1 / 53

Mt. Lebanon, Pennsylvania Risk Assessment

Mt. Lebanon, Pennsylvania Risk Assessment. William D. McKain CPA Finance Director – Mt. Lebanon. Mt. Lebanon, Pennsylvania. The Municipality operates under a Home Rule Charter with five elected commissioners, one from each ward which also provides for the council/manager form of government.

paytah
Download Presentation

Mt. Lebanon, Pennsylvania Risk Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mt. Lebanon, Pennsylvania Risk Assessment William D. McKain CPA Finance Director – Mt. Lebanon

  2. Mt. Lebanon, Pennsylvania • The Municipality operates under a Home Rule Charter with five elected commissioners, one from each ward which also provides for the council/manager form of government. • Residential housing stock is varied in style and price and includes a 2007 sales range from $50,000 to $1,089,625. • The average sales price for housing climbed to $227,301 (up 2.6% from the prior year in a very challenging housing market) and the residential sales prices have increased at an average rate of 4.3% over the past five years.

  3. Mt. Lebanon, Pennsylvania • 33,017 population. • $29.2 million - 2007 general fund budget. • $7+ million sewage fund (of which $4.0 million was budgeted to fund sewer work) in addition to a capital project and special revenue funds. • Provides variety of traditional services in addition to a full-time career fire department, community magazine, GIS, crossing guards and leaf pick-up.

  4. What are the risk standards? • The Audit Risk Standards • SAS no. 104, Amendment to Statement on Auditing Standards No. 1, Codificationof Auditing Standards and Procedures (“Due Professional Care in the Performance of Work”) • SAS no. 105, Amendment to Statement on Auditing Standards No. 95, Generally Accepted Auditing Standards • SAS no. 106, Audit Evidence • SAS no. 107, Audit Risk and Materiality in Conducting an Audit • SAS no. 108, Planning and Supervision • SAS no. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement • SAS no. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained • SAS no. 111, Amendment to Statement on Auditing Standards No. 39, Audit Sampling

  5. What are the risk standards? • These Statements establish standards and provide guidance concerning the auditor’s assessment of the risks of material misstatement (whether caused by error or fraud) in a financial statement audit, and the design and performance of audit procedures whose nature, timing, and extent are responsive to the assessed. • Although the standards are audit guidance – it is very important for the auditee to understand its importance and value.

  6. What are the risk standards? • The Standards are designed to enhance an auditors’ response to risk materiality and encourage them to focus on areas with the greatest risk of misstatement. • The primary objective of these Statements is to enhance auditors’ application of the audit risk model in practice by specifying, among other things a more in-depth understanding of the entity and its environment, including its internal control, to identify the risks of material misstatement in the financial statements and what the entity is doing to mitigate them.

  7. What is risk? • Risk assessment is the identification and analysis of relevant risks to the achievement of an organization's objectives, for the purpose of determining how those risks should be managed. • Risk assessment begins with an initial determination of operating objectives, followed by a systematic identification of those things that could prevent each objective from being attained. In other words, it's an analysis of what could go wrong.

  8. What is risk? • Not all risks are equal. Some are more likely than others to occur, and some will have a greater impact if they occur. Once risks are identified, their probability and significance must be assessed. • Finally, having identified and assessed risk, management must decide how to deal with it.

  9. Mt. Lebanon approach to risk • Mt. Lebanon takes very seriously its responsibilities for adopting sound accounting policies, establishing and maintaining internal controls, and preventing and detecting fraud. • We believe all municipal employees must be good stewards of municipal assets and continually develop and monitor controls to safeguard these assets. • Our risk assessment process provided an opportunityto examine, document and measure our controls.

  10. Getting Started – preliminary work • Communicate and consult with your auditors - great resource. • Read the Statement of Auditing Standards (SAS) on Risk Assessment (SAS#’s 104 through 112) and any related articles and literature to research and gain an understanding of the new standards. • Formulate, at least conceptually, an approach to measure and document the risk assessment’s impact to your organization. • Obtain management’s support of this endeavor.

