HomeMy WebLinkAboutTR-78-98
,
THE CORPORATION OF THE MUNICIPALITY OF CLARINGTON
REPORT
Meeting:
General Purpose and Administration Committee
File #: ~o3
Res.#: C::> P{-} - 5&>S ,9 ~
Date:
October 19, 1998
Report #:
TR-78-98 File #:
By-Law #:
Subject:
1997 AUDIT REPORT AND MANAGEMENT LETTER
Recommendations:
It is respectfully recommended that the General Purpose and Administration Committee
recommend to Council the following:
1. THAT Report TR-78-98 be received; and
2. THAT the recommendations and actions identified in the body of Report
TR-78-98 be endorsed.
Backaround and Comment:
In 1997 Audit Report and Management letter received from Deloitte and Touche, contains
some recommendations to improve upon certain internal control areas within the Municipality.
A copy of the Audit Management letter is attached as Schedule "A". The Audit Management
letter states the following:
"We have noted continuing improvement in the records and accounts of the
Municipality and are pleased to see that many of the comments in our prior year's
management letter have been acted upon. We feel the attached suggestions will
further enhance the accounting procedures, internal controls and operations of the
Corporation. However, they should be considered in context with the Municipality's
overall system of internal controls and accounting procedures which we consider,
based on our review, to be good."
1.0 PSAAB Requirements
1.1 At the present time, the Public Sector Accounting and Auditing Board (PSMB)
recommendations have not yet been proclaimed and the Province has not yet
released any revisions to the required format for the 1998 financial year end.
801
TR-78-98
1997 AUDIT REPORT AND MANAGEMENT LETTER
Page -2-
The recommendations will likely be proclaimed for the 1999 year end financial
statements. However, Treasury staff have been monitoring the situation and will
undertake a detailed review of the applicable PSAAB handbook sections and revise
the municipal financial statement format at the appropriate time.
2.0 Access to Computer Room
2.1 There are a total of four printers in the computer room, which are used for printing
journals in the financial system, producing Accounts Payable cheques, printing tax
bills, etc. The room is essentially used as a combination computer/printer room. Due
to the size of the printers, as well as noise level, temperature control requirements
and fumes, it is not possible to relocate the printers to any area where they would be
accessible to staff.
2.2 It is proposed as a long-term solution, that the main computer room be relocated to
the basement, possibly in conjunction with the replacement of the financial software in
the year 2001. This will be addressed in future budget deliberations.
3.0 Segregation of Duties
3.1 Currently, the Revenue Clerk II (reports directly to Tax Collector) accepts cash on a
very infrequent basis (ie. four times a year during tax installment due dates). Since,
the Tax Collector reviews all miscellaneous adjustments to the tax accounts when the
journal entries to the general ledger are prepared, staff do not feel that the situation
poses any problem with segregation of duties.
4.0 Year 2000 Planning
4.1 As per Report TR-50-98, dated June 22, 1998, a committee is being established with
representation from all departments, as well as the Property Manager, Purchasing
Manager and Systems Manager. The Museums and Library have also expressed an
interest in participating.
5.0 Internet Use
5.1 It is an established practice with all software and hardware installations to perform
proper testing and verification of security measures. This practice will be followed
when corporate internet access is established.
5.2 It is proposed that users will only be provided with internet access at the direction of
the applicable department head and that all users may be required to sign a
memorandum of understanding which outlines appropriate use of internet
accessibility.
8uZ
TR-78-98
1997 AUDIT REPORT AND MANAGEMENT LETTER
Page -3-
6.0 Novell LAN Security
6.1 It has always been a requirement that all users accessing the system must enter a
password. No staff can proceed beyond the initial log-in screen without entering a
valid password.
6.2 The policy requiring all users to change their password every 180 days has been
reviewed and system administrators will now adhere to this policy.
7.0 Prior Years Comments Still Applicable
7.1 Capital Fund Accounting Procedures
As indicated in the 1998 approved Capital Budget, for year 2000 Compliance, the
Municipality is setting aside funds to replace the financial software over a three year
period. At this time it is more cost effective to establish new capital fund accounting
procedures in conjunction with the capabilities of any proposed new financial
software. Currently, unexpended capital financing is recorded through commitments
to the reserve and reserve funds which is included in the Budget and Trial Balances.
The Municipality actually maintains this information with a greater degree of detail and
accuracy than is normally found in formal capital fund systems. For 1998, the total
value of commitments to the Reserves and Reserves Funds will be reported in the
notes to the Financial Report at year end. This has been discussed with the
Auditors, who are in agreement with the above comments.
7.2 Information Services Department - System Policies and Procedures
Due to the Municipality's major conversion to a Windows environment and move to
the Microsoft Office Suite of software products, specialized menuing software was
purchased to put strict controls on the user environments. All users are controlled by
passwords restricting access to required software only. User profiles are based upon
job requirements. As a result of the structured environment currently in place, the
Municipality has very high system security and Systems staff are able to perform
many maintenance functions through the network. It is not considered a priority at
this time to devote Systems staff to a documentation exercise due to the high demand
for new applications, GIS installation, corporate internet access, etc. Staff will
continue to monitor the situation for future consideration of this suggestion.
