April 20, 2016 Honorable Mayor Todd Meier and Members of the Town Council Town of Addison, Texas 5300 Belt Line Road Dallas, Texas 75254-7606

INTRODUCTION Pursuant to our Engagement Letter(s), we are providing this Recommendation Status Memorandum. The information contained in this document was derived primarily through interviews of key personnel and, to a limited extent, the analysis of supporting documentation. We are happy to discuss each individual recommendation in depth, answer any questions, address any concerns and, of course, stand ready to assist you and the Town’s staff in any way we can.

EXECUTIVE SUMMARY We were first engaged in April of 2014 and issued reports in July of 2014 and October 2014, containing various recommendations for improving the Town’s accounting systems and internals controls. In the 24 months since our engagement began, we are pleased to report that Town management has made substantial progress toward improving the Town’s accounting processes and internal controls. Among other things, the Town has (or is in the process of):

ü Replaced its outdated Enterprise Resource Planning (ERP) software with a new, widely used system from Tyler Technologies known as Munis. ERP systems are the backbone of an entity’s accounting and financial management function.

ü Substantially increased the quality, experience and number of staff in the Finance Department.

ü Modified the role of the Chief Financial Officer to allow him the ability to oversee all aspects of the finance and accounting function, regardless of

2

which Town department is actually performing that function.

ü Replaced its outdated Municipal Court management software with a widely used product from Tyler Technologies known as Incode.

ü Created an Office of Management and Budget (OMB) function that will, among other things, be tasked with the implementation of the COSO model. We understand that the OMB function will also be tasked with refining the internal control processes across all Town departments.

Although much hard work - particularly involving system implementation and hiring still remains, we believe that the Town is well positioned to provide a modern, well functioning accounting and finance function with excellent internal controls, to its citizens.

PURCHASING, PROCUREMENT & ACCOUNTS PAYABLE PROCESSING

RecommendationAccountsPayableProcessing–Anewpolicyshouldbeissuedandenforced.Amongotherthings,thepolicyshouldrequirethatallinvoicessubmittedforpaymentbeaccompaniedbythefollowing:

a) Apackinglistfromthevendor;b) Anotationonthepackinglistbythereceivingemployeethatincludesthenameofthe

employeereceivingthegoodsorservice,thedatethegoodorservicewasreceived,aconfirmationofthequantityreceived,aconfirmationthatthegoodsorservicesreceivedmatchedwhatwasorderedwithanyexceptionsexplicitlynotedonthepackinglist;

c) Alternatively,ifthevendordidnotprovideapackinglist,theTownshouldmakeavailabletoallemployeesareceivingreportformthatcanbeusedinlieuofapackinglist;

d) AllinvoicesandreceivingdocumentsshouldbematchedtothePurchaseOrder(“PO”)andverifiedastoprice,quantityandproductdescription,withanyexceptionsproperlyresolvedpriortopaymentbyaccountspayable.

StatusofRecommendationWenotedthatsignificantprogresshasbeenmadeinthisarea.ThenewMunisERPsystemcontainsaPurchaseOrdertrackingsystemthathasbeenpartiallyimplemented(fullimplementationisscheduledtooccurbythefallof2016).Wenotedthatpaidinvoicefilesarenowbeginningtocontainpurchaseordersandindicationsthatthereceivingemployeeisnotatingconfirmationofquantityreceivedandagreementwiththepurchaseorder.However,inanalyzingselectAccountsPayable(A/P)vendorfiles,itisapparentthatthereisstillworktobedone.WhilewestronglybelievethattrueemergencypurchasesshouldbeexemptedfromtherequirementthataPurchaseOrderbeobtainedpriortothepurchaseofagoodorservice,vendorinvoicessubmittedforpaymentwithouta),b)and/orc)aboveshouldnotbepaiduntilproperdocumentationissuppliedbythereceivingdepartment.ItisapparentthattheA/Pclerkispayingmanyroutine(non-emergency)vendorinvoicesthatdonothaveapurchaseorderorareimproperlydocumented.WebelievethatastheMunisERPsystemisfullyimplementedandastheFinanceDepartmentreachesfullstaffing,theincidenceof

3

improperlysupportedpaymentswillbecomerare.However,thatoutcomewilllikelyonlybeachievedwhentheA/Pclerk(orhissupervisor)stopsthepaymentofimproperlysupportedvendorinvoicesuntilsuchtimeasallthenecessaryinformationisobtainedanddocumented.RecommendationProcurement–AnewpolicyshouldbeissuedandenforcedthatrequiresallpurchasesbemadeonaPO(exceptforthosespecificallypermittedonaprocurementcard).TheuseofPaymentAuthorizationMemorandums(PAMs)shouldberestrictedtocasesofextremeemergency.Thisnewpolicyshouldrequire:

a) Allvendorsbevettedandpre-approvedbythePurchasingAgent;

b) OneofthefivepermittedtypesofPOsbecompletedatthebeginningofthepurchasingcycle(oratthebeginningofthefiscalyear);

c) AmountsexceedingtheoriginalamountauthorizedonthePObeapprovedattheappropriatelevels;

d) PurchasesmadeviaInterlocalAgreementshouldbeshoppedbythePurchasingAgenttoensurethattheInterlocalAgreementwiththebestpricingisbeingutilized.

ThispolicychangewillrequirethatallknownrecurringvendorscurrentlybeingpaidwithaPAMoraprocurementcardbesetuponaPO,consequentlyaramp-upperiodwillberequired.Webelievethatthenecessarypreliminarystepscanbeundertakensothatthispolicycanbeimplementedandenforcedasofthebeginningofthenewfiscalyear(October1,2014).StatusofRecommendationSeethesectiononContractingbelow.

