The URL can be used to link to this page

Home My WebLink AboutMINUTES - 04021996 - C45 TO: , BOARD OF SUPERVISORS Contra l' �1 c FROM: Cotta Phil Batchelor, County Administrator County �;,..I. DATE: April 2, 1996 CUUN� C*y SUBJECT: KPMG 1994-1995 Audit Management Letter SPECIFIC REQUEST(S)OR RECOMMENDATION(S)&BACKGROUND AND JUSTIFICATION RECOMMENDATION: Receive KPMG Peat Marwick FY 1994-1995 Audit Management Letter and refer it to the County Administrator. BACKGROUND: During the audit of the general purpose financial statements of the County for the year ended June 30, 1995, KPMG Peat Marwick noted certain matters involving the internal control structure and other operational matters which are presented in the Management Letter for consideration. These comments and recommendations are intended to improve the internal control structure or result in other operating efficiencies . CONTINUED ON ATTACHMENT: YES SIGNATURE: -RECOMMENDATION OF COUNTY ADMINISTRATOR RECOMMENDATION OF BOARD COMMITTEE -APPROVE OTHER SIGNATURE(S): ACTION OF BOARD ON ATIYr T 1 7, 19q6 APPROVED AS RECOMMENDED X OTHER VOTE OF SUPERVISORS I HEREBY CERTIFY THAT THIS IS A TRUE _X UNANIMOUS(ABSENT ) AND CORRECT COPY OF AN ACTION TAKEN AYES: NOES: AND ENTERED ON THE MINUTES OF THE BOARD ABSENT: ABSTAIN: OF SUPERVISORS ON THE DATE SHOWN. ATTESTED April 2, 1996 Contact: Dean Lucas 646-4077 PHIL BATCHELOR,CLERK OF THE BOARD OF CC., County Administrator SUPERVISORS AND COUNTY ADMINISTRATOR County Auditor-Controller r BY 4 DEPUTY lift Peat Marwick LLP One Kaiser Plaza Telephone 510 465 4663 Telefax 510 465 4764 Oakland, CA 94612 November 3, 1995 The Honorable Board of Supervisors County of Contra Costa, California We have audited the general purpose financial statements of the County of Contra Costa (the County) for the year ended June 30, 1995, and have issued our report thereon dated November 3, 1995. In planning and performing our audit of the general purpose financial statements of the County, we considered the internal control structure in order to determine our auditing procedures for the purpose of expressing our opinion on the general purpose financial statements and not to provide assurance on internal control. We have not considered the internal control structure since the date of our report. During our audit we noted certain matters involving internal control and other operational matters that are presented for your consideration. These comments and recommendations, all of which have been discussed with the appropriate members of management, are intended to improve internal control or result in other operating efficiencies and are summarized as follow: INFORMATION TECHNOLOGY We commend the County in its commitment to its recently formed Information Technology Steering Committee and its comprehensive plans in the areas of physical security and disaster recovery. We have noted certain areas for the Committee to consider which follows. Systems Development Life Cycle We recommend that the Committee develop, document and enforce a comprehensive formal systems development life cycle (SDLC). The SDLC should provide necessary direction to staff as to the roles, standards, procedures and methods required at each stage of system development, including planning, analysis, design, development, implementation and post- implementation. The SDLC should ensure that changes to the County's computing environment are made in a well managed, documented fashion with complete user visibility and approval. Segregation of Duties - Data Base Administrator and Systems Security Currently, the County's data base administrator is responsible for key systems security. Because a data base administrator has access to all County computerized data and can make changes to such data, a separate individual ideally maintains the watchdog function over everyone, including the data base administrator, who has such access capabilities. Segregation of Duties - Systems Programmer and Migration Staff It appears that the systems programmer generally migrates tested software changes into the production environment. Generally, the migration of such changes should be performed by a ]FIDMember Firm of Klyeveld Peat Marwick Goerdeler VAR Peat Marwick LLP The Honorable Board of Supervisors County of Contra Costa, California November 3, 1995 Page 2 member of the operations staff via an automated utility. Since the system programmer has the ability to modify software, the migration of modified software into the production computing environment should be performed by a second individual. Access to Data The County has in place a disaster recovery plan which includes a contractual arrangement with a vendor in Phoenix, Arizona as a backup data processing facility. It is unclear, however, if the County's system users have full capability of accessing the data via modem should the processing be necessary in Phoenix. It is our understanding that Data Processing Services is planning to analyze this situation. Staffing Plan The County is progressing toward client/server computing with its first pilot project being a new human resources/payroll system expected to be in complete production in fiscal 1998. Often, mainframe-centered staff do not migrate easily to client/server technologies. A staffing plan, including internal training and hiring, is critical to the County's ultimate success in progressing toward client/server systems. INTERNAL AUDIT FUNCTION MIS Auditors The County currently does not have qualified management information systems (MIS) auditors on its internal audit staff. This function has been vacant since the current Internal Audit Division Manager, who has MIS audit skills, was promoted to his current position. Currently an MIS auditor position remains unfilled and unbudgeted. Information systems processing controls are currently reviewed by Internal Audit at a very cursory level as part of their standard audits. However, monitoring of this processing function from an internal control perspective by Internal Audit is not performed. The County's operations are extremely dependent on information systems processing. Systems currently used by the County, with a few exceptions, are fairly antiquated. As such, the need for a dedicated MIS auditor is critical to the control environment. MIS auditing is a highly specialized skill and can only be delivered by auditors trained and experienced in information processing capabilities and system controls. We understand that the County has recently solicited bids for a systems security assessment. We encourage the County to follow through with this project which is especially critical given the lack of Internal Audit's involvement at this time. We suggest that Internal Audit