  11. Getting Started – preliminary work • Met with all directors, staff office chiefs and key department staff to communicate and introduce the standards and stress their importance. • These meetings and subsequent communications included discussions of the specific impacts on each department, specific related financial policies, brainstorming sessions and a healthy discussion of the potential risks and controls to the various departmental processes. • Departments were asked to take a step back, think and respond as if they ran their own business or were looking at risks and appropriate controls as a homeowner?

  12. Getting Started – preliminary work • As an initial step, each department received and completed the following matrix to explore and document their specific risks and controls.

  13. Getting Started – preliminary work • The finance department reviewed the initial responses and conducted many various follow-up meetings with departments to analyze and discuss in greater detail their department risk areas and controls. • This stage: • Required some initial patience and guidance with departments. • Great deal of relentlessness. • Department prospective can be interesting but they should be commended for the effort. • Work through each department’s processes and controls. • You also discover you don’t know everything you think you know.

  14. Getting Started - time to document • The staring point for any organization to assess its risks is to examine its current internal control structure and its effectiveness. An effective and comprehensive internal control structure must encompass the following five elements. • Control environment • Control related policies and procedures • Information and communication • Monitoring • Continuing assessment of risk

  15. Getting Started - time to document Control Environment - compliance Management sets the correct tone by believing internal control is important to achieving our goals, and communicates that view to employees at all levels. This commitment includes an ongoing investment of time, effort and resources. Our belief is that an effective internal control structure is an integral part of the process of providing high level of services to citizens.

  16. Getting Started - time to document Control Related Policies and Procedures - compliance The finance department has developed a comprehensive listing of financial policies and procedures to: • Ensure ongoing fiscal stability. • Improve the organization’s processes. • Serve as a key element of sound fiscal administration. • Provide guidance and be decision points for staff. • Identify acceptable and unacceptable courses of action in which departments (and for that matter governments) can operate. • Allow for consistency despite board/staff turnover. THIS IS A KEY TO RISK ASSESSMENT CONTROL DOCUMENTATION THAT BECOMES AN INTEGRAL PART OF THE PROCESS!

  17. Getting Started - time to document Information and Communication – compliance Internal controls and financial polices and procedures are communicated in various ways. Policies are formal and in writing and may be communicated at weekly director staff meetings, separate staff training, by e-mail and are always posted on the internal municipal website for easy employee access.

  18. Getting Started - time to document Monitoring - compliance It is the responsibility of all municipal employees to adhere and enforce our adopted financial policies. The Finance Director and staff see daily financial transactions that are impacted by financial policies and therefore are in the best position to enforce the policies. In addition, the finance director conducts internal audits on a wide-variety of municipal functions and processes. These audits often measure compliance to existing polices and procedures and sometimes result in new polices based on the findings and recommendations of these reports.

  19. Getting Started - time to document Continuing assessment of risk – compliance We measure and monitor our risks on an on-going basis in a variety of ways. The following are key methods of assessment: • Daily processing of financial transactions through the finance department is a constant and effective tool to enforce, monitor and gauge the effectiveness of current policies. • In August 2004, Mt. Lebanon adopted a Fraud Policy which is communicated to all employees. This policy and related procedures for the reporting, investigation, and resolution of fiscal irregularities are established as an integral part of Mt. Lebanon’s efforts to ensure that all employees conduct themselves in accordance with high ethical standards and our performance with respect to these matters is consistently applied.

  20. Getting Started - time to document Continuing assessment of risk – compliance (continued) We measure and monitor our risks on an on-going basis in a variety of ways. The following are key methods of assessment: • Internal audits and associated findings and recommendations are conducted by the finance director to: • Strengthen internal controls. • Enforce current policies. • Obtain information to develop new policies or revise existing ones. • Monitor the controls of your organization. • Be a deterrent to fraud. • Identify and catch fraud.