BANKING RecommendationBanking–TheTowncurrentlydisbursesfundsthroughvariousaccountaccesspoints.WesuggestthattheTowninformtheBanktocancel,reassignandreauthorizeallcurrentlyauthorizedaccountaccesspointsandstreamlinetheaccesspointsintojusttwopointsofaccess.ThisentailscancellingtheHumanResources(HR)Department’sPayrollAccountFTPaccesspointandthecall-inwireaccesspoint.Theonlytwoaccesspointsshouldbechecksandthebank’selectronicCashManagerSystem.Allotheraccesspointsshouldbeterminated.123232Inaddition,wesuggestthatallprivilegesandtokensthatcurrentlyexistinthebank’selectronicCashManagerSystemberevokedandreassignedbasedonauthoritiesandpermissionsconsistentwithpropersegregationofduties.StatusofRecommendationWeunderstandthattheCFOhasrevokedallbankaccesspointsexceptfortheFrostBankCashManagersystem.TheCashManagersystemhasrobustpermissionsettings,whichallowTownmanagementtoseverelyrestrictaccesstothesystem.Forexample,thoseemployeeswhoonlymakedepositshaveprofilesthatallowtheprocessingofdepositsandnoabilitytomovemoney,whilethoseemployeeswhopayinvoicescandosoonlyafterproperapprovalshavebeenobtained.TheCFOhasestablishedFrostBankCashManagersystemprofilesforonlythoseemployeeswhosedutiesrequireaccess.WerecommendthattheseprofilesbemonitoredandadjustedasemployeejobfunctionschangeoremployeesleavetheemploymentoftheTown.

4

PAYROLL

RecommendationPayrollProcessing–ThetowncurrentlyprocessesitspayrollintheHRDepartment.WesuggestthattheTownengageathirdpartypayrollvendortoprocesstheTown’spayroll.ThemarketplacecurrentlyhasseveralhighlyqualifiedproviderswhocanveryefficientlyperformallthefunctionsrequiredbytheTowninahighlycontrolledandefficientmanner.StatusofRecommendationWeunderstandthattheTownhasdecidedtokeepthepayrollfunctioninhouse.ThepayrollmoduleoftheMunissystemisscheduledtobefullyimplementedinJanuaryof2017.RecommendationPayrollAdministration–WeunderstandthattheTownwillhavetosolicitbidsforanoutsourcedpayrollproviderandtheprocesswilllikelytakesometimetocomplete.Asaninterimstep,werecommendthatthepayrollprocessingfunctioncurrentlyperformedandsupervisedintheHRDepartmentbeimmediatelymovedtotheFinanceDepartmentandsupervisedbytheChiefFinancialOfficer.StatusofRecommendationWeunderstandthatthepayrollfunctionhasbeenmovedtotheFinanceDepartmentandreportstotheAccountingManager.Basedonourfollow-upinterviews,welearnedthatTownemployeescontinuetocallthepayrollclerkdirectly,askingthathemakecertainchangesorerrorcorrections.WerecommendthatallsuchrequestsfromTownemployeesberoutedthroughtheHRDepartment’shelpdesk.Thiswillinsureaproperseparationofdutiesandmoreover,insurethattheHRDepartmentand,ifnecessarytheemployee’ssupervisorareawareofallerrorsandchangesthatimpactemployees.WedonotbelievethatTownemployeesshouldbedealingwiththepayrollclerkdirectly.

CASH RECEIPTS

RecommendationRemittanceProcessing–ContractwithabanktoprovidelockboxservicesforthereceiptofpaymentsremittedtotheTownbymail(similartothesystemcurrentlyinplaceforthepaymentofwaterbills).ThiswillrequirethatpayersmailallpaymentscurrentlybeingmailedtotheFinanceDepartmentdirectlytothebankfordeposit.ThebankwillthenelectronicallyreportdetailsofeachdeposittotheTownforentryintotheTown’saccountingsystem.StatusofRecommendationTheTownhasachievedthisobjectivebyeffectivelyinstallingabanktellerterminalintheofficeofanaccountingclerk.TheFinanceDepartmenthascreatedapositionthateffectivelymergesthedutiesofthepayrollclerkandcashreceiptsclerkintoasingleposition.Inadditiontoperformingthepayrollduties,thisemployeemanagesallremittancesusingsoftwareandhardwareprovidedbytheFrostBankCashManagersystem.Recommendation

5

CashReceipts–ContractwithabankorotherprovidertoinstallelectroniclocalcashreceiptslockboxesateachoftheTown’ssitesthatcollectcashandchecksatpointofsale.Theseservicesarereferredtobyvariousproprietarynamesbutgenerally,theyprovideforthecashandchecksthatarecurrentlycollectedattheTown’sCourtsBuilding,ConferenceCenter,AthleticFacilityandServiceCentertobedepositedattheendofeachbusinessdaywiththebank,off-siteandwithimmediateaccountcredit.Thelocalcashreceiptslockboxwouldthenbeservicedperiodicallybyanarmoredcarservice.StatusofRecommendationWeunderstandthattheTownnowutilizeselectroniclockboxesatvirtuallyallpointswherecashandcashitemsarereceived.TheserviceisprovidedandmanagedbyDunbar,awidelyrespectedcashmanagementandarmoredcarservicescompany.

FIXED ASSETS Recommendation

FixedAssetAccounting-theTownshouldactivatetheGEMSaccountingsystem’sFixedAssetModule.Afteractivatingthemodule,allpurchasesthatareaboveaspecifieddollaramountoraresensitiveinnature(suchasweapons)wouldbeautomaticallyaddedtotheGEMSFixedAssetModuleatthetimeofpurchase.Assoonaspracticable,avendorshouldberetainedtoperformaphysicalcountofallfixedassetscurrentlyintheTown’spossession.Theassetsidentifiedinthephysicalcount(notpreviouslyrecorded)shouldberecordedintheGEMSFixedAssetmodule.ThephysicalcountofassetsshouldalsobecomparedtothevariousMSExcelanddepartmentlevelfixedassetspreadsheetscurrentlyinexistenceinanattempttolocateanymissingassets.Goingforward,asamatterofpolicy,fixedassetsshouldbeperiodicallycountedandreconciledtotheGEMSsystem.StatusofRecommendationAvendorwasretainedtoperformaphysicalcountoftheTown’sassetsinearly2015.Thephysicalcountperformedbythevendorwasincompleteanddidnotmeetthescopesetforthinthecontractingdocuments.Forexample,informationtechnologyandofficeequipmentwerenotcountedandtaggedbythevendor.Wefoundnodocumentationauthorizingthescopereductionyetthecontractorwaspaidthefullpriceofthecontract.Weattemptedtoreconciletheitemsfoundinthevendor’sphysicalcounttodataextractedfromtheTown’sA/Pexpenditurefiledatingbackto2011.WealsoattemptedtolocateitemsfromtheTown’sA/Pexpenditurefileonthevendor’sinventoryreport.Ourbi-directionalanalysisidentifiedassetspurchasedandnotonthevendor’sinventoryreportaswellasitemsonthevendor’sinventoryreportthatwerenotintheA/Pexpenditurefile,thusprovidingatextbookexampleofwhyitissoimportanttoproperlyrecordtheassetattimeofpurchase.WeunderstandthattheMunisERPsystemhasafixedassetsystemthatisintegratedwiththeA/Psystem.Thefixedassetmodulehasnotyetbeenimplemented.However,whenimplemented,weunderstandthatallfixed(andsensitive)assetpurchaseswillbeautomaticallyaddedtothefixedassetsystemattimeofpurchase.Inaddition,weunderstandthattheFinanceDepartmentplanstoperiodicallyvisiteachTowndepartmenttoreconcilethefixedassetsinthedepartmenttothefixedassetsystem.

