The URL can be used to link to this page

Second Semi-Annual Review Report for the 2018-19 Fiscal Year 10-25-19MIAMI BEACH MEMORANDUM City of Miami Beach, 1700 Convention Center Dri ve, Miami Beach , Florida 33139, www.miamibeachfl.gov Office of Internal Audit Tel : 305-673-7020 TO: VIA: FROM : DATE: Jimmy L. Morales, City Manager Mark D. Coolidge, Interim Internal Au Norman Blaiotta, Senior Auditor October 25, 2019 SUBJECT: Second Semi-Annual Review Report for the 2018/19 Fiscal Year In response to the BOO USA, LLP (BOO) audit report dated May 17, 2017, the Office of Internal Audit agreed to perform semi-annual reviews of selected Finance Department transactions to help ensure that the desired outcomes continue to be attained. The focus of this review was to perform testing to verify that BOO recommendations numbered 27, 45 and 48 are being followed by City staff. A summary of BOO's recommendations, the results of the Office of Internal Audit's current testing and recommendations for each of these three (3) analyses are separately listed below. 1. BOO Recommendation #27-Munis {the City's enterprise resource planning software} should be modified so as not to allow significant payments to be issued unless the approvals of at least two different City officers have been documented in the system. Further, Munis should be modified so as not to allow payments exceeding $1,000,000 to be issued unless the approval of the City Manager has been documented in the system. Current Testing Results #27-This recommendation has been tested in the last two semi-annual reviews for "Accounts Payable Invoices" or API transactions -in amounts of $500,000 and over. With the approval of a Disbursement Workflow Policy dated January 22, 2019 requiring two (2) departmental approvals for transactions over $100,000, the Office Internal Audit's testing was focused on determining whether the Munis System configurations were aligned with the new Disbursement Workflow Policy for selected API transactions that are equal to or more than $100,000 but less than $500,000. All 264 API transactions that satisfied this criterion and occurred between March 1, 2019 and August 31, 2019 were tested whereby it was noted that the following seven (7) transactions were not dually approved: • Three (3) transactions, each from different departments, showed an inappropriate approval configuration, as the Munis System did not request a second departmental approval as required, before releasing it for payment. • Four (4) transactions from two (2) departments were incorrectly approved although the Munis System requested the two departmental approvals, as both approvals were made by the same department official. Exhibit A located at the end of this report provides more detail on these seven (7) exceptions. Page 1 of 4 INTERNAL AUDIT MEMORANDUM Second Semi-Annual Review Report for the 2018/19 Fiscal Year October 25.2019 Recommendations for Current Testing Results-The Office of Internal Audit recommends the following: • For the three (3) transactions released for payment with only one (1) approval: The Chief Information Officer should instruct the Munis System Administrator to amend the configuration with the approval of the corresponding department directors so that the system requires at least two (2) department approvals for all transactions equal to or more than $100,000. The Information Technology Department should review all departments' configuration approvals and make the necessary corrections so that this shortcoming does not reoccur. • For the four (4) transactions where each was dually approved by the same department official: The Munis System is not equipped to detect and preclude an authorized user to perform dual approvals, the department's officials with approval privileges should agree in the implementation of an alternative control to help prevent this from occurring. Until this shortcoming can be rectified in the Munis System, the Finance Department should review all $100,000 or higher transactions to help ensure that all contain at least two (2) different authorized departmental approvers before the payment is issued. Management Responses (Information Technology Department): For the recommendation made in the first bullet point. Items 1 and 5 in Exhibit A were approved before the dual approval rule had been set up for their department. Item 2 had the rule set up in that department, but the rule did not work as configured. The Information Technology Department is opening a ticket with Tyler Technologies to address the incident with Item 2 where a rule is not working as configured. The Information Technology Department will also review all department's