►
From YouTube: April 27th, 2020 Audit Committee Meeting
Description
Additional information at
https://lims.minneapolismn.gov
D
D
As
we
begin,
I
will
note
for
the
record
that
this
meeting
has
remote
participation
by
committee
members
and
staff
as
authorized
under
minnesota
statutes,
section
13d
021
due
to
the
declared
local
public
health
emergency.
I
will
ask
the
clerk
to
call
the
role,
so
we
can
verify
a
quorum
for
this
meeting.
Ms
casper.
C
D
D
Please
let
the
record
reflect
that
we
have
a
quorum.
The
agenda
for
today's
meeting
is
before
you
are
there
any
amendments
to
the
agenda
from
committee
members.
D
E
C
A
C
D
D
Johnston
seconds,
thank
you
seeing
nobody
else
with
questions.
I
will
ask
ms
kasper
the
clerk
to
call
the
role.
E
A
E
A
F
A
D
D
I'm
pleased
to
welcome
councilmember
fletcher
councilmember
fletcher
takes
abdi
warsami's
place
as
council
member
sami
stepped
down
from
the
minneapolis
city
council
to
take
on
a
new
role
as
head
of
the
mpha,
the
minneapolis
public
housing
authority.
So
with
those
changes
come
some
new
assignments
and
council
member
fletcher
has
willingly
stepped
in
to
the
audit
committee.
I
wanted
to
offer
sorry.
I
haven't
prepped
you
for
this
first
council
member,
but
I
wanted
to
see
if
you
wish
to
say
a
few
words
or
anything
to
us.
D
E
Sure
thank
you
for
that.
I
I'll
just
say
that
I
have
really
appreciated
the
output
of
this
committee.
I
think
the
the
work
of
the
audit
committee
gives
us
confidence
in
some
of
our
analysis.
You
know
at
the
council
and
has
given
us
some
tools
to
make
some
policy
decisions
that
are
very,
very
important,
so
I'm
appreciative
of
the
work
you
all
have
already
been
engaged
in
and
excited
to
get
to
play
a
role
in
it.
So
thank
you
for
welcoming
me.
D
Thank
you,
you'll
do
a
great
job
and
we
welcome
your
questions
and
comments
as
soon
as
as
soon
as
you
feel
ready.
We
have.
As
we
start,
we
have
some
new
business
and
most
of
the
rest
of
this
presentation,
I
think,
will
be
from
director
interim
director,
patrick
unless
he
hands
it
over
to
others
on
his
team.
D
But
I
will
just
say
our
next
item
of
business
is
the
annual
risk
based
audit
plan
amendment.
As
I
mentioned
in
my
email,
two
committee
members.
Last
week,
I
asked
our
audit
team
to
basically
throw
out
the
rest
of
their
years
work
plan
as
they
wrapped
up
these
few
projects
and
take
a
look
at
what's
important
now
and
how
they
could
be
of
strategic
value
to
our
city
enterprise.
At
this
time
they
have
responded
wonderfully
and
I'm
eager
to
have
interim
director
patrick
talk
about
that
a
little
bit
more
so
we're
in
new
business.
B
Thank
you,
chair
palmisano.
First
things.
First,
I'm
going
to
update
everyone
on
the
risk
assessment
and
that
will
lead
into
our
discussion
of
the
updates
to
the
audit
plan.
So
if
we
could
go
to
the
next
slide,
so
I'll
talk
first
about
the
process
and
results
the
impact
of
the
pandemic
on
the
assessment,
our
proposed
new
approach
to
addressing
covid19
and
then
discuss
the
proposed
audit
plan
modifications.
B
So
the
purpose
of
an
annual
risk
assessment
is
that
we
can't
entirely
avoid
risk
being
defined
as
events
which
impair
an
organization
and
achieving
objectives,
but
assessments
help
us
identify
quantify
and
rank
risk.
That's
what
drives
our
audit
plan.
We
base
our
work
on
risks
that
we
may
not
achieve
our
objectives
and
help
try
and
mitigate
those
risks
via
audits
go
to
the
next
slide.
B
So
if
we
look
back
at
the
february
update,
this
is
what
I
provided
to
you
that
we
had
completed
a
city
leadership,
risk
assessment
survey.
We
met
with
department
heads
all
throughout
the
city,
including
council
and
mayor's
office,
sent
out
surveys
to
both
managers
and
leadership
and
then
started
prioritizing
projects
based
on
those
results,
and
I
mentioned
that
at
this
meeting
I
would
be
proposing
a
new
audit
plan
updated
to
reflect
current
enterprise
risks
at
this
meeting.
B
All
of
these
surveys
were
conducted
prior
to
covid19,
and
leadership
was
responding
to
what
they
saw
as
risks
in
that
prior
environment,
we're
in
a
rapidly
changing
and
complex
environment,
and
one
that's
certainly
impacted
by
covid19
and
as
we'd
like
to
meet
with
all
the
department,
heads
and
review
their
results
and
possibly
update
them.
Everybody's
been
working
very
hard.
It
wasn't
necessarily
time
given
that
it
took
us
months
to
complete
it
under
ideal
circumstances
to
do
that
update,
but
we
shouldn't
throw
out
those
results
just
because
leadership
was
responding.
B
In
those
circumstances,
some
of
the
risks
that
we
identified
are
just
amplified
by
the
current
situation
and
therefore
it's
worth
taking
a
look
at
those
and
seeing
how
they
might
be
impacted
by
cobin.
So
I'm.
B
So
this
is
kind
of
a
common
thing
that
comes
up
regularly,
and
these
are
all
quotations
from
those
meetings
and
those
those
risk
assessment
surveys
that
we
sent
out
so
ftes
staffing
shortages,
turnover,
the
right
staff,
staffing
below
industry
standards.
You
see
the
same
comments,
kind
of
popping
up
in
nearly
every
survey
that
we
did
with
leadership.
B
Well,
how
is
that
impacted
by
coven
if
we
have
massive
turnover
or
we
have
potential
layoffs?
If
we
have
situations
where
we
have
a
large
portion
of
the
workforce
out
or
unable
to
work,
this
risk
that
was
identified
under
ideal
circumstances
is
certainly
amplified
in
the
current
environment,
move
to
the
next
line.
B
The
second
was
it
related
systems,
so
it
wasn't
necessarily
the
systems
per
se,
but
a
lot
of
department
heads
and
a
lot
of
responders
noticed
that
they
there
are
a
lot
of
different
systems
at
the
city,
a
lot
of
system-related
security
and
access
risks.
B
People
had
trouble
accessing
needed
information,
downtime
old
equipment,
loss
of
I.t
communication,
so
if
that
was
happening,
pre-covet
19,
as
we
all
shift
to
a
completely
different
work
style
working
from
home,
working
remotely
that
that
risk
is
certainly
amplified
and
the
environment
in
which
we
use
rit
systems
has
totally
changed,
move
to
the
next
slide
and
kind
of
the
last
and
common
response
related
to
kind
of
inadequate
policy
and
procedures.
B
So
those
not
the
work
groups
not
having
best
practices
or
not
having
access
to
best
practices,
some
inefficient
workflows
that
led
to
delays
potential
for
non-compliance,
lack
of
oversight
over
assets
and
internal
controls.
B
B
This
risk
is
certainly
amplified
over
the
next
slide
so
again,
coven
19
impacts.
All
of
these,
the
top
three
and
certainly
most
common
identified
risk
staffing
and
budget
allocations.
As
we
change
the
way,
we
staff,
as
we
experience
shortages
in
the
workforce,
that
risk
is
amplified
our
I.t
impacts.
B
We've
had
to
shift
radically
the
way
we
use
our
systems
and
insufficient
policy
and
procedures,
particularly
in
a
time
when
we're
all
doing
new
things,
it
certainly
is
amplified,
and
we
just
have
new
and
unanticipated
risks,
we're
in
a
very
novel
situation
under
coronavirus
and
they're.
Common
and
they're
popping
up
and
some
departments
certainly
face
more
significant
impacts
than
others,
so
it
hasn't
affected
every
department
equally,
but
some
have
really
experienced
the
impacts,
that's
more
significantly
than
others,
the
next
slide.
B
So
if
we
look
back
at
our
audit
plan,
this
is
the
stuff
that
we
had
on
for
kind
of
the
rest
of
the
year.
Some
would
have
moved
into
2021.
We
look
at
things
that
we
were
planning
to
audit
such
as
affordable
housing,
hiring
I.t
governance
and
cyber
security
revenue
collections
park
board
patron
safety.
These
are
all
things
that
look
really
different
in
the
current
environment.
If
we're
talking
about
affordable
housing
as
the
current
economic
situation
evolves
and
changes,
the
plans
that
we
use
to
address
them
might
change.
B
B
B
Sure
the
red
items
that
I
highlighted
are
ones
that
I
I
perceived
as
being
deeply
impacted
by
covid19,
so
several
of
those
related
the
arcgis
governance
and
I.t
controls.