Conclusion:
In summary, the audit recommendations made in the 1997 Audit Report and Management
letter have been received as constructive comments and an effort has been made to
implement the recommendations that are feasible and cost effective at this time.
803
TR-78-98
1997 AUDIT REPORT AND MANAGEMENT LETTER
Page -4-
Respectfully submitted,
,)
Reviewed by:
~
Chief Administrative Officer.
MM/NT/hjl
Attachment
8u4
SCHEDULE "A"
Deloitte &
Touche
o
April 23, 1998
Chartered Accountants Telephone: (416) 229-2100
Deloitte & Touche Telecopier: (416) 229-2524
5140 Yonge Street, Suite 1700
Toronto, Ontario M2N 6L7
Mr. John Mutton
Chair - Finance Committee
Corporation of the Municipality of Clarington
Municipal Offices
40 Temperance Street
Bowmanville, ON LIC 3A6
Dear Mr. Mutton:
We have completed our examination of the consolidated financial statements of the
Corporation of the Municipality of Clarington for the year end December 31, 1997. Our
examination includes a review of the system of internal controls, accounting procedures and
other matters.
The attached comments should not be construed to represent the results of a detailed system
review but are observations made during the normal course of our examination.
We have noted continuing improvement in the records and accounts of the Municipality and
are pleased to see many of the comments in our prior year's management letter have been
acted upon. We feel the attached suggestions will further enhance the accounting procedures,
internal controls, and operations of the Corporation. However, they should be considered in
context with the Municipality's overall system of internal controls and accounting procedures
which we consider, based on our review, to be good.
We would be pleased to discuss any of these comments and suggestions further with you. If
we can be of assistance in the implementation of any of these recommendations, please do
not hesitate to contact us.
We would like to take this opportunity to thank the staff of the Municipality of Clarington for
their excellent assistance and co-operation during our audit.
Yours very truly,
~f~
Chartered Accountants
Attachment
Deloitte Touche
Tohmatsu
buS
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
Management Letter
December 31, 1997
Page 1 of6
PSAAB REQUIREMENTS
The Public Sector Accounting and Auditing Board (PSAAB) has issued handbook sections in
order to set standards for good municipal accounting and financial reporting practices. Three of
these sections are expected to become applicable for the reporting year ending December 31,
1998. The requirements of these sections will be as follows:
1. Section 1700 deals with the objectives of financial statements and includes detail which
sets out the general attributes of financial statements. As part of this section, the balance
sheet will have to be approved and signed by the Mayor and Audit Committee Chair in
order to show accountability.
2. Section 1800 deals with the general standards of financial statement presentation. As part
of these standards a statement of changes in financial position will be required; all
liabilities will now be recorded on the balance sheet, restricted assets will no longer need to
be segregated on the balance sheet, and expenditures will not include debt principal
repayments. Principal and interest charges will be reported on a separate line at the end of
the statement of operations.
3. Section 2100 deals with disclosure and includes the disclosure of accounting policies as
well as the disclosure of any changes in accounting policies.
Recommendation:
We suggest the Municipality review the applicable PSAAB handbook sections and determine
what changes in reporting the Municipality will have to address for the year ending
December 31, 1998.
ACCESS TO COMPUTER ROOM
Observation:
During discussions with client personnel it was noted that access to the computer room is not
restricted to computer personnel, as there is a printer in the room which is used by various staff
members. This is a weakness in controls as the risk of unauthorized access to the computer
equipment is high.
I
OuO
Deloitte &
Touche
o
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
Management Letter
December 31,1997
Page 2 of6
ACCESS TO COMPUTER ROOM (Continued)
Implication:
When this issue was discussed with treasury department staff we were informed that it was not
feasible at the present time to move the printer to another location due to lack of available office
space.
Recommendation:
We recommend that the printer be moved as soon as possible and the access code changed to
allow only authorized personnel access to the computer room.
SEGREGATION OF DUTIES
Observation:
We noted that the cash supervisor in the tax department has her own till and, when needed,
accepts cash receipts. She is also directed a majority of the telephone calls concerning taxes and
has authorization to perform posting functions and write-offs to tax accounts.
Implication:
These conflicting duties result in an internal control weakness as the same person can accept
cash, answer tax related inquiries, post tax accounts, and process write offs.
Recommendation:
We recommend the cash supervIsor not be allowed to process tax write offs or other
miscellaneous adjustments to tax accounts. If staff availability does not permit this, any
adjustments, other than cash receipts posting entries, processed by the cash supervisor should be
reviewed on a timely basis by the deputy-treasurer or other appropriate official.
bu7
Deloitte &
Touche
I.)
.
