►
From YouTube: January 27, 2015 Audit Committee Meeting
Description
Minneapolis Audit Committee Meeting
A
Good
morning,
I'm
going
to
call
to
order
this
meeting
of
the
Minneapolis
Audit
Committee
for
Tuesday
January
27th.
My
name
is
linnea
Palmisano
and
I'm.
The
chair
of
this
committee
with
me
at
the
dais,
are
the
following
committee:
members,
councilmember,
alondra,
Connell,
Park
and
Rec
Commissioner
I
need
a
tab.
Vice
chair
marcos
and
city
of
Edina
managers
got
you
please
let
the
record
reflect
that
we
have
a
quorum
and
colleagues,
as
you
can
see
from
our
agenda.
A
We
have
a
number
of
items
to
hear
about
today
from
our
audit
director
may
I
have
a
motion
to
adopt
this
agenda.
As
presented,
it's
been
moved
seconded
and
seconded
to
adopt
the
agenda
of
those
in
favor
of
this
motion.
Please
say
aye,
those
opposed
the
eyes
have
it
and
the
agenda
is
adopted
before
we
move
on
to
today's
presentation.
We
need
to
accept
the
minutes
from
our
last
meeting.
Our
last
official
meeting
was
October
28th
2014,
so
I
will
move
adoption
of
those
minutes.
A
All
those
in
favor
of
the
motion
opposed
the
eyes.
Have
it
and
the
minutes
are
adopted.
Thank
You
colleagues,
but
we
have
before
us
a
report
on
a
series
of
items
from
our
new
auditor
of
director
of
internal
audit
will
Tetzel
mr.
Tuttle
and
his
staff,
including
jennifer
Nevers,
who
is
sitting
right
next
to
him
here.
They've
undertaken
an
extensive
review
of
our
city's
departments
and
programs
and
they're
here
today
to
give
us
an
overview
of
their
findings
and
the
projects
that
will
represent
the
substantial
part
of
their
work
for
this
year.
A
I
want
to
thank
all
the
department,
heads
and
their
staff
who've
been
meeting
with
mr.
Tetzel
and
look
forward
to
the
audit
departments.
Contributions
to
ensuring
our
city
is
running
effectively
and
in
a
way
that
minimizes
all
of
our
risk.
So
here
to
present
his
findings,
as
our
auditor
will
Tetzel.
Mr.
Quetzal
Thank.
B
Typically,
internal
audit
shops
will
meet
with
leaders
within
an
organization
to
understand
the
sort
of
the
risk,
universe
and
risk
atmosphere
within
the
organization.
So
we've
done
just
that
met
with
department,
heads
and
divisional
leaders,
and
there
was
a
couple
reasons
to
do
this
as
a
renewed
internal
audit
effort.
B
We
have
a
series
of
questions
that
we
go
over
with
with
everyone
that
we
have
a
risk
assessment
meeting
with
and
that
helps
us
collect
information
to
determine
where
we
need
to
focus
our
limited
resources
for
the
next
period
of
time,
whether
it
be
a
year
or
two,
and
so
out
of
that
we
have
this
large
body
of
answers,
and
we
try
to
aggregate
that
too,
to
determine
a
couple
things.
One
are
there
other
items
that
in
aggregate
means
something
to
the
enterprise
more
than
they
would
a
certain
department.
B
So
are
there
risks
that
are
systemic,
that
that
wouldn't
substantiate
us
going
in
and
auditing
that
certain
department,
but
as
an
enterprise
or
they're
bigger
than
the
sum
of
their
of
their
parts,
and
we've
noticed
that
we've
noticed
a
few
things
already
so
I'll
talk
about
those
shortly.
The
next
is
to
really
determine.
B
So
a
couple
of
those
I
talked
about
a
couple
things
that
were
sort
of
emerging
enterprise-wide.
One
of
them
is
vendor
governance,
this
idea
of
endor
governance
and
that's
really
getting
to
as
as
a
city.
Are
we
holistically
approaching
this
idea
of
managing
vendors
governing
third
parties,
so
entities
that
we
might
provide
money
to
either
to
do
something
for
the
city
or
for
some
public
purpose
and
there's
a
variety
of
aspects
that
we
can
look
at
there.
