HomeMy WebLinkAboutSubmittal-Jose M. Fernandez-Management Letter Year 2014•
•
•
•
•
•
•
•
•
0
o
•
Submitted into the public
record for item(s) p t .'J
on kit ZcI • City Clerk
,41
rn J
McGladrev
Assurance ■ Tax ■ Consulting
15-00478-Submittal-Jose M. Fernandez -Management Letter Year 2014
•
•
•
•
•
•
• City of Miami, Florida
• Management Letter in Accordance
• With Chapter 10.550, Rules of the
• • Florida Auditor General
• For the Year Ended September 30, 2014
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
• Submitted into the public
• record for item(s) txt • 3
• on (a 1a5 12-01 S" • City Clerk
w
• Contents
•
•
•LVI It 11Ik J) V.} • -�
on (e ( L <) IS . City Clerk
Management Letter in Accordance with
• Chapter 10.550 of the Rules of the
• Florida Auditor General
• Appendix A — Current Year Findings and Recommendations to Improve Financial
• Management
• Appendix B — Status of Prior Year's Findings and Recommendations to Improve Financial
• Management
• Independent Accountant's Report
• on the Examination of the City's Compliance
with Section 218.415, Florida Statutes
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
1-3
4-9
10
11
McGladrey
Management Letter in Accordance with
Chapter 10.550 of the Rules of the
Florida Auditor General
Honorable Mayor and Members of the
City Commission
City of Miami, Florida
Report on the Financial Statements
'nto the public
recor,i for item(s) bt.•1)
(iI2rIi< . CityClerr-
on
We have audited the financial statements of the governmental activities, the aggregate discretely
presented component units, each major fund, and the aggregate remaining fund information of the City of
Miami, Florida (the City), as of and for the fiscal year ended September 30, 2014, and have issued our
report thereon dated March 25, 2015. Our report includes a reference to other auditors who audited the
financial statements of the following component units and funds:
Component Units / Funds
Classification
• Southeast Overtown Park West Redevelopment Agency
• Omni Redevelopment Agency
• Midtown Community Redevelopment Agency
• Virginia Key Beach Park Trust
• Liberty City Community Revitalization District Trusts
• Firefighters' and Police Officers' Retirement Trust
• General Employees' and Sanitation Employees'
Retirement Trust and Other Managed Trusts
• Miami Sports and Exhibition Authority
• Downtown Development Authority
• Bayfront Park
• Civil Investigative Panel
• Coconut Grove Business Improvement District
• Wynwood Business Improvement District
nonmajor special revenue fund
nonmajor special revenue fund
nonmajor special revenue fund
nonmajor special revenue fund
nonmajor special revenue fund
aggregate remaining fund information
aggregate remaining fund information
discretely presented component unit
discretely presented component unit
discretely presented component unit
discretely presented component unit
discretely presented component unit
discretely presented component unit
This management letter does not include the results of the other auditors' testing of compliance and other
matters that are reported on separately by those auditors. Our report also includes emphasis of matter
paragraphs relating to the City's adoption of Government Accounting Standards Board (GASB) Statement
65, Items Previously Reported as Assets and Liabilities and the City's pension plans adoption of GASB
Statement 67, Financial Reporting for Pension Plan.
Auditor's Responsibility
We conducted our audit in accordance with auditing standards generally accepted in the United States
of America and the standards applicable to financial audits contained in Government Auditing
Standards, issued by the Comptroller General of the United States.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
rc uiu iui ....• 'i
• onCity Clerk
• Other Reports and Schedule
• We have issued our Independent Auditor's Report on Internal Control Over Financial Reporting and
• Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance
with Government Auditing Standards; Independent Auditor's Report on Compliance for Each Major
• Federal Program and State Project, Report on Internal Control Over Compliance, and Report on the
• Schedule of Expenditures of Federal Awards and State Financial Assistance Required By OMB Circular
• A-133 and Chapter 10.550, Rules of the Florida Auditor General; and Independent Accountant's Report
on an examination conducted in accordance with AICPA Professional Standards, Section 601, regarding
• compliance requirements in accordance with Chapter 10.550, Rules of the Auditor General. Disclosures
in those reports and schedule should be considered in conjunction with this management letter.
•
• Prior Audit Findings
• Section 10.554(1)(i)1., Rules of the Auditor General, requires that we determine whether or not
• corrective actions have been taken to address findings and recommendations made in the preceding
annual financial audit report. Corrective actions have been taken to address the findings and
• recommendations made in the preceding annual financial audit report, except as disclosed in Appendix B
• — Status of Prior Year's Recommendations to Improve Financial Management.