This
is
to
do
with
it
related
information
for
our
mapping
systems.
So,
while
that
is
impacted,
it's
the
mapping
system
is
fairly
static,
but
we
wanted
to
review
control.
So
I
didn't
see
that
as
necessarily
as
impacted,
nor
did
I
see
it
as
the
same
level
of
priority.
B
The
same
is
true
for
the
water
network,
integration,
consultation
and
I'll
I'll
talk
more
about
why
that
has
shifted
a
little
bit
further
in
the
presentation,
but
while
they're
still
very
relevant
and
you'll,
see
I'm
not
recommending
removing
any
of
these
items
from
the
audit
plan,
things
have
changed
and
the
red
highlighted
items
I
saw
as
being
the
most
impacted.
B
So
I'm
proposing
six
parts
in
a
three-phase
special
project
that
internal
audit
can
use
to
address
kovid
19..
So
I'm
going
to
walk
through
each
of
the
six
parts
and
talk
about
how
they
fit
into
a
new
audit
plan
over
over
three
phases.
That
is
likely
going
to
last
six
to
eight
months,
so,
first
audit,
as
we
function,
we
really
look
at
best
practices
in
the
industry.
B
B
We
want
to
be
able
to
work
with
departments
and
and
speak
with
authority
and
as
we've
shifted
into
this
new
environment,
so
much
has
changed,
and
this
is
true
across
the
entire
auditing
field.
My
team
and
I
have
been
meeting
weekly
with
auditors
from
around
the
country,
we're
all
looking
at
the
situation
and
recognizing
that,
while
we're
not
ill-equipped
to
address
this
audit
is
a
really
great
resource
to
addressing
the
new
and
amplified
risks
during
this
during
this
time.
But
we
don't
have
that
same
level
of
baseline
research.
B
We
don't
have
that
knowledge
well
to
pull
up
on.
So
the
first
kind
of
main
thing
that
we
are
in
progress
working
on
is
developing
that
knowledge
bank,
developing
the
key
strategies
to
address
kovid
and
we're
working
with
11
or
12
other
audit
departments
from
around
the
country,
along
with
other
audit
department,
heads
to
collaborate
and
develop
that
knowledge
bank,
so
that,
as
we
begin
approaching,
departments
and
using
our
resources,
we're
giving
accurate,
updated
and
impactful
information
that
really
adds
value.
B
The
second
portion
of
what
audit
is
going
to
need
to
do
moving
forward
is
we're
going
to
need
to
work
with
departments
to
document
and
evaluate
key
control
processes.
We've
moved
into
a
completely
different
environment.
We
departments
are
working
differently
now
and
having
to
work
differently
than
they
have
in
the
past
and
with
that
comes
all
sorts
of
new
policies,
procedures,
standard
operating
procedures,
both
those
documented
and
those
without
supporting
documentation.
B
As
a
city
works,
we
develop
processes
over
time
and
they
may
be
in
place
for
years
without
changing,
because
that
best
fits
the
workflow
when
something
comes
in
and
shakes
everything
up
like
this,
we're
all
forced
to
work
in
in
new
ways,
sometimes
that
policy
making
and
that
that
process
documentation
moves
slowly,
but
audit.
This
is
something
that
we
are
experts
at
is
documenting
and
really
breaking
down
a
process
to
its
components
and
making
sure
that
all
portions
are
covered
and
documented.
B
The
nice
thing
about
this
moving
along
with
the
criteria
and
best
practices,
research
is
that
we
can
draw
on
our
expertise
as
process
documenters
and
evaluators,
while
we're
not
using
covid
related
information
to
do
that.
We're
helping
departments
really
make
sure
that
they
have
all
those
new
and
improved,
workflows,
documented
and
clearly
laid
out
so
that
that
helps
mitigate
some
risk
so
part
three.
It
will
need
to
be
fueled
by
that
criteria.
Best
practices,
research,
it's
looking
at
department,
continuity
planning
in
that
rapidly
changing
financial
environment.
B
So
we
know
that
there
is
going
to
be
an
economic
impact
on
the
city
related
to
covet.
That
is
absolutely
clear.
We
also
know
that
it's
going
to
impact
the
workforce,
it's
going
to
impact
discretionary
budgets
and
a
wide
variety
of
items.
Can
we
go
back
one
slide
thanks
as
we
feel
these
impacts.
B
We
also
need
to
use
the
research
that
we
tackle
in
part
one
to
help
departments
plan
and
become
resilient,
that
as
things
change
as
things
shift
we're
looking
ahead
and
making
sure
that
we're
mitigating
the
risks
that
pop
up
further
down
the
road.
The
impact
of
this
is
going
to
be
long,
lasting,
it's
not
simply
going
to
change
overnight
and
we
need
to
work
with
departments
as
we
do.
B
B
What
sectors
are
really
impacted.
I
mean
it's
starting
to
become
more
clear
in
my
conversations
with
department
heads
where
they're
seeing
these
types
of
issues
pop
up,
but
we
need
to
make
sure
that
as
we're
working,
an
audit
we
are
making,
we
are
focusing
first
on
those
sectors
where
we
can
help
prevent
and
mitigate
the
risk
that
we
experience
broad
waste
and
abuse
five
is
there
may
be
single
audit
requirements
related
to
covet
19
funding.
B
So
as
we
get
grant
money
from
the
federal
and
state
federal
government
and
the
state
government,
there
may
be
audit
requirements
attached
to
those
attached
to
grants
and
whatnot.
B
They
may
require
that
we
produce
documentation
and
we
want
to
work
with
departments
who
are
receiving
that
money
to
make
sure
that
they're
adequately
documenting
what
they're
doing
with
it.
So
that
they're
prepared
for
audit
audit
preparedness
is
really
important.
It
allows
that
department
to
execute
it
without
it
significantly
impacting
their
their
work
and
their
staff
time.
If
internal
audit
for
the
city
is
helping
them,
prepare,
it's
not
going
to
impact
them
as
severely
when
they're
forced
to
turn
over
significant
amounts
of
documentation
to
that
funding.
B
So
six-
and
this
is
far
down
the
road,
but
it's
looking
at
the
continuity
of
operations
and
analyzing-
how?
How
did
we
do
as
a
city?
Did
we
stick
to
our
continuity
of
operations
plan
and
was
that
plan
effective?
Will
we
have
the
right
data
to
be
able
to
evaluate
our
response
and
moving
forward?
Are
we
using
the
best
information
to
inform
how
we
change
that
that
plan
in
the
future?
B
So
my
recommendations
related
to
this
risk-based
assessment.
First,
we
have
to
work
to
understand
and
remediate
resource
resource
constraints
and
I'm
speaking
specifically
to
internal
audit.
B
Excuse
me,
as
our
budget
changes
and
as
our
staff
changes
staff
time
changes
because
we're
addressing
so
many
things.
We
know
that
we
can't
do
as
many
audits
not
related
to
covet
19
as
we'd
like,
so
we
first
need
to
prioritize
and
that's
that's.
A
really
key
part
of
risk-based
assessment
is
that
you
are
placing
priorities,
your
priorities
in
the
right
places
and
therefore
we
should
modify
our
audit
plan
and
address
prior
identified
issues,
because
those
risks
are
amplified
and
supplemented
with
current
projects
to
really
address
the
current
situation.
B
We
need
to
be
working
with
departments
across
the
country
to
make
sure
that
everybody
is
well
informed
and
we
can
proceed
with
the
most
effective
plan
in
the
future,
so
we're
recommending
also
that
some
of
the
future
audits
are
split
and
those
cons
and
perhaps
move
to
consultations,
which
is
a
different
type
of
process.
B
That
audit
uses
to
work
with
departments,
but
we
want
to
make
sure
that
we're
looking
at
the
most
relevant
sections
to
to
address
the
emerging
risks
so
we'll
we'll
split
some
audits
so
that
we
can
tackle
them
in
the
most
efficient
fashion
move
to
the
next
slide.
B
So
this
is
the
new
proposed
2020
audit
plan
that
I
have
for
you.
The
first
two
items
you'll
see
in
italics.
Those
are
projects
that
are
already
moving
forward,
so
we're
already
in
the
work
phase
on
them
and
while
they
were
proposed
prior
to
covet
19,
they
are
really
relevant
to
the
current
situation.
B
So
so
one
is
the
contract
amendments
review
as
we
are
forced
to
contract
in
a
rapidly
changing
environment.
It's
important
to
understand
our
control
environment
and
make
sure
that
they're
adequately
designed
to
mitigate
risks.
So
luckily
this
project
was
already
in
place,
but
it's
become
more
relevant
than
it
was
when
it
was
initially
put
on
the
audit
plan.
B
The
second
relates
to
grant
administration
as
grant
money
flows
in.
We
want
to
make
sure
that
we
are
looking
at
key
controls
and
addressing
them.
So
it's
good
that
both
of
these
projects
are
in
place.