But
it
seemed
like
there
isn't
a
consistent
approach
to
how
we
govern
third-party
throughout
the
city.
B
So
that's
sort
of
bubbling
up,
and
that
can
mean
one
of
two
approaches:
either
we
can
do
either.
We
can
choose
to
do
some
work
to
say,
let's
look
at
vendors
across
all
departments
and
do
like
a
sort
of
a
larger
project
where
we
look
at
governance
and
whole
or
if
we're
in
a
certain
area,
doing
some
work.
B
C
Saw
that
on
the
agenda,
mr.
tensile,
madam
chair
I
saw
that
on
the
agenda.
Where
do
you
see
that
relationship
going
I'm
I'm,
a
veteran
of
the
long
wars
between
the
city
and
the
county,
is
so
encouraging
to
see
two
professional
organizations
that
are
across
the
tunnel
from
each
other?
Is
this
going
to
be
an
ongoing
relationship,
or
are
you
just
getting
some
upfront
kind
of
lead,
lead
ins
with
Carrie,
my
heart
I.
B
Thank
you,
chair
Palmisano
committee
member
OS,
I,
see
this
as
as
being
an
ongoing
effort,
so
in
in
meeting
with
karen
Marquardt,
we
meet
once
a
month
to
talk
about
that.
You
know
the
work
that
we're
doing
and
how
we're
managing
risk
within
our
organizations
and
a
lot
of
the
things
that
we're
looking
at
our
are
very
juxtaposed.
So
karen
has
actually
a
whole
team
that
does
vendor
audits,
and
so
we
can
really.
We
can
she's
offered
to
provide
some
of
their
audit
program.
B
So
the
steps
and
they're
like
some
of
the
checklists
that
they
might
use
to
evaluate
vendors.
We
can
leverage
that
and
tailor
that
to
the
city's
needs.
There's
also
going
to
be
opportunities
where
or
instances
where
there
might
be
a
vendor
that
the
county
funds
with
the
city
also
might
fund
and
in
those
circumstances,
when
we
identify
those,
I
can
bring
the
results
of
their
work
back
to
you
guys
to
tell
you
what's
going
on
there
and
from
the
data
perspective,
they
also
have
a
government
data
professional
on
their
team.
B
So
I'm
going
to
work
through
karen
to
to
meet
with
that
person
to
help
them
or
to
help
me
understand
sort
of
what
they
look
at
and
why
they
look
at
it
and
kind
of
get
an
idea
of
what
are
all
these
pieces
of
regulatory
promulgated,
ordinances
and
statutes
that
we
need
to
pay
attention
to
and
how
do
they
consistently
address?
Those
we've
also
been
invited
to
their
next
to
staff
meeting,
so
they
have
staff
meetings
monthly
to
see
how
that
goes
and
I
think
we
can
probably
clean
some
of
what
they
do.
B
There
she's
also
interested
in
the
work
we're
doing
here,
and
so
we've
provided
some
documents
to
her
around,
like
the
risk
assessment
questionnaire,
and
things
like
that,
so
I
think
it'll
be
a
beneficial
relationship
for
both
of
us
and
think
we
can
probably
get
some
I
hate
to
say
it.
But
synergies
out
of
out
of
that
yeah
is
that
people
use
that
word
anymore.
Any
other
questions
on
risk
assessment,
okay,.
B
Was
there
how
we,
how
we
use
our
retention
schedules
and
manage
the
that
data,
how
we
provision
access
to
it
so
on
and
so
forth,
so
really
map
that
out
and
look
at
that
and
then,
at
the
same
time,
map
out
what
that
ideal
situation
would
be
depending
on
what
these.
What
is
the
guidance
and
best
practices
are
and
then
look
for
gaps
there,
that
we
can
try
to
evaluate
in
inform
different
city
departments
on
how
that's
going.
B
This
will
probably
take
a
while
it's
a
big
body
of
work,
and
it
involves
a
lot
of
different
teams
depending
on
how
well
the
city
is
doing
at
this
will
be
a
function
of
how
detailed
we
get
in
our
audit.
So
if
we
feel
like
just
brushing
over
some
of
these
high
broad
concepts
that
we
don't
feel
like
there's
enough
there,
then
it
will
probably
put
on
the
brakes
a
little
bit
and
try
to
work
with
leaders
to
make
recommendations
on
what
they
need
to
do
their.
