►
From YouTube: October 15, 2018 Audit Committee
Description
Minneapolis Audit Committee Meeting
A
B
Morning,
I'm
going
to
call
the
Audit
Committee
meeting
to
order.
This
is
a
regular
meeting
of
October
15
2018
with
me
at
the
dais.
Here
is
park
board
Commissioner
Chris
Meyer,
mr.
David
Fischer
and
myself.
We
do
expect
to
be
joined
by
councilmember.
Warsaw
me,
councilmember
Schrader
is
sick
and
we
we
knew
previously
that
mr.
Scott
Neal
wouldn't
be
able
to
make
it
this
time.
So
we
we
are
not
yet
a
quorum,
so
we
cannot
do
official
business,
but
I
do
want
to
call
this
meeting
to
order.
B
Can
we
adopt
the
agenda
clerk
I'm
going
to
propose
to
move
to
I'm
going
to
move
to
adopt
the
agenda
before
you
today?
We
have
one
main
audit.
It's
our
payroll
audit
reports
been
a
long
time
in
coming,
and
then
we
have
a
lot
of
updates
from
our
auditor
and
from
others
in
the
past
and
previously
audited
entities.
So
thank
you.
Welcome
and
we'll
go
ahead
and
get
started
and
I
will
hold
off
on
approving
our
meeting
minutes
from
last
time
and
I
will
just
ask
direct
your
big
be
welcome
to
go
ahead.
They.
C
Our
payroll
audit
was
begun
in
2017.
We
put
it
on
hold
for
a
little
while
due
to
staff
turnover
and
picked
it
up
again
in
mid
2018
as
public
servants.
It
is
our
responsibility
to
safeguard
taxpayer
dollars
in
the
most
effective
and
efficient
manner
while
hearing
to
laws,
regulations
and
city
policies
governing
payroll
processes.
So
we
reviewed
internal
controls
over
payroll
processes.
C
As
a
result
of
our
audit,
we
identified
five
issues
and
we
also
introduced
an
issue
risk
rating
matrix,
so
most
issues
most
audit
issues
will
fall
in
the
moderate
range.
Low-Risk
issues
do
not
require
formal
management.
Follow-Up
management
will
address
the
low-risk
issues,
but
they
don't
have
to
fill
out
a
validation.
Memo
and
audit
doesn't
have
to
spend
time
doing
validation
testing
the
five
issues
are.
The
payroll
register
is
not
reconciled
to
the
general
ledger.
C
C
Documentation
is
incomplete
to
an
insurer
proprietary
of
duties
with
payroll.
So
what
this
entails
is
getting
a
system
generated
list
of
user
roles
and
who
has
access
to
those
roles,
ite
HR
and
Finance
management
working
on
getting
an
easy
to
interpret
list
of
data
so
that
they
can
ensure
people
who
have
access
to
various
roles
do
not
have
conflicts
of
duties.
An
example
would
be
someone
working
in
HR
who
can
set
up
a
new
employee
in
the
system
should
not
be
able
to
also
process
payroll.
C
Those
are
key
duties
that
should
be
segregated
because
those
duties
we
were
not
able
to
confirm
through
system
information
that
those
duties
are
segregated.
We
did
additional
testing
to
make
sure
there
were
no
inappropriate
transactions,
such
as
looking
for
ghost
employees
or
inappropriate
access,
and
we
did
not
find
any
issues
with
that.
C
The
third
issue
is
significant
manual
overrides
and
adjustments
are
not
independently
reviewed,
because
that
control
is
not
in
place.
We
reviewed
manual
adjustments
and
did
not
find
any
inappropriate
adjustments,
but
it's
a
key
control
that
should
be
implemented.
So
management's
action
plan
is
to
review
adjustments
and
make
sure
that
the
significant
adjustments
are
appropriately
reviewed
and
documented.
C
Issue
number
four
is
documentation
missing
from
employee
files.
This
is
a
result
of
the
decentralized
HR
process
where
departments
maintained
some
personnel
records,
including
medical
files.
So
it's
it
would
be
easy
to
envision
that
not
all
files
are
a
hundred
percent
complete.
So
in
our
sample
selection,
we
did
find
a
couple
of
HR
files
that
were
missing
some
documentation.
C
Hr
is
in
the
process
of
implementing
a
centralized
and
digitized
process.
This
is
the
only
audit
issue
that
cannot
be
remediated
within
one
year.
They
have
pilot
projects
in
place
as
we
speak
and
they're
continuing
to
roll
out,
but
it
will
take
a
little
longer
than
a
year
for
a
city-wide
for
this
control
to
be
completely
implemented.
D
Good
morning,
Thomas
MO
community
members
pleasure
to
be
here
and
thank
you
to
internal
audit
for
their
assistance.
We
had
identified
some
changes
that
we
wanted
to
make
in
payroll,
probably
a
year
a
year
and
a
half
ago
and
have
been
in
the
process,
a
part
of
that
as
staffing
changes,
reorganization
a
little
bit
of
our
payroll
department,
they'd
like
to
introduce
some
staff
who
are
here
to
assist
in
that.
So
we
have
a
new
payroll
director,
katie
carroll.
D
We
previously
did
not
have
a
payroll
director,
so
this
will
help
with
some
about
segregation
of
duty
and
different
function
in
that
and
then
also
Don
Koenig,
our
deputy
controller,
who
is
relatively
new,
she
is
going
to
be
assisting
with
some
of
the
payroll
reconciliation
pieces
now
Lyle
Hodge
is
our
controller,
and
this
is
payroll,
as
you
know,
is
a
joint
effort
between
HR.
We
pay
what
they
have
in
the
system
and
then
the
departments
and
the
employees
will
put
their
data
and
then
also
I
T.
D
So
we
have
recognized
some
of
the
things
that
need
improvement.
Some
of
are
related
to
the
system
that
we
have,
which
is
very
challenging.
We
have
recently
embarked
also
in
looking
at
a
new
payroll
HR
system
that
would
deal
with
some
of
these
issues
that
have
been
identified
particularly
related
to
the
security
we've
also
had
IT
involved
in
that,
because
that's
a
somewhat
of
an
IT
function,
so
we're
continuing
to
unwind
that
to
make
that
situation
better.
So
we
clearly
appreciate,
as
I
said,
the
input
from
internal
audit.
D
We
will
be
working
to
rectify
these
issues
and
many
other
improvements
that
we
see
that
could
make
payroll
a
better
process,
because
it
is
a
very
important
process
for
the
city
and
we
want
to
make
sure
that
the
integrity
of
the
system
is
maintained.
So
with
that
I'll
stand,
any
questions
that
you
may
have
thank.
C
Chair
Palmisano
audit
committee
members,
user
access
roles
are
visited
in
most
of
our
audits,
with
this
particular
audit
upon
the
remediation
date
that
we
agreed
upon
management
will
fill
out
a
validation
memo
which
they
say
what
they've
done
to
remediate
the
issue.
