►
From YouTube: April 9, 2018 Audit Committee
Description
Minneapolis Audit Committee Meeting
A
Today's
meeting
April
9th
of
the
audit
committee
for
Minneapolis
with
me
here
on
the
dais,
is
mr.
Dave
David
Fisher,
councilmember,
Abdul
Waris
ami
and
councilmember
Jeremy
Schrader
were
a
quorum
of
this
committee
and
are
authorized
to
conduct
its
business.
Today
we
have
an
agenda
before
you.
It
is
about
getting
two
of
our
new
audits
back.
One
is
a
business
continuity
disaster
recovery,
audit
for
our
IT
services
that
we
have
as
a
city,
and
the
second
is
the
driver.
A
The
diversion
solutions
driver
diversion
program
audit
will
also
receive
an
internal
auditor
update
from
our
audit
department
and
from
mr.
Vasily
EV.
Could
I
could
I
move
and
see?
Could
the
adoption
of
this
agenda
are
there
any
questions?
Great
all
those
in
favor,
please
say
aye
aye
opposed
that
carries.
The
second
thing
we
need
to
do
is
to
accept
the
meeting
minutes
from
February
5th
from
our
previous
meeting.
Those
are
before
you
are
there
any
questions.
I
move
adoption
of
those
minutes
all
in
favor,
please
say
aye
aye
opposed
that
carries.
Thank
you.
A
I
I
want
to
introduce
Carol
vasilyev
is
gonna,
be
starting
us
off
here.
Carol
is
the
interim
help
lead
person
in
our
audit
Department
and
mr.
vasilia.
Very
recently,
it
was
the
recipient
of
a
star
award
for
our
city
for
all
of
his
work
and
great
efforts.
That's
a
really
big
deal
around
here
and
I
just
want
to
say.
Congratulations
also
with
us
in
the
audience
we
have
Ethan
Rock
I'm
from
audit,
and
we
have
you
get
us
a
lot.
A
C
This
was
requested
by
the
IT
audit
department
as
part
of
the
IT
audit
IT
department,
as
part
of
the
2018
audit
plan
and
the
main
areas
we're
covering
is
business
continuity
and
disaster
recovery
and
business
continuity
is
basically
to
make
sure
that
the
business
can
continue
after
disaster
and
a
disaster.
A
disaster
recovery
plan
is
to
make
sure
that
the
IT
and
the
infrastructure
team
can
recover
after
a
disaster
occurs.
Mr.
A
C
So
the
main
reason
we
were
looking
at
this
because
there,
what
constitutes
a
disaster,
would
be
something
where
you
maybe
have
an
outside
attacker
as
a
threat
that
comes
in
or
in
case
there's
some.
For
some
reason
there
is
a
tornado
that
goes
through
our
data
centers
and
we
are
unable
to
have
an
internet
continuity
or
we
are
unable
to
continue
using
our
current
systems.
The
way
we
intend
to
so.
C
C
So
how
long
can
you
go
without
having
regular
operations
and
recovery
points
at
the
point
of
which
it
has
to
be
recovered
to
in
order
for
normal
business
operations
to
continue
so
a
business
impact
analysis
is
basically
your
building
blocks
and
your
foundation
for
your
business
continuity
plan
and
for
your
disaster
recovery
plan
without
a
form
of
business
impact
analysis.
You're
not
gonna,
be
able
to
fully
define
your
business
continuity
plan
as
well
as
a
disaster
recovery
plan.
C
In
addition
to
looking
for
a
business
impact
analysis,
of
course,
we
were
looking
to
see
a
formal
disaster
recovery
plan
and
a
formal
business
continuity
plan
where's
in
existence
and
to
make
sure
these
plans
were
implemented
and
tested.
Excuse
me,
in
addition
to
just
having
a
plan,
it
is
important
to
make
sure
we
test
the
plan
periodically
to
make
sure
it
actually
works
effectively
in
the
event
of
an
unplanned
outage
that
does
occur.
C
So,
while
there
is
a
disaster
recovery
plan-
and
there
are
six
applications
on
the
disaster
recovery
plan-
there
are
how
they
got
to
be
on
the
disaster.
Recovery
plan
is
unknown.
It
was
a
legacy
or
a
historical
decision
that
was
made
by
prior
successors
for
the
IT
department
and,
as
a
result,
there's
all
former
business
impact.