We
want
to
continue
with
them
and
we
have
the
resources
to
do
so.
They
are
certainly
covet
19
related,
so
the
yellow
items
are
items
that
I
recommend
modifications
or
additions.
B
We
need
to
speak
from
a
place
of
authority
and
the
only
way
we're
going
to
do
so
is
if
we
have
adequate
information.
Unfortunately,
there's
not
a
ton
of
that
that
looks
at
what
a
pandemic
that
spreads
over
six
to
eight
months.
There's
just
not
a
lot
of
that
research
out
there
and
we're
working
to
develop
it
right
now.
We
need
that
information
to
specifically
work
with
departments
on
identifying,
documenting
and
strengthening
key
control
processes.
B
B
We
need
to
work
with
them
to
kind
of
mitigate
some
of
those
risks
that
they
felt
that
they
were
experiencing
the
major
constraints,
given
that
the
financial
situation
and
the
current
environment
is
totally
different.
So
we
plan
to
once
we
have
that
knowledge
bank
review
key
department
strategies
that
cope
with
this
very
issue.
That's
going
to
be
a
significant
lift
and
it's
going
to
be
a
challenging
project
in
a
lot
of
ways,
but
we
will
be
working
with
department,
heads
and
adding
value
by
helping
them
figure
out
how
to
mitigate
some
of
those
risks.
B
B
So
you,
if
you
see
that
and
then
kind
of
the
last
highlighted,
yellow
item,
assessing
the
maturity
and
readiness
of
the
cyber
security
risk
management
programs.
Both
are
critically
important.
Governance
deals
with
this
kind
of
structure
in
which
we
address
cyber
security
data
security
and
system
security.
B
So
the
cyber
security
audits
are
are
pretty
pretty
specific
and
require
a
significant
degree
of
kind
of
I.t
experience.
So
it's
not
something
that
my
team
we're
not
we're,
not
I.t,
auditors
per
se.
This
is
something
we
typically
work
with
contractor
on
someone
who
is
a
specific
cyber
security
analyst
so
later
down
the
road
we'd
like
to
work
with
them
to
do
the
type
of
testing
that
really
determines
whether
or
not
our
cyber
security
systems
are
functioning
effectively,
but
that
is.
B
Just
because
the
systems
are
working,
if
we
don't
have
a
coherent
governance
strategy,
it
is
less
effective.
So
I
think
we
should
prioritize
first,
something
that
my
team
can
work
on
and
that's
looking
at
governance
frameworks
and
then
later
down
the
road
test,
those
systems
I
have
still
on
here-
the
q3
revenue
and
collections
on
it.
So
initially
that
project
was
to
look
broadly
across
the
city,
look
at
all
the
revenue
streams
and
how
we
collect
money
and
make
sure
that
we're
mitigating
any
risks
related
to
collection
of
that
money.
B
So
now
I'd,
because
that
has
changed
so
much
I'd
still
like
to
keep
that
on
the
audit
plan.
It
may
not
start
necessarily
in
q3
but
we'd
like
to
keep
it
on
there,
but
we
would
like
to
focus
specifically
on
departments
that
collect
revenue
that
may
be
deeply
impacted
by
covet
19..
B
So
in
q4-
and
this
is
a
pretty
ambitious
plan
to
address
phase
3-
that's
reviewing
compliance
with
the
continuity
of
operations
plan
during
the
pandemic.
This
is
honest,
q4
that
may
be
pushed
into
the
following
year.
We
don't
know
necessarily
when
that
might
happen
now,
but
we
want
to
make
sure
that
it's
on
the
plan
and
that,
as
we're
discussing
with
department
heads
all
the
other
things
that
we're
working
on
that
we're
keeping
in
mind
that
down
the
road
we're
going
to
address
that
issue.
It
gives
us
when
it's
on
the
plan.
It
is.
B
It
highlights
our
need
to
make
sure
that
we're
preparing
and
helping
departments
with
audit
preparedness
for
that
future
audit,
affordable
housing
and
equity,
and
hiring
both
very
relevant
items.
Right
now.
The
like
I
mentioned
before,
looking
at
affordable
housing
right
now
as
we're
in
this
rapidly
changing
environment
might
not
be
the
most
effective.
That's
why
I
pushed
it
down
the
road
on
this
proposed
audit
plan.
B
We
can
move
to
the
next
slide.
So
you'll
still
see
the
audits
that
we
mentioned
earlier
that
were
on
the
plan.
They
are
bumped
to
2021..
Those
are
all
very
relevant
audits.
That's
why
they
were
on
the
plan
before
we'd
still
like
to
keep
them
on
the
plan,
we're
not
striking
them.
We
just
think
that
they
would
be
more
addressable
in
2021
after
we've
really
spent
the
bulk
of
our
resources
on
addressing
covet
19.
B
Oh
that
may
be
the
last
slide
so
that
those
are
the
proposed
changes
I
have.
I
think
it
gives
my
team
the
most
flexibility
to
address
the
emerging
challenging
environment.
It
allows
us
to
take
some
time
to
really
focus
on
addressing
covet,
19
and
building
that
knowledge
bank.
D
As
people
think
about
it,
I'll
just
say
that
I've
been
meeting
frequently
with
internal
audit
to
hear
what
they're
doing
and
how
they've
been
working
in
this
rapidly
changing
environment.
D
I'm
especially
pleased
to
hear
how
not
just
director,
patrick
every
member
of
our
audit
team,
is
reaching
out
to
other
cities
right
now,
and
I
think
that's
really,
I
think,
that's
really
important.
I
think
it's
easy
and
natural
to
kind
of
narrow
one's
focus
to
immediate
needs
in
this
kind
of
pandemic,
environment
right,
there's
so
much
outside
of
our
control
that
I
think
people
tend
to.
D
I
mean
you
need
to
narrow
and
just
focus
on
what's
immediately
in
front
of
you,
but
I
have
been
so
happy
that
internal
audit
is
regularly
in
contact
with
their
peers
in
other
cities,
some
that
are
further
ahead
in
the
pandemic
curve
and
some
that
I
think,
are
less
ahead,
and
I
really
think
that
shows
in
the
approach
that
they've
taken
here.
Ms
johnston
has
a
question
or
comment:
go
ahead.
F
Thank
you,
madam
chair.
First,
I
have
a
quick
comment
and
then
a
question.
My
comment
is
to
thank
you
for
really
showing
the
leadership
to
ask
for
a
revision
of
the
plan.
I
think
that
was
really
great
and
we
have
to
learn
from
all
the
craziness.
That's
out
there
right
now.
So
I
want
to
just
thank
you
and
also
for
director
patrick
for
for
taking
it
on
and
doing
such
a
nice
job.
I
thought
he
did
a
nice
review
one.
F
My
question
really
is
is:
if
the
departments
are
able
to
have
take
advantage
of
this
disruption
in
service
to
work
on
some
things
that
sometimes
are
back
burner
when
you're
not
providing
the
direct
service,
something
some
companies
have
done
a
lot
more
training
online
training,
things
like
that
and
trying
to
take
advantage
of
the
disruption-
and
I
was
just
wondering
if
you
had
heard
of
any
of
that.
Thank
you.
B
Chair
paul
masano,
council
or
committee
member
johnson,
yes
kind
of
two
parts
to
that
question:
one
is
some
back
burner.
Stuff
has
actually
been
easier
to
address
during
this
time.
It's
interesting
as
people
go
to
work
remotely.
B
B
That's
a
word
during
this
time
period,
particularly
when
people
have
work
with
so
much
electronic
documentation,
they
don't
need
to
have
physical
access.
We've
been
able
to
complete
some
of
those
projects
to
the
training
question.
Certainly
there
have
been
so
many
covid
related
trainings
kind
of
opportunities
to
do
those
types
of
activities.
B
I
hope
people
are
taking
advantage
of
it.
My
team
has
certainly
been
attending
many
webinars
put
on
by
alga
and
we're
building
that
resource
bank.
That's
going
to
be
that's
going
to
be
a
key
part
of
it
as
we
attend
all
these
trainings,
we
can
offer
those
types
of
trainings
and
if
nothing
else,
summary
of
the
information
that
we
learn
to
departments.
As
we
see
it,
impacting
them
does
that
answer
your
question.
F
Yeah,
I
just
hope
that
we're
capturing
some
of
that
as
well,
so
that
so
that
we
can,
you
know,
as
we
plan,
if
there's
something
like
this
in
the
future-
that
we
make
sure
we
have
those
things
on
our
on
things
that
maybe
went
better
than
we
would
have
expected.
Yeah.
D
Great,
I'm
not
seeing
any
questions
in
the
meeting
chat
I'll
ask
commissioner
music,
because
sometimes
it's
hard
to
interrupt
in
these
meetings.
If
she
had
anything,
she
wanted
to
add.
D
Great
in
the
chat
feature
committee
member
fisher
says
good
review
and
he'd
like
to
move
approval
of
this
plan
per
the
agenda,
so
approving
an
amendment
to
the
2019
annual
risk-based
integrated
audit
plan.