participate with the outside vendor selected for this project as a means to increase its understanding of the County's information systems. Subsequent to completion of the project, MIS controls should be monitored continually. In addition, as the County continues to upgrade its systems, particularly to client/server technology, an MIS auditor function becomes even more necessary. We recommend that the County hire a highly skilled MIS auditor for this function. Whl KRMG Peat Marwick LLP The Honorable Board of Supervisors County of Contra Costa, California November 3, 1995 Page 3 Internal Audit Risk Assessment Plan The Internal Audit Division has recently begun developing a risk assessment plan which thus far identifies audits performed by the Division, how often they are performed, and which are mandated by law. County departments which collect cash receipts have also been identified and ranked by Internal Audit as to level of risk of misappropriation of such funds. As such, the risk assessment plan is only in its initial development stage. A risk assessment is critical to the effectiveness of an internal audit function. We encourage Internal Audit to complete its assessment plan as quickly as possible and redirect its resources to those areas which pose the highest risk to the County. Operational Efficiency and Performance Audits The Internal Audit Division currently performs operational efficiency and performance audits only on a limited basis as directed by the County Administrator. Internal Audit indicated the desire to perform more of these audits, however, the Division is limited in its staff resources. We suggest that the County support Internal Audit in performing more operational efficiency and performance audits designed to identify savings in excess of the cost of performing such audits. BUSINESS RESUMPTION PLAN Although the County has a disaster recovery plan for information technology, it does not appear that a formalized business resumption plan is in place. Such a plan identifies and prioritizes the business processes of an organization (such as "revenue collection", "distribution of aid to program recipients", "paying employees") which must be recovered first in the event of a major disaster. We recommend that the County develop a business resumption plan to ensure its most critical processes are in service as expedient as possible in the event of a disaster. STRATEGIC PLANNING Certain divisions have invested time and effort to develop and implement strategic plans which have produced favorable outcomes in the service delivery of the County. The Human Services Child and Family Service Integration and the Juvenile Justice System are two such successes. Other operations of the County appear to have done less in the area of strategic planning. nr�r-j K-P�Peat Marwick LLP The Honorable Board of Supervisors County of Contra Costa, California November 3, 1995 Page 4 Strategic planning is a process in which a division, department, or unit focuses on its mandated services. Such services may be provided to the public or may be support services provided to another department within the organization or to another government agency. The strategic planning process includes several key factors which set direction for the division, department, or unit and results in successful implementation. These factors include: • Strong sponsorship from and involvement of management. • A strong environmental assessment that provides information on which to base strategic decisions. • A consensus-building process that is highly participative and allows for staff input, which builds commitment to implementation. • A broad perspective that sets direction for the entire division, department, or unit thereby integrating its activities toward common goals. • A mechanism for objectively measuring and demonstrating progress toward goals. Without these factors, the planning process does not provide strategic direction to management and staff. Current planning processes, which may appear to be functioning successfully as a first step in the annual budget cycle, may not be providing a mechanism for change which results in efficient and effective County service delivery. We recommend that the County assess the need to require more divisions, departments, or units to develop and execute strategic plans. EVALUATION OF PROPOSITION 62 The California Supreme Court recently upheld the constitutionality of Proposition 62, a 1986 initiative which requires voter approval of all new or increased taxes. The Court's ruling could invalidate certain taxes previously collected by the County and disallow these taxes from being collected in the future. County management does not believe this ruling will materially affect the County's financial position. Because the ruling is so recent, however, the County has not yet assessed the full potential financial impact of this ruling. We suggest that the County evaluate the taxes which may be scrutinized under this ruling and assess measures necessary for the County should an adverse ruling result. SERVICE EFFORTS AND ACCOMPLISHMENTS MEASUREMENT AND REPORTING SYSTEM The reporting of service efforts and accomplishments (SEA) by state and local governmental entities is one of the more important areas being studied and discussed by both standard setters and users of general purpose external financial reports (GPEFR). The measurement of a governmental entity's performance requires information not only on the acquisition and use of resources (the more traditional measures), but also on the outputs and outcomes of the services provided, and the relationship between the use of resources and the outputs and outcomes (i.e. results). r—A /FPM `` Peat Marwick LLP The Honorable Board of Supervisors County of Contra Costa, California November 3, 1995 Page 5 The development and use of SEA measures will represent a significant modification in financial reporting practices. In addition to expending and enhancing the information available to external users of GPEFR, the development of SEA measures will also assist management in establishing and communicating clear, relevant goals and objectives; setting measurable targets for accomplishments; and developing and reporting indicators that measure progress in achieving those goals and objectives. We understand many departments track certain service efforts and accomplishments. We have reviewed selected reports provided to the Internal Operations Committee of the Board of Supervisors which highlight major accomplishments of County offices. We encourage the County to enhance its SEA measurement and reporting to provide more detailed quantifiable information for its constituents to assess the