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
Management Letter
December 31, 1997
Page 3 of6
YEAR 2000
Observation:
Discussions with your staff indicated that you are currently in the process of addressing the year
2000 computer compliance issue. To date most of the work has been completed within the
computer systems group with the focus primarily on technology and financial systems. Other
systems which function on a "date sensitive" basis have not yet been formally reviewed for year
2000 compliance.
The Treasury Department is co-ordinating this year 2000 compliance issue, and we understand
they will be formally reporting to Council on this matter in the near future. Systems already
being investigated for year 2000 compliance are the G. I. S. system, the financial reporting
system and the tax collections system.
Implication:
With the Treasury Department co-ordinating this project there may be operating department year
2000 issues of which they are not aware.
Recommendation:
We suggest the municipality formalize the year 2000 project team which should include
representation from all departments within the organization. This project team should be
assigned the responsibility of ensuring all areas of the municipality be reviewed for compliance.
The first mandate of this team should be to complete an inventory of all systems within the
municipality which are "date sensitive" (ie. telephone systems, security systems, etc.) and which
may potentially be affected by the year 2000 date. Subsequently, the Municipality should
develop a plan to determine which systems are not year 2000 compliant and decide how to
update those systems which are found to be deficient.
TAX SYSTEM
Observation:
It is our understanding that the municipality is in the process of implementing a new tax system
which is expected to be Year 2000 compliant and be able to accommodate the tax changes
legislated by the current provincial government.
Implication:
During our discussions with staff we noted no formal conversion and testing plan had been
established to control the conversion process.
buS
Deloitte &
Touche
Q
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
Management Letter
December 31,1997
Page 4 of6
TAX SYSTEM (Continued)
Recommendation:
As this implementation will require the conversion of a large amount of tax account data we
encourage the staff within the Treasury department to ensure that the conversion utility being
utilized is appropriately tested before the final conversion takes place, and that pre-conversion
data is reconciled to post-conversion data.
We understand that a formal conversion plan has been developed and implemented over the past
few weeks and will be used to control the conversion of the tax information from the old to the
new tax system.
INTERNET USE
Observation:
During discussions with staff we noted that the municipality is planning to introduce the use of
the Internet (primarily for e-mail) to individual desktop computers. As part of this process an
appropriate firewall will be set up and managed within the municipality.
Recommendation:
As this process will provide external access to the municipality's computer systems, we strongly
encourage the municipality to:
. Develop an Internet appropriate use policy which outlines what the Internet services are to
be used for within the municipality and highlight repercussions for misuse; and
. Properly test and validate the working of the firewall and other security measures which
will be implemented.
These procedures would help ensure sensItIve municipal information is not obtained by
unauthorized external parties and would minimize the possibility of attracting harmful computer
viruses to your system.
bu9
Deloitte &
Touche
o
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
Management Letter
December 31, 1997. Page 5 of 6
NOVELL LAN SECURITY
Observation:
During the course of our review of the currently enabled Novell LAN security we noted that:
· one user with administrative equivalent rights did not require a password on the system;
and
· one user with administrative equivalent rights required a password but it was never
required to be changed.
Recommendation
It is our understanding that the standard user profile at the municipality requires a standard five
character password which is forced to be changed every 180 days. The "unique" password utility
is also enabled to ensure users do not re-use the same passwords. We suggest that all staff be
required to follow this standard profile. This will be increasingly important as the municipality
potentially starts to offer access to the Internet through the network.
PRIOR YEAR COMMENTS STILL APPLICABLE
Capital Fund Accounting Procedures
Observation:
At the present time the municipality accounts for capital expenditures through the Revenue Fund.
A separate ledger to record the financing and expenditures for the capital projects would be more
efficient.
Recommendation:
Due to the increasing number and complexity of capital projects undertaken by the municipality,
we suggest that the municipality consider establishing a formal Capital Fund Ledger to further
improve your financial information.
Such a ledger would allow for easier monitoring of capital projects, eliminate the need to transfer
unexpended capital financing to reserve/reserve funds at the end of each year, and provide more
informative reporting of unencumbered reserves and reserve fund balances.
biG
Deloitte &
Touche
o
.
CORPORATION OF THE MUNICIPALITY OF CLARINGTON
Management Letter
December 31,1997
Page 6 of6
PRIOR YEAR COMMENTS STILL APPLICABLE (Continued)
Information Services Department
System Policies and Procedures
Observation:
During our review of the current information system we noted that certain documented policies
and procedures are out of date and in places refer to software no longer in use.
As remote sites continue to be introduced on the LAN, control over computer operations
becomes increasingly difficult. Strong system policies and procedures with regard to system
operations, security and maintenance will contribute to the consistency and reliability of the
information produced by the systems.
Recommendation:
We suggest one member of the information systems team be assigned the responsibility of
reviewing, updating and monitoring compliance with current documented policies and
procedures.
(j I 1
Deloitte &
Touche
o