I'll
call
on
mr
fisher
for
that
motion.
D
That's
great,
it's
been
moved.
Could
I
have
a
second
for
this
motion?
Second
council
member
schrader
has
seconded
the
motion.
Anybody
else
want
to
say
or
add
anything
that
we're
speaking
about
here
right
now,
seeing
none
I'll
ask
the
clerk
to
call
the
role
on
item
number
four.
E
E
A
C
D
Next,
we
have
our
cped
grant
management
audit
report
and
because
this
has
been
an
audit
engagement
and
one
that
we're
wrapping
up
now,
it's
a
little
bit
more
familiar
when
we
do
this
in
person
and
it's
a
little
bit
more
organic,
but
in
this
virtual
environment
I
still
have
asked
director
frank
to
join
us
today.
D
As
the
audited
clients,
we
typically
ask
them
to
to
offer
up
some
thoughts
or
to
see
how
this,
how
this
project
has
perhaps
impacted
them
or
how
it's
gone
for
them.
It's
their
opportunity
to
to
say
a
few
words.
So
I
I
have
asked
director
frank
david,
frank,
to
join
us
here
today
and
I'll.
Let
him
start
us
off
in
terms
of
the
grant
management
work,
which
is
one
small
but
really
important
part
of
what
he
has
in
our
economic
development
department.
G
G
We
had
a
chance
along
the
way
to
be
reminded
of
some
best
practices
that
you
know
about,
and
you
know
them
intellectually,
but
like
really
looking
at
them
again,
reminding
ourselves,
why
it's
important
to
do
the
things
that
we
set
for
ourselves
and
you
set
for
us
in
the
city's
policies.
G
This
is
taxpayer
money,
even
though
it's
not
city
money
that
we
are
passing
through
and
our
policies
should
be
followed
and
so
we're
glad
to
work
with
the
audit
team,
including
director,
patrick,
to
make
sure
that
we
are
doing
everything
that
we
need
to
be
doing
and
I'm
pleased
to
say
we're
on
board.
I'm
happy
to
be
here,
and
we
think
this
is
good
work
happy
to
answer
any
questions
before
or
after
the
director's
presentation.
Thank
you.
D
Thank
you
I'll,
go
ahead
and
turn
it
over
now
to
director
patrick,
to
give
us
the
meat
of
that
audit
report,
and
just
so
people
know
david,
frank
and
his
team.
They
have
seen
and
even
had
a
chance
to
respond
to
the
audit
before
you
so
there.
There
are
no
surprises
in
this
in
terms
of
how
cped
sees
this
audit,
as
is
typical
in
the
audit
work
that
we
do
so
director,
patrick.
B
Thank
you,
chair,
palmisano,
first
things,
first
well
I'll
be
presenting
on
the
contents
of
audit
results
and
in
the
auditor,
update
I'll,
discuss
audit
issue,
follow-up
and
continuous
monitoring.
I
like
to
acknowledge
my
team,
normally
we'd,
have
them
presenting
and
answering
questions
in
typical
fashion,
because
this
is
their
hard
work
that
let
us
get
to
this
point.
B
It's
challenging,
given
that
we're
doing
this
meeting
over
teams
and
in
a
remote
environment
so
I'll
be
presenting
the
work,
but
I
want
to
acknowledge
who
gets
very
hard
work
on
this
grant
management.
Audit
travis's
work
in
all
of
these
audits
and
audit
issue,
follow-up
and
comlin
working
very
hard
in
each
of
these
audits
and
looking
at
continuous
monitoring.
B
B
So
the
objective
in
this
grant
management
audit
was
to
work
with
cped
on
addressing
internal
controls,
whether
they
were
adequate
to
ensure
compliance
and
efficient
grant
management.
Cped
manages
tens
of
millions
of
dollars
worth
of
grants,
and
this
audit
looked
at
the
controls
they
have
in
place
during
that
in
the
next
slide.
B
So
the
scope
looked
at
the
grant
management
process
during
january
1st
2018
through
december
31st
2019,
so
we're
looking
specifically
at
the
processes
in
economic
policy
and
development
and
housing
policy
and
policy
development.
So
these
are
two
areas
that
that
handle
a
lot
of
grants
and
our
scope
included
roughly
a
two-year
period.
B
We
address
the
adequacy
of
the
monitoring
process
to
mitigate
financial
compliance
and
fraud,
risks
and
assess
the
adequacy
of
sub-recipients
and
contractors
to
ensure
that
grant
contracts
are
appropriately
executed,
effectively
managed
in
terms
and
conditions
adhered
to.
So
it's
a
lot
of
technical
talk,
essentially
to
say
that
grants
all
the
risks
of
fraud.
B
The
next
slide,
so
first
things
first
before
we
talk
about
the
one
audit
issue.
Cped
like
I
mentioned,
is
dealing
with
tens
of
millions
of
dollars
worth
of
grants.
And
it's,
if
you
see
look
in
the
report,
the
report
that
was
sent
out
earlier
this
week,
you'll
know
that
we
found
widespread
compliance.
That
risks
were
adequately
managed.
This
is
a
very
clean
bill
of
health.
B
Cped
is
certainly
addressing
the
risks
and
monitoring
and
new
changes
in
the
compliance
landscape
and
their
plans
adequately
address
risk.
We
had
one
low
risk,
rated
audit
issue,
low
risk,
rated
issue,
meaning
we
don't
really
see
a
need
for
a
management
plan.
This
is
a
low
issue
and
one
that
may
be
industry
best
practices,
but
not
necessarily
a
compliance
issue,
and
in
this
instance
it
was
just
that
policy
and
procedure
documents
don't
always
contain
a
date
that
indicates
when
it
was
last
reviewed
and
updated.
We're
not
saying
that
policies
aren't
reviewed
on
a
regular
basis.
B
Nor
are
we
saying
that
they're
not
updated
to
address
the
changing
and
compliance
requirements
simply
that
they're
not
dated.
So
that's
that's
a
very
low
risk
issue
and
I'd
like
to
say
that
cped
addressed
it
almost
immediately
they're
dating
policies-
and
this
issue
is
mitigated.
B
So
that's
as
far
as
things
are
concerned,
a
very
clean
bill
of
health
and
one
that
would
allow
us
to
feel
confident
that
that
risks
are
sufficiently
addressed.
D
As
I
wait
to
see
if
there
are
others
that
want
to
speak
with
comments
or
questions
to
this
audit,
I
I
will
say
I
think
it
was
rather
fortuitous
that
this
was
in
progress
before
before.
We
ever
were
starting
to
see
or
prepare
for
covid
related
issues
in
our
city.
But
this
is
a
group
that
will
soon
potentially
handle
grants
and
loans
for
emergency
covet
assistance
and
director.
D
Frank,
if
you
would
correct
me,
if
I'm
wrong
in
that,
but
but
I
do
think
that
they
will
be
handling
some
of
the
processing
of
things
so
for
this
smallish
department
within
your
larger
part
of
the
organization,
it
would
really
go
from
an
audit
risk
standpoint
from
a
low
risk,
perhaps
infrequently
looked
at
committee
on
a
risk
panel
to
being
very
high
risk.
Indeed,
so
it
seems
like
it's
really
nice
to
see
this
clean
bill
of
health
and
that
everything
is
working
well.
G
Director,
madam
chair,
thank
you
and
again
director,
patrick
thanks
to
you
and
your
team
for
this.
If
anybody's
listening,
we
we
appreciated
working
with
all
of
you
and
each
of
you,
not
just
director,
patrick
madam
chair
to
your
point.
Yes,
we
are
inventing
new
programs
for
small
business
and
for
emergency
housing,
assistance
and
modifications
to
stable
homes,
stable
schools.
So
it's
not
it's
not
exactly
the
same.
But
yes,
I
agree
with
you.
It
is,
it
is
timely
and
it
is.
G
We
appreciate
getting
the
I'll
call
clean
bill
of
health,
as
the
director
said,
just
as
we're
embarking
on
new
programs
that
hand
out
different
kinds
of
taxpayer
money.
We
appreciate
it.
D
Seeing
none,
I
can
move
approval
of
this
item.
Could
I
ask
mr
fisher
if
he'd,
second,
the
motion.
D
Okay,
then
I'll
ask
ms
casper
to
as
the
clerk
to
call
the
role
on
item
number
five
and
that
would
be
to
receive
and
file.
This
report
and
direct
staff
to
publish
the
report
which
for
new
audit
committee
members
is,
is
a
little
different
than
how
we
operate
in
regular
city
business.
There's
very
specific
reasons
for
that
on
audit
committee
that
I
won't
bother
to
go
into
unless
people
have
concerns,
but
so
item
number
five
is
to
receive
file
and
publish
this
report
and
make
it
public.