Analysis
is
done
right
now
for
us
to
understand
the
true
steps.
One
needs
to
take
and
true
applications
that
need
to
be
protected
in
the
event.
There's
an
EM
plan.
C
So
ultimately,
the
main
founding
finding
out
here
or
the
main
finding
you
have-
is
the
lack
of
a
business
impact
analysis
that
also
leads
to
an
incomplete
disaster
recovery
plan,
which
leads
into
a
lack
of
integration
with
the
business
continuity
plan,
and
we
have
one
thing
we
wanted
to
call
out
is
that
we
do
may
also
be
certain
applications
and
different
departments
that
are
not
supported
by
city
IT.
That
may
have
their
own
business
continuity
plans,
so
we're
not
stating
that
they
may.
A
Just
as
an
explanation,
we
often
engage
rather
closely
from
the
internal
audit
perspective
with
a
client.
In
this
case,
the
client
is
the
IT
department
led
by
auto
Dahl,
and
so
we
always
we
like
to
give
those
audited
an
opportunity
to
to
talk
about
the
process
and
give
our
some
feedback
on
the
process,
but
then
also
to
share
yeah
some
of
some
of
their
responses
from
what
was
found
in
a
way
that
can
just
be
productive
and
informative.
So
welcome
mr.
Dahl.
Thank.
D
B
D
Exactly
what
we
plan
on
doing
to
meet
the
recommendations
that
are
made
by
the
audit?
First
of
all,
we
must
definitely
need
to
do
a
business
impact
analysis
across
the
city
information
systems.
We
have
over
400
information
systems
that
are
used
in
certain
degrees
across
the
city,
some
of
those
being
more
critical
than
others,
and
so
our
ability
to
have
a
catalog
of
the
importance
of
those
systems
relative
to
the
operations
of
the
city
is
really
sort
of
the
missing
link.
D
If
you
will
on
their
computing
systems
that
data
center
is
located
here
in
Minnesota,
there
is
a
backup
disaster,
II
site
and
another
state
in
the
country
that
is
used
for
our
current
disaster
recovery
capabilities,
the
sort
of
things
that
can
befall
a
data
center,
as
was
mentioned,
where
you
may
have
a
natural
disaster
of
some
sort
or
some
sort
of
extensive
attack.
Cybersecurity
attack.
I.
D
D
Obviously,
it's
going
to
take
some
degree
of
funding
to
allow
us
to
set
up
facilities
at
a
disaster
site
to
be
able
to,
as
I
mentioned,
pick
up
more
information
systems
and
readily
make
those
systems
available
elsewhere,
it's
more
than
just
a
prioritization
of
how
we
go
about
restoring
those
systems.
It's
also
determining
how
quickly
those
systems
need
to
come
up
as
business
functions
within
the
city
are
done
today.
Some
of
them
have
timelines
of
their
operation
that
have
to
be,
or
is
preferred
or
needed
to
happen
in
a
timely
fashion.
D
I
think
that's
more
readily
apparent
for
people
when
they
look
at
things
like
Public
Safety
applications,
but
there's
also
other
systems
within
the
city.
That
would
need
to
be
able
to
come
up
faster
if
you
will
than
other
systems
and
the
ability
to
have
all
that
catalogued
out,
understood
and
formalize.
D
E
F
D
The
amount
of
effort
in
the
priority
of
things
that
IT
has
to
do
informs
what
we
work
on,
and
so
this
particular
arena
has
never
bubbled
up
enough
for
us
to
actually
put
it
on
our
on
our
workflow
I
agree
with
you.
It
is
important,
but
we,
through
our
prioritization
process
of
the
work
that
my
organization
endeavors
to
do
each
year
it
hasn't
bubbled
up
it's
one
of
the
reasons
why
we
chose
to
bring
this
topic
up
with
the
audit
department
in
order
to
give
us
the
visibility
of
this.
F
A
F
I
I
probably
should
have
said
this
earlier
before
we
avoided
by.
Thank
you,
madam
chair.
You
know
the
integrate
identification
of
critical
systems
than
the
integration
and
the
IT
area
is
I.
Think
a
a
pretty
critical
area
of
responsibility
for
our
office
of
IT
and
I'd
like
to
at
least
personally
express
some
support
or
funding
through
the
City
Council
make
sure
that
this
is
accomplished.
