30 Kasım 2012 Cuma

Auditor's Management Letter 2011

To contact us Click HERE


Tuesday morning starts another round of committee meetings at the Town and the first thing that strikes me about these meetings is what is missing. Usually you would expect to see the nine month results ending September 30 and a forecast of the year end results so that last minute adjustments can be made. I see no financial updates in any of the meeting agendas but I guess this doesn’t surprise me in light of comments received from the Auditor that I will get to in a moment.

Auditor finalizing $4M deficit, but don't worry, we are cash flow positive!

The only mention of the 2012 results is buried in a useless 49 page fluff piece referred to as the Business Plan 2013. As far as I can see this document should have taxpayers shaking their heads. What a waste of resources. Here’s the bullets on our Surpluses/ Deficits.

The move to Public Sector Accounting in 2009 has resulted in the municipality reporting on depreciation of capital assets. The subsequent deficit reported is in line with municipalities of our size, but requires continued monitoring and diligence.
On a cash basis, the municipality has reported surpluses, while the 2012 budget is projecting a modest deficit.

Right, how about our $4M plus deficit with Bracebridge being close to a break-even.

The Auditor has presented their letter of internal control deficiencies. They use three levels of concern, ‘Material Weaknesses’, ‘Significant Deficiencies’ and ‘Deficiencies’. A few years ago I was hit with the same ‘material weakness’ as the Town and took steps to eliminate the comment from re-appearing. The Town’s response is weak and shows, to me, a certain amount of disdain.


Here’s the important content of the letter.
Identified deficiencies in internal control

We identified the following internal control matters as of the date of this letter that are of sufficient importance to merit your attention.

Material weaknesses
1. There is currently no independent review of all journal entries posted by the Manager of Finance/Treasurer. Since journal entries can be used to override controls, all journal entries should be reviewed by someone independent of the preparer.

Management’s response:
 In general, any journal entries prepared by the Treasurer is entered into the system by another finance staff member, there are times when this does not happen (especially at year end) where there is not a second review prior to posting the entries, however, all managers and directors have access to detailed general ledger information and review their accounts at a minimum quarterly each year. In the future, all journal entries will be signed off by a second reviewer.

Significant deficiencies

1. After the trial balance was provided to the audit team on March 5, 2012 at the commencement our audit, management subsequently provided the audit team with a number of additional unrecorded journal entries. In order to ensure that interim financial reports used by decision makers are accurate and complete, we recommend that month end and year end processes be implemented to ensure timely recording of transactions.

This item was also identified by BDO and indicates that the monthly statements are probably so wrong that they are probably useless as a decision making tool. Garbage in, garbage out!

2. The current network security settings are noted below:
• Enforce password history – “0 passwords remembered”
• Maximum password age – “30 days”
• Minimum password age – “0 days”
The above settings imply that a user, when prompted to change their password after 30 days, could change their password and then immediately change their password again and use the same previous password. This increases the risk of unauthorized access to data residing on the network server as there effectively is no requirement to change the user’s password.

Management’s response:
1. Subsequent to the start of the audit fieldwork several journal entries were posted mainly relating to tangible capital asset movements. Staff will continue to work with management and staff to ensure that all year-end adjustments are completed before the trial balance is forwarded to the auditor. A process will be implemented in this regard to follow in future years.

2. Effective October 2012, the Town of Huntsville will put into place network security settings to enhance our internal controls.

Deficiencies
1. During our gas tax audit, we noted that the Towns is not in compliance with the criteria established by the Association of Municipalities of Ontario described in Section 8.1 as the Town has not yet completed its Capital Investment Plan.
2. Access rights of terminated employees are not always disabled on a timely basis. Notification by the Human Resources Department of employee termination and work status changes that impact user access rights should be provided to the IT department immediately to avoid unauthorized user access and unauthorized changes to data.

With so may thieves, liars and cheaters being fired this deficiency is very worrisome.

3. The Town currently has not completed a formal Disaster Recovery Plan (DRP) that details the steps to be taken in the event of a disaster. The absence of a documented DRP increases the likelihood that the Town would not be able to either function in a controlled manner during a disaster or successfully address and recover from a disaster event that would have either direct financial implications or impair the integrity of
financial data. A full test of the DRP should be completed on an annual basis, at a minimum, and the results documented and a post-mortem analysis performed to determine if modifications to the current plan need to be performed.

4. Management should periodically assess IT security vulnerability to identify, measure, remediate, and manage specific security vulnerabilities in the systems. This process will identify the source of the problem, if any, obtain recommendations to specific techniques to assess the extent and severity of the problem, and explains how the control environment can be structured to manage software security risks efficiently
within the organization.

So there you have it, lack of timely, useful financial information, IT security concerns and problems with our Gas Tax grant money, but don’t worry everything is under control.

Hiç yorum yok:

Yorum Gönder