E
E
D
B
So
we
looked
at
the
workflows,
and
I
want
to
say
also
that
we
worked
on
this
with
our
partners
at
bakertilly,
so
they
were
really
the
experts
on
this
project
and
I'm
happy
to
take
questions
on
it
and
normally
we'd
have
them
here.
To
answer
questions
I
can
take
questions
and
forward
them
to
our
partners
at
bakertilly,
but
they
were
really
the
experts
on
this.
So
looked
at
user
access
interviewed
observed
inspected.
B
We
followed
our
normal
audit
process,
looking
at
charts,
workflows
all
of
that
stuff
to
make
sure
that
the
system
was
working
effectively
captured
those
workflows.
This
is
a
pretty
standard
audit
of
a
new
system
move
to
the
next
slide.
B
Well,
there
were
three
findings,
no
high-risk,
related
findings,
but
we
wanted
to
walk
through
the
findings
and
observations
and
also
note
that
we
have
management
responses
in
the
document.
Some
of
those
responses,
while
they
could
have
been
maybe
mitigated
faster
because
of
covet
19.
We
granted
extensions
to
some
of
them,
so
the
team
has
an
opportunity
to
address
them,
so
the
user
access
reviews,
so
our
user
access
review
is
completed
on
a
timely
prescribed
basis.
We
noticed
not
necessarily
that
it
wasn't
happening,
but
there
needed
to
be
a
formal
user
access
review
process.
B
So
the
last
is
final
approval
of
provision,
roles
and
preferences
for
new
users
not
consistently
documented.
So
again,
this
is
just
implementing
a
formal
procedure
to
document
approved
roles
and
preferences
for
new
user
requests.
So,
as
users
are
added
to
the
system
and
user
access
has
changed
that
there
is
a
formal
documentation
system
that
we
can
look
back
on.
Make
sure
that
it's
happening
correctly
and
that
users
are
getting
that
least
necessary
access.
B
So
a
lot
of
these
findings
relate
to
more
documentation
of
process.
It's
not
that
because
they're,
not
high-risk
rated
findings,
we're
not
saying
that
those
things
aren't
happening.
The
recommendations
tied
more
into
making
sure
that
this
is
all
formally
documented
and
addressed,
and,
like
I
mentioned
earlier,
we've
already
hammered
out
a
timeline
to
address
these.
These
findings
there's
already
a
plan
in
place
and
we'll
be
happy
to
report
back
in
the
near
future
that
that's
occurred.
D
Mr
sorry,
mr
fisher
has
made
the
motion.
Please
let
that
be
recorded
as
such,
and
ms
johnston
has
seconded
the
motion.
D
F
A
B
Hello
again
and
again,
I'd
like
to
credit
our
work
with
wildcard,
their
firm
that
we
work
with
on
I.t
and
cyber
security,
related
audits
and,
as
they've
been
working
with
us
on
body
camera
audits.
They
become
kind
of
experts
in
the
field.
So
thank
you
to
wildcard
they're,
not
presenting
with
me,
as
they
normally
would
during
the
audit
committee,
but
I'm
happy
to
go
through
the
results.
This
is
something
I'm
also
quite
familiar
with,
as
I've
worked
on
past
body
camera
audits.
So
we
can
discuss
this.
B
B
So
I'm
going
to
go
through
this
kind
of
quickly,
but
I'd
like
to
note
that
they
have
a
totally
clean
bill
of
health
before
we
get
started,
we'll
go
through
each
item,
but
the
park
board
has
done
a
great
job,
maintaining
compliance
with
state
law
requirements.
Let's
move
to
the
next
slide.
B
This
is,
we
need
to
go
back
to
the
body
camera
update.
D
As
you're
getting
to
the
right
slide
here,
allow
me
to
jump
in
similar
to
how
director
frank
came
to
our
committee
and
talked
a
little
bit
about
the
audit
that
his
group
was
part
of.
I
did
I
invited
chief
ohado,
the
park
police
police
chief
to
to
see
if
he
wanted
just
to
make
any
comments
that
I
would
share
so
that
he
didn't
need
to
get
set
up
on
microsoft
teams
and
be
present
for
a
whole
meeting
and
that
kind
of
thing
in
this
environment.
He
has
a
lot
going
on,
but
he
did.
D
He
responded
not
just
informally,
even
but
with
a
full
letter
to
to
all
members
of
the
audit
committee
that
I
I
regret.
I
got
it
on
friday
and
I
didn't
share
with
you,
but
I
will
share
it
and
also
give
it
to
the
clerk
to
publish
with
on
limbs
as
you
wish,
but
I
will
just
summarize
what
it
says
he
wanted
to
recognize
and
thank
the
audit
committee
and
staff
from
our
internal
audit
department
for
their
sincere
support
and
professionalism
over
the
past
18
months.
D
D
It
has
resulted
in
practices
that
better
serve
the
residents
of
minneapolis
and
all
those
who
visit
our
park
system.
So
that's
from
chief
ohado
and
I
just
wanted
to.
Maybe
we
could
introduce
that
along
with
this
audit
too.
Does
the
tech
team
have
the
slide
that
you
want
up
yet.
B
I
don't
see
it,
but
I
have
them
in
front
of
me.
I
can
just
talk
through
some
of
this.
I
think,
because
there
are
no
findings,
it's
it's
possible
that
we
can
just
talk
through
this.
I've
sent
out
the
report
in
advance
and
sure
we
can
read
through
it.
So
let
me
just
let
me
just
go
through
them.
I
have
them
open
in
front
of
me
on
my
computer.
D
B
D
B
Excellent
and
it's
it's
a
number
of
slides,
but
again
I'm
going
to
go
through
it
kind
of
quickly,
just
based
on
the
fact
that
this
committee
has
received
body,
worn
camera
reports
in
the
past,
and
we
have
no
findings
on
this
on
this
report.
So,
first
just
looking
at
the
scope,
the
criteria
that
we
use
for
this
is
all
related
to
state
law
requirements.
So
you
can
see
in
the
report
the
number
of
statutes
that
touch
on
this
specific
issue.
B
We
tested
compliance
with
all
of
the
state
statutes
that
are
required.
Our
methodology
is
this
common
framework
that
we
use,
based
on
the
american
institute
of
cpas,
the
information
and
system
audit
and
control
association.
This
is
a
pretty
standard
audit
and
one
that
we've
become
pretty
comfortable
with,
given
that
we've
been
working
with
mpd
on
this
on
a
bi-annual
basis
to
do
their
audit.
So
it's
a
three-phase
audit
planning
execution
reporting
using
that
methodology.
B
B
They
have
a
written
policy
that
addresses
all
the
mandatory
components
in
minnesota
statute.
13.825.
B
B
Body-Worn
cameras
assign
the
categories
by
officers
and
that
categorization
is
reviewed
by
supervisors,
so
it
has
the
appropriate
retention
policy
and
data
is
automatically
destroyed.
After
that
time
period
is
lapsed.
That's
compliant
with
state
statute
and
supervisors
are
adequately
doing
this
and
move
to
the
next
slide.
B
Part
of
the
state
statutes
requires
a
police
department
to
be
able
to
produce
a
report
that
details,
inventory
recordings
and
data
captured
and
park
police
department.
Has
it
in
place
that
they
they
can
quickly
generate
that
report
so
they're
compliant
with
that
state
law
component
move
to
the
next
slide
handling
of
data
requests
they
receive
requests.
They
have
a
process
to
validate
that
the
individual
is
making
they're
making
the
request,
because
some
of
this
data
is
non-public.
B
One
more
slide,
so
data
is
secure.
They've
implemented
correct
user
access
roles
to
make
sure
that
people
don't
have
access
to
portions
of
the
system
that
they're
not
required
to,
and
they
have
a
written
authorization
process,
that's
confirmed
by
via
email.
So
there
is
a
documentation
process
that
indicates
that
people
are
getting
access
according
to
what
they're
able
to
review
move
to
the
next
slide.
B
That
may
be,
it
nope
one
more
procurement
process
that
integrates
all
the
state
law
requirements,
no
major
procurements
that
fall
within
the
audit
period,
but
they
do
have
the
process
in
place.
I
believe
that's
that's
the
final
slide.
So
with
that
being
said,
we
looked
at
all
of
the
required
components
required
by
state
law
and
found
in
each
instance
that
the
park
board
has
adequately
met
those
state
law
requirements.
We
have
no
findings
related
to
this.
The
program
is
healthy
and
running
as
expected.
D
Director,
patrick,
is
this
just
the
the
standard
to
be
in
compliance
with
state
law
piece
of
it,
or
did
you
go
further
in
this
audit
with
wild
card
to
ask
or
audit
other
pieces
and
parts
of
their
body-worn
camera
processes
and
procedures
and
etc?.
B
This
is
specifically
related
to
state
law
requirements.
We
looked
at,
though
we
looked
at
adequacy
for
some
issues,
so
it
didn't
just
touch
on.
Did
it
meet
the
minimum
basic
requirements,
but
there
was
in
somewhat
of
an
added
adequacy
component
to
it.
