Loading...
07/13/2010 - Report: 2010 Purchasing Follow Up - City Council - Audit Committee Page 1 TO: Audit Committee Members FROM: Ty Elliott, City Internal Auditor DATE: July 13, 2010 SUBJECT: Purchasing Follow-up Audit Report The purchasing follow-up audit was conducted in accordance with the fiscal year 2010 audit plan. This audit report summarizes the purchasing audit recommendations, management’s responses, and the audit follow-up findings (which describe how city management has implemented the auditor’s recommendations). This audit was conducted in accordance with government auditing standards, which are promulgated by the Comptroller General of the United States. 1. Audit Recommendation: The Department of Fiscal Services should create a policy requiring all city purchasing employees to annually certify in writing that that they have read, understand, and will abide by the code of ethics documented in the City of College Station’s Purchasing Manual. Management Response: Management concurs and will require all Purchasing employees to certify in writing during their annual performance evaluations that they have read, understand, and will abide by the City’s code of ethics. Audit Follow-up Finding: Effective December 2008, Performance Evaluation Forms have a certification signed by each employee in the Purchasing Division that states they have read, understand and will abide by the code of ethics documented in the City’s Purchasing Manual. Evaluations occur annually. 2. Audit Recommendation: The Department of Fiscal Services should consider setting up approval hierarchies for the following purchasing system functions: blanket order receipts, field purchase orders (FPO), FPO department approval, FPO payment approval, invoice review, purchase orders, purchase requisitions, and stock requisitions. At the very least, requisition approval levels should be set up in the purchasing system. The requisition approval hierarchy should include two to three levels, with at least the following two levels: (1) departmental or supervisory approval and (2) budget or finance review to verify budget sufficiency and account accuracy. Management Response: Finance concurs and will work with management to set up approval hierarchies for field purchase orders and purchase requisitions. Furthermore, Finance will specifically work with Public Works and Public Utilities to establish approval hierarchies for stock (inventory) requisitions. TY ELLIOTT City Internal Auditor telliott@cstx.gov CITY INTERNAL AUDITOR’S OFFICE 1101 TEXAS AVENUE COLLEGE STATION, TEXAS 77842 TEL: (979) 764-6269 FAX: (979) 764-6377 AUDIT COMMITTEE Mayor Nancy Berry Councilmember Jess Fields Page 2 Audit Follow-up Finding: The Department of Fiscal Services has sufficiently separated the purchasing system functions to reduce potential for fraud. The City contracted with Purchasing Solutions Alliance (PSA) to assist Finance in the development of an approval hierarchy for requisition approval including proposed policies and procedures. The resulting approval hierarchies restrict purchasing employees from creating, approving, and authorizing payment for a single purchase order. The new system requires departmental approval and payment approval from two separate user groups for each new purchasing request. 3. Audit Recommendation: The Department of Fiscal Services should limit access of purchasing personnel so that they are unable to create vendors or make changes to the vendor master file. In addition, the accounting personnel who create and maintain the vendor maintenance file should not have access to requisition and receive goods without requisition supervisory approval. Management Response: Management concurs. At this time, no one in Purchasing is able to add, edit or delete vendors. Additionally, once we implement approval hierarchies as recommended in Item 2 (above), individuals with access to the vendor master file will not be able to requisition goods without supervisory approval. Audit Follow-up Finding: In order to change the vendor master file, users must have access to the appropriate functional access in Purchasing Inventory and Global Financials applications. Functional access to the vendor master file in PI is limited to the accounts payable user group, PI management user group, and buyers user group. However, only select employees who are in the accounts payable user group have functional access to change the vendor master file. The accounts payable and PI management user groups have no access to requisition goods or create purchase orders without supervisory approval. 4. Audit Recommendation: The Department of Fiscal Services should segregate the duties of requisitioning, requisition approval, and receiving by setting up requisition approval hierarchies and separating purchasing system user access to these functions. Management Response: Management concurs. Finance will work with IT to redesign our existing PI System User Groups to segregate the duties for requisitioning, requisition approval and receiving. Audit Follow-up Finding: Finance has worked with IT to segregate the duties for requisitioning, requisition approval and receiving. These new user groups function within the approval hierarchies and provide a proper segregation of duties. 5. Audit Recommendation: The Department of Fiscal Services should reevaluate the needs of those who have administrator access to the purchasing system in order to more tightly control this access. Management Response: As of May 2008, 5 individuals had administrator access to the purchasing system. As of October 2008, there were 4 Purchasing employees who have administrator access. Finance will reevaluate if all 4 individuals need administrator access and work with IT department to redesign the PI System User Groups (if necessary). Audit Follow-up Finding: There are two purchasing employees with full access to the purchasing system. This is a reduction from the previous 5 individuals with administrator access. The two administrators are the purchasing manager and a purchasing buyer (who functions as a backup administrator in case the purchasing manager is unavailable). 6. Audit Recommendation: The Department of Fiscal Services should limit invoice processing to accounts payable employees who do not have the ability to create city checks or perform key procurement responsibilities such as purchase order processing. Page 3 Management Response: Management concurs and has established additional controls in those instances where the supervisor approves the payment. These items are primarily contractual capital projects in nature and have approval signatures from the engineer, the project manager and the CIP Director before coming for check processing. Finance will work with IT to redesign the PI User Groups to restrict individuals with accounts payable access from also being able to write checks or perform key procurement responsibilities such as purchase order processing. Audit Follow-up Finding: The new PI User Groups restrict individuals with accounts payable access from being able to process purchase orders. The accounts payable users are the only users able to process invoices.