• Official Title and Legal Authority
Section 10.554(1)(i)4., Rules of the Auditor General, requires that the name or official title and legal
• authority for the primary government and each component unit of the reporting entity be disclosed in
this management letter, unless disclosed in the notes to the financial statements. The information is
• disclosed in Note 1 to the financial statements.
• Financial Condition
•
Section 10.554(1)(i)5.a., Rules of the Auditor General, requires that we report the results of our
• determination as to whether or not the City has met one or more of the conditions described in Section
• 218.503(1), Florida Statutes, and identification of the specific condition(s) met. In connection with our
audit, we determined that the City did not meet any of the conditions described in Section 218.503(1),
• Florida Statutes.
• Pursuant to Sections 10.554(1)(i)5.c. and 10.556(8), Rules of the Auditor General, we applied financial
• condition assessment procedures. It is management's responsibility to monitor the City's financial
• condition, and our financial condition assessment was based in part on representations made by
management and the review of financial information provided by same.
•
• Annual Financial Report
• Section 10.554(1)(i)5.b., Rules of the Auditor General, requires that we determine whether the annual
financial report for the City for the fiscal year ended September 30, 2014, filed with the Florida
• Department of Financial Services pursuant to Section 218.32(1)(a), Florida Statutes, is in agreement with
• the annual financial audit report for the fiscal year ended September 30, 2014. As of the date of this letter
• the 2014 annual financial report for the City was not filed.
• Other Matters
Section 10.554(1)(i)2., Rules of the Auditor General, requires that we address in the management letter
• any recommendations to improve financial management. Such recommendations are included in
Appendix A — Current Year Findings and Recommendations to Improve Financial Management.
•
•
•
•
on keys-iv-7 •
L1Ly l IGIK
• Section 10.554(1)(i)3., Rules of the Auditor General, requires that we address noncompliance with
• provisions of contracts or grant agreements, or abuse, that have occurred, or are likely to have
occurred, that have an effect on the financial statements that is less than material but which warrants
• the attention of those charged with governance. In connection with our audit, we did not have any such
• findings.
• Purpose of this Letter
• Our management letter is intended solely for the information and use of the Legislative Auditing
• Committee, members of the Florida Senate and the Florida House of Representatives, the Florida
Auditor General, Federal and other granting agencies, the Mayor and City Commission, and applicable
• management, and is not intended to be and should not be used by anyone other than these specified
• parties.
•
• Miami, Florida
• March 25, 2015, except for the
• examination report on the City's compliance with Section 218.415,
Florida Statutes, Local Government Investment Policies and the
• report on compliance for each major federal program and state
• project and report on internal control over compliance, for which
the date of each report is June 5, 2015
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
on 1Qi2ci155- .
City of Miami, Florida
Appendix A — Current Year Findings and Recommendations to Improve
Financial Management
City L1erK
ML 2014-01 — Use of Restricted Resources
•
•
•
•
•
•
Criteria: When restricted resources are available for use, it is the City's policy to use restricted resources •
first as they are needed, followed by the use of unrestricted resources.
Condition: We noted that the City is not expending available bond proceeds in an effective and timely •
manner. As of September 30, 2014, the City had $74 million of available bond proceeds restricted for •
capital projects related to debt issued between 2007 through 2011. •
Cause: Lack of effective planning, budgeting, and funding of capital projects with available bond
proceeds.
Effect: Possible non-compliance with respective bond indentures related to available bond proceeds.
Additionally, the City is paying interest expense on related bonds and not utilizing the available proceeds
to fund City projects.
Recommendation: We recommend that management develop a plan and budget appropriately to allow
for the utilization of available bond proceeds to fund allowable City projects.
Views of Responsible Officials and Planned Corrective Actions: The City concurs with the
recommendation. The City continues to aggressively spend -down remaining unspent proceeds. The City
has implemented measures to minimize the risk of this recurring. The City will focus on finding an optimal
balance between issuing bonds and the timing of the expenditures. The timing of the project related
expenditures will be scrutinized and factored into the timing of issuing the debt. Furthermore, the City will
issue official letters of intent for bond issues. The official letter of intent will enable the City to incur the
expenditures and subsequently reimburse itself from bond proceeds.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
• City of Miami, Florida
on 1, , z S )15 . City Clerk
• Appendix A — Current Year Findings and Recommendations to Improve
• Financial Management (Continued)
41 ML 2014-02 — Grant Reimbursements
• Criteria: The City's internal control system should be designed to track that claims for reimbursements
• are filed in a timely manner; for example, within 30 days after the incurrence and payment of qualified
• related expenditures to allow for collection of such reimbursements.