  21. Getting Started - time to document Continuing Assessment of Risk – compliance (continued) We measure and monitor our risks on an on-going basis in a variety of ways. The following are key methods of assessment: • Periodic review of current polices is on going to ensure they stay current and remain effective. • New problems, issues or events can be identified to determine whether a new policy is necessary to ensure internal controls are adequate, and that the integrity of data in the accounting systems and assets are protected against loss and abuse.

  22. Review – Revenues Overall • The adopted 2007 general fund budget is $29,211,230. Taxes comprise $21,567,400 or 73.8% of the total budgeted revenues. • Real estate is the largest revenue source budgeted at $10.3 million and funds 35.2% of general fund activities. • The second largest revenue source is earned income taxes which accounts $8.7 million or 29.8% of the budgeted revenues.

  23. Review – Revenues Overall

  24. Review – Revenues Overall What could go wrong: Receipts may not be received, recorded properly, and deposited in a timely manner. Control: • Monthly closing and reports issued. • Monitoring tool for departmental and overall financial operations. • Perform analytical procedures and review variances between the current actual and percentage of budget year expired. Significant differences are investigated to provide analysis and understanding.

  25. Review – Revenues Overall Revenues control (continued): • Revenues due to the municipality are pursued through past due notifications and other collection procedures including, if applicable, filing liens to protect our claims. Lastly, the municipality reports all outstanding payments due to us on the municipal claims letter. • Revenue policies that limits risk • Receipts Deposit Policy • Sequential Numbering & Accounting of Receipts Policy • Magazine Revenue Recognition Policy • Customer Service Center Payment Procedures and Guidelines • Intergovernmental Grants Policy • Return Check Policy • Interim Assessment Policy and Procedures

  26. Revenues – Drill-Down • Subsequent to identifying risk and controls for general fund revenues overall, a drill- down approach was conducted to document all other revenues that have specific issues detailing risks and associated controls. Risk Assessment Review and Documentation: a. General Fund Revenues b. Real Estate Taxes c. Earned Income Taxes d. Emergency Municipal Services Taxes (EMST) and Local Services Taxes (LST) e. Real Estate Transfer & Allegheny County Sales Tax (ARAD) f. Investments g. Grants h. Recreation & Charges for Services i. Magazine Advertising Revenues

  27. Review – Expenditures Overall

  28. Review – Expenditures Overall • The adopted 2007 general fund budget is $29,211,230 and can be further broken down by object code description

  29. Review – Expenditures Overall • Overall review of the our allocation of resources indicates as follows: • Personnel costs are our largest resource allocation, which comprise 52.3% of our operating budget. • The remaining most material expenditures are funds allocated for contracted services (28.5%), commodities (5.2%) and debt service (8.5%).

  30. Expenditures – Drill-Down • Subsequent to identifying risk and controls for general fund expenditures overall, a drill- down approach was conducted to document all other expenditures that have specific issues detailing risks and associated controls. Risk Assessment Review and Documentation: • Payroll • Fringe Benefits • Accounts Payable • Debt Service • Undesignated Fund Balance • Capital Assets & Capital Projects Fund

  31. Expenditures – Drill-Down Payroll What could go Pay rates are incorrect. wrong: An employee doesn’t work the hours recorded on time sheet. Payments are made to a person that is not an employee. Control: Documentation of controls. Payroll policies Payroll Timesheets Signature and Authorization Policy that limit risk: Fraud Policy

  32. Expenditures – Drill-Down Payroll Exercise We ran a series of payroll reports to analyze: • Any inactivity over the past two year period and should they still be active in the system (some retirees still receive payments). • Ran parallel payroll names to accounts payable names and addresses. Results: • Names were deleted or made inactive due to inactivity and/or no longer entitled to any payments through our system. • The development of a Related Party Transactions Policy. This resulted in a current payroll file with only active employees in the system and thus significantly reducing the risk of processing a paycheck to a non-employee.  This procedure will now be performed on an annual basis.