I,
don't
know
if
the
committee
would
like
to
consider
that
as
an
attendant
to
the
motion,
but
I
will
leave
that
for
others
to
side.
G
A
B
The
this
audit
was
added
to
the
2017
audit
plan
in
response
to
a
request
from
City
Attorney's
Office
to
review
the
program.
This
is
one
of
our
carryover
projects
that
we
have
completed
this
year.
The
program
itself
provides
a
pathway
for
individuals
to
retain
driving
privileges
when
otherwise
their
driver's
license
has
been
revoked
for
fines
or
tickets.
The
program
includes
a
vetting
process
and
approval
process
by
individuals.
Who've
had
their
license
revoked.
B
We
were
looking
at
these
figures
and
were
able,
for
the
purposes
of
our
audit,
from
the
perspective
of
the
city
of
Minneapolis,
and
as
part
of
that,
we're
able
to
validate
the
that
figures
were
being
reported
with
the
correct
jurisdictions
and
that
the
grand
totals
of
the
reported
figures
were
lining
up
with
internal
records.
The
second
objective
here
is
to
review
internal
controls
at
the
diversion
solutions,
and
the
third
objective
was
to
review
how
the
city
is
monitoring
this
contract
with
this
third
party.
B
Summarizing
the
findings
of
our
audit,
we
ended
up
with
four
findings.
The
first
finding
is
on
database
integrity.
Diversion
solutions
maintains
an
internal
self-developed
database
to
track
all
of
the
information
for
all
the
program:
participants,
the
individuals
and
the
jurisdictions
that
referred
them.
B
We
noted
that
the
Davis
had
a
gap
in
access
controls
which
enabled
individuals
from
divergent
solutions
to
login
as
other
users
under
their
names.
That
would
include
individuals
approving
it
from
a
jurisdiction
or
from
the
state.
This
we
didn't
see
any
evidence
that
this
was
being
used
or
abused,
and
the
corrective
action
was
taken
by
diversion
solutions.
Once
we
spoke
to
them
about
this
issue,
to
remove
that
ability
for
their
staff
to
conduct
this
kind
of
access.
B
The
second
finding
is
related
to
internal
control
improvements.
We
noted
that
the
cash
handling
procedures
were
not
formalized
and
while
diversion
Solutions
did
not
accept
a
lot
of
cash,
it
is
a
generally
higher
risk
area
than
a
payment
by
credit
card
or
check,
and
we
recommended
that
those
procedures
be
formalized.
We
also
noted
that
there
was
a
lot
of
reliance
on
the
database
to
maintain
a
record
of
what
occurred
through
notes,
and
we
recommend
that
there
be
a
more
comprehensive
retention
of
supporting
documentation
such
as
emails
or
other
referrals.
B
H
B
Madam
chair
haami,
as
far
as
we
could
tell
from
our
review
the
program
did
accept
individuals
that
otherwise
would
be
unable
to
drive.
It
has
provided
them
with
the
pathway
to
regain
their
licenses
and
clear
their
drivers,
records
of
anything
that
would
prevent
them
from
getting
their
licenses
back
and
it
did
result
in
significant
repayment
fees
that
may
otherwise
not
have
been
repaid.
B
So
from
that
perspective,
I'd
say
yes
from
a
perspective
of
how
it
wasn't
100%
effective,
not
everyone
applying
and
entering
to
the
program
was
able
to
complete
their
payment
plans
and
get
to
that
point.
But
I
don't
have
a
good
perspective
on
what
would
be
considered
the
good
benchmark
or
the
target
figure.
I
can
also
request
that
Mary
Ellen
hang,
who
is
this
City
Attorney's
Office
individual,
that
handles
this,
provide
some
commentary
either
an
hour
towards
the
sure.
A
I
Sure
promise
honor
members
of
the
committee.
We
have
been
involved
with
the
DDP
since
2010
before
I
talk
about
that
I
just
want
to
make
a
comment
about
one
of
the
findings.
Minneapolis
was
not
one
of
the
jurisdictions
that
was
having
diversion
solutions.
Make
entries
under
their
name.
I
have
done
all
the
work
myself
I
do
all
the
I
do
all
of
the
approvals
I.