They
provide
supporting
evidence
and
then
we
go
in
and
validate
for
system
user
access.
That
would
require
us
going
in
and
testing
and
extracting
user
roles
and
information
ourselves
and
ensuring
that
it
really
was
remediated.
C
B
B
Director
Big
B,
can
you
yes?
Can
you
just
help?
Explain
the
new
issue
risk
rating
table
under
age?
Eight,
that's
it's
pretty
cool,
it
seems
pretty
useful
and,
as
you
get
there,
yeah
yeah
sorry
that
was
slide.
7
I
will
announce.
We've
been
drained
by
a
council
member
saumui
server,
a
full
complement
and
we're
authorized
to
conduct
the
city's
business
here.
C
Thank
You
chair
Palmisano
audit
committee
members,
since
we
don't
risk
great
audit
reports,
we
want
to
risk
great
audit
issues
to
give
the
Audit
Committee
and
residents
some
perspective
on
what
the
risk
really
is
around
this
area.
Generally,
we
only
audit
high
risk
area
because
we
have
limited
resources
to
provide
audit
services.
The
table
will
reflect
issues
that
are
high,
moderate
or
low
low
issues,
while
management
will
address
them,
don't
require
a
formal
management
response
and
formal
audit
follow-up.
C
However,
audit
tracks
them
so
that
over
time,
if
we
see
it's
a
repeat
issue
or
the
low-risk
issue
is
trending
across
multiple
departments,
then
we
will
address
it
appropriately.
Moderate
issues
require
the
standard
remediation
plan
yet
generally
within
a
year
or
less
high.
Risk
issues
require
immediate
management
response.
It's
generally,
that
could
be
three
months
that
an
issue
has
to
be
remediated
or
longer,
if
appropriate.
C
B
E
C
C
High
risk
improvement
opportunities
require
immediate
attention,
whereas
a
moderate
risk,
you
have
a
control,
that's
probably
adequately
designed
or
perhaps
just
needs
some
minor
modifications
to
the
way
the
control
is
carried
out.
Then
you
also
look
at
how
the
control
is
implemented
and
if
it's
operating
effectively,
so
what
control
might
be
designed
properly,
but
management
may
override
how
the
control
is
supposed
to
be
performed.
So
in
that
case
it's
operating
effectively
and
that
would
be
in
most
cases
a
moderate
issue.
C
C
E
C
A
very
good
question:
during
our
risk
assessment
process,
we
visit
with
management
and
covering
all
the
risk
categories,
whether
its
reputation,
risk
operational
risk
finance
risk,
and,
yes,
management,
agrees
to
those
risk
ratings
in
this
case
for
issue
ratings.
The
issue
issue
is
very
high
level.
So
when
we
that
the
issues
with
management,
we
also
propose
the
issue
with
ranking,
and
then
management
has
an
opportunity
to
provide
feedback,
and
if
they
disagree
with
the
way
that
we
rated
a
risk
that
an
issue,
then
we
would
discuss
that
and
come
to
a
mutual
agreement.
B
Thank
you
any
other
questions
or
comments.
Nope
as
we
go,
sorry
go
ahead,
go
ahead
and
continue
here
so
before
we
start
audits
in
progress,
or
rather
the
auditors
update
I
did
want
to
go
back
just
a
minute.
Now
that
we
have
a
quorum
of
committee,
members
I'd
like
to
move
to
accept
the
minutes
from
August
27th
and
also
receive,
and
file
and
direct
staff,
to
publish
this
payroll
report.
All
those
in
favor,
please
say:
aye
aye
opposed
that
carries.
C
The
a
AG
target
center
audit
is
the
audit
objective
is
to
review
controls
in
the
city's
management
process
of
the
AEG
contract
in
general,
and
then
compliance
with
contract
terms.
We
are
wrapping
up
field
work.
This
week
we
have
an
exit
conference
with
management.
Today
there
are
a
couple
of
issues
that
have
bubbled
up
that
we're
vetting
with
management,
so
we
don't
provide
a
final
write-up
of
the
issues
until
we
thoroughly
discuss
those
issues
with
management.
We
expect
to
have
issues
drafted
by
the
end
of
the
week.
C
B
C
Field
work,
the
items
that
remain
to
be
tested
are
a
few
financial
test
on
strategist
level
agreements
and
specifically,
there's
a
financial
reporting
test,
an
event
booking
test
and
an
SLA
around
subcontractors
they're
wrapping
up
those
tests
this
week
and
then
I
also
wanted
to
mention
that
AEG
and
city
management
have
been
very
cooperative.
So
all
the
items
that
we
have
requested
have
been
provided.
It's
just
completing
those
financial
tests.
C
Grant
management
will
be
a
pretty
involved
audit.
We
are
looking
at
city
grant
management
processes
which
are
pretty
extensive.
We
have
a
lot
of
grants
that
the
city
touches
and
also
the
Minneapolis
Park
and
Recreation
Board
grants.
So
we
have
met
with
finance
city
finance
management
to
discuss
timing
and
scope
potential
scope
of
the
audit
we
are
to
meet
with
park
board
finance
management
next
week
after
after
we
have
those
meetings,
we
gather
information
do
a
little
study
and
research
and
then
revisit
with
management
on
scoping
of
the
audit.
C
I
also
wanted
to
mention
for
grants
specifically
if
we
get
tips
for
fraud
investigations,
or
there
are
complaints,
we
track
all
of
that
and
have
all
of
that
incorporated
in
our
audit
planning
processes.
So
any
any
of
those
items
that
have
come
through
recently
are
in
our
purview
in
and
will
be
included
in
the
scope
of
the
audit.
F
Morning,
chair
Palmer's
own
committee
members
I'm
here
to
provide
an
update
on
two
items.
The
first
one
is
an
audit
of
the
Minneapolis
Police
Department's
PIMs,
which
is
the
police
information
management
system
that
went
live
on
June
5th
this
year
and
the
other
one
is
a
consultation
which
is
with
respect
to
the
HR
separation
process.
F
A
decision
was
made
to
go
with
Merced
ex,
and
the
system
is
supported
by
this
by
the
vendor
versa
term.
This
was
previously
a
consultation
in
2017
when
the
implementation
had
begun.
Actually,
there
was
design
discussions
going
on
since
2016,
so
this
project
has
been
on
for
a
few
years,
but
we
have
finally
reached
after
go-live
June
5th
this
year
we
able
to
actually
start
auditing
a
lot
more
items
because
the
system
is
actually
functionally
alive
and
no
longer
a
testing
phase.
B
A
F
F
So
the
objectives
overall
for
this
audit
that
we're
doing
is
to
look
at
the
logical
access
controls
to
protect
both
sensitive
access,
as
well
as
to
make
sure
appropriate
segregation
of
duties
are
enforced.