FINANCE DEPARTMENT STAFFING AND SEGREGATION OF DUTIES

RecommendationFinanceDepartmentStaffing–ThestaffingintheFinanceDepartmentisinsufficienttoprovideforthecurrentworkloadwhilemaintaininganappropriatelevelofinternalcontrols.Werecommendthehiringoftwoexperienced

6

personswhoareCertifiedPublicAccountantstoaugmentthecurrentstaff.Thetwoadditionalprofessionalswillallowfortheappropriatesegregationofdutiesandimplementationofneededinternalcontrols.StatusofRecommendationTownmanagementhassignificantlyimprovedthestaffinglevelsoftheFinanceDepartment.Whenwebeganourwork,theFinanceDepartmentwasoperatingwithasingleCPA,theCFO.TheTownhasaddedtwoadditionalCPAsandadditionalaccountingpositionstosupporttheworkofthetwoadditionalCPAs.Properseparationofdutiesisnowpossiblewiththeadditionalstaffing.RecommendationSegregationofDuties–Assoonaspracticable,thedutiesofthecurrentstaffintheFinanceandCourtsDepartmentsshouldbereassignedtoassurethatduties,permissionsandresponsibilitiesareproperlysegregated.Theprocessofreassignmentofdutiesishighlydependentontheimplementationoftherecommendationslistedabove.StatusofRecommendationThenewMunisERPsystemprovidestheTownwiththeabilitytosetuserpermissionsinaverydetailedmanner.ThenewMunisERPsystemwill,forallintentsandpurposes,bethefoundationfortheproperseparationofduties.TheMunisERPsystemhasmultiplelevelsofsecurityandaccessrestrictions,allofwhicharerequiredtobesetbythesystemadministrator.Thesetting,managementandongoingmonitoringoftheserestrictionsareabsolutelycriticaltomaintainingeffectiveseparationofduties.WerecommendthatuserPermissionsinTheMunisERPsystembereviewedperiodicallytoinsureeachemployeehasonlythosePermissionsnecessarytoperformhisorherdutiesandthatdutiesareproperlyseparatedbetweenindividualstaffmembers.RecommendationReviewandre-assignpermissionsandauthorizationstothefinance,accountingandhumanresourcesrelatedmoduleswithintheGEMSsystem.StatusofRecommendationAsdiscussedabove,theTownhasmovedtoanewERPsystemknownasMunis.WeunderstandthatthesystemrequiresthatemployeerolesbeassignedforeveryemployeewhoisgivenaccesstoTheMunisERPsystem.WithinthoseemployeeRoles,theindividualemployeesarethengrantedPermissions.ThethirdelementoftheMunisERPsystem’sprocessisthecreationofWorkflows.BecausetheMunisERPsystemisstillintheimplementationphase,theRoles,PermissionsandWorkflowsarestillevolving.ThefollowingrepresentsourrecommendationsforthecreationandmanagementofthesethreecriticalelementsoftheMunisERPsystemonceitisfullyimplemented.

• Roles–Inessence,rolesprovideastandardlevelofaccessbasedonanemployee’sjobtitle.Forexample,therecanbeanAccountingClerkrole,anAccountantIrole,aSeniorAccountantrole,anAccountingmanagerroleandsoon.Multiplepeoplecanhavethesamerole.SotheDeputyCityManagerswouldallhavethesamerole.Werecommendthatoncethesystemisfullyimplemented,theaccesstoeachpartofthesystemalongwithassociatedPermissionsassetforthineachroleshouldbecarefullythoughtoutandeffectivelyunchangeablewithoutproperoversightandauthorization.Therolesestablishthemaximumtypicallevelofaccess,dutiesandauthorityallowedforeachemployeejobtitle.ForexamplethereshouldbenowayforanemployeewiththeRoleofPoliceDepartmentAssistanttoproposeGeneralLedgerJournalentriesorfortheCityManager’ssecretarytowrite-offfixedassets.Wesuggestthattherelevantdepartmenthead,alongwiththeChiefFinancialOfficer(CFO)andtheITDepartmentHeadberequiredtoapprovethesystemaccessandPermissionsforeachRole.Noindividual,regardlessofpositionwithintheorganizationshouldbeallowedtosinglehandedlydirectamodificationtoa

7

RolewithouttheauthorizationoftheCFOandITDepartmentHead.

• Permissions–Onceanemployeeishired,he/sheisassignedaRoleandwithinaRolevariousPermissionscanbegranted.ThesePermissionsgoverneverythingfromtransactionsthatcanbeviewedtothosethatcanbeeditedorgenerated.ForanypositionwithintheFinanceDepartment,thePermissionswithinaRoleforaparticularindividualshouldbeestablishedand/orapprovedbytheCFOinwritingandsenttotheMunisERPsystemadministratorintheITDepartment.

• Workflows–Amongotherthings,WorkflowsestablishtheproceduresandapprovalsoftheFinanceDepartment.Forexample,itisintheMunisERPsystem’sWorkflowswheretheCFOdetermineswhoisabletogenerateaGeneralLedgerentryandhowmanyapprovalsarerequiredforthatentrytoposttotheGeneralLedger.Werecommendthatoncethesystemisfullyimplemented,theCFOestablishWorkflowsthatareconsistentwithproperseparationofduties,properauthorizationoftransactionsandthelevelsofoversightthataresetforthintheCOSOControlEnvironment.