B
If
we
feel
like
is
robust
policies
and
procedures
and
adherence
to
these
standards,
then
we
can
go
a
little
bit
deeper
and
test
how
well
we're
actually
doing
against
these.
Some
of
it
might
depend
on
each
department.
How
did
we
go
so
really
want
to
leave
that
open,
because
we
don't
know
that
sort
of
atmosphere
right
now.
B
Out
of
that
staff
direction
and
some
of
the
budget
discussions,
it
was
determined
that
internal
audit
should
facilitate
that
evaluation,
and
so
currently,
what
we're
doing?
We
have
a
meeting
set
up
in
early
februari
with
the
city
coordinator
with
two
council
members,
including
chair
Palmisano
and
council
member
Gordon,
and
the
department
head
of
NCR,
neighborhood
and
community
relations
to
discuss
and
hammer
out
the
scope
and
objectives
of
that
body
of
work.
So
those
are
unclear
at
this
point,
but
once
we
get
those,
then
we
can
take
that
and
design
or
write.
B
Our
RFP
will
actually
will
hire
out
the
evaluation
of
this.
So
our
office
will
will
draft
the
RFP
and
publish
that
and
hire
the
firm
that
will
conduct
the
work,
we'll
manage
it
and
will
oversee.
It
will
do
all
the
review
of
the
work
and
and
help
with
that
deliverable
hope
to
start
with
it
with
by
probably
March
or
April
this
year
and
the
staff
Direction
wanted
the
final
deliverable
to
to
be
done
by
August.
C
B
I
think
once
we
have
that
meeting
to
really
hammer
things
out,
it's
hard
to
say
where
we'll
cover
by
a
program.
That's
probably
a
pretty
safe
bet,
financial
controls.
It
really
depends
on
how
much
work
we
want
to
do
and
how
much
we
want
to
sign
up
for
if
you're
talking
about,
if
you're,
referring
to
like
the
fiduciary
duty
of
neighborhood
organizations,
that
can
be.
C
In
a
large
body
of
work,
I'm
sure-
and
you
know
you
get
into
those-
that
we
have
relationships
with-
that-
have
oversight
board's
themselves.
Are
they
doing
that?
You
know
you
could
eat
your
right.
Its
by
biting
off
I'll,
be
curious
to
see
how
this
plays
out
in
any
regard
is
really
encouraging.
This
is
a
great
role
for
us
to
participate
in
the
city.
So
congratulations.
Okay,
thank.
B
You
yeah
I
think
it
paves
the
way
to
help
people
in
the
city
understand
how
we're
going
to
be
different.
Internal
audit
is
going
to
be
different
now
than
it
was
before
her
and
I
use
it
as
an
example
when
we
are
having
these
risk
assessment
discussions
and
we're
trying
to
educate
people
with
how
we
can
add
value
in
the
city
and
what
we
can
do
to
help
people
manage
risk
within
their
departments
and
people
are
getting
it.
So
it's
reassuring.
B
Next
I
wanted
to
talk
about
IT
auditor
Singh.
As
you
guys
know,
technology
is
progressing
at
a
rate
that's
hard
to
keep
up
with,
and
it's
difficult
for
a
shop
of
our
size
to
find
one
or
two
people
that
could
help
us
address.
It
risk
within
the
city
without
paying
extraordinary
amounts
of
money
to
them,
and
so
I
think,
historically,
IT
audit
services
have
been
outsourced
here
at
the
city
will
continue
to
do
that.
B
We
have
brought
an
organization
in
in
the
interim
to
help
us
with
some
IT
risk
assessment
and
the
scoping
out
and
planning
of
a
couple
of
audits
and
it's
gone
well
so
far.
That
was
a
contract
under
fifty
thousand
dollars.
So
we
didn't
go
to
our
fee
with
them,
but
it
is
a
local
small
minority,
owned
firms
so
we're
trying
to
utilize
underutilized
businesses,
ones
within
the
city
of
Minneapolis
and
so
far
it's
been
a
great
partnership.