Do
it
what
they've
provided
us
with
a
very
nice
computer
system
I
do
it
all
I
was
frankly
a
little
surprised
that
other
attorneys
in
the
state
would
do
that.
I
Certainly
not
how
I
works.
I
just
want
to
assure
that
the
committee
that
we
have
done
our
own
work-
and
you
are
you
know
all
the
entries
that
have
been
made
have
been
made
by
myself
or
my
colleagues
the
night
of
Chico,
who
takes
over
the
program
when
I'm
on
vacation
or
out
of
the
office
for
an
extended
period
of
time.
So
that
was
not
really
a
issue
pertaining
to
our
involvement
in
the
program.
As
far
as
the
program's
success,
we
would
definitely
deem
it
a
success.
I
Part
of
the
problem
is
that
people
who
need
this
type
of
program
we're
not
talking
about
people
who
owe
a
couple
hundred
dollars.
I
have
seen
people
who
owe
ten
thousand
twelve
thousand
dollars
just
to
get
their
drivers
licenses
back
once
you
start
kind
of
falling
down
that
rabbit
hole
with
your
driver's
license.
I
Sometimes
it's
just
there's
no
way
to
get
out
of
it,
both
financially
and
the
other
piece
that
makes
this
program
the
key
there,
but
other
programs
that
have
popped
up
trying
to
replicate
what
this
program
does
and
the
reason
they're
not
successful
is
this
is
the
state
approved
program
and
the
big
difference
it
makes
is
when
you
pay
off
a
ticket
and
you
get
convicted
for
driving
after
suspension,
based
on
your
driving
record.
That
may
trigger
further
suspension
of
your
driver's
license
up
to
one
year
and
they
have,
through
the
session
law
that
we
created.
I
The
DVS
will
not
allow
that
suspension
to
go
through.
So
once
the
person
has
taken
the
steps
and
they
have
become
initially
valid,
as
they
continue
to
make
their
payments
and
pay
off
their
tickets
that
they
owe
they
stay
valid.
So
they're
driving
on
the
road
with
valid
assurance,
valid
driver's
license
and
they're
not
accumulating
new
tickets,
and
that
is
really
why
I
think
this
program
is
a
success,
because
the
key
is
to
get
them
valid
and
to
keep
them
valid.
Part
of
the
issue
is
some
of
the
people.
I
Oh
so
much
money
and
the
way
the
session
law
is
written.
They
can
only
work
with
them
for
about
18
months,
and
so
there
are
some
people
that
simply
can't
afford
the
payments
over
an
18-month
period
of
time.
That's
why
we've
been
seeking
to
have
this
program
be
made
permanent
so
that
way,
payment
plants
could
be
made
reasonable
for
people
whatever
they
can
afford.
If
it's
5
bucks
a
month,
20
bucks
100
bucks
a
month,
but
they
can
take.
I
You
know
what
does
it
matter
if
it
takes
them
three
years
to
pay
it
off
versus
eighteen
months,
they're
making
payments
they're
being
accountable,
they're
valid.
So
that's
been
one
of
the
reasons,
so
many
people
have
failed
out
financially
the
payments.
They
are
just
simply
too
much
for
them
to
make
and
we're
hoping
to
rectify
that
in
the
future.
With
the
making
this
program
permanent
and
removing
those
time
limits,
but
but
from
my
perspective
as
a
prosecutor,
I
think
it's
been
very
successful.
I
These
people
would
never
become
valid
without
a
program
like
this
and
the
way
it's
been
set
up,
both
the
city
and
the
state
would
not
have
collected
nearly
the
revenue
that
it
didn't.
It's
definitely
never
been
about
the
revenue,
but
it
has
certainly
generated
millions
of
dollars
in
back
revenues
that
otherwise
would
never
have
been
collected,
but
I
think
the
more
important
piece
is
that
we're
getting
people
out
of
this
hole,
we're
getting
them
licensed,
they
do
have
to
have
insurance
and
that
from
a
public
safety
standpoint
is
a
success.
H
I
Are
seeking
state
that
right
now
it's
under
a
session
law
and
it's
been
a
pilot
program-
that's
been
extended
three
times,
so
we
are
going
to
not
this
session,
but
I
think
next
session,
when
the
program
is
set
to
sunset
again,
I
ask
for
legislation
that
would
make
this
a
permanent
statewide
program.
