Laserfiche WebLink
<br />-2- <br /> <br />FOLLOW-UP ON PRIOR YEAR FINDINGS AND RECOMMENDATIONS <br /> <br />As a part of our audit of the City’s financial statements for the year ended December 31, 2020, we performed <br />procedures to follow-up on the findings and recommendations that resulted from the prior year audit. The <br />prior auditor reported the following findings that are no longer findings in the current year audit of the City: <br /> <br />• The prior year audit reported that the City was not performing utility billing reconciliations to <br />account for total billings and receipts into the City’s general ledger system. It also noted that the <br />4th quarter utility billing was not booked. This is not a finding in the current year. <br />• The prior year audit reported there were several material audit adjustments that needed to be posted <br />to the City’s general ledger in order to arrive at the correct year -end balances. There were no <br />material adjustments made in the current year. <br /> <br />OTHER OBSERVATIONS AND RECOMMENDATIONS <br /> <br />Check Sequence <br /> <br />During the audit of the current year, we noted during our testing that the Mayor was signing checks in <br />advance in case she was absent or unavailable when checks need to be processed. We communicated to <br />management of the City that this practice should be discontinued and the City Council should authorize <br />another employee to sign checks in the Mayor’s absence. <br /> <br />Electronic Funds Transfers Fraud <br /> <br />As the use of electronic funds transfers and payment methods has become more prevalent, we have seen <br />increases in both the incidences of fraud related to these transactions and the dollar amounts involved. <br />Operational changes related to the COVID-19 pandemic, including greater reliance on technology and more <br />employees working remotely, have tended to increase risk in this area. We urge cities to carefully review <br />controls over these transactions, and consider best practices to address these risks, such as: <br /> <br />• Ensuring segregation of duties over these transactions by involving more than one employee in the <br />process. <br />• Requiring multi-factor authentication of requests for electronic payments from new vendors or for <br />changes in wiring instructions for existing vendors. It is recommended that changes for existing <br />vendors be verified through trusted contact information used previously for that vendor, not as <br />provided in the change request, to verify the accuracy of the change. <br />• Educate employees on the controls in place to protect the organization’s financial assets and ensure <br />management is supportive and accepting of the processes in place. Attempted fraudulent <br />transactions are often initiated using the profile of a supervisor. Employees must be comfortable <br />questioning unusual transactions or requests, and instructed not to circumvent internal control <br />procedures regardless of whom they believe initiated the transaction. <br />• Recommended cyber security measures, such as limiting network access and requiring robust <br />passwords that are changed regularly, should be implemented and followed by all city employees, <br />not just those directly involved with financial transactions. <br />• Review insurance policies to understand the coverage provided for financial loss es due to <br />cybersecurity risks and evaluate whether they provide adequate coverage based on management’s <br />assessment of these risks.