B
B
So
I
look
forward
to
seeing
those
responses
and
working
with
with
some
of
those
two
teams
to
find
the
right
partnership
here
for
the
city,
my
idea
is
to
try
to
nail
down
one
or
two
firms
that
look
that
are
interested
in
working
with
us
for
longer
periods
of
time.
So
they
learn
how
the
city
works,
so
they
learn
or
make
build
relationships
with
people
here
at
the
city.
B
B
So
a
full
spectrum
of
IT
audit
thing,
so
it
could
be.
There's,
there's,
probably
three
different
approaches
or
three
different,
very
unique
things
that
I
put
on
the
RFP.
So
one
is
integrated
auditing
as
we
as
the
internal
office
here.
Does
audit
work
or
other
projects
there's
almost
always
going
to
be
technology
implications
of
that,
and
so
we'd
like
to
find
a
firm
that
can
supplement
the
work
that
we
do
and
they
call
that
integrated
auditing.
It's
a
it's
just
a
reality.
I,
don't
think
you
can
do
not
do
that
anymore.
B
B
A
Great
so
colleagues,
in
addition
to
meeting
with
elected
leadership
in
building
his
the
department's
work
plan
for
the
year,
mr.
Tetzel
and
his
team
have
been
conducting
a
review
of
the
findings
from
the
previous
audit
director.
This
review
helps
to
ensure
that
any
outstanding
issues
that
were
identified
in
those
previous
reports
are
either
resolved
or
they're,
going
to
be
tracked
until
they're
satisfactorily
addressed
so
again
to
present
the
findings.
I
assume,
that's
your
next
peace
super
few.
B
So
there
were
we
finally,
cracked
into
the
audit
software
that
the
priority
be
used.
There
are
27,
open
audit
findings
and
I
want
to
make
sure
that
you
guys
understand
that
this
isn't
this
isn't.
This
doesn't
mean
that
no
one
has
addressed
these
or
done
anything
about
these.
It's
that
audit
hasn't
kept
up
and
tracking
these
to
make
sure
that
they're
they've
been
remediated.
So
not
throwing
anyone
under
the
bus
here
but
wanted
to
give
you
guys
a
perspective
of
sort
of
where
these
lay
and
we're
mapping
these
out.
We've
reviewed
them
all.
B
Actually,
a
couple
we
removed
as
findings
because
they
didn't
they
were
indicative
of
risk
within
the
city.
I
think
they
were
potentially
good
suggestions,
but
we
don't
feel
like
there's
something
that
we
should
hold
departments
to.
From
my
perspective
there
it
wouldn't
be
a
finding
going
forward
and
so
I
don't
want
to
hold
someone
to
a
different
standard
that
I
have
right
now
and
I
had
a
conversation
just
this
morning
with
finance,
and
it
looks
like
they've
made
really
good
progress
towards
most
of
theirs.
B
They're
more
more,
like
a
body
of
work
of
administrative
sort
of
ketchup.
Don't
want
to
leave
these
things
lying
around
so
either
the
department's.
You
know,
I,
don't
want
to
have
that
perception
that
the
findings
just
go
off
into
some
black
box
and
never
get
followed
up
on,
but
also
make
sure
that
if
these
are
truly
risk
to
the
city
that
they're
being
addressed
accordingly.
B
E
Chair
director
Quetzal,
when
you
look
at
what
you
consider
to
be
an
open
audit,
finding
does
that
is,
is
the
definition
of
open
mean
you
just
haven't
received
a
response
or
you
haven't
received
a
so
that
could
include
it
wouldn't
be
open.
For
instance,
of
a
department
said
we
can't
do
that
because
XYZ
that
would
that
be
considered
an
open
finding
or
is
it
just
a
non-response
chair.
B
Palmisano
council,
my
video
good
question.
Thank
you
so
when
I
say
open
finding
it,
it
means
that
I
haven't
closed
it
out
or
I.
Have
the
internal
audit
team
here
at
the
city
hasn't
collected
information
or
corroborated
the
remediation
and
documented
that
to
close
it
out
administratively,
there
are
responses
for
all
of
these
findings
from
all
the
various
departments
and
like
I,
said
earlier:
I.
Imagine
that
a
vast
percentage
of
them
have
been
addressed
or
are
no
longer
relevant.
It's
more
of
an
administrative
thing
that
they're
open,
okay,.