Part
of
the
issue
is:
unless
the
jurisdictions
opt
in,
there
may
be
residents.
I
You
know
in
other
parts
of
the
state
that
can't
participate
because
their
prosecution
office
decides
not
to
so
we'd
like
to
see
it
statewide
made
available
for
everyone
and
we'd
like
to
remove
some
of
the
labor-intensive
obstacles,
such
as
triggering
a
suspension
when
they
pay
off
their
tickets.
That's
just
a
lot
of
work
that
has
to
be
done
manually
that
and
we
actually
have
our
bill
in
front
of
the
legislature
this
year.
That
would
take
care
of
that
piece
which
would
be
a
benefit
to
the
driving
diversion
program.
B
And
dating
with
the
findings
for
the
report,
a
third
finding
is
related
to
payment
to
program
fees.
It
has
small
handful
of
cases.
We
saw
a
difference
between
what
diapers
and
solutions
was
to
pay
per
their
contract,
with
jurisdictions
in
a
trapeze
for
individuals
versus
what
was
actually
paid
and
in
a
couple
of
cases
that
were
in
solutions,
look
like
they
owed
a
little
bit
more
money
to
jurisdictions
and
one
case
they
actually
overpay
jurisdictions.
There's
a
small.
B
With
contacts
and
our
fourth
finding
was
the
figures
that
were
reported
as
part
of
the
state
statute
required
areas
where
we
ended
up
having
to
do
a
lot
of
back
and
forth
discussion
work
to
be
able
to
reconcile
the
report
figures
to
the
documentation
that
diversion
solutions
had,
and
this
recommendation
is
really
to
encourage
diversion
solutions
to
take
that
work,
and
that
report
and
roll
it
into
improving
their
reporting.
Internal
reporting
of
figures
for
the
next
required
reporting
cycle
in
2019.
B
B
A
A
J
You
know
what
happens
in
business
when
somebody
says
the
word
audit.
What's
the
fear
to
everybody
right,
it's
like
we're
doing
everything
right,
but
nobody
can
do
everything
right
completely.
So
I
would
just
like
to
thank
the
audit
team
in
the
city
of
Minneapolis
Attorney's
Office,
for
asking
for
this
audit,
because
we
truly
are
making
all
the
changes
that
were
recommended.
J
We
took
it
as
a
positive
approach
to
sustain
the
audit
and
the
team
actually
made
it
nice
and
easy
for
us
for
that
and
the
understanding
and
the
time
that
they
made
available
to
us
so
that
we
could
better
understand
what
they
were.
Looking
for
and
I
can
assure
you
that
what
what
has
been
recommended
has
we
are
either
working
on
it
or
we
have
finished
it
and
as
far
as
giving
access
to
our
employees
to
make
changes
underneath
the
city
attorney
or
County
to
his
name,
it.
J
There's
no
doubt
about
it
because
we
use
it
as
a
training
tool.
What
the
attorney
is,
because
it
was
easier
for
us
to
see.
You
know
what
the
attorneys
are
exactly
looking
at
to
train
them
at
the
same
time,
and
we
did
we
did
too
that
button
down,
so
nobody
can
get
into
it
right
away
when
we
realize
that
they're,
probably
more
challenges
or
not
stop.
J
As
far
as
the
question
is
success,
I
just
want
to
give
you
just
a
quick
example
when,
when
the
session
law
was
passed,
I
promised
to
our
legislators
that
I
would
work
toward
a
15%
success
rate
and
that
success
rate
was
keeping
somebody
in
the
program
licensed
with
insurance
for
12
months,
I'm,
happy
to
say
we're
at
around
60.
62
%
was
where
we're
at
so
we're
just
looking
for
and
we've
helped
people
get
their
license
back.
Thank
you.
Thank.
A
A
B
Be
covering
the
audit
plan
both
in
progress
in
a
proposed
modification
and
the
a
summary
of
finding
follow-up
results
to
date,
the
our
plan
progress
will
be
split
into
three
slides,
one
covering
our
audits
when
covering
our
consultations
and
one
covering
the
work,
that's
being
done
by
our
close.
Our
safety
work
for
the
audit
audits
that
are
in
progress.
The
divergence
solutions.