CONTRACTING

Introduction TheTownhiredanewPurchasingManager,WilNewcomersinceourlastreport.Mr.NewcomerisaCertifiedProfessionalPublicBuyer(CPPB).TheCPPBcredentialisawardedbasedupontrainingandworkexperienceinthepublicsector.Mr.Newcomerhasextensivepriorpurchasingexperiences.TheTownhasestablishedmanynewprocessesandproceduresincludinganupdatedpurchasingmanual,atrainingprogramforthoseemployeeswhoparticipateintheprocurementprocess,theimplementationofanewERPSystemthatcarefullytractsPurchaseOrders,atrainingseminarforPCardholdersandamorerobustpurchasingreviewandapprovalprocess.Inaddition,Mr.NewcomerreportsthatunderhisdirectionallroutinepurchasesmustbeinitiatedwithaPurchaseOrderthatisenteredintotheMunisERPsystem. RecommendationPurchasingManual–InOctober2013,theTowncompletedanewPurchasingManual.Forthemostpart,thePurchasingManualisawell-writtendocument.TheManualshouldberevisedwhereneededtoincorporatethechangesrelatedtopurchasing/contracting/invoicepaymentprocessingcontainedinourFirstandSecondSetofRecommendations.Mostimportantly,theManualshouldbeadoptedandvigorouslyenforced.StatusofRecommendationThepurchasingmanualhasbeenrevisedtoincorporatesystemicchangesandbestpractices.RecommendationPurchasingManualTraining-Werecommendthatassoonaspracticable,eachandeveryTownemployeereceivePurchasingManualtrainingthatisappropriateforhisorherposition.StatusofRecommendationWeunderstandthateachemployeeinapositionthatinvolvesthepurchasingfunctionhasreceivedthePurchasingManualandtherequisitetraining.Inaddition,Mr.Newcomerreportsthatheworkscloselywiththedepartmentstoassistthemwhenneededandispersonallyinvolvedinanytransactionsthatrequirethesolicitationandevaluationof

8

bids.However,sincethereisnointernalauditfunction,itiscurrentlydifficultforthePurchasingManagertoinsurethatallpurchasesarebeingbid.RecommendationPurchasingEthics-AccompanyingtheissuanceofthePurchasingManualwasan“AcknowledgementForm”tobesignedbyeachemployeeandplacedintheemployee’spersonnelfile.TheAcknowledgementincludes,amongotherthings,arepresentationbytheemployeethatviolationsofTownpurchasingpoliciesandproceduressubjecttheemployeetodisciplinaryaction.Thisisanimportanttoolforsettingmanagement’sexpectations.AnexecutedAcknowledgementForm(supportedbyrelevanttrainingandcommunications)shouldbeobtainedfromeachTownemployeeassoonaspracticable.StatusofRecommendationWeunderstandthatallemployeesinvolvedinthepurchasingprocesshavesignedaPurchasingManualAcknowledgementForm.RecommendationVendorSelection–ThePurchasingManualoffersextensiveguidanceintheareaofvendorselectionandthecriteriausedtojudgebids.Wesuggestthatanyoneonthevendorevaluationcommitteeberequiredtoreadandre-familiarizehimorherselfwiththeguidanceregardingvendorselectioncontainedinthePurchasingManualpriortoeachcontractevaluation.Inaddition,theevaluationprocessitselfshouldbecarefullydocumentedandproperlymaintained.StatusofRecommendationWeunderstandthatapolicyisbeingadoptedthatwillrequirethateachmemberoftheevaluationcommitteeexecuteaformthatcertifiesthatthecommitteememberunderstandsthepolicies,dutiesandobligationsofanevaluationcommitteemember.Further,weunderstandthatthiscertificationwillberetainedinthebidevaluationfile.RecommendationPurchasing/ContractingSoftware–Inouranalysisofcontractfiles,itappearedthatthefileswerepoorlyorganized.Avarietyofsoftwaretoolsarecurrentlyavailablethatwillautomatetheorganizationandmanagementofvendorrelationships.ItisourunderstandingthatBidSynchasamodulethatassistswiththeorganizationandmonitoringofvendorcontractsandthatTownstaffiscurrentlystudyingpossiblesoftwaretoolsforthisfunction.StatusofRecommendationTheMunisERPsystemhasextensivecapabilitiesrelatedtocontractingandbidadministration.TheMunisERPmodulesarebeingimplementedinaphasedapproach.Thepurchasingfunctionisexpectedtobefullyfunctionalbythefallof2016.UntiltheMunisERPsystemisfullyimplemented,theTownisusingtheBidSyncsoftwarepackagetomanagethebiddingprocess(whenbidsarerequired).WeunderstandthatonceMunisisfullyimplemented,therewillnolongerbeaneedfortheseparateBidSyncsoftwarepackage.RecommendationVendorInvoicing–Asdiscussedindetailbelow,theTowndoesnotrequirevendorstoprovideinvoicesthatmatchthecostcategoriescontainedinthevendor’scontract.TheTownshouldrequirevendorstoinvoicetheTowninamannerthatcanbetieddirectlytothecontract.

9

StatusofRecommendationWeunderstandthattheMunisERPsystemhasfunctionalitythatimplementsthisrecommendationandisscheduledtobeimplementedbythefallof2016.Atthepointofimplementation,theFinanceDepartmentwillalsoenablefunctionalitythatwillallowTownvendorstoset-uponlineinvoicing,whichwillfurtherimprovetheTown’sabilitytomatchinvoicestothetermsofagivencontract.RecommendationVendorOversightandManagement–Invoicesshouldbecomparedtovendorcontractspriortopayment.Paymentshouldnotbeauthorizedunlesstheinvoiceprice,quantityandqualityareinagreementwiththecontract.Whenauthorizeddeviationsoccur,thereasonforthedeviationshouldbenotedonthefaceoftheinvoicefromthevendor(orinthevendor’sfile)sothataproperaudittrailismaintained.StatusofRecommendationAsdiscussedabove,theTownwillbeimplementingtheMunisERPsystem’spurchasingmoduleinthefallof2016.Weunderstandthattheimplementationofthismodulewilladdressthisrecommendation.RecommendationComplianceMonitoring–Inordertobeaneffectivepolicy,thedirectivesfoundinthePurchasingManualshouldbemonitoredandenforced.TheTownshouldcontractwithaCPAfirmtoprovideanoutsourcedInternalAuditFunctiontoperformperiodiccompliancemonitoring.ThisfirmshouldreporttotheFinanceCommitteeoftheTownCouncilandincludetheTownManager.UndernocircumstancesshouldtheinternalauditfirmreportdirectlytoTownManagement.StatusofRecommendationWeunderstandthatComplianceMonitoring/InternalAuditisawork-in-processandthatnofinaldecisionshavebeenmaderegardingtheInternalAuditfunction.SincenoInternalAuditfunctionexists,itisimportantfortheretobesomeretrospectiveanalysisofprocurementpolicycompliance.Periodically,werecommendthatthePurchasingManagerrandomlyselectcertainprocurementtransactionsfordetailedreview.Anewpositionhasbeenauthorized(butnotyetfilled)whosedutieswillincludepurchasingcompliancereviews.