• Condition: Management determined that $3.4 million due from grantors for qualifying reimbursable grant
• expenditures that were outstanding in excess of 1 year were not deemed collectible and allowed for as of
fiscal year end.
•
• Cause: Individual departments administering grant programs did not compile and file the proper
documentation needed to receive such reimbursements or the City did not draw down authorized funding
• from grantor in a timely manner after the incurrence and payment of a qualified related expenditure.
• Effect: The delay in requesting for reimbursements can have an adverse effect on the cash flows of the
• City's operations or affect the collectability of the amounts due.
• Recommendation: We recommend that the City establish a control system to track that amounts
• expended are timely submitted for reimbursement, all required forms are compiled and prepared in the
format prescribed by the grantor, and reimbursement packages are reviewed and approved by
supervisory personnel.
• Views of Responsible Officials and Planned Corrective Actions: The City will take corrective action by
• centralizing the grant reimbursement function in the Finance Department. The process of centralization
• has commenced with the establishment of two Grant Financial Analyst positions, whose primary function
will be to coordinate the reimbursement process with respective departments to help ensure the timely
• reimbursement of funds to the City. This will require systematic coordination with the departments,
because the respective department will remain responsible for grant management and ensuring that the
• funds are expended appropriately.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
on_
City u ern
•
City of Miami, Florida •
Appendix A — Current Year Findings and Recommendations to Improve
Financial Management (Continued)
ML 2014-03 — Password Configurations
Criteria: General Information Technology (IT) controls require that passwords settings be sufficient to
prevent the unauthorized access to systems and data.
Condition: We noted that password configuration settings for complexity and length do not meet the
minimum requirements as stated in the City's Acceptable Technology Use Policy.
Cause: Password configurations have not been setup to meet minimum requirements as stated in the
City's Acceptable Technology Use Policy.
Effect: Risks include unauthorized use of systems and disclosure, modification, damage, and/or loss of
proprietary information.
Recommendation: We recommend that management adjust password length and complexity
configuration settings to meet the minimum requirements as stated in the City's Acceptable Technology
Use policy.
Views of Responsible Officials and Planned Corrective Actions: We agree with the recommendation. We
are in the process of requesting an Administrative Policy Manual (APM) entry to authorize the changes
needed to address password length and complexity issues outlined in this finding. APM modifications
require City Manager approval which we anticipate obtaining.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
w MCCCIU It/I- 1ICJIl(SJ 1 ]1 - /
8H _— _ T . City Clerk
City of Miami, Florida
Appendix A — Current Year Findings and Recommendations to Improve
• Financial Management (Continued)
• ML 2014-04 — User Access Reviews
• Criteria: User access rights to an organization's relevant financial reporting applications or data should
be reviewed periodically by management.
• Condition: We noted periodic user access reviews are not being performed for the network and Oracle to
• validate that employee system access rights are appropriate based on the employee's roles and
• responsibilities.
• Cause: The City does not have established policies and procedures in place requiring the review of user
• access rights on a periodic basis.
• Effect: Risks include unauthorized use, disclosure of proprietary information, modification, damage, or
loss of data.
•
• Recommendation: We recommend that management establish formal policies and procedures to allow for
the proper administration of user access rights on an ongoing basis. Such policies and procedures
• should address the proper provisioning, modifying, removing, and periodic review of access rights
• assigned to employees. Management should determine as part of the user access review that configured
access rights are appropriate based on the employee's roles and responsibilities. This review should
• indicate who performed the review, when the review was performed, and if any access changes are
• required.
• Views of Responsible Officials and Planned Corrective Actions: We agree with the recommendation. We
• are in the process of implementing a report to be reviewed by the Department Directors periodically. The
report will show the Oracle access each person has in the department. The Department Director will
• have the ability to request additional access or the removal of it if required. This report and the
• mechanism to deploy it will be in place by the end of September 2015.