B
B
I
didn't
want
to
note
that,
for
the
records
retention
audits,
our
intention
and
plan
was
and
is
to
coordinate
with
the
city,
clerk's
records
staff
and,
as
we
had
some
initial
meetings,
we
learned
that
their
plans
to
conduct
their
reviews
and
their
is
that
they're
covering
is
more
substantive
than
we
were
initially
thinking.
So
we're
likely
to
be
spending
less
time
from
our
ends
so
that
we
don't
duplicate
efforts.
We're
still
working
to
coordinate
those
two
projects
with
them.
B
For
the
consultation
work,
we've
held
planning
meetings
with
the
fleet
services
with
NCR
and
with
results,
Minneapolis
areas,
and
we
have
a
pretty
good
scope
of
work
where
we
have
several
touch
points
throughout
the
year,
where
they'll
be
reaching
out
to
us
with
a
phase
or
a
completed
section
of
their
project
than
their
work.
For
us
to
comment
on
we're
also
planning
out
our
kind
of
our
overview
of
this
continuity
disaster
recovery
in
terms
of
mapping
out
what
is
currently
out
there
within
the
city
for
a
reference
for
emergency
management.
B
Folks,
and
then
we
do
have
a
couple
of
consultations
that
are
on
the
on
the
plan
that
haven't
really
picked
up
yet
and
for
the
IT
work,
the
business
continuity.
The
second
item
on
here
is
complete,
and
the
last
item
on
here
is
the
third-party
risk
management
process.
That
project
was
more
of
a
follow
up
to
make
sure
that
the
way
IT
modified
their
third-party
risk
assessment
process
was
effective,
but
they
haven't
had
a
valid
go
through
the
new
process.
B
Yet
so
there
isn't
really
anything
to
conduct
a
review
of,
so
that
one
is
likely
either
delayed
until
later.
This
year
or
possibly
next
year,
and
then
there
is
one
project
that
is
expanded
in
scope
somewhat.
The
IT
police
records
management
system
implementation.
We
were
conducting
it
as
a
consultation,
but
based
on
the
phase
of
the
project
that
and
how
they're
plotting
their
implementation.
It
is
more
appropriate
to
conduct
an
audit,
because
a
lot
of
the
portions
of
the
systems
are
substantive
lis
in
place
rather
than
being
developed.
B
So
we
can
review
and
test
what's
there,
instead
of
consulting
on
how
to
put
it
in
place,
and
then
this
slide
summarizes
those
kind
of
adjustments
in
scope
for
the
records
audit
for
the
IT
third-party
risk
on
it
and
the
police
record
system
on
it,
and
because
we
are
very
likely
significantly
reducing
our
work
on
records
retention.
We're
proposing
adding
a
new
audit
to
the
2018
audit
plan,
specifically
a
third
party
contract
audit
of
AG
management,
which
is
the
operator
of
the
Target
Center.
B
You
know
at
the
time,
and
the
proposed
objectives
of
the
AG
audit
are
looking
at
compliance
with
some
very
select
operational
provisions
of
the
contract
and
looking
at
financial
reporting
and,
of
course,
looking
at
how
the
city
is
monitoring
the
contract.
With
the
idea
of.
If
we're
pretty
well
focused
on
key
areas
of
operations,
we
can
keep
the
audit
to
be
a
fairly
narrow
scope
and
take
time.
F
B
Chair
mr.
Fisher,
we
were
requested
to
sit
in
on
several
meetings
that
included
discussions
of
how
AGI
is
operating.
The
contract,
which
included
Palmisano
and
councilmember.
Goodman
and
we'd,
also
had
a
suggested
email
covering
this,
covering
some
aspects
of
a
potential
AG
audit
from
the
convention
center
head,
so
sort
of
requested,
but
also
on
our
radar.
For
a
couple
of
other
reasons,
because
it's.
B
B
A
Is
a
tough
one
to
measure
I
just
want
to
point
out
and
a
couple
years
ago
we
made
quite
a
sizable
investment
in
the
Target
Center,
so
we
want
to
make
sure
we're
getting
our
value
out
of
that
from
a
city
perspective
from
the
public
good
perspective
of
how
we
want
Target
Center
to
work
for
us.
So
I
am
pleased
to
see
this
and
I
do
think
it
will
help
with
the
meet
Minneapolis
audit,
and
it
will
be
similar
enough
that
this
will
be
a
good
one
to
add
any
other
question
great
go
ahead.