OKTOBERFEST SPECIAL EVENT

RecommendationAdmissionTickets–alladmissiontickets(pre-sales,on-line,on-siteandcomplementary)shouldbebarcodedwithauniquetrackingnumber.Eachandeveryadmissionticketshouldbeelectronicallyscanneduponaguest’sentranceintotheevent.Validticketsthatarenot,forwhateverreason,electronicallyscannedshouldberetainedbytheentrancegatestaffandmanuallycountedandreportedonaformsubmittedtotheFinanceDepartment.StatusofRecommendationWeunderstandthatthe2015eventusedpre-numbered,barcodedadmissionticketsthatareelectronicallyscanneduponaguest’sentryintotheevent.Further,weunderstandthatthesystemusedin2015willberefinedforthe2016event.

10

RecommendationAdmissionTicketTracking–AdmissionticketstockshouldbeloggedastoticketnumberrangeandissuedtoticketsellersbytheFinanceDepartmentstaff.ThisTicketTrackinglogshouldcontaintheFinanceDepartmentstaffer’snameandthenameofticketseller,thedateandtimeofissuanceandnumberrangeoftheticketsissued(theticketrangeloggingcouldbeaccomplishedbyscanningabarcodeoneachboxoftickets).Eachticketsellershouldthensignthelog(inink),acceptingresponsibilityfortheticketsreceivedandconfirmtherangeofticketnumbersreceived.TheseTicketTrackinglogsshouldberetainedbytheFinanceDepartmentstaffinasecurelocation,inaccessibletoticketsellers.Uponthecompletionofeachticketseller’sshift,unsoldticketsandtheircorrespondingnumberrangesshouldbereturnedtotheFinanceDepartmentstaff,recordedontheTicketTrackinglogsandsignedasreturnedbyboththeticketsellersandtheFinanceDepartmentstaffmemberreceivingthetickets.Additionalticketsissuedtotheticketsellersduringtheirshiftshouldalsobeloggedandsignedforinthesamemannerastheoriginalissuanceoftickets.StatusofRecommendationWeunderstandthatforthe2016event,alladmissionticketswillbetrackedinaccordancewithourrecommendations.RecommendationAdmissionTicketReconciliation–Periodicallythroughouttheeventday,thereportofticketsscannedshouldbematchedtotheTicketTrackinglog.Toinsureallprocessesareproperlyworking,significantdifferences(suchasgapsinrangesofticketsscannedversustherangesofticketsissuedtoticketsellers)shouldbeinvestigatedimmediatelyandstepstakentocorrecterrorsinscanningorticketsalespractices.Eachevening,ticketssoldasreportedontheTicketTrackinglogandscanninglogsshouldbereconciledtothecashturned-inbytheticketseller.Significantdiscrepanciesshouldbeimmediatelyinvestigated.StatusofRecommendationWeunderstandthatanattemptwasmadetoperformeffectivereconciliationsforthe2015event.However,thereconciliationswerenevercompletedforunknownreasons.CurrentFinanceDepartmentandTownmanagementwerenotinplacewhenthe2015eventoccurred.BasedonourdiscussionswithcurrentTownandFinanceDepartmentstaff,webelievethateffectiveinternalcontrolswillbeinplaceandreconciliationswillbeperformedforthe2016event.RecommendationAdmissionTicketCashManagement–Ascashisperiodicallyremovedfromtheticketseller’stillsduringtheeventday,theticketsellershouldbetemporarilytakenoff-line.AFinanceDepartmentstaffmembershouldcountallcashbeingremovedundertheobservationoftheticketseller.Werecommendtheuseofatwo-partformwheretheFinanceDepartmentstaffmemberandtheticketsellernotatetheamountofcashandcashequivalentsbeingremoved.Oncebothpartiesareinagreementastotheamountbeingremoved,theyshouldbothsigntheformwiththeFinanceDepartmentstaffmemberstoringthesignedoriginalwiththecashbeingremovedandtheticketsellerretainingacopy.Theticketseller’scopyshouldberetainedbytheticketselleranddelivereddirectlytotheTownManager’sofficebythenextbusinessday.Thesecontrolcopieswillthenbeavailableforreviewshouldanyquestionsariseduringtheeventreconciliationprocess.TheTownManager’sofficeshouldretainthesignedformsatleastuntilallreconciliationsarecompleted.StatusofRecommendationCurrentFinanceDepartmentandTownmanagementwerenotinplacewhenthe2015eventoccurred.BasedonourdiscussionswithcurrentTownandFinanceDepartmentstaff,webelievethateffectiveinternalcontrolsandreconciliationswillbeperformedforthe2016event.