In
addition
to
that,
make
sure
the
operating
system
and
database,
given
the
sensitivity
of
the
data
to
see
if
there's
any
backend
access,
that's
feasible,
especially
considering
the
vendor
versa
term,
has
a
very
heavy
and
involvement
and
is
always
plugged
into
the
city
network
to
actually
do
troubleshooting
activities.
F
This
is
something
that's
needed
because
we're
in
the
early
phases
of
this
system
going
live.
So
that's
a
something
we
need
to
monitor
and
look
for
towards
the
end
to
make
sure
that
access
is
cut
off,
so
the
vendors,
not
always
in
the
city
network.
In
addition
to
that,
the
last
thing
we'll
be
looking
at
is
the
data
migration,
because
there
were
a
lot
of
older
systems
that
were
being
decommissioned,
as
well
as
integration
with
other
key
systems
that
need
to
be
enabled.
F
So
that
was
the
third
key
item
we
were
looking
for
from
an
overall
objective
perspective
and
the
status
of
the
audit
right
now
it's
about
80
percent,
complete,
there's
certain
activities
with
respect
to
security
configurations,
new
users
being
set
up
and
interfaces
being
enabled
that
are
not
going
to
be
able
to
be
tested
till.
Actually,
the
system
is
fully
updated
and
as
of
the
end
of
September,
they
still
don't
have
a
completion
date
on
some
of
those.
So
there
are
certain
items,
they're
still
moving
in
the
legacy
format
and
not
in
the
new
pimp
system.
F
B
D'souza
I
guess
I'm
a
little
I
know
just
a
little
bit
about
this
and
I
think
you're
saying
that
we
did
an
audit
whilst
a
new
pin
system
was
being
put
in
place.
Is
that
correct
absolutely.
F
Yeah
cherub
house-
and
we
started
this
as
a
consultation,
while
the
system
was
being
put
in
place,
so
we
were
trying
to
get
as
many
controls
in
the
early
design
phases
so
that
when
it
did
go
alive
and
already
had
controls
built
in
its
that
for
us
finding
it
on
later
on,
so
we
started
as
a
consultation
in
2017,
and
this
year
we
moved
it
into
an
audit
after
the
system
went
alive
on
June,
5
2008.
So
thank.
F
B
F
Right
this
second
IIT
consult
I,
guess
to
bring
up
that
we're
doing
right
now
is
they
were
just
some
background
from
2014
to
2016,
even
into
2017.
One
of
the
key
themes
we
were
noticing
across
all
our
audits
was
the
fact
that
the
separation
process
would
take
a
little
longer
and
people
continue
to
have
access
to
key
systems
within
the
city
and
the
city
network
for
sometimes
extended
periods
of
time.
F
So
Human
Resources
worked
with
IT
and
used
the
ServiceNow
tool
to
help
create
a
new
process
in
a
workflow
to
streamline
and
try
to
reduce
how
long
it
takes
to
remove
the
access
for
users
across
the
systems
that
they
have
access
to.
The
main
thing
we
were
looking
from
an
objective
perspective
is
to
review
the
timing
in
this
aspect.
F
So,
as
of
10
6,
the
initial
consultation
was,
we
did
an
analysis
already,
but
that
data
was
from
November
2017
to
March
2018.
Just
to
let
you
know,
the
reason
why
we
started
on
November
2017
is
because
the
new
process
went
into
effect
last
October,
so
it
was
starting
in
the
initial
first
weeks
of
November
that
the
actual
new
process
was
been
utilized
between
the
data
we
got
from
November
2017
to
March
2018.
It
appeared
on
average.
It
was
taking
two
weeks
to
remove
user
access
from
within
the
city
systems
and
network.
B
F
B
F
One
of
the
items
that
we
actually
have
to
take
out
because
they're
only
granted
temporary
access,
and
so
we
filter
out
for
those
certain
users,
because
their
ability
is
only
to
submit
time
and
not
to
necessarily
pull
or
view
any
city
information.
So
from
a
risk
based
process
and
based
on
prior
audits
that
we
have
performed.
We
have
decided
to
eliminate
that
particular
subset
and.
B
E
F
Committee
members,
chair
poms,
on
the
main
aspect
over
here
is
the
type
of
access
being
disabled.
Well,
we
are
hoping
to
do
was
once
this
process.
Matures
is
start
having
our
discussion
as
to
based
on
the
type
of
resource
being
terminated.
The
timeliness
aspect
need
to
be
different
so
for
human
resource
managers,
payroll
managers,
directors,
anybody
who
has
the
ability
to
probably
approve
anything
over
50,000
or
certain
things.
F
We
would
recommend
that
those
we
turn
around
in
a
three
day
timeline,
if
not
the
same
day,
if
it's
a
two
week
time
line,
if
it's
folks
that
are
more
in
the
field
or
working
on
different
aspects,
the
rest
of
the
data
is
low
because
they're
primarily
going
in
there
to
just
obtain
their
payroll
data
as
well
as
to
submit
time.
So
the
risk
is
limited.
So
right
now,
we've
grouped
them
all
together.
B
And
I
would
just
say
if
to
point
back
to
that
old
audit
I
forget
specifically
which
meeting
it
was,
but
there
were
pretty
specific
findings
in
terms
of
what
the
risk
was
for
different
groups
of
people,
and
it
is
spelled
out
in
that
report.
So
thank
you
for
following
up
on
this
any
other
questions
or
comments.
Good
thank.
C
C
We
introduced
a
new
slide
that
will
help
you
have
a
count
of
where
we're
at
with
certain
types
of
projects
and
where
we
were
at
as
compared
to
last
committee
meeting.
So
we
have
currently
one
audit
closed
the
payroll
audit
for
open
audits.
So
those
are
the
two:
the
AEG
grant
management
and
the
two
IT
projects
consultations.
We
closed
one
and
we
have
seven
open
special
projects.
B
C
I,
don't
have
too
much
information
right
now,
but
there's
a
little
Ektron
akin
digital
signatures
often
offer
a
better
security
than
handwritten
signatures.
If
you
don't
have
a
digital
signature
capability,
then
you're
in
a
digital
environment
you
have
to
print
out
and
get
manual
copies
of
documents,
sign
them
scan
them
back
then,
and
that's
very
resource
intensive.
C
But
we
want
digital
signature
processes
to
be
uniform
across
the
city,
so
we're
asking
IT
to
come
up
and
tell
us
what
is
the
best
process
to
use
and
then
citywide
we'll
use
that
process
and
there
could
be
some
variations
depending
on
requirements.
For
example,
3-1-1
and
the
City
Attorney's
Office
might
have
different
requirements,
so
IT
will
help
us
determine
what
is
most
appropriate
for
each
of
the
departments.
C
B
C
Ultimately,
I
think
so
I
think
if
we
can
have
this
uniform
process
best
practices
for
all
of
our
activities,
so
the
project
is
was
just
open
this
week
and
as
it
progresses.
Then
next
audit
committee
I
can
plan
on
providing
you
an
update
in
more
details.
