in 2024
• All buildings listed in scope within the tender
Methodology
• Interviews with key stakeholders to confirm process and controls
• Review of current tender specifications
• Confirm current vendor for 2024 and that related qualifications meet specifications
• Confirm work was performed by licensed technicians as documented in the tender
response
• Review of all 2024 invoices to ensure:
Page 5 of 26
o That all buildings and components had been inspected
o That repair part prices were correct
o That labour rates for repairs were correct
o That there were no duplicate invoices or line items
o That billings for deficiencies were reasonable and expected
Findings
The City continues to use Troy Life and Fire Safety Ltd. for this work, which is the same vendor
that was used and vetted during the last audit. Staff continue to be satisfied with the quality of
service and responsiveness. The current 2021 contract is a three-year agreement, with two
options to renew for an additional year.
Facilities Management staff perform random checks when the vendor is on site to visually inspect
the work and ask questions. The vendor is pre -authorized to perform any repairs less than $500
that are identified during the annual inspections. Anything over $500 requires a formal quote
which is reviewed for reasonability and approved by staff.
A review of 174 invoices from 2024 found that all locations had received their required
inspections and that there were no duplicate invoices. There were some minor errors on some
invoices, however, the net impact was that we were undercharged. There were some items
listed on invoices which were not included on the tender and could not be verified such as
inspection rates for new locations and vehicle charge -out rates for repair calls. It was also not
clear what the breakdown of labour and parts was on the quotes. It has been recommended
that more clarity be added to the next tender specifications to address the aforementioned
concerns.
Conclusion
It was found that there is overall satisfaction with Troy Life and Fire Safety Ltd., there was no
evidence of fraud or theft, and only minor errors were found resulting in a net undercharge. This
topic will remain on the list of recurring assurance audits and will be repeated in 5-6 years.
2. Cash Deposits — Controls Audit
Completed: February 6, 2025
Background
Research from the Association of Certified Fraud Examiners found that, on average, 5% of
revenue is lost every year due to theft or fraud. The research also states that 75% of employees
have stolen at least once from their employer and 37.5% of employees have stolen at least twice.
These statistics highlight the need for stringent internal controls to eliminate or at least reduce
the opportunities for employee theft.
The topic of cash deposits has been audited before — originally in 2014, with a status update
conducted in 2019. It is included in the list of recurring assurance audits, and it is now time to
repeat the audit testing.
Page 6 of 26
Audit Objective
The objective of this review was to document the current cash deposit process across all City
locations where deposits of cash are required, to assess whether adequate controls exist within
the process.
Scope and Methodology
This audit included the following components:
• Interviews / correspondence with staff in each division who process cash deposits to
determine:
o what their deposit process is
o what the control points are
o whether they have had any issues or concerns with the process
• Process mapping based on collective responses
• Comparison of control points to best practice
Out of Scope
• This review did not test any transactions.
• This review did not assess controls around VISA, Debit, or Cheque deposits.
Findings
A total of $4M cash deposits were made at the City in 2024 across thirty-eight locations. The
largest contributor is the Revenue division which collects payments for property taxes, utilities,
and miscellaneous billings.
With more patrons using electronic payment methods, the amount of payments made using cash
has decreased significantly (approximately 45%) in the last 10 years with several locations such
as golf, community arenas, outdoor pools, special events, and purchasing no longer accepting
cash as a form of payment. In 2014 the total cash deposited was $7.3M as a comparison. It is
anticipated that online forms of payment will continue to increase over time, further decreasing
risk associated with cash handling.
In general cash controls have improved significantly since the last status update in 2019. Most
locations now enter all payments into Activenet or other point of sale (POS) systems, provide
receipts generated by the system to the customer, and then balance the deposit to system
reports. Most locations have also eliminated product inventory and the need to reconcile sales
to inventory on hand.
There were a limited number of locations / revenue streams which did not have adequate
controls, making the theft of cash possible. However, the dollar values are low and the cost and
effort to implement controls would outweigh the potential theft risk.
Management has been made aware of these control weaknesses but are not expected to
mitigate given the low value unless theft is suspected or detected. As noted above, the
estimated theft exposure is 5% of revenues. Any theft exposure greater than $10K should be
mitigated. However, all the exposures are less than that threshold (only $9K in total across all
locations) and any effort to mitigate would outweigh the benefits.
Page 7 of 26
Conclusion
At the City of Kitchener cash is adequately protected from theft. The areas receiving most of the
cash have solid controls in place, and the areas that do have control weaknesses are low dollar
and therefore low risk. Overtime it is anticipated that the use of cash will diminish even further,
reducing this risk even more.
There are no recommendations from this audit. It will remain on the list of recurring assurance
audits and will be repeated in 5-6 years.
3. Employee Parking Tax Exemption — Compliance Audit
Completed: February 6, 2025
Background
City employees are provided with the ability to park in proximity to their work location. Where
there is a fair market value for their parking (e.g., within a downtown parking garage) employees
may be subject to a taxable benefit as per Canada Revenue Agency (CRA) criteria. The fair
market value of the parking benefit is reported as income to the employee and taxable as such.
The employee's income tax withheld and remitted to CRA will increase based on this taxable
benefit. The taxable benefit is also considered pensionable and subject to OMERS deductions
from pay. In some cases, it may also be subject to additional CPP contributions for employees
whose annual contribution has not reached the CPP contribution limit.