  33. Expenditures – Drill-Down Fringe Benefits What could go Medical and other fringe benefit rates are not accurate wrong: and/or higher than budget. Payments for non-employees (retirees) are not accurate. Certain non-cash fringe benefits may be taxable per the Internal Revenue Service code. Control: Documentation of controls. Fringe benefit Mt. Lebanon Taxable Fringe Benefits Guidelines & Policy policies that limit risk:

  34. Expenditures – Drill-Down Accounts Payable What could go Payments made without sufficient documentation and/or wrong: approval. Duplicate payments are made. Budgeted funds insufficient to cover submitted payment requests. Payments may be made without appropriate bids or quotes. Engagements are made for contracted services without appropriate approval. Payments may be made to non-existent vendor. Vendor information is not accurate or reliable for IRS. IRS 1099-Miscellaneous forms inaccuracies. Control: Documentation of controls.

  35. Expenditures – Drill-Down Accounts Payable Payable policies Purchase order Policy that limit risk: Contract Checklist Purpose & Procedures Policy Petty Cash Guidelines Municipal Credit Card Policy Food Purchasing Guidelines Related Party Transactions Policy

  36. Expenditures – Drill-Down Accounts Payable Exercise We ran a battery of account payable reports to analyze: • Any inactivity over the past two year period. • Sent letters to all vendors asking for an update on their account information. • Requesting new IRS W-9 forms. Results: • Reduction by 47% of vendors that had no activity within two years. • Remaining active vendors submitted Internal Revenue Service (IRS) W-9 forms. These steps reduced the risk of making payments to non-existent vendors, formally memorialize the vendor’s tax identification number (TIN), the vendor’s taxable or non-taxable filing status and ensures our records are accurate for compliance regarding IRS 1099-Miscellaneous forms issued to appropriate vendors. On an annual basis, this procedure will be completed to “scrub” and update the accounts payable vendor master file list.

  37. Expenditures – Drill-Down Debt Service What could go Debt service payments are not properly budgeted. wrong: The Municipality is not in compliance with requirements of the Local Government Unit Debt Act of the Commonwealth of Pennsylvania, the debt provision(s) outlined in the Mt. Lebanon Home Rule Charter, as well as applicable Federal and State legislation. Control: Documentation of controls. Debt Service Mt. Lebanon Debt Policy Policies that limit risk:

  38. Expenditures – Drill-Down Undesignated Fund Balance What could go The balance of the undesignated fund balance is not at wrong: an adequate level. Control: In 2005, Mt. Lebanon set a five-year goal to add $1 million to the undesignated fund balance and have the level be between 8 and 10 percent. In 2006 and 2007 a budgeted fund balance enhancement line item of $200,000 was incorporated per year to begin this program. As of December 31, 2006, the Municipality’s undesignated fund balance is 8.2% of general fund revenues

  39. Expenditures – Drill-Down Capital Assets & Capital Projects Fund What could go Capital assets acquisition and construction are not wrong: properly planned, budgeted or recorded accurately in the accounting system. Not comply with Governmental Accounting Standard Board (GASB) requirements.

  40. Expenditures – Drill-Down Capital Assets & Capital Projects Fund (continued) Control: Five-year Capital Improvement Program (CIP) Capital improvements that are included in the adopted balanced budgeted identifies sources to fund the approved capital assets. Capitalization threshold guidelines:

  41. Expenditures – Drill-Down Pension Trust Funds What could go Annual required pension contributions not fully funded. wrong: Investments are not adequately performing and safe- guarded from market fluctuations and significant losses. Control: Actuarial valuations are performed annually, though the Commonwealth (Act 205) requires only biennial valuations. An independent investment consultant, PFM Advisors, is retained to provide professional advice and a Pension Investment Advisory Board, a volunteer board of three highly credentialed residents, oversees the work of the investment consultant and recommends investment policy and other related issues to the Commission As of January 1, 2007, the date of the most recent actuarial report, assets in the plans exceed the actuarial accrued liabilities by $4,673,000.