Thank
you.
A
continuous
monitoring
is
another
new
category.
I
wanted
to
briefly
mention
what
that
is
all
about.
C
We
have
one
consultation
that
were
basically
done
with
the
work
that
we're
doing
for
the
moment,
as
agreed
with
management,
and
that's
the
the
c
p--
head
record
retention,
so
we
met
with
them.
We
provided
some
feedback,
provided
them
a
framework
and
as
we're
in
meetings
with
them
pretty
regularly
they're
making
good
progress.
So
they
really
at
this
time,
don't
need
another
deliverable
from
audit,
but
we're
not
quite
ready
to
pull
back.
C
So
they
agreed
that
we
could
continue
participating
in
their
meetings
and
discussions,
continuous
monitoring,
its
responsibility
on
us
to
escalate
any
issues
or
potential
risks
and
discuss
them
right
away
with
management.
If
we
do
see
any
at
the
point
that
the
project
is
fully
implemented
or
risks
are
sufficiently
reduced,
then
we
would
discontinue
our
continuous
monitoring.
The
other
continuous
monitoring
we
just
became
involved
in
is
with
the
citywide
data
governance.
C
We
were
invited
to
the
infirm
information
governance
committee
meetings,
so
we'll
participate
in
those
ongoing
and
it
gives
us
the
opportunity
to
raise
risks
or
discuss
with
management.
If
we
see
any
problems
that
aren't
being
addressed
and
then
investigations,
often
when
investigations
are
in
progress,
you
can't
discuss
them
or
have
conversations
about
them.
C
Sometimes
there's
not
much
that
audit
even
needs
to
do,
but
we
wanted
to
give
you
some
idea
of
where
our
resources
are
being
allocated
so
I
think
what
we'll
do
is
just
tell
you
how
many
are
in
progress
and
how
many
have
been
closed
since
the
last
meeting
and
then
any
proprietary
information
or
confidential
information.
We
would
discuss
with
you
confidentially
agreed-upon,
with
the
city
attorney.
C
C
This
is
just
high
level
of
consultations
and
special
requests
and
progress.
The
blue
indicates
planning
phase
purple
is
where
we're
doing
the
bulk
of
the
work
and
reporting
is
green,
either
continuous
monitoring
or
some
type
of
memo
or
formal
report.
Depending
on
what
type
of
project
it
is,
the
the
Park
Police
body-worn
camera
compliance
readiness.
As
a
reminder,
this
review
is
to
review
their
updated
policies
and
procedures
to
make
sure
they're
in
compliance
with
state
statutes,
so
we've
met
with
them.
C
We've
issued
a
scope,
memo
they're
in
the
process
of
updating
their
policies
and
procedures,
and
we
expect
to
get
a
copy
of
them
sometime
in
October,
then
we'll
perform
this.
This
readiness
review
readiness
assessment
and
give
them
a
copy
of
our
results,
and
then
they
will,
with
once
they
meet
their
two-year
mark,
which
is
coming
up
pretty
soon.
They
will
file
their
reports,
as
required
by
the
state.
C
The
equity
and
the
Minneapolis
police
recruiting
processes
is
a
fun
project
to
work
on,
because
we
see
a
lot
of
value.
Add
we've
had
integrated
team
discussions
with
HR
IT
police
police
conduct
oversight,
Patrick
Ryan,
deputy
chief
art
Knight.
What
we're
doing
right
now
is
identifying
the
data
that
we
need
to
obtain
make
formal
data
requests.
We
expect
to
get
the
data,
probably
in
November
once
we
get
the
data
internal
audit
is
going
to
perform
at
the
initial
data
analysis.
C
Using
our
ACL
tool
will
then
provide
the
results
back
to
the
police
department,
who
will
determine
which
of
their
processes
and
procedures
they
might
hands
or
a
change
based
on
the
results
of
the
data.
I.
Think
anecdotally.
We
have
an
idea
where
the
problem
areas
are,
but
often
the
the
data
might
tell
us
a
different
story
or
highlight
risks
that
we
didn't
hadn't
identified
previously.
B
Well,
first
I'll
interject,
just
to
say,
I
I,
do
really
appreciate
your
approach
in
this
and
the
different
people
around
the
city
that
you've
been
meeting
with
both
drea
Marsh
Stevens
and
her
team
have
been
involved
in
as
well
as
we've
been
reaching
out
even
beyond
the
police
department,
in
terms
of
what
are
some
of
the
perceptions
of
barriers
that
exist
in
recruitment
and
hiring.
So
any
questions
or
thoughts
from
my
colleagues.
C
The
neighborhood
community
relations
has
been
an
ongoing
consultation
project
with
internal
audit
I.
Recently,
neighborhood
community
relations
recently
contacted
me
and
we're
going
to
be
providing
feedback
on
some
new
audits
that
they're
doing
in
a
couple
of
their
neighborhoods,
so
that
project
is
in
progress
when
we
have
started
discussions
and
what
that
might
look
like
is
some
of
the
neighborhoods
receive
financial
audits
or
agreed
upon
procedures,
and,
excuse
me,
if
anything,
unusual
comes
back.
We
look
at
that
or
determine
if
anything
needs
to
be
changed.
C
Audit
is
also
looking
at
overall
processes
for
how
we
manage
monies,
that
we
provide
to
neighborhoods,
ensuring
that
there
is
appropriate
controls
in
place
to
prevent
fraud
and
to
ensure
that
the
monies
are
being
spent
appropriately,
so
probably
by
March,
will
issue
a
report
and
suggest
some
improvements
to
the
overall
control
environment.
In
addition
to
the
specific
feedback
that
were
asked
for
certain
neighborhood
reports,.
C
Results,
Minneapolis
is
also
an
ongoing
consultation.
The
city
coordinators
office
has
come
up
with
results.
Minneapolis
to
help
departments
identify
the
best
metrics
that
they
may
may
be
able
to
use
to
measure
their
value.
Add
their
products
or
not
I'm,
sorry,
not
products,
but
their
services
or
other
activities
that
they
perform
as
a
department
is
turning
in
their
metrics.
For
the
first
time,
results
Minneapolis
then
meets
with
internal
audit.
C
We
provide
feedback
on
those
metrics
suggest
improvements,
and
then
they
give
that
feedback
back
to
the
department,
and
then
the
department
will
do
a
periodic
and
ongoing
metrics
reporting.
So
we
have
one
that
was
put
in
our
bucket
for
NCR,
actually
neighborhood
Community,
Relations
and
we'll
be
reviewing
those
metrics
this
week.
For
the
first
time.
B
I
I
do
want
to
point
out
something
on
the
results
pieces,
I'm,
really
proud
of
how
our
audit
department
it's
about
two
years
ago,
now
really
started
digging
into
results
and
started
to
see.
It
was
actually
our
prior
audit
director
that
brought
up
the
power
and
the
potential
of
using
results
better
and
more
consistently
in
our
city.