The City has identified several positions which are required to drive their personal vehicle on a
regular basis for work purposes. Per CRA guidelines, these positions receive a tax exemption
meaning that no taxable benefit or related withholdings will be applied to their pay as they need
to park their vehicle at a city operated facility so that it is readily accessible for offsite work
purposes. To be tax exempt, CRA stipulates that an employee must use their vehicle for offsite
work-related trips an average of 3 of every 5 days or 60% of the time.
Audit Objective
The purpose of this audit was to verify that the employees designated as tax-exempt drove their
personal vehicle at or above the threshold, with the purpose of updating the list for 2025 for any
positions deemed not tax-exempt through this exercise.
Scope
This audit analyzed the mileage claims for all tax-exempt employees for 2024.
Methodology
The following activities were completed for this engagement:
• Count of number of days mileage claimed by month and for the full year for each tax-
exempt employee
• Factored in start and end dates, statutory holidays, vacation, and sick days
• Highlighted employees who do not meet the tax exempt threshold for the year
Findings
Overall, almost all of 47 staff on the exemption list continued to meet the criteria to be tax-
exempt. There were only 5 employees who did not appear to meet the criteria.
Page 8 of 26
One employee was removed from tax exempt status during 2024 — employer paid parking
was fully taxable as they did not meet the tax exemption threshold.
The nature of the work changed for two of the positions during the year, decreasing the
amount of driving required. They have been removed from the exemption list for 2025.
Two of the positions were co-op positions where the employees did not keep adequate
records. However, the positions are required to drive over the threshold amount.
Management will ensure students are trained to track their mileage.
Next Steps
Any new positions added to the tax exemption list should be monitored by Financial Operations
for a period of one year to determine eligibility thresholds are met. In addition, Financial
Operations should continue to remind all staff on the list that it is their responsibility to either
claim mileage and / or record their trips in a logbook.
STRATEGIC PLAN ALIGNMENT:
This report supports the delivery of core services.
FINANCIAL IMPLICATIONS:
Capital Budget — The recommendation has no impact on the Capital Budget.
Operating Budget — The recommendation has no impact on the Operating Budget.
COMMUNITY ENGAGEMENT:
INFORM — This report has been posted to the City's website with the agenda in advance of the
council / committee meeting.
PREVIOUS REPORTS/AUTHORITIES:
• CAO -2024-510 2025 Internal Audit Work Plan
APPROVED BY: Dan Chapman, CAO
ATTACHMENTS: none
Page 9 of 26
H
0
a
ccW
H
Lr)
0 cr
F�
a
N
W
r -I
G'
^� N
W �
(6
a
^ , co
W
•V
>
L �
I �
O V
+-a • -
a--> >
C
E a) a)
a) U
X >, I
cn w
E X V
Ln • C E +-a
0
}' 4-aca ca
w
• — 4-,
cn N ca
bA> V
0
.� E o
U Lu CL U 0 U
V > > > ❑ ❑
!OE
W
LL
a
W
LL
J
W
W
-
O
4-
0
c
O
L
0
4-
0
a--)
U
ca
00
O
N
i
CL
2
0 0 0
W
V I
4--j
O
m
4-j
4-j
O
�p
O
O
•
4-J
•-
V
•-CLL
�
�
O
O
.>
>
4�
V
4�
O
'-
U
O
p
C
O
V
w
0
i
0
li
��
L60
W
L
W
N
O
N
��
V
V)
ago
EZ
0
1-4
Ln
Q)
ca
V
QL
co
N
O
LO
N
0)
(6
n
via VOVNIVO
LLJ
co
N
O
00
V
-1-j 0)
a
QL
V VQ)
O O _0
4-) 4-) cr
.— •— a�
(A U C-
CL
CL O
O U
—
4-' O
70
O p
V L �
kn Q)
CO
4-ca C)O V)
4-)o 0Q
A ` V
87 - , -
O V
M
C Q V
+� LZ O
cn (n O O
E
U O
V.. ._ 4-J
O O C:
'00 4-)O
O � � U
O V I I
ca cn
0
L4lk
O
E
L
0 0 0 0 0 0 0 0
>% Ln
�--� 4—
—
E O
'X m
° � o
0. w
C�
'—O
. — � ca
4-j
4-j
4-j
c:
O Q E
Jc:i E
— O w.> X
Q X i Q)
ca 70
X w =3 9) +-j M
m > Q X
w �
> O � � p O
� O
� > p �
ca . o
cn V 4-j 4-jO —
p Q) '� O
O 0
i ca CL
O O w ca p O
.� E Q
E � O
W ° Ln�' a u-0
R;I-
-0
N
—
O
•—
N
O
J
(A
-0
�
V
>
O
•—
O
C-
C,
70
Ln
�
cn
N
O
r%4
0
oc
7
o
U
O
4-j
4-j
E
>
4-j
O
•—
E
x
0
X
O
'0
CO
4-)
a -J
CO
•—
>
cn
O
O
0)
>
^W,
E W
' OE
4-j 4-j
4-j O
ca Q 0 �. O
0)a, � o
to a -j
� 0. -0 cn
ca E -
70 Q) a) a�
4— X
O w >'
� X 70 c—O
w ca C: Oco
�
4-j E
E i co a)
_ 4-j
O J-,:
4-j4-)
:E
N V — bA
O p CO O . — :
U N _ 4-J
0 0 0
O
PI
qzl
N
O
'0N N
O Ln. cn
E
ca
E o
0
a--) CL `~ _0
(1) CL 0 Q)
E > o
o 0 EE
Ln
p • — a� a�
O O
-a n
E E
J O
N
I;t Ln
0
O
U
Q)
c�a
ps�
V)
0
O
V
Q)
Q)
Q)
2