11

RecommendationComplementaryTickets–weidentifiedatleast$21,000ofTastyBuckticketsthatwereapparentlygivenaway.Asofthedateofthisreport,wehavenotreceivedinformationthatdescribeswhoreceivedtheseticketsortheprocessbywhichtheyweredistributed.Inaddition,anunknownnumberoffreeadmissionticketswerealsoidentified.Atthistime,weareunabletoquantifythetotaldollarimpactofthecomplementaryadmissiontickets.Whileacertainnumberofcomplementaryadmissionticketsaretobeexpected,the$21,000incomplementaryTastyBucksareadirectout-of-pocketcosttotheTown.Strictcontrolsshouldbeplacedoncomplementarytickets.StatusofRecommendationWeunderstandthattheSpecialEventsDepartmenthasbecomemuchbetterversedinthefunctionalityoftheShowclixticketingsystemsinceweperformedourworkatthe2014event.Showclixreportedlysuppliesfunctionalitythatpermitstheestablishmentofvariousticketingcodes.TheSpecialEventsDepartmentnowassignscodesfortheissuanceofcomplementaryadmissiontickets.Theuseofseparatecodesforcomplementaryadmissionticketswillallowthemtobetrackedandaccountedforseparatelyfromtherevenuegeneratingadmissiontickets.Weunderstandhowever,thatShowclixisnotusedforthemanagementofcomplementaryTastyBucktickets.ComplementaryTastyBuckticketsaremanagedanddistributedbytheSpecialEventsDepartment.Werecommendthatpriortoanevent,theSpecialEventsDepartmentpreparealistofcomplementaryadmissionandTastyBuckticketsthataretobedistributed.Thislistshouldincludethenamesofthepeopleororganizationsreceivingthecomplementaryticketsaswellasthenumberofticketsauthorizedforeachindividualororganization.TheproposedlistshouldthenbeforwardedtotheCityManagerorhisdesignatedDeputyCityManagerforapproval.Wedonotbelievethatcomplementaryticketsshouldbeissuedwithoutproperauthorization.Oncethelistisapproved,theCFOshouldthenissueasufficientquantityofpre-numberedTastyBucktickets(whosenumericalrangeisrecordedandmaintainedbytheCFOorhisdesignee)totheSpecialEventsDirectorfordistribution.AllunclaimedTastyBuckticketsshouldbereturnedtotheCFO(orhisdesignee)attheendoftheevent.AsthecomplementaryTastyBuckticketsaredistributed,therecipientsshouldsignforthemuponreceiptandthenumberrangesshouldberecordedforuseinthefinaleventreconciliation.RecommendationTastyBuckTickets–theTownshouldimmediatelybegininvestigatingmethodstoimprovetheTastyBucksalesandvendorpaymentprocesses.Potentialsolutionsincludeallowingpre-salesviatheinternetwithorwithoutslightpricediscountsforadvancepurchase,theuseofATMtypemachines,electronicallyscannabletickets,orsomeothersystem.StatusofRecommendationWeunderstandthattheTownisexploringitsoptionsinthisarea.RecommendationTastyBuckTicketReconciliation–theTastyBuckticketreconciliationprocessshouldbere-engineered,dependingupontherevisionstotheticketsalesprocess.Thecurrentreconciliationprocessisflawedinanumberofwaysandshouldbere-engineeredbeforethenextevent.StatusofRecommendationInprioryearstheTownwasnotcapturingtheinformationnecessarytoperformanaccuratereconciliationofTastyBucktickets.WeunderstandthattheFinanceDepartmentwillberesponsibleforallticketreconciliationstotheTown’saccountingrecords.

12

RecommendationTastyBuckTicketRedemption–TastyBuckticketsarepresentedforpaymenttotheTown’sSpecialEventsDirectorandCourtClerkbythevendorsattheconclusionoftheevent.RedemptionshouldbemovedtotheFinanceDepartmenttoprovideseparationofdutiesbetweenvendorcontractingandvendorpayment.Inaddition,TheCourtClerkshouldalsonotbeinvolvedinthepaymentofvendorsasshesupervisestheTastyBucksalesandcashcollectionfunctionduringtheevent.StatusofRecommendationWeunderstandthataFinanceDepartmentemployeemanagestheweighingandvendorpaymentprocess.Forproperseparationofduties,theSpecialEventsDepartment,whichselectsandcontractswiththevendors,shouldnotbethedepartmentthatdeterminestheweightsandamountsduetothevendors.RecommendationSpecialEventVendorPayment–Uponpresentationofticketsbyvendors,TastyBuckticketsareweighed.Ticketcountsaredeterminedbytheweightofthetickets.Aftertheamountsowedarecalculated,checksarerequestedfromtheFinanceDepartment.IntheeventthattheTowndecidestocontinueweighingtickets,wesuggestthattheticketweighingandpaymentcalculationprocessbemorethoroughlydocumented.Currently,theTownisrelyingontheweightofabatchof300ticketstocalibratetheticketcounts.Thisprocessispoorlydocumented.Goingforward,wesuggestthateachsampleweighedbeloggedastoweight,ticketcountandticketcondition.Theindexweightsusedshouldthenbeloggedaseachvendor’sticketbatchesareweighed.Theconditionofeachticketbatchweighedshouldalsobelogged.Clearrecordingofvendorname,batchnumber,batchcondition,indexweightused,extrapolatedticketcount,Addisoncommissionpercentageandfinalpaymentamountwillprovidetransparencyandanaudittrailforthevendorpaymentprocess.StatusofRecommendationTheTownhasreportedlyre-engineeredtheprocesssothatasticketsaresortedandweighed,a“standardweight”iscreatedforeachvendor’stickets.This“standardweight”isbasedonasampleofbetween100and200tickets.Werecommendthatthesamplesizebethesameforallvendors.Becausevendorsarepaidondifferentdaysovertheperiodofoneweek,itiscriticalthatthestandardweightusedtopayeachvendorbenotedontheformthatissenttoaccountspayableforvendorpayment.Theformshouldalsocontaintheweightofeachbatchaswellasthecountofanymanuallycounted(notweighed)TastyBucktickets.RecommendationFinalCash&CashEquivalentReconciliations–Thequalityofthefinaleventreconciliationisdirectlyproportionaltothequalityofthedatathatunderliesthereconciliation.Thequalityofdatausedasastartingpointforthereconciliationsshouldbeimproved.NotwithstandingtheenormousamountoftimeandeffortthatwentintothepreparationoftheOktoberfestreconciliationsbytheFinanceDepartmentstaff,thereconciliationsarebasedonflawed,incompleteandpoorlycollecteddatasotheyaretherefore,unreliable.StatusofRecommendationBasedonourdiscussionswithcurrentFinanceDepartmentmanagement,itisclearthattheyareawareofthepointofsale,admissionandredemptiondatathatneedstobecollectedtoachieveaproperreconciliationofeventproceeds.Webelievethatthe2016eventwillbemorecarefullymanagedtoinsurethattheproperdataiscollectedtopermittheproperreconciliationofmoniescollectedfrompatrons(andpaidtovendors)tothemoniesdepositedin(anddisbursedfrom)theTown’sbankaccount.