B
I
do
just
want
to
share
here
that
a
lot
of
that
results.
Work
has
gotten
to
the
point
where
I've
been
working
with
finance
and
we
are
getting
comfortable
with
the
idea
of
being
able
to
do
more
performance
management,
well,
performance
oversight,
I
guess
I
should
say,
is
City
Council,
but
program
evaluation
as
a
city.
In
order
to
do
that,
we're
gonna
need
to
somehow
make
some
space
for
that,
and
that
is
why
we
for
people
that
follow
our
Charter
Commission.
In
that
process.
B
We
have
been
in
conversations
with
the
Charter
Commission
members
of
the
board
of
estimate
and
Taxation
on
moving
to
a
biennial
budget
cycle,
a
two-year
budget
cycle,
so
I
just
wanted
to
point
out
that
a
lot
of
this
work
started
because
of
the
the
good
analytical
efforts
of
our
audit
committee.
So
thanks
Thank.
C
C
Enterprise
complaint
management
processes
is
ongoing.
We're
continuing
to
me
integrated
citywide
teams,
we're
not
including
all
management
levels,
yet
overall
department
heads
mainly
the
focus,
is
city
attorney,
internal
audit,
HR
and
I
team.
Where
we're
in
discussions
now
of
we've,
discussed
what
our
current
processes
are
and
where
we
think
failures
are
in
those
processes.
We're
now
doing
some
benchmarking
with
other
cities
and
other
local
governments
for
best
practices.
C
So
how
do
you
track
and
record
all
of
that
and
then
shoot
ensure
that
there
can
consistently
managed
and
managed
appropriately?
So
we
think
that
this
is
going
to
also
add
a
lot
of
value.
It
just
takes
time
to
work
through
everything
and
make
sure
that
you
have
the
tools
that
can
work
for
you
and
it
will
also
help
with
reporting.
So
the
city
attorney
and
internal
audit
have
reporting
responsibilities
for
fraud
and
ethics
violations
and
now
we'll
have
a
better
idea
of
what
types
of
complaints
we're
getting.
C
C
All
right-
and
we
are
on
our
prior
audit
issue-
follow-up
section
quick,
highlight
owed
total
open
issues.
We
have
about
fifty
seven
overdue
audit
issues.
We
have
18
a
lot
of
issues
closed
since
last
audit
committee,
I'm
very
excited
to
say
that
we
have
eight.
We
went
many
many
years
without
closing
any
audit
issues,
so
we
have
eight
formally
closed.
C
Sixth,
we
expect
to
be
closed
soon,
they're
in
the
process
of
validation
and
then
open
audit
issues
that
are
due
this
quarter
by
December
31st
are
nine,
so
we
expect
to
have
nine
more
closed
early
next
year
and
we're
still
focusing
our
efforts
on
the
oldest
audit
issues.
So
there
are
still,
as
you
can
see,
a
number
of
overdue
audit
issues
once
we
get
those
cleaned
up.
We
hope
that
we
don't
have
too
many
overdue
audit
issues
to
report
next
year.
I.
B
C
Chair
Palmisano
audit
committee
members,
we
see
an
increase
in
overdue
audit
issues,
despite
the
fact
that
we're
closing
and
validating
issues,
because
last
audit
committee
meeting
was
August
27th
and
we
had
a
number
of
issues
that
were
due
at
the
end
of
the
quarter:
September
30th
and
so
we're
just
now,
two
weeks
after
that
deadline.
So
not
all
management
have
completed
their
issue.
Validation,
memos
memos
for
those
September
30th
deadlines
and
they're
being
counted
as
overdue.
We
do
expect
those
to
be
closed
by
next
audit
committee
meeting
and
part
of
our
regular
follow
up.
E
C
Palmisano
committee
member
Fisher,
it's
hard
for
me
to
assess
the
risk
of
issues
from
prior
audits
that
far
back
I
would
estimate
moderate.
We
don't
think
that
there
are
any
high
risk
issues
that
are
still
open
or
overdue,
but
I
can
tell
you
what
areas
there
and
the
overdue
issues
are
as
a
result
of
the
HR
file,
maintenance
and
retention,
the
IT
program
and
project
management,
consultation
which
I
wanted
to
qualify.
C
That
I've
been
in
discussion
with
IT
and
they
are
in
the
process
of
remediating
those,
but
that
initial
write-up
didn't
actually
require
formal
management
follow-up,
but
they
did
follow
up
proactively
and
started
being
tracked
as
issues.
So
those
four
are
really
didn't
require
formal
follow-up,
but
we
will
have
a
complete
remediation
response
and
risk
reduction.
It
did
highlight
some
important
risks
in
the
protection
of
personal
data
and
IT
processes.
C
The
C
ped
lonely
cycle
management
has
won,
PeopleSoft
finance
access,
review
has
won,
procure-to-pay
has
won,
MPD
third
party
has
won
workers,
comp
have
won
Park
and
Recreation
worker
safety
out.
It
has
three,
but
they
had
ten
initial
eight
and
they
have
closed
out
seven.
So
they're
working
hard
on
those
and
we
expect
those
three
to
be
remediated
soon
and
then
the
MPD
property
and
evidence
room
are
also
working
hard.
They
have
four
right
now,
but
they've
been
in
touch
with
our
office
to
get
those
closed.
E
G
C
Chair
Palmisano,
committed
member
Fischer
I
think
the
we
will
do
that
for
you.
The
problem
with
the
prior
issues
before
we
introduced
risk
ratings
scales
as
that
that
that
was
not
agreed
upon
with
management.
So
what
we
would
do
with
prior
issues
is
propose
a
rating
and
then
get
management
to
agree
to
the
rating,
and
then
we
can
have
a
heat
map
of
all
the
open
and
overdue
issues.
I
think
that
would
be
that's
a
great
idea
and
we'll
have
that
ready
for
next
audit
committee
meeting
any
other
questions.
G
Good
morning,
madam
chair
and
committee
members,
as
noted,
my
name
is
Casey.
Carl
and
I
have
the
privilege
of
serving
as
a
city
clerk
for
the
Minneapolis
I'm
here
today
to
give
an
update
in
response
to
the
2015
records
management
data
governance.
Audit,
two
levels
that
with
the
committee,
this
was
the
first
audit
that
was
completed
under
the
newly
reconstituted
audit
committee
and
the
internal
audit
department
in
the
prior
council
term.
G
My
office
was
pleased
to
be
able
to
partner
with
the
audit
team
to
complete
this
enterprise
assessment,
because
it
gave
us
a
third-party
evaluation
of
the
city's
successes
and
its
failures
in
terms
of
the
management
of
information
assets,
and
it
has
also
provided
us
than
a
general
roadmap
for
how
to
make
improvements
over
the
course
of
the
past.
Few
years
is
my
hope
that
some
of
these
highlights
will
help
inform
you
of
the
status
of
our
work
in
this
regard.