So
not
only
are
we
noting
and
the
findings
that
they
met
state
law
requirements,
but
that
their
policies
adequately
cover
the
range
of
work
that
they're
doing
it.
It
may
not
that
we've
had
past
minneapolis
police
department
audits
that
added
issues
that
didn't
specifically
tie
to
state
law
requirements.
B
That's
not
what
this
audit
was
doing
per
se,
but
it
is
as
a
first
audit
of
a
body-worn
camera
program,
it's
good
to
test
and
make
sure
that
they
are
compliant
with
those,
and
we
also
wanted
to
note
that
they
went
through
a
consultation
process
prior
to
implementing
body
cameras.
So
that's
an
important
thing
to
note
that
they
worked
with
our
audit
team
in
implementing
their
program
to
make
sure
that
they
were
addressing
these
state
law
requirements.
B
D
Yeah
that's
great.
I
will
also
note
that
this
is
something
that
I've
spoken
with.
Two
previous
superintendents
of
our
park
system
about
right
was
our
own,
our
city,
mpd's
body-worn
camera
program
and
the
changes
that
have
been
made
to
that
and
how
it's
increased,
use
and
compliance,
and
all
the
policies
and
procedures
in
that.
This
is
something
that
I
think
former
superintendent
jane
miller
identified
and
the
interim
superintendent
mary
merrill
was
really
was
really
enthusiastic
about
really
keen
on
and
felt
was
extremely
important.
D
C
Thank
you,
chair
palmisano,
mr
patrick.
I'm,
I'm
not
sure
this
is
within
the
scope
of
the
audit.
You
did
of
the
body
worn
camera,
but
does
the
park
board
the
park
board
police
have
the
same
policy
that
the
city
please
do
that
they
are
required
to
turn
on
their
body
cams
when
they
are
engaging
with
citizens
at
any
time.
B
I'm
happy
to
send
over
a
copy
of
the
park
police
department's
body,
worn
camera
policy.
They
are
addressing
activation
in
a
similar
way
to
the
minneapolis
police
department.
I
don't
believe
they
have
the
exact
same
policy,
given
that
their
department
does
some
different
things,
but
I'm
happy
to
send
along
a
copy
of
that
policy.
If
it's
not
an
appendix
in
the
actual
report.
D
Seeing
none,
I
will
move
approval
of
this
item
and
that's
to
receive
and
file
this
audit
report
and
also
direct
staff
to
publish
the
report.
Could
I
have
a
second.
C
D
Thank
you
that
carries,
and
that
item
is
approved.
Last
but
not
least
in
our
items
of
new
business,
I
need
to
make
a
motion
to
extend
the
appointment
of
director
patrick
to
this
interim
position.
So
if
you
would
remember,
our
initial
appointment
of
him
was
at
least
in
contract
form.
If
not
spoken
in
audit
committee
was
a
temporary
one
of
a
few
months
in
time.
D
I
think
you
will
agree
with
me
that
he
is
doing
just
fantastic
work
in
this
role
and
for
the
time
being,
we
need
to
keep
up
his
interim
status.
So
I
would
like
to
move
this
extension
of
ryan
patrick's
appointment
as
our
internal
audit
director
may.
I
have
a
second
second.
A
D
Thank
you.
Both
david
fisher
and
commissioner
music
have
seconded
that
any
discussion.
Thank
you
clerk.
Please
call
the
roll
on
item
number
eight.
D
That
carries,
and
the
item
is
approved
next,
we'll
go
to
the
report
of
internal
auditor-
is
this
as
if
he
has
not
done
enough
reporting
already
director
patrick.
B
Thanks
sheriff
paul
masano
and
again
I
want
to
just
thank
my
staff's
hard
work
on
putting
together
this
auditor
update,
while
I
am
presenting
on
it.
It's
the
work
of
the
entire
team
they're
doing
an
amazing
job
in
the
crisis
and
they've
worked
very
hard
to
continue
to
the
work
of
audit,
the
kind
of
meat
and
potatoes
of
our
work,
and
I
think
you'll
see
in
this
auditor
update
that
that
work
is
continuing,
so
we
can
move
to
the
first
line.
B
B
So
we've
completed
two
projects
here
you
see
and
move
forward.
One
slide
budget
three
projects.
So
this
this
all
happened
within
the
last
quarter.
We
managed
to
complete,
since
the
last
audit
committee
meeting
in
february,
we've
managed
to
continue
to
complete
projects
and
they're
all
very
relevant
while
we
didn't
anticipate
covet
19
prior
to
starting
these
projects.
I
think
they're
really
important
and
I'm
glad
that
my
team
was
able
to
complete
them.
B
Given
the
current
crisis,
move
to
the
next
slide
so
again,
the
prior
audit
projects
that
are
currently
in
progress,
rather
than
halting
these
and
addressing
simply
kova.
These
are
covid
related.
So
it's
really
important
that
we
continue
that
work.
The
construction
contracts,
audit
phase,
two
looking
at
city
contracts,
construction
contracts
and
change
orders
to
specifically
address
controls.
B
B
This
again
is
super
relevant
right
now
very
relevant
right
now,
and
I'm
glad
that
this
project's
currently
in
place
I'll
move
to
the
next
line.
So
next
I'll
talk
about
continuous
monitoring.
We
are
always
monitoring
issues
that
are
of
high
risk
of
fraud,
waste
and
abuse
that
hasn't
changed
in
the
current
environment,
and
I'm
just
going
to
provide
some
updates
on
how
that
that
process
is
going
move
to
the
next
slide.
B
So
first
is
something
we
report
on
every
quarter
related
to
finance.
There
are
internal
controls,
testing
and
the
state
of
internal
controls
for
the
city,
so
happy
to
report
that
the
all
the
controls,
testing
that
was
scheduled
for
2019
was
completed,
which
is
great
and
internal
controls,
given
that
they've
been
able
to
test
all
of
these
are
moving
forward
with
a
new
2020
follow-up
plan
to
address
anything
that
came
up
during
that
internal
controls
testing,
and
at
this
point
chair
palmisano,
I
would
ask
for
your
permission.
H
H
So
to
that
end,
my
tenure
here
has
been
three
years
and
I'm
entirely
charged
with
implementing
evaluating
documenting
internal
controls
within
all
of
the
business
units
within
fps.
H
So
so
to
that
end,
we
have
created
tools
and
processes
to
to
document
the
business
unit,
key
controls
for
their
narratives,
the
17-point
checklist
of
risk
assessments
and
to
do
a
strategic,
swot
analysis
of
all
key
controls
and,
lastly,
to
to
test
key
controls,
and
I
think
a
distinction
worth
noting
here
is
that
there's
a
difference
between
internal
audit
and
internal
controls
is
that
eighty
percent
of
the
work
that
we
do
in
internal
controls
is,
we
is
process
related.
H
Executed
on
a
daily
basis
when
it
relates
to
transaction
processing,
and
we
focus
on
the
safeguarding
of
the
assets,
segregation
of
the
duties
making
sure
all
transactions
are
properly
authorized
and
at
the
end
of
every
month,
making
sure
reconciliations
are
done
and
that
at
a
high
level
making
sure
monitoring
is
done
to
make
sure
that
everything
is
supposed.
That's
supposed
to
happen
within
a
business
unit
happens
and
those
things
that
aren't
supposed
to
happen.
H
H
Our
goals
is
to
similar
to
ryan
is
to
partner
up
with
all
the
business
unit
department,
heads
and
their
teams
to
help
point
out
to
them
any
processes
that
need
to
be
shored
up
to
make
sure
that
we
are
recording
all
the
transactions
and
conforming
with
the
best
industry.
Practices
that
are
are
are
prescribed
by
the
kosovo
unit
and
and
and
and
internal
controls.
H
So
I
know
that
that's
a
lot
coming
at
you
and
apologize
if
I'm
using
too
much
jargon,
but
that
would
be
my
my
comments
this
morning.
B
Yes
thanks,
mr
fitipaldi.
That's
a
great
overview
and
I've
been
really
appreciative
of
our
collaboration.
I
think,
as
resources
are
tested
and
expertise
is
needed,
it's
been
very
great
to
work
across
departments,
and
I
see
our
two
work
units
really
collaborating
in
the
future
to
make
sure
that
we're
addressing
risks
and
emerging
issues.
So
I'm
very
happy
to
be
working
with
your
team
and
I
look
forward
to
that
collaboration
in
the
future.
B
B
Monitoring
we've
been
meeting
with
them,
they're
going
to
submit
new
guidelines
to
the
city
council
in
august
and
they're
going
to
include
a
number
of
accountability
measures
for
neighborhood
organizations
and
that
will
involve
audit
projects,
so
this
process
is
moving
along
despite
the
current
situation,
and
we've
been
working
with
them
to
make
sure
that
they're
addressing
all
those
key
issues
move
to
the
next
slide,
so
also
with
continuous
monitoring.