13

RecommendationEventProfitandLossStatement–TheTownshouldprepareaProfitandLossstatementforeachspecialevent.Thisanalysisshouldcontain100%oftherevenuesandcostsassociatedwiththeevent.AlthoughweunderstandthattheprofitabilityofeacheventisfactoredintotheTown’sbudget,webelieveanaccountingofrevenuesandexpensesthatcaptureallcostsandexpensesshouldbepreparedattheconclusionofeachspecialevent.Theinformationcontainedinsuchareportwillbeavaluablemanagementtool.StatusofRecommendationWeunderstandthattheCFOintendstoprepareFinancialStatementsforeachofAddison’sSpecialEventswhereallcostsarecapturedandfullyallocatedtotheevent.Inaddition,theCFOwillnolongerpermitcostsassociatedwithaneventtobeaccountedforascontra(debits)revenues.

MUNICIPAL COURTS

Introduction Inlate2014andearly2015,webegantoperformouranalysisoftheMunicipalCourt’saccountingsystem.AspreviouslyreportedinapresentationtoCouncil,weweremetwithanintenselackofcooperationfrompriorTownmanagementinconnectionwithourworkattheCourts.WebeganbyselectingasampleofCourtfilesandattemptedtotiethefinancialtransactionreflectedinthemintotheInfosolCourtaccountingsystem(goingbothfromthepaperbasedcourtfilestotheInfosolsystemandfromtheInfosolsystemtothepapercourtfiles).WeattemptedtotietherevenuesandexpendituresfromtheInfosolCourtaccountingsystemtotheGEMSGeneralLedgerandtotheTown’sbankaccount.Additionally,weattemptedtotracecreditcardtransactionsreflectedintheInfosoltothereportsfromtheTown’screditcardprocessor,FirstDataSystems.Weattemptedtotracetheflowoffundsfromtheirorigination(Courtwindow,Jailer)totheTown’sbankaccount.Lastly,weattemptedtoperformananalysisofthequalityandaccuracyofthereconciliationsthatwouldtypicallybeperformedinawellfunctioningaccountingsystem.Ateachstep,wewereconfrontedwithdeficienciesindocumentation,lackofinternalcontrols,lackofseparationofdutiesandagenerallackofbasicaccountingproceduresandcontrols.WeverballyreportedthedeficienciesnotedtothethenCFO,thethenTownManagerandtheFinanceCommitteeoftheTownCouncil.ByMayof2015,itbecameapparentthattheTownwouldbere-engineeringthecourtaccountingsystem.Accordingly,wesuspendedourworkasitrelatedtotheCourts.GiventhattheTownwouldbere-engineeringtheCourtaccountingsystem,we,theTownManagerandtheFinanceCommitteeoftheTownCouncilbelievedthatitwasapooruseoftaxpayerfundsforustoissueareportonthelegacyCourtaccountingsystem.InFebruary2016,theTowninstalledanewCourtaccountingsystem,replacingtheInfosolsystemwiththeIncodesystemfromTylerTechnologies.TheIncodesystemisownedandsoldbythesamevendorastheMunisERPsystem.Althoughthesystemsareseparateanddistinctsoftwarepackages,theyaredesignedtocommunicateelectronicallywitheachother.TheelectroniclinkbetweentheMunisERPandIncodesystemshasthepotentialtosignificantlystrengthentheTown’sabilitytoprevent,detectandcorrecterrorsandirregularities.WhiletheIncodesystemisamanagementsystemformunicipalcourts,thesystemalsoservesasacriticalaccountingsystem–bothforinternalreportingandexternally,onbehalfofpeoplewhoreceiveavarietyofcriminalandcivilcitations.EventhoughtheIncodesystemisseparatefromtheMunisERPsystemandismanagedandoperatedbytheCourtDepartment,webelievethattheTown’sCFOshouldhaveaccessto,oversightof,andaccountabilityforallfinancialrelatedoperationsoftheIncodesystem.OnFebruary24,2016,theTownCouncilapprovedourissuanceofareportonhowthenewlyre-engineeredCourtaccountingsystemaddressedourpreviouslyobserveddeficiencies.Thefollowingreflectsourobservations.

14

OverviewoftheRe-engineeredCourtAccountingSystem WespentmostoftwodaysmeetingwiththeCourtAdministrator,PaulaDale,representativesoftheITDepartmentincludingHamidKhaleghipouraandZeisChen,DeputyCityManagerCherylDelaney,AssistantFinanceDirectorOliviaRiley,representativesofTylerTechnologiesKondaSheltonandBenFurth,andDavidEisenlohroftheAzimuthGroup.Variousmembersofthegroupwereavailableatvarioustimes.Inaddition,wemetwithPoliceChiefPaulSpenceronanasneededbasis.Thenewcourtaccountingsystemisreportedtobeastate-of-the–artintegratedcourtsoftwaresystemthathasbeeninstalledinmorethan800municipalitiesandisreportedlyusedbymostmajorTexascities.UnliketheprevioussysteminuseinAddison,IncodeisdesignedtobevirtuallypaperlessandintegrateselectronicallyfromthepointofcitationinthefieldtotheTown’sgeneralledger.Alsounlikethepriorsystem,IncodeisdesignedtointegratedirectlywithacreditcardprocessorsothatpaymentscanbetrackedfrompointofacceptancetotheTown’sbankaccount.However,weunderstandthattheintegrationofthecreditcardprocessingsystemisstillaworkinprocess.WelearnedthatthesystemwentliveonFebruary1,2016andcertainaspectsofthenewsystemarenotfullyintegratedasofyet.Accordingly,muchoftheinformationthatfollowswasbasedondiscussionsandtheobservationoftransactionsina“test”environment.Exceptfortherareinstanceofamanuallygeneratedcitation,dataarrivesintheIncodesystemviaanelectronicuploadfromthearrestingofficer’shandheldticketwriter.Weobservedthatallinteractionsfromthepointofuploadtoprocessing,adjudicationandfinecollectionordismissal,aretrackedviausername.Weobservedthatalloftheinformationpertainingtoaparticularoffenseisstoredelectronically,virtuallyeliminatingtheneedforpaperfiles.Wenotedarobustsystemofpermissionsthatprovideshighlycustomizableaccesscontrol.Ifsetupandmaintainedcorrectly,thiswillhelpensurethatdutiesareproperlysegregatedandthatallapprovalsareobtainedpriortoanoffensemovingthroughtheadjudicationanddispositionprocess.Wenotedthatonceanoffenseisprintedfromthehandheldticketwriterbythearrestingofficer,everyadjustment,payment,dismissalorinteractionbyanIncodeuseriscapturedandcannotbedeleted.Thisisanextremelyimportantfunctionalityandhelpsensurethataproperaudittrailismaintained.Basedonouranalysisofthedemonstratedcapabilitiesofthesystem,webelievethatthesuccessfuluseoftheIncodesystemispredicatedonfourkeyareas:

• Establishingandmaintainingfunctioningandseamlessinterfaceswithnon-Incodesystems;• Establishingandupdatingproperuseraccesspermissions;• Implementingandmaintainingproperseparationofduties;• PerformingproperreconciliationsbetweenIncode,bank,creditcardprocessorandGeneralLedgerdata.