G
So,
to
begin
to
remind
the
committee
to
thought,
it
was
completed
and
presented
in
October
of
2015.
Overall,
the
findings
of
that
audit
concluded
that
the
city
lacked
an
effective
framework
to
manage
its
information
assets.
In
the
absence
of
that
framework,
the
city
has
been
put
in
a
position
where
it
may
not
be
able
to
accurately
and
effectively
ensure
the
security
of
private
information,
to
validate
compliance
with
applicable
laws
and
regulations,
or
to
respond
to
requests
for
documentation,
and,
of
course,
all
of
that
can
expose
the
city
to
legal
and
regulatory
risk.
G
The
audit
evaluated
the
city's
performance
against
a
set
of
objective
standards
promulgated
by
ARMA
International,
which
is
a
leading
worldwide
Association
of
information
management
professionals.
These
standards
referred
to
as
the
generally
accepted
record-keeping.
Principles
are
similar
to
standards
for
different
industries,
for
example,
generally
accepted
accounting
principles
for
accounting
professionals.
This
slide
shows
the
eight
GARP
standards,
accountability,
transparency,
integrity,
protection,
compliance,
accessibility,
retention
and
disposition
performance
is
measured
on
each
standard
using
a
one
to
five
scale
where
one
indicates
substandard
performance
and
five
indicates
what
arma
refers
to
as
a
transformative
system.
G
Agencies
applying
the
GART
model
should,
at
a
minimum,
achieve
a
rating
of
three
for
each
of
those
standards,
which
denotes
that
all
essential
elements
of
a
recording
of
record-keeping
system
comply
with
legal
and
other
regulatory
requirements.
A
full
listing
of
those
objectives
was
a
on
the
slide
and,
as
it
shows,
Minneapolis
did
not
score
well
in
any
of
the
eight
principles.
In
fact,
the
city's
total
score
was
one
point.
G
Six
five
on
the
overall
five-point
scale
and
remember
an
average
score
of
three
is
considered
minimally
essential
for
an
organization
to
be
considered
in
compliance
with
all
legal
regulatory
and
business
requirements.
That
low
score
means
the
city's
existing
enterprise
information
management
framework
fails
to
meet
the
minimum
standards
for
legal
regulatory
and
operational
requirements
and
responsibilities.
The
city's
lowest
scores
were
on
criteria
tied
to
systems
that
demonstrate
integrity,
protection
and
compliance
in
March
2016.
G
Then
the
office
of
city
clerk
presented
its
management
response
to
this
audit
and
that
response
structured
as
recommendations
into
a
set
of
three
interrelated
spheres
or
buckets
shown
on
this
slide.
First,
there
were
recommended
plans
that
involved
data
governance.
Second
recommended
plans
related
to
enterprise
operations
and
third
recommended
plans
about
improved,
centralized
support
within
each
of
these
buckets.
A
set
of
three
specific
actions
were
identified
as
top
priorities
to
pursue,
based
on
the
findings
of
that
audit
and
completing
these
recommended
action
plans.
G
This
slide,
then
shows
the
current
status
of
those
recommended
action
plans
and,
as
you
can
see,
progress
has
been
made
and
continues
to
be
made
in
about
half
of
the
identified
areas
from
the
2016
management
response.
However,
given
resource
constraints
and
other
enterprise
priorities,
we've
not
yet
made
progress
in
several
areas.
As
shown
on
this
slide,
the
most
important
recommendation
for
us
came
from
the
2016
management
response
around
a
proposed
information
governance
ordinance.
G
Perhaps
the
most
critical
finding
from
the
audit
was
the
lack
of
an
adequate
governance
structure
to
ensure
accountability.
The
clerk's
office
views
views
this
finding
as
foundational
all
the
remaining
conditions
that
were
detailed
in
that
audit
were
the
result
of
not
having
an
effective
accountability
framework
in
place.
Several
of
our
peer
jurisdictions
have
ordinances
in
place
that
Express
as
a
matter
of
permanent
policy.
The
value
of
information
is
a
strategic
asset
and
resource.
G
By
contrast,
Minneapolis
did
not
mention
information,
governance,
data
management
or
any
policy
statement
on
government
data
in
its
Charter
or
its
code,
in
speaking
with
our
pure
jurisdictions,
most
agreed
that,
having
that
clear
statement
of
policy
embedded
in
their
charters
or
their
codes
was
a
critical
factor
for
their
ultimate
program's
success.
So
as
a
consequence,
the
top
priority
in
our
response
was
the
adoption
of
an
information
governance
ordinance
that
would
provide
clear
enduring
Authority
for
an
enterprise
information
management
program.
G
Happily,
this
ordinance
is
brought
forward
by
councilmember
Palmisano
in
March
of
2017.
That
ordinance
does
provide
the
outline
of
an
enterprise,
information,
governance
policy
and
a
related
program,
and
it
establishes
clear
accountability
from
the
City
Council
through
all
departments,
down
to
frontline
delivery
of
service.
To
achieve
this
level
of
alignment,
the
ordinance
provides
for
an
information
governance
policy
committee
to
oversee
an
administrator
this
program.
This
committee
includes
the
city
clerk
city
attorney
city,
coordinator
and
chief
information
officer,
and,
having
this
big
be
noted,
we
have
several
workgroups
and
she's
been
invited
to
participate
as
well.
G
The
information
governance
policy
committee
is
responsible
for
oversight
and
implementation
of
enterprise
policies
and
initiatives
related
to
government
data,
data,
accessibility
and
security,
and
for
undertaking
regular
reviews
to
approve
changes
in
existing
policies
or
to
recommend
the
adoption
of
new
policies.
In
addition
to
this
general
level
of
oversight,
this
committee
also
conducts
periodic
evaluations
where
appropriate
and
will
engage
the
internal
auditor
in
a
more
comprehensive
way
related
to
audit
of
that
program
to
verify
compliance
in
the
future.
G
Additionally,
as
shown
on
this
slide,
the
policy
committee
has
created
a
number
of
multi-departmental
workgroups
to
tackle
some
prioritize
work
on
enterprise
policies,
so,
for
example,
there's
now
a
workgroup
that
evaluates
existing
enterprise
policies
to
harmonize
those
and
to
eliminate
any
redundancies
or
conflicts
where
they
exist.
We
also
have
work
groups
that
are
evaluating
and
generating
recommendations
in
the
areas
of
information,
risk
management,
data
incident
response
and
also
data
use
and
analytics
coming
into
the
current
year.
The
information
governance
policy
committee
has
recommended
and
Council
has
concurred.
G
Then
another
improvement
would
be
to
integrate
all
of
the
various
data
reports
that
are
regularly
presented
into
a
single
state
of
data
report
that
would
be
presented
each
year
and
that
first
report
is
set
to
be
presented
to
the
council's
Enterprise
Committee
chaired
by
a
council
member
Palmisano
next
month.