configuration approvals and verify that they are all configured for dual approval. Management Responses (Property Management Department): The Property Management Departm~nt will ensure proper checks and balances by reviewing invoices more carefully with two (2) different City officials (Assistant Directors level 38 and Director level 40) approving payments. In the event of an absence by the approver at level 40 (Director), this task will be assigned to the other Assistant Director for Property Management. Management Responses (Human Resources Department): We agree with this recommendation. We will also reinforce training amongst ourselves as approvers (Marla Alpizar, Sonia Bridges and Michael Smith) to avoid this in the future as we were not aware of this shortcoming in Munis. 2. BOO Recommendation #45 -The City should develop a documented plan of action to address staffing losses and staffing deficiencies in the Finance Department. The plan of action should include an assessment of staffing losses in critical leadership positions as well as losses in key staffing positions where there is a direct impact on meeting the timeline and execution requirements of internal controls, policies and procedures established to mitigate fraud. Current Testing Results #45 -The Office of Internal Audit staff received a detailed Finance Department internal procedure dated October 23, 2019 containing their staffing model plan to address personnel losses and deficiencies. Recommendations for Current Testing Results -The Finance Department should continue to follow their approved internal procedure and timely replace all staffing losses. Page 2 of 4 INTERNAL AUDIT MEMORANDUM Second Semi-Annual Review Report for the 2018/19 Fiscal Year October 25, 2019 3. BOO Recommendation #48-Background checks should be periodically performed on all current employees within the Finance Department. Current Testing Results #48 -The Office of Internal Audit reviewed background check documentation for Finance Department personnel for the 2016/17, 2017/18 and 2018/19 fiscal years provided by the Human Resources Department. Testing found that all staff was properly checked every other year; however, the Finance Department was not notified of the results. The questioned Human Resources Department employee responded that he intended to only notify Finance Department management of any issues and since none were noted there was no need to send out an email. Recommendations for Current Testing Results -Human Resources Department staff should timely notify the Chief Financial Officer of all employees tested and the corresponding results. This practice will help ensure that all individuals are routinely reviewed, and that Finance Department management is aware of the results. Management Responses (Human Resources Department): The Human Resources Department would notify the Chief Financial Officer when background checks on current employees have been completed each year. Furthermore, if follow-up action were necessary due to a finding(s) on a background check, the Human Resources Department would follow applicable Federal and State law to notice the employee, would provide the employee for a reasonable time to correct or complete the record, and would recommend an appropriate action to the Chief Financial Officer and/or City Manager if necessary. F:\OBPI\$AUD\INTERNAL AUDIT FILES\DOC18-19\REPORTS-FINAL\FINANCE SEMI-ANNUAL REVIEW REPORT #2 FY18-19.DOCX cc: John Woodruff, Chief Financial Officer Chris Sarandos, Chief Information Officer Adrian Morales, Property Management Director Michael Smith, Human Resources Department Director Page 3 of 4 INTERNAL AUDIT MEMORANDUM Second Semi-Annual Review Report for the 2018/19 Fiscal Year October 25, 2019 Exhibit A #I Doc Num I ::::oval I Approver Position I Department I Amount I Approval Date I Check Date I Check/Wire Number ADMIN SERVICES TOURISM 1 169878 38 MANAGER CULTURAL $ 332,315.67 3/5/2019 3/6/2019 3012 DEVELOPMENT 2 171320 38 CITY ATIORNEY CITY $ 104,822.90 3/22/2019 3/26/2019 437077 ATIORNEY 38 PROPERTY MANAGEMENT DIRECTOR 3 179206 PROPERTY $ 180,238.99 5/10/2019 5/14/2019 438857 MANAGEMENT 40 PROPERTY MANAGEMENT DIRECTOR 38 PROPERTY MANAGEMENT DIRECTOR PROPERTY 4 188350 $ 106,137.40 6/28/2019 7/2/2019 440813 PROPERTY MANAGEMENT MANAGEMENT 40 DIRECTOR 5 189283 38 PLAN DEPT DEPUTY PLANNING $ 204,000.00 7/9/2019 7/9/2019 440894 DIRECTOR 38 HUMAN RESOURCES ASST DIRECTOR HUMAN 6 190717 RESOURCES $ 201,400.00 7/24/2019 7/25/2019 441503 50 HUMAN RESOURCES ASST DIRECTOR 38 HUMAN RESOURCES ASST DIRECTOR 7 198594 HUMAN . $ 104,745.78 ·8/30/2019 9/4/2019 3664 RESOURCES so HUMAN RESOURCES ASST DIRECTOR Page 4 of 4