Asdiscussedabove,theIncodesystemwent“live”onFebruary1st.Accordingly,thesystem,althoughfunctioning,isstillbeingrefined.Thefollowingisalistofobservationsregardingrefinementsthatneedtobemade.BasedondiscussionswithTownpersonnelandrepresentativesofTylerTechnologies,webelievethatallofthenotedissueswillbeaddressedassoonaspracticable.

• WenotedinourpreviousworkthattheCourtandFinanceDepartmentswerenotabletoeffectivelyreconcilecreditcardtransactions“swiped”totheTown’sbankaccount.TheIncodesystemisdesignedtofullyintegratecreditcardprocessingwiththeIncodesystem.Unfortunately,thecreditcardprocessorusedbytheTownisnotprovidingtheinformationthatwouldallowforthesmoothanduncomplicatedintegrationandreconciliationofmoniescollectedtomoniesreceivedattheTown’sbank.Accordingly,weunderstandthatTownmanagementhasdecidedtomovetooneofthecreditcardprocessorsthatwillseamlesslyintegratewiththeIncodesystem.Afurtherbenefitofthismovewilllikelybeamuchshorterlagbetweenthedateacreditcardis“swiped”andthedatethefundsactuallyreachtheTown’sbankaccount.

15

• Theproperseparationofdutiesisoneofthemostimportantcomponentsofaneffectivesystemofinternalcontrols.Inourpriorwork,wenotedthatthejudge,courtclerksandthecourtadministratorallhadtheability(permission)toacceptmonies,adjusttransactions,reversetransactionsandapprovetransactions.IntheIncodesystem,thesystemadministratormanagesthepermissionsforallusers.Becausethesystemhasonlyrecentlygone“live”,wenotedthatthecourtadministratorcurrentlyhasthesystemadministratorrole,enablinghertosetthepermissions.Oncethesystemreachesastablestate,wesuggestthatamemberoftheTown’sITDepartmentbegiventhesystemadministratorrole(andcanonlymakepermissionadjustmentswithproperdocumentedapprovals)andthecourtadministratornolongerhavethatrole.Further,werecommendthatthesystempermissionsbesetsothatthecourtadministratorcanonlyadjust,reverseandapprovetransactions–sheshouldnotbeabletoacceptmoniesfromthepublic.Additionally,webelievethatthejudgeshouldhavenopermissionsthatinanywayinvolvefinancialtransactions.

Inthecourseofnormaljailoperations,theTownhashistoricallyacceptedbondpaymentsonbehalfofotherjurisdictions.ThispermitsanAddisonarresteewhoowesmoneyinotherjurisdictions,tosettleoutstandingdebtstotheotherjurisdictionpriortoreleasefromtheAddisonjail.IndiscussionswithrepresentativesofTylerTechnologies,welearnedthatTylerviewstheacceptanceofout-ofjurisdictionbondsasapurelyjailfunction.Accordingly,theIncodesystemhasnofunctionalitytopostoutofjurisdictionbondpaymentsasanaccountpayabletoanotherjurisdiction.SincecreditcardterminalsareintegratedwiththeIncodesystem,outofjurisdictionbondpaymentswouldhavetobehandledmanually–effectivelyoutsideoftheinternalcontrolsestablishedaspartoftheIncodesystem.WediscussedthisissuewiththeCourtAdministrator,PaulaDale,HamidKhaleghipouraITDirector,DeputyCityManagerCherylDelaney,AssistantFinanceDirectorOliviaRiley,KondaSheltonofTylerTechnologies,DavidEisenlohroftheAzimuthGroupandPoliceChiefPaulSpencer.Allagreedthatthisisanissuethatshouldberesolvedinamannerthatmaintainsproperinternalcontrolsandthatthemanualprocessingofoutofjurisdictionbondsintroducesthepotentialforerrorsandincreasedaccountingworkloads.WeunderstandthattheTownwilldeviseashort-termsolutionthatwillinvolveaseparatecreditcardterminallinkedtotheTown’sERPsystem.Thissolutionwillrequirethattwocreditcardterminalsbeinstalledinthejail–oneforoutofjurisdictiontransactionsandoneforAddisontransactions.Further,weunderstandthattheTownwillstudyanacceptablepermanentsolution.

COMPLIANCE MONITORING

RecommendationAdopttheCOSOFramework–asdiscussedinourpreviouspresentationstotheTownCouncil,managementshouldactivelyandenthusiasticallyadopttheCOSOFramework,includingarobustinternalauditprocess.WerecommendthattheTowncontractwithaCPAfirmtoperformroutineinternalauditfunctionsontheTown’sprocessesandtoembraceandengraintheCOSOFrameworkintheTown’sday-to-dayoperationsandmanagement.FortheTownofAddison,webelievethistobeaprocessaswellasaculturalissuethatcanonlybeaccomplishedthroughstrongToneattheTopmessagingandactions.StatusofRecommendationWehaveobservedthatpositiveToneattheTopmessagingistakingshape.ThedirectionoftheCityManagertostaffisoneofcontinuousimprovement.This,coupledwiththeTown’sCouncilprovidingtheCityManagerwiththebudgetauthoritytofundthe“tools”(intheformofnewERPandCourtsystemsaswellasappropriatestaffinglevels)willallowtheTowntoaggressivelyadopttheCOSOmodel.OncetheMunisERPandCourtSystemsarefullyimplementedandthenewlyapprovedFinanceDepartmentpositionsarefilled,weunderstandthattheOMBwillberesponsibleforimplementingtheCOSOmodelinearnest.TheonecomponentoftheCOSOmodelthatappearstobeasyetunresolvedistheInternalAuditfunction(whethertooutsourceorinternallystaffthefunction).InternalAuditfallswithintheCOSOmonitoringactivitiessectionandisanintegralpartofaneffectiveCOSOadoption.Weunderstandthatuntilafinaldecisionismaderegardingthe