We've
been
working
with
the
park
and
recreation
board
in
their
five-year
reaccreditation
process,
so
every
five
years,
they're
re-accredited
as
an
agency.
B
B
Obviously
it's
happening
at
a
kind
of
unique
time
in
park
history,
so
it's
good
that
we're
they've
been
incredibly
transparent
with
us
and
hopefully,
we've
been
helpful
to
them
in
making
sure
that
they
can
continue
to
be
reaccredited,
move
to
the
next
slide.
B
Next
I'll
talk
about
prior
audit
issue
follow-up.
Again,
thank
you
to
my
team
for
working
on
these
issues.
It's
tough
in
the
current
environment
to
make
sure
that
we're
following
up
on
prior
open
audit
issues,
given
how
busy
and
stressed
out
departments
have
been,
but
that
doesn't
mean
that
those
issues
that
weren't
important
last
year
or
in
an
audit
finding
we
need
to
address
those
that
absolutely
needs
to
occur,
because
existing
risks
are
amplified
move
to
the
next
slide.
B
So
we
had
21
open
audit
issues.
In
january,
we
still
have
21
open,
audited
issues.
Some
are
coming
up
as
do
even
though
we
haven't
been
able
to
close
audit
issues.
At
the
rate
we
were
before,
we
were
very
close
to
closing
audit
issues
before
the
pandemic
struck
and
that
work
is
in
progress
and
absolutely
will
be
closed
as
time
permits
and
as
time
goes
on,
we
granted
extensions
to
a
number
of
departments
because
of
covet
19
impact
and
really
every
department
has
been
impacted
by
it.
B
But
it's
been
challenging
to
close
some
issues
because
they
require
development
of
processes
to
address
the
audit
issues.
Well,
at
the
same
time,
every
department
is
trying
to
develop
a
new
process
for
working
remotely
for
making
sure
that
people
are
protected
and
safe.
So,
as
we
were
in
discussions
to
finally
close
out
some
of
these
audit
recommendations
pandemic
struck,
I
guarantee
you
departments
are
working
to
close
them
and
will
have
more
closed
issues
in
the
future,
move
to
the
next
slide.
B
B
G
B
Non-Public
audit
reports
that
have
open
audit
issues
specifically
related
to
the
peoplesoft
web
portal
security
and
police
information
security.
We've
been
working
with
management
to
remediate
those
issues
and
we're
very
close
to
doing
so
again.
Covet
19
is
really
impact
the
ability
of
people
to
respond
to
these
at
the
moment,
but
they
are
working
on
those
move
to
the
next
slide.
B
So
we
here's
the
detail,
you
can
see
it
in
the
report
of
open
audit
issues.
Most
of
them
are
moderate.
Several
are
high
and
you'll
see
the
extensions
that
were
granted
in
in
the
open
audit
issue.
Detail
move
to
the
next
slide,
I'm
not
going
to
provide
a
specific
state
auditor
finding
update.
B
We
know
there
are
some
new
new
findings
that
are
being
addressed
and
previously
reported
finding
I'd
like
to
say
that
mr
fitipaldi
responded
specifically
to
the
monitoring
of
internal
controls,
finding
that
is
being
remediated
and
I
think,
as
the
state
auditor
audit
that
is
currently
going
on,
I
think
you'll
see
some
remediated
issues
move
to
the
next
slide.
D
If
I
could
pause
you,
mr
fischer
has
a
question
or
comment
for
a
previous
slide.
I
was
a
little
behind
in
that.
C
Thank
you,
chair
palmisano,
mr
patrick,
on
the
audit
issue.
Statistics
slide.
You
do
list
two
overdue
audit
issues.
Could
you
talk
a
little
bit
more
about
what
those
issues
are
and
why
they're
overdue.
B
Can
we
go
back
back
one
more
well
forward,
one
more
all
right,
so
you
can
see
some
in
the
records
management
audit.
I'm
sorry,
not
the
records
management
audit.
We
have.
B
I
I
my
sorry,
my
gray
bar
is
covering
the
ones
down
at
the
bottom,
so
the
aeg
contract
management
audit
is
overdue,
so
that
specifically
relates
to
entertainment
and
that
in
that
industry
has
been
impacted.
Looking
at
it,
it
was
due
march
31st.
They
have
actually
addressed
that
issue,
we're
doing
the
review
of
how
they've
addressed
that
issue
via
audit
and
we
will
be
able
to
close
or
report
back
on
that
issue
in
the
very
near
future.
But
again
an
industry,
that's
been
impacted.
B
We
respect
that
and
will
work
to
address
that
issue
in
in
the
coming
quarter.
The
mpd
third
party
audit
related
to
return
to
duty
determination
so
that
that
is
overdue.
However,
we
were
in
final
meetings
to
finish
that
project.
I
don't.
I
don't
want
to
report
on
something
that
isn't
specifically
documented.
We
don't
have
the
documentation,
but
I
can
say
that
mpd
had
specific
plans
in
place
to
address
return
to
duty,
so
that
will
be
happening
as
soon
as
we're
able
to
validate
that
open
issue,
we'll
be
able
to
close
that
out.
B
So
I
think,
on
the
overdue
audit
issues,
we
were
very
close
to
finishing
those
some
of
those
as
they
related
to
older
audits.
I
know
kind
of
records,
management
and
some
of
those
issues
they
they
will
be
addressed
in
upcoming
audits,
but
they
are
covid
impacted
and
so
addressing
the
risks
is
important,
but
making
sure
that
they've
addressed
covet
impact
on
those
previously
reported
findings
is
also
important,
and
some
of
the
issues
that
were
overdue
they've
been
extended.
C
It
does.
Thank
you
very
much.
I
just
one
follow-up
question
that,
as
a
consequence
of
being
overdue,
you
see
any
detrimental
impact.
The
city.
I
look
back.
B
B
B
We
just
have
a
very
specific
process
where
we
validate
that
those
audit
issues
are
closed
and
we
may
not
have
been
able
to
do
that
during
the
last
quarter.
We
we
were
very
close
to
being
able
to
validate
a
lot
of
these
audit
issues
to
close
them
out
and
then
disaster
struck.
I
imagine
that
within
the
next
quarter,
quarter
you'll
see
a
lot
of
these
pop
off
the
list
because
they
will
be
closed.
B
So
we
can
move
ahead,
several
slides
so
again
the
state
auditor
findings
there.
There
have
been
a
lot.
There's
been
a
lot
of
motion
at
the
city
to
address
these
audit
findings
and,
as
a
state
auditor
prepares
their
report
on
the
audit
that
they're
currently
doing,
I
think
you'll
see
a
lot
of
these
risks
have
been
addressed.
B
One
more
so
last
or
one
remaining
point.
I'd
like
to
address
relates
to
our
last
meeting,
specifically
the
sexual
assault,
evidence
kits,
we
that
was
a
consult,
so
there
weren't
open
audit
issues
related
to
it,
but
we
have
been
doing
follow-up
with
mpd
and
wanted
to
report
on
some
of
the
progress
they've
made
related
to
that
project.
B
So
if
we
can
move
to
the
next
slide,
so
that
report
was
presented
on
february
3rd
and
we
had
recommendations
to
management
on
how
they
handle
sexual
assault
examination
kits,
and
we
move
this
to
a
continuous
monitoring
state.
It's
not
again
they're,
not
audit
findings,
because
this
was
a
consultation,
but
those
recommendations
were
taken
seriously
and
to
their
credit,
they've
done
a
pretty
amazing
job
following
up
on
them.
B
So
management
is
in
the
process
of
implementing
policies
and
procedures,
and
they
have
implemented
a
lot
in
in
this
regard,
so
they
are
currently
forming
that
and
they've
made
significant
progress
and
I'm
sure
at
a
future
meeting
they'll
be
able
to
report
back
that
clear
documentation.
B
Recommendation
two
was
really
critically
important.
If
you
remember
the
notification
system
that
would
allow
mpd
to
know
that
a
kit
was
collected
and
needed
to
be
transmitted.
There
was
no
central
notification
system,
we're
happy
to
report
back
that
they
have
implemented
a
centralized
notification
system
for
when
a
kit
is
ready
to
be
picked
up
so
that
that
recommendation
has
been
addressed.
B
Move
to
the
next
slide,
mpd
in
the
county
attorney's
office
incorporated
the
recommendations
for
their
backlog,
tracker
and
they've
enhanced
that
tracker
in
the
methodology
they
use
to
track
sexual
assault
kits.
So
this
this
recommendation
has
been
implemented
and
they're
using
a
more
robust
tool
to
track
and
categorize
sexual
assault
kits
and
finally,
mpd
should
form
a
stakeholder
group
ensure
that
all
the
stakeholders
are
in
alignment,
that
the
testing
of
backlog
kits
is
timely.
B
Management's
been
in
regular
contact
with
the
vca
through
bi-weekly
meetings
that
work
group
is
happening
and
happy
to
report
that
testing
of
these
kits
in
the
backlog
is
occurring
on
a
steady
basis.
