Laserfiche WebLink
<br />-2- <br />OTHER OBSERVATIONS AND RECOMMENDATIONS <br /> <br />Electronic Funds Transfers Fraud <br /> <br />As the use of electronic funds transfers and payment methods has become more prevalent, we have seen <br />increases in both the incidences of fraud related to these transactions and the dollar amounts involved. <br />Operational changes related to the COVID-19 pandemic, including greater reliance on technology and <br />more employees working remotely, have tended to increase risk in this area. We urge cities to carefully <br />review controls over these transactions, and consider best practices to address these risks, such as: <br /> <br />• Ensuring segregation of duties over these transactions by involving more than one employee in <br />the process. <br />• Requiring multi-factor authentication of requests for electronic payments from new vendors or for <br />changes in wiring instructions for existing vendors. It is recommended that changes for existing <br />vendors be verified through trusted contact information used previously for that vendor, not as <br />provided in the change request, to verify the accuracy of the change. <br />• Educate employees on the controls in place to protect the organization’s financial assets and <br />ensure management is supportive and accepting of the processes in place. Attempted fraudulent <br />transactions are often initiated using the profile of a supervisor. Employees must be comfortable <br />questioning unusual transactions or requests, and instructed not to circumvent internal control <br />procedures regardless of whom they believe initiated the transaction. <br />• Recommended cyber security measures, such as limiting network access and requiring robust <br />passwords that are changed regularly, should be implemented and followed by all city employees, <br />not just those directly involved with financial transactions. <br />• Review insurance policies to understand the coverage provided for financial losses due to <br />cybersecurity risks and evaluate whether they provide adequate coverage based on management’s <br />assessment of these risks. <br /> <br />Uniform Guidance Written Controls and Federal Micro-Purchase Threshold <br /> <br />Federal Uniform Guidance (UG) requires that nonfederal entities must have and use documented <br />procurement procedures consistent with 2CFR § 200.317-320 for the acquisition of property or services <br />required under a federal award or sub-award. Effective August 31, 2020, the federal micro-purchase <br />threshold, which is the threshold that allows for procurements without soliciting competitive price or rate <br />quotations given certain conditions, was increased from $3,500 to $10,000 in the Federal Acquisition <br />Regulations (FAR). <br /> <br />Effective November 12, 2020, the UG was also revised to allow nonfederal entities to establish a <br />micro-purchase threshold higher than the $10,000 threshold established in the FAR under certain <br />circumstances. The nonfederal entity may self-certify a micro-purchase threshold up to $50,000 if the <br />requirements in 2CFR § 200.320(a)(1)(iv) are followed. Requirements include an annual <br />self-certification and clear documentation of the justification to support the increase in the threshold. <br />Acceptable reasons for justification must meet one of the following criteria: <br /> <br />• A qualification as a low-risk auditee, in accordance with the criteria in §200.520 for the most <br />recent audit, <br />• An annual internal institutional risk assessment to identify, mitigate, and manage financial risks, <br />or, <br />• A higher threshold consistent with state law. <br /> <br />This flexibility would allow Minnesota local governments to increase and align their federal procurement <br />procedures, specifically the micro-purchase threshold, with state law, which allows for procurements <br />below $25,000 to be made without competitive price or rate quotations.