  42. Expenditures – Drill-Down Other Post Employment Benefits (OPEB) What could go Annual required pension contributions not fully funded. wrong: Investments are not adequately performing and safeguarded from market fluctuations and significant losses. Control: GASB 45 statement is effective for Mt. Lebanon beginning in 2008. However, the municipality contracted for an actuarial report as of January 1, 2005 and began budgeting to fund the OPEB obligation in 2006. IMCA-RC has been chosen to administer the assets. Investments within the ICMA-RC Trust are chosen by the Pension Investment Advisory Board, a volunteer board of three highly credentialed residents.

  43. Expenditures – Drill-Down Capital Assessment Fund What could go Developers could construct projects not in accordance with wrong: developer agreements and municipal approvals or could fail to complete projects in accordance with developer agreements and municipal improvements. Control: Appropriate deposits, payments, inspection fees and performance bonds are received and maintained to ensure compliance. These procedures are strictly monitored through the planning and finance departments.

  44. Expenditures – Drill-Down State Highway Aid Fund (Liquid Fuels) What could go Annual revenues are not received due to incorrect filings or wrong: are limited due to ineligible expenditures. Control: On an annual basis, the finance department applies estimated State Highway Aid funding to eligible costs. Documentation for allowable expenditures and contracts are maintained to present to the annual State Highway Aid audit preformed by the Pennsylvania State Auditor General’s Office. The public works department and municipal engineer work closely with the finance department and Pennsylvania Department of Transportation (PENNDOT) to ensure bid contracts are eligible and approved per the State Highway Aid funding guidelines

  45. Expenditures – Drill-Down Sewage Fund What could go Resources are not adequate to comply with the wrong: Environmental Protection Agency (EPA) consent decree for necessary sewer infrastructure work. Receipts may not be received and recorded properly. Control: The sewage service rate was increased in 2007 from $2.45 to $4.05 per thousand gallons. The capital bond issue includes $1.6 million for catch-up infrastructure work related to the federally mandated EPA consent decree requirements.

  46. Expenditures – Drill-Down Sewage Fund (continued) Control: ALCOSAN provides quarterly billing information which is compared to the PAWC records for reasonable accuracy. On an annual basis total consumption billed by ALCOSAN is compared to the total consumption of the water company for reasonableness. Compare total usage with the same period for the prior year. On a monthly basis, sewage collections are reconciled to collections reports. On an annual basis, formal lien proceedings are applied to outstanding sewage payments. Regular meetings with the municipal engineer who provides forecasts for future capital sewage projects. Lastly, the municipality reports all outstanding payments due to us on the municipal claims letter.

  47. Lessons learned • It takes time, planning, preparation and commitment. • Need support of upper management, directors and staff. • Great internal control analysis and evaluation. • Allows you to see where you are strong and areas that need strengthened to limit risk exposure.

  48. Lessons learned • It provided a report card of our performance: • Good policies + procedures = limited risks. • Roadmap to identify areas to improve: • Some processes may call for the development or revision of policies to ensure risk is mitigated. • End product was worth the time and effort.

  49. Risk Assessment Philosophy & Conclusion • We all have a special duty to the public to ensure that a government’s resources are properly managed. Good management requires the maintenance of sound internal controls to protect all municipal resources. • We recognize that management is primarily responsible for designing, implementing, monitoring and reporting on controls and effective internal controls continues to be a top management priority.

  50. Risk Assessment Philosophy & Conclusion • Internal controls are essential but not foolproof – costs should not exceed benefits and no control structure can absolutely prevent all fraud, abuse and irregularities. • Our approach is to establish sound policies, efficient procedures and continually strengthen controls that reduce these risks. We believe our control structure is a deterrent to fraud and losses and increases the likelihood of detecting irregularities. • We will continue to develop and monitor internal controls to safeguard our assets and ensure they are utilized in the most effective and efficient manner.

More Related