Staff
hope
to
not
only
present
important
metrics
about
the
current
use
of
data,
but
also
to
show
that
data
as
a
strategic
resource
can
be
leveraged
to
support
the
transition
to
a
data-driven
decision-making
body,
both
within
the
enterprise,
but
also
in
partnership
with
community
stakeholders.
G
A
G
Chair
committee
member,
my
er,
the
most
efficient
form
for
us
is
through
the
code
because
it
can
be
changed
easier
than
Kennett.
Charter
charter,
of
course
requires
either
a
vote
of
the
public
or
a
unanimous
decision
by
the
entire
council
in
the
approval
of
the
mayor.
So
because
the
the
industry
that
involves
data
management
and
data
compliance
data
analytics.
So
much
of
those
tools
can
change
quickly
and
rapidly
over
time.
E
Chairman,
thank
you
for
the
report.
I
am
impressed
by
the
slide
that
you
had
the
status
of
recommended
actions.
There
are
we
have
the
information,
governance,
ordinance
done
and
others
in
progress,
but
there
are
various
of
these
that
you
cite
as
being
having
no
progress
and
that
morning,
if
you
could
give
us
a
better
assessment
of
the
concern
around
the
no
progress
valuation.
E
G
Chair
committee,
member
Fischer,
the
issues
that
show
no
compliant
or
no
progress
at
this
point,
particularly
around
number
three.
The
monitoring
compliance
is
because
those
have
to
happen
in
a
sequence.
The
those
areas
that
are
shown
colored
here
in
blue
are
really
sequential.
So,
first
and
foremost,
we
had
to
have
the
ordinance
in
place
and
the
policy
oversight
that
framework
put
in
place
and
that
information
governance
policy
committee
established
a
meeting,
so
that
committee
has
met
twice
now.
G
We
formed
those
work
groups
that
I
mentioned
so
that
work
is
beginning
before
we
can
get
to
monitoring
and
compliance
that
work
has
to
advance
and
we
just
haven't
had
the
time
to
get
there.
That's
where
it's
gonna
be
really
important
for
the
IG
PC
or
the
information
governance
policy
committee
to
connect
back
with
our
audit
team,
because
part
of
that
evaluation
and
compliance
is
to
have
them
come
back
in
and
say
here
were
weaknesses
and
conduct
a
similar
evaluation.
G
To
show
that
we
have
made
progress
against
some
objective
criteria
so
that
third,
one
is
really
a
matter
of
just
timing
and
not
being
further
down
the
road
with
our
program.
At
this
point,
some
of
the
other
ones
are
in
a
similar
position:
number
five
program,
policies,
procedures
and
resources.
Those
are
issues
that
are
being
examined
by
those
work
groups
that
I
mentioned,
and
so,
since
those
have
just
been
formed,
they've
started
working
in
evaluating
the
city's
numerous
existing
policies.
G
There
are
oftentimes
conflicts
or
some
challenges
within
those
policies,
as
they've
not
been
harmonized
over
time
and
so
getting
an
entire
list
of
those
and
evaluating
those
has
been
more
time-consuming
than
I
think,
probably
first
anticipated,
where
there's
not
been
a
lot
of
progress
from
my
perspective
or
on
those
three
buckets
shown
in
gray.
These
relate
primarily
to
the
clerk's
office
and
its
resource
as
a
centralized
service
for
the
enterprise
I
mean
here.
B
Thank
You,
mr.
Karle,
you
know
a
challenge
of
this
has
been
in
indeed
that
nobody's
really
in
charge
of
it.
So
that's
part
of
the
purpose
of
the
ordinance
is
to
create
a
unit
of
people
that
can
together
help
us
govern
and
get
us
to
a
better
place.
But
you
know
accountability
is
really
key
for
any
sort
of
progress
to
occur.
B
B
G
Thank
you,
madam
chair.
When
we
responded
to
the
audit
in
2015
assistant
clerk,
Kristian,
Roma,
HOF
and
then
city
records
manager,
Josh
Shafer,
who,
since
moved
to
the
health
department
and
I,
were
looking
around
the
nation
at
what
local
governments
counties,
even
cities
that
might
be
benchmarks
for
us
and
to
that
popped
up
pretty
high
in
terms
of
not
only
their
program
but
in
terms
of
their
their
ranking
against
objective
scores
were
the
City
of
Austin
Texas
and
the
City
of
Seattle
Washington.
G
But
what's
interesting
here
is
that
in
some
cities
the
functions
that
my
office
coordinates
in
an
umbrella-like
manner
are
divided
out
in
two
different
ways.
So
the
City
of
Austin
has
what
I
would
call
the
preeminent
or
the
best
model
for
records
management
in
the
United
States
at
a
city
level,
the
city
clerk.
G
So
not
only
do
I
know
what
I
have
I'm
only
retaining
what
I
need
to
retain
for
the
length
of
time
required
by
law
or
my
business
needs.
I'm
disposing
of
things,
I
don't
need,
and
my
data
that
I
have
is
public
if
it's
public
and
private,
if
it's
private.
So
that
is
a
very
complex
program
that
she's
put
in
place
there.
We
actually
visited
Austin
Christian
Romo
mr.
sheikha
mr.
Schaffer
had
visited
and
gotten
a
lot
of
information
from
the
city
clerk
there
about
her
program
and
success.
G
C
H
Welcome
mr.
Jason
kara
Palmisano
members
of
the
committee
I'm
sandy
Christensen,
vice
president
of
finance
and
administration
for
meet
Minneapolis
and,
on
behalf
meet
Minneapolis.
We
thank
you
for
the
opportunity
to
return
to
this
committee
and
give
you
an
update
on
the
audit
findings
that
were
presented
to
you
in
June.
So
thank
you
for
this
opportunity
to
refresh
your
memory.
There
were
four
items
that
were
brought
to
you
as
issues
resulting
from
the
audit.
There
was
one
result,
one
issue
regarding
performance
indicators.
H
One
result
regarding
our
conflict
of
interest
policy,
contract,
recording
required
reporting,
as
well
as
contract
oversight
as
regards
to
performance
indicator
results.
We
have
been
able
to
make
progress
on
three
of
the
seven
items
that
were
components
of
that
particular
finding
and
for
your
convenience.
The
first
item
was
the
reporting
of
our
economic
impact,
also
the
definition
of
private
revenue,
third-party
validation
of
the
future
room
night
key
performance
indicator.
H
The
apparent
discrepancy
in
the
attendance
at
the
Minneapolis
Convention
Center,
in
reporting
between
what
the
Convention
Center
was
reporting
and
what
meet
Minneapolis
was
reporting
and
then
also
the
definition
of
engaged
as
digital
users.
Our
visitor
information
information
and
finally,
the
return
on
investment
figure.
The
items
that
we've
been
able
to
make
progress
upon
include
the
economic
impact
calculator.