•
•
•
•
•
•
•
•
•
•
•
•
•
eb
City of Miami, Florida
Appendix A — Current Year Findings and Recommendations to Improve
Financial Management (Continued)
recora tor item(s)
on I15 . City Clerk
ML 2014-05 — Data Restoration
Criteria: General information technology (IT) controls require that procedures be in place to allow for the
backup and recovery of financial data on an ongoing basis.
Condition: We noted that stored data (backup) is not being tested on a periodic basis for Oracle and the
network to validate the effectiveness and content of the data backups being performed.
Cause: There is no formal policy in place requiring the periodic backup and restoration of data.
Effect: Risks include modification, damage, and/or loss of data. The lack of a strategy for cyclical testing
of the stored (backup) data exposes the City to operational disruption.
Recommendation: We recommend that management establish formal policies and procedures requiring
the periodic storage (backup) and restoration of data. Such policy should include the requirement that
stored data be tested at least on an annual basis, to validate the effectiveness and content of the data
storage (backup) being performed.
Views of Responsible Officials and Planned Corrective Actions: An Oracle Disaster Recovery Test is
done every year prior to hurricane season. The test includes stakeholders mostly from the Purchasing
Department, Human Resources and from the Finance Department. During the second quarter of 2014,
the City relocated its disaster recovery site. This year we will conduct an Oracle Disaster Recovery Test
before June as it was done prior to last year.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
City of Miami, Florida
Appendix A — Current Year Findings and Recommendations to Improve
• Financial Management (Continued)
• ML 2014-06 — Change Management
record for item(s) DS , 3
on (el 7.51 /s City Clerk
• Criteria: General Information Technology (IT) controls should provide reasonable assurance that
program changes, application configuration changes, system changes and maintenance (including
• changes to system software and data structures), production processing changes (including new jobs,
schedule changes), and emergency changes are standardized, documented, approved, and subject to
• formal change management procedures.
• required by the City's established policies and procedures.
Cause: Change management documentation requirements are not consistently being performed by City
• personnel when changes are being made to the City's IT systems.
• Effect: Unauthorized changes may be moved to the production environment without management's
• knowledge.
• Recommendation: We recommend that management adhere to its change management program and
• policies which requires proper documentation for all changes to the City's IT systems.
Condition: We noted that network changes are not being formally documented on a consistent basis as
• Views of Responsible Officials and Planned Corrective Actions: Management agrees with the
• recommendation. Network changes and patches will go through the current Change Advisory Board
(CAB) process and will be documented accordingly. Target date: Immediate.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
••
icwtu Lot 'mints) D.1. '
on ( 751IS . City Clerk
City of Miami, Florida
Appendix B - Status of Prior Year's Recommendations to Improve Financial Management
Finding # Finding Title Status Other Explanation
• 2013-01 Budget -Related Transfers Corrected
• 2013-02 Accounts Receivable and Due From Other Repeated See current year
• Governments Process recommendation ML
• 2014-02.
• 2013-03 Investment Compliance Corrected
• 2013-04 Tax Exempt Bonds; Post Issuance Compliance Repeated Certain corrective
• action taken.
• 2013-05 Information Systems General Control Repeated Certain corrective
• action taken.
•
•
411
•
•
•
•
•
411
•
•
•
•
•
• _ McGladrey
•
•
•
•
• Independent Accountant's Report
•
• The Honorable Mayor, Members of the
City Commission, and City Manager
• City of Miami, Florida
Submitted into the public
record fpr ite�(s) ')
on 1 City Clerk
•
• We have examined the City of Miami, Florida's (the City) compliance with Section 218.415, Florida
• Statutes, Local Government Investment Policies during the year ended September 30, 2014.
Management is responsible for the City's compliance with those requirements. Our responsibility is to
• express an opinion on the City's compliance based on our examination.
• Our examination was conducted in accordance with attestation standards established by the American
• Institute of Certified Public Accountants and, accordingly, included examining, on a test basis, evidence
• about the City's compliance with those requirements and performing such other procedures as we
considered necessary in the circumstances. We believe that our examination provides a reasonable
• basis for our opinion. Our examination does not provide a legal determination on the City's compliance
• with specified requirements.
• In our opinion, the City complied, in all material respects, with the aforementioned requirements for the
• year ended September 30, 2014.
• This report is intended solely for the information and use of the Florida Auditor General, the Honorable
• Mayor, Members of the City Commission, the City Manager, and applicable management, and is not
intended to be and should not be used by anyone other than these specified parties.
•
• i «�
•
• Miami, Florida
• June 5, 2015
•
•
•
•
•
•
•
•
•
•
•