B
Next
slides
cover
the
follow
up
of
our
audit
work,
so
here
we're
presenting
how
many
issues
we've
been
tracking
originally,
when
these
reports
first
came
onto
our
radar,
how
many
issues
were
open
as
a
last
committee
meeting
and
how
many
are
open,
as
of
now
here
within
each
set,
where
have
both
the
the
kind
of
findings
of
recommendations?
How
many
were
issued
with
the
report
and
how
many
action
steps
management
stated
they
are
going
to
be
taking
in
response
to
these
a
lot
of
the
action
steps
are
sequential,
so
they'll
be
taking
down
over
time.
B
B
A
couple
of
highlights
the
records
management
audit
target
completion
date
is
now
2023
with
that
is
to
implement
their
new
information
governance
structure
across
the
entire
city,
which
was
a
very
ambitious
plan
that
they
were
anticipating
would
be
done
earlier
than
that,
but
has
now
started
to
be
a
later
target
date.
They're
also
focusing
significant
resources
on
making
sure
the
departments
are
transitioning
to
the
new
building
are
ready
for
that
transition
with
their
records,
so
I
don't
think
it's
necessarily
unreasonable
for
such
a
long
delay.
B
B
There's
towards
the
bottom
there's
a
couple
of
TBD
completion
targets
for
the
entire
project
and
those
are
related
to
pending
approval
or
view
that's
outside
of
that
areas.
Control,
but
otherwise
have
made
pretty
good
progress
on
both
areas
and
then
the
construction
contract
review
TBD
is
an
area
which
was
believed
to
have
been
addressed.
B
A
It
it's
notable
here
and
I
really
like
this
action
steps
column
by
the
way,
because
it
shows
that
since
last
fall,
we
we
as
a
city,
have
taken
six
action
steps
on
based
on
the
audit
findings
from
the
body
camera
audit.
But
could
you
share
a
little
bit
more
as
to
some
of
the
work
that's
gone
on
since
the
last
time
we
talked
about
this
at
audit
committee
I'm.
B
But
I
haven't
meticulously
gone
through
the
whole
thing
and
before
I
do
want
to
flag
that
before
we
close
that
any
of
the
findings
we
do
need
to
validate,
not
just
that
the
policies
out
there,
but
that
the
policy
has
been
incorporated
into
training
which
individuals
have
received
and
any
of
the
internal
review
areas
that
are
going
to
be
conducted
would
be
able
to
catch
similar
instances
of
non-compliance
that
they're
occurring
before
we
can
feel
comfortable.
Closing
out
the
findings
as
completely
fixed
I.
A
Just
think
that's
great
news,
you
know
we
will
trust
but
verify,
but
it
seems-
and
it
appears
that
not
only
has
the
police
department
accepted
every
single
one
of
the
findings
from
last
fall's
audit,
but
they
continue
to
make
progress
in
trying
to
shore
up
every
single
one
of
them.
So
that's
that's
good
news.
Are
there
any
questions
about
that?
B
Notable
here
is
that
all
of
the
findings
and
recommendations
for
the
HR
files,
maintenance
and
retention
are
closed
out
and
we
validated,
and
so
that
audit
is
complete
and
there's
also
been
progress
on
the
Park
and
Recreation
worker
safety
audit.
The
timeline
for
completion
I
think
has
lit
a
little
bit
in
part
because
the
plan
focused
on
having
a
consultant
come
in
to
assist
with
several
steps
of
implementing
their
program
and
to
review
current
policies
and
the
time
frame
for
getting
that
consultant
in
place
slid
about
four
or
five
months.
A
Great
I
will
mention
that
our
new
head
of
head
of
our
internal
audit
department,
that
effort
is
ongoing.
I've
played
a
role
in
it
and
I
think
my
colleagues
that
have
also
played
a
role
in
in
that
effort
in
to
varying
degrees.
Mr.
Neal,
who
is
out
of
the
country
right
now,
also
played
a
key
role
in
helping
some
of
the
initial
phone
interviews
that
we
did
a
little
while
back
so
I
hope
to
have
a
a
much
more
thorough
report
of
that,
and
perhaps
somebody
in
place
by
our
next
meeting
any
other
thoughts.