H
We
have
made
significant
improvement
in
terms
of
our
internal
training
to
ensure
consistency
in
how
our
employees
are
inputting
data
analyzing
the
data,
as
well
as
reviewing
it
periodically
to
ensure
that
there
are
no
outliers
in
that
we
are
not
duplicating
information
as
have
been
found
in
the
audit
findings.
One
area
in
that
particular
finding
that
we
still
need
to
continue
working
is
to
find
a
third-party
validation
of
the
economic
impact
calculator.
We
are
currently
working
within
the
industry,
that
provider
destinations
and
from
international.
H
As
regards
to
the
definition
of
the
engaged
as
digital
user,
we
have
engaged
in
an
exercise
to
complete
a
glossary
of
how
we
intend
to
measure
that
and
we
will
be
providing
that
glossary
with
every
quarterly
report
that
we
submit
to
the
city
coordinator,
as
well
as
to
the
executive
director
of
the
Convention
Center.
Similarly,
with
the
visitor
information
measure,
we
have
also
updated
our
definition
of
what
constitutes
visitor
information
requests
and
will
also
be
including
that
regularly
with
our
report,
so
that
it's
very
clear
as
to
what
data
is
being
incorporated.
H
You.
Excuse
me.
As
regards
to
the
conflict
of
interest
policy.
Excuse
me:
we
had
inconsistency
between
the
meat,
Minneapolis
and
point
handbook,
as
well
as
the
conflict
of
interest
policy.
One
policy
had
100
dollars,
another
had
50.
We
have
now
updated
that
policy
to
ensure
that
both
are
stated
as
50
dollars.
H
As
regards
to
finding
number
three,
that
related
to
the
lack
of
narrative
and
additional
discussion
items
that
were
included
with
our
quarterly
report,
we've
been
working
with
the
Commission
Center,
as
well
as
the
city
coordinator,
to
identify
and
create
a
new
template.
That
would
be
much
more
clear
in
terms
of
the
information
that
they
require
versus
what
we
provide
to
them
and
indeed
what
the
second
quarterly
report
have
included
a
rather
extensive
narrative
and
discussion
piece
that
should
help
in
understanding
the
particular
items
that
are
being
presented.
H
Finally,
the
fourth
finding
is
regarding
the
affirmation
of
the
KPIs,
the
four
KPIs,
the
room
nights,
the
leisure
room
nights,
private
revenue
and
Convention
Center
revenue
as
we
providing
for
a
third
party
audit
of
those
numbers
to
ensure
that
the
information
received
by
the
city
has
indeed
been
vetted
and
approved
by
a
third
party.
Coincidentally,
at
the
time
of
the
completion
of
the
audit,
we
had
been
engaged
with
a
third
party
audit
through
Clifton
Larson
Alan.
H
So
it
was
very
affirmative
to
us
to
have
the
internal
auditor
note
that
that
was
a
an
important
component
to
our
relationship
and
we're
pleased
to
say
that
we
had
already
been
engaged
in
that
particular
area
and
with
that
we
continue
to
work
on
the
four
items
in
finding
number.
One
related
to
the
measures
that
are
in
our
current
contract
were
looking
forward
to
having
them
updated
and
more
accurate
for
our
new
contract.
Again
beginning
after
2019
I'm
happy
to
answer
any
questions
as
I'm
able.
B
H
E
You
thank
you
for
this
report.
I
work
with
meet
Minneapolis
in
the
past
and
appreciate
the
work
that
you've
done
to
look
at
this
audit
and
the
results
I'm
wondering
if
you're
going
to
take
the
performance
indicators
and
try
to
reevaluate
some
of
the
prior.
Your
reports
that
you
have
submitted
as
well
to
see
there's
some
reconciliation
there
that
should
be
made
chair.
H
Palmisano
committee
member
Fischer,
we
are
going
through
an
exercise.
The
audit
itself
covered
the
three
years
of
the
contract
that
had
already
been
already
happened.
I
guess
and
we
will
be
going
through
as
we
look
at
new
measures
going
forward.
Any
difficulties
that
we
had
in
determining
data
that
we
that
was
reported
I,
don't
think
that
we'll
go
through
the
exercise
of
re
reporting
everything.
However,
the
our
work
with
the
internal
auditor
was
very
important
in
helping
us
to
identify
any
variances
that
we
should
be
continuing
to
look
forward
into
the
future.
H
C
C
Quick
note
on
our
internal
audit
department
projects,
the
citywide
risk
assessment
refresh
is
in
progress,
we've
met
with
3-1-1
and
9-1-1,
and
we
have
conversations
with
IT
and
other
departments
scheduled
in
the
near
future.
We
hope
to
have
a
majority
of
our
key
departments,
our
larger
departments
finished
by
December.
Then
we
will
have
some
proposed
audits
to
add
to
the
audit
plan.
C
We
will
have
continuing
conversations
throughout
the
year
so
that
risk
assessment
won't
be
a
one-time
conversation
in
November
we're
going
to
have
these
conversations
with
management
throughout
the
year,
so
that
we
can
continually
add
to
our
audit
plan
and
have
approximately
12
to
18
months
of
audits
on
the
plan
at
any
given
time.
We
have
audit
committee
risk
assessment
training
following
this
meeting
and
that's
a
discussion
on
the
risk
assessment
process
and
then
specifically
our
approach
to
the
risk
assessment
refresh.
C
We
have
policies
and
procedures
in
progress
instead
of
trying
to
have
a
concerted
effort
of
updating
them
over
a
period
of
a
week
or
two.
We
encounter
updates
that
are
needed
as
we
perform
those
procedures
or
activities.
So
we
still
intend
on
getting
the
formal
policies
and
procedures
completed
by
December,
31st
and
we'll
discuss
with
the
Audit
Committee
and
city
attorney.
If
we
want
to
maybe
link
those
online
I
noticed,
other
cities
have
their
procedures
linked
online,
but
we
would
first
have
to
review
them
with
the
city
clerk
and
the
city
attorney.
B
Thank
you
I
appreciate,
encumbers
that
in
our
conversation,
director,
Big
B,
that
we
decided
that,
for
the
conversation
about
risk
assessment
and
our
approach
to
it
and
really
being
able
to
have
some
real
dialogue
about
that
between
audit
committee
members
and
yourself
we're
going
to
next
adjourn
this
meeting
to
room
315.
It
is
still
an
open
meeting,
but
it
is
just
to
conduct
a
study
session
on
what
a
risk
assessment
is
and
what
it
means
and
everybody's
welcome
to
to
go
in
there.
B
Are
there
any
additional
thoughts
or
items
from
the
report
of
the
internal
auditor
today.
So
with
that
I'd
like
to
make
a
motion
to
receive
and
file
that
update
report
and
I
appreciate
the
in-depth
reporting
of
all
of
the
work
in
progress
all
those
in
favor,
please
say:
aye
aye
opposed
that
carries,
and
but
that
will
adjourn
to
room
315
for
the
study
session
on
risk
assessment.
Thank
you
for
joining
us
buh-bye.