economy, efficiency, and effectiveness of County services. We believe a well designed SEA measurement and reporting system would assist elected officials and management in improving the delivery of County services. The development of such a system should involve a number of constituents such as citizen groups, employees, management and elected officials in determining the type of information that would be reported. The key steps to this process should include the following: • Define the County's core services, and identify, define and validate potential performance indicators; • Assess the type of data required to measure performance, determine how to optimize current systems to capture that data, and identify the key short term and long term systems issues and alternatives; • Link performance measures to operating processes and systems such as strategic planning, budgeting, human resources management, and resource allocation decisions; • Compare the County's performance with that of other similar organizations in order to provide a frame of reference, and to identify potential areas where improvements are possible;and • Report performance results to demonstrate accountability to taxpayers and citizens. • STAFFING During the audit of the general purpose financial statements, a Principal Accountant in the External Reporting & Services Division of the Auditor-Controller's office became seriously ill and has been on leave of absence for several weeks. This individual is expected to be out for an extended period and is key to many accounting functions of the County. Other staff in this Division have performed a commendable job in handling the responsibilities of this individual in the interim in addition to fulfilling their own assignments. However, a significant amount of overtime and pressure has been placed on these employees to meet critical deadlines imposed on the County. Individuals from other Divisions have also assisted the Division in order to meet deadlines. In addition, it appeared through the audit process that much of the information and skills maintained by this Principal Accountant had not been made readily available to other staff in the Division and, accordingly, much research was necessary to provide certain data for the audit and reporting process. OWN Peat Marwick LLP The Honorable Board of Supervisors County of Contra Costa, California November 3, 1995 Page 6 Such continued overtime and pressures placed on the Division increases the risk of inaccurate County financial data and inability to meet deadlines. We understand that the Auditor- Controller is currently evaluating alternatives to facilitate the Division's needs. Given the expectation that this Principal Accountant will not be returning in the near future and the role this individual serves for the County, we recommend that the County hire, or promote from within, a qualified individual with the necessary skills to maintain the functions of this position as soon as possible. We also recommend that the County review its process of cross training its staff. Cross training is important in order to enable the County to function smoothly in the event of employee turnover or leave of absence as described above. YEAR END CLOSING AND REPORTING PROCESS The year end closing and the coordination of financial reporting is a complex and rigorous process. Approximately 100 reclassification entries and approximately 30 adjusting entries were recorded by the County through the process. The majority of these adjustments were to reclassify the accounts as recorded in the finance system for reporting purposes. A high volume of adjustments results in significant manual staff time spent to finalize the Comprehensive Annual Financial Report (CAFR). We recommend that the County assess its closing process to determine whether the volume of adjustments are a product of inaccurate initial journal preparation at the individual department level, accounting software limitations, or gratuitous steps performed in the closing process itself. The County should then take actions, if possible,to reduce the number of closing adjustments. FIXED ASSET CAPITALIZATION POLICY The County currently maintains a capitalization policy for its fixed assets of greater than $1,000. We noted in past audits, certain items below this threshold capitalized because of certain circumstances. We recommend that the County consider raising the current threshold considering its cost to track and individually account for such items. NEW PENSION ACCOUNTING AND REPORTING GUIDANCE The Governmental Accounting Standards Board (GASB) issued Statements No. 25 and 27 establishing standards for the measurement and recognition of pension costs by employers and the reporting and disclosure requirements for defined benefit pension plans. Implementation is required for periods beginning after June 15, 1997 for the employer and June 15, 1996 for the defined benefit plan. OR ;,, KRMG�Peat Marwick LLP The Honorable Board of Supervisors County of Contra Costa, California November 3, 1995 Page 7 The statements provide guidance on the selection of actuarial and economic assumptions and the computation of the pension benefit obligation and the annual required contribution (ARC). Funding by the employer at a level below the ARC would require recognition of a net pension obligation (NPO) on the employer's financial statements. The NPO would reflect the cumulative difference including interest between the ARC and the actual contributions made. The statement on disclosure requirements for defined pension benefit plans would require the Retirement Association to report its investments at fair value rather than historical cost. Both statements set forth requirements for enhanced disclosure by both the County and the Retirement Association. We understand that the County has started its initial planning process for compliance with these requirements. We recommend that the Retirement Association and the County continue planning for the transition. Our audit procedures are designed primarily to enable us to form an opinion on the general purpose financial statements, and therefore may not bring to light all weaknesses in policies or procedures that may exist. We aim, however, to use our knowledge of the County's organization gained during our work to make comments and suggestions that we hope will be useful to you. We would be pleased to discuss these comments and recommendations with you at any time. This report is intended solely for the information and use of the Board and management of the County and should not be used for any other purpose. This restriction is not intended to limit the distribution of this letter, which is a matter of public record. }l