So
that
was
the
main
point
of
discussion
in
the
last
meeting
very
happy
to
report
that
this
testing
is
occurring
and
we
are
receiving
tests
back.
D
Or
comments
from
my
colleagues
on
that
one,
I
might
just
share
that
in
follow-up
to
that
meeting,
director,
patrick
and
others
I
wanted
to
let
you
know
I
did
have
a
conversation
with
drew
evans
from
the
bca
and
subsequent
follow-up
conversations
with
policymakers
at
the
legislature.
D
I
do
think
the
best
long-term
strategy
and
how
the
whole
system
works
of
sexual
assault
kits
is
to
have
a
centralized
system
at
the
state
level
for
everybody
in
minnesota
and
gosh
february
seems
like
a
very
long
time
ago,
right
now,
but
at
the
time
that
policy
seemed
to
be
moving
forward
through
the
state
legislature.
I
do
not
know
where
it
is
today,
but
on
a
much
on
a
different
level
and
on
a
different
scale
and
as
a
statewide
policy
change.
D
B
Thank
you,
chair,
paul,
masana,
move
ahead.
One
slide,
and
one
of
the
remaining
items
we'd
like
to
address
is
that
minneapolis
park
and
recreation
board
went
through
an
enterprise
risk
assessment
in
consultation
with
internal
audit.
We've
worked
together
a
lot
on
this
we'd
like
to
recognize
that
they've
worked
extremely
hard
to
do
an
enterprise
risk
assessment
that
could
be
a
model
to
departments
across
the
city.
They've
done
an
amazing
job
with
it
and
we're
happy
to
share
it
with
you
and
just
kind
of
talk
through
some
of
the
components.
B
B
So
again,
a
risk
assessment
gather
a
team
identify
key
risks,
bring
together
personnel.
Look
at
each
component
of
your
work
flow.
Look
at
each
unit
that
is
functioning
in
your
department
and
make
sure
that
you
systematically
categorize
risk
identified
it
and
work
to
mitigate
it.
You
need
management
and
staff
working
together.
This
is
a
really
deep
dive
that
only
a
department
can
do
because
they
are
the
experts
on
their
own
process.
B
With
internal
audit
assistance
to
form
a
pilot
program
and
provide
assistance
throughout
the
process,
so
we
know
how
to
do
risk
assessment
departments
know
their
business
practices.
When
we
get
down
to
the
department
level
in
doing
risk
assessment,
you
can
really
develop
an
effective
long-term
plan
to
mitigate
risk.
B
What's
the
next
slide,
they've
revised
risk
management
policies
and
procedures
to
incorporate
this
whole
process,
so
they
they
have
really
incorporated
this
work
into
their
workflow,
and
it
helps
with
that
five-year
accreditation
process.
They've,
effectively
managed
and
met
risks
and
used
national
best
practices
to
make
sure
that
they
continue
to
be
accredited
in
completing
several
risk.
Functional
risk
assessments.
B
D
B
So
when
a
department
has
a
strong
understanding
of
the
goals,
the
things
that
they
really
want
to
achieve
as
an
organization,
if
you're,
not
thinking
about
what
things
might
impact
your
ability
to
achieve
those
goals,
you're
missing
key
weaknesses
in
your
organization,
so
a
risk
is
generally
something
that
an
adverse
event.
You
know
one-off
instance
and
risk
is
broad.
It's
not
just
a
risk
that
finances
might
not
come
through.
It
can
go
across
multiple
categories,
for
instance,
reputational
risk
something
happens.
B
That's
not
necessarily
runs
a
foul
of
state
law
or
runs
a
foul
of
industry,
best
practices,
but
really
looks
bad.
That
may
impact
a
department's
ability
to
achieve
their
mission
in
serving
the
clients
and
serving
the
people
of
minneapolis,
so
in
a
risk
assessment,
you're
taking
working
with
every
unit
in
your
department
to
look
at
all
those
things
that
might
impact
your
ability
to
achieve
it.
You're
rating
those
risks
high
medium
low,
using
that
to
inform
how
you
prioritize
resources
and
how
you
effectively
mitigate
them.
D
F
Thank
you,
madam
chair
director,
patrick.
I
was
just
curious
as
to
whether
those
areas
for
functional
risk
assessments
were
identified
by
the
park
board
or
by
the
audit
group,
or
a
combination
of
the
two.
B
Audit
primarily
helped
with
the
process
of
risk
assessment
park
board
is
the
expert
in
knowing
their
organizational
goals
and
understanding
deeply
how
those
goals
might
be
impacted
by
various
risks.
So
internal
audit
can
really
help
facilitate
the
process.
We
know
how
to
do
that
deep
dive
and
we
can
provide
that
framework,
but
these
business
owners
or
business
managers.
They
really
know
the
specifics
of
how
their
organization
operates.
F
B
As
internal
audit
do
some
of
that
work
in
identifying
risks
and
we
can
help
with
it,
but
they
are
the
pros
and
the
park
board
really
put
in
the
legwork
on
this
one
and
really
took
a
critical
look
at
their
their
processes.
To
make
sure
that
they're,
identifying
and
mitigating
risk.
B
I
can
move
to
the
next
slide,
so
risk
that's
unavoidable.
You
can
there's
no
way
to
significant
there's,
no
way
to
completely
avoid
risk
if
there's
no
risk
in
something
you're,
not
you're,
not
really
doing
anything.
So,
given
that
you
can't
avoid
it,
the
risk
assessment
process
really
helps
you
respond
to
it.
It
helps
you
respond
to
it
proactively
before
a
risk
turns
into
a
significant
problem,
and
the
organization's
mission
is
impacted
so
audit.
B
B
They
did
an
amazing
job
and
we
we'd
like
to
continue
to
work
with
them
on
both
improving
that
plan,
but
also
making
sure
that
it's
a
model
that
we
see
across
the
city.
So
again,
thank
you
to
the
audit
committee.
I
know
I've
done
a
lot
of
presentations.
We
typically
like
to
break
it
up
and
let
the
people
are
kind
of
in
the
trenches
report
on
those
findings
because
they're
the
they're,
the
experts.
This
is
a
bit
of
a
different
format,
but
my
team
did
an
amazing
job.
B
Helping
me
prepare
for
this
and
doing
the
work
that
they're
doing
so.
Thank
you
to
you
get
travis
common.
You
did
amazing
work
and
our
consultants,
baker,
tilley
and
wild
card,
and
to
the
committee
for
receiving
these
presentations.
D
Thank
you.
I
like
this
new
end,
end
slide,
because
it
has
up
there
a
reminder
that
anybody,
any
member
of
the
public
or
anybody,
can
send
audit
department,
feedback
or
ideas.
It
has
our
ethics
report
line
for
tips
and
it
has
a
fraud,
waste
and
abuse.
D
You
know
as
a
reminder,
because
most
of
our
reports
of
fraud,
waste
and
abuse
actually
do
come
in
externally.
It
that's
a
nice
thing
to
make
sure
we
have
in
every
presentation.
So
our
city
attorney
has
a
has
a
comment
to
make.
Please
miss
trammell.
I
Council,
member
palmisano
susan
trammell,
here,
apparently
I've
got
poor
call
quality,
so
I've
got
to
turn
my
camera
off
with
the
hope
that
that
helps.
Can
you
hear
me,
we
can
hear
you
just
fine,
okay,
good,
that
ethics
report
line
number
is
not
a
public
number.
I
That
number
is
for
employees
and
persons
appointed
to
boards
and
commissions,
only
it's
an
internal
number,
so
that
should
not
be
publicized.
We
don't
take
complaints
from
the
public
via
that
line.
D
I
see
there
is
an
email,
that's
a
public
email
line.
Is
there
not
for.
D
C
Thank
you,
chair
palmisano,
mr
patrick.
This
is
a
kind
of
an
open-ended
question,
but
I
think
it's
something
our
audit
committee
should
ask.
Probably
at
every
meeting,
do
you
continue?
Does
your
department
continue
to
have
the
both
the
budgetary
and
personnel
resources
to
effectively
do
the
work
of
the
audit
committee.
B
Thank
you,
committee,
member
fisher
and
chair
paul
masano,
our
department.
We
have
a
small
team,
but
we
work
very
hard
and
luckily
work
very
hard
with
talented
departments
to
complete
a
lot
of
this
audit
work.
Some
of
the
audit
work
I'd
note,
specifically.
Cyber
security
related
audit
work
requires
a
high
degree
of
technical
expertise.
B
So
in
those
instances
we
often
work
with
consultants
to
actually
carry
out
that
work,
because
it's
not
you
know
it's
not
in
our
wheelhouse
and
it
doesn't
actually
make
sense
to
have
a
full-time,
I.t
auditor
on
staff.
While
we
all
love
to
have
more
resources,
it
sounds
like
every
department's
in
a
similar
boat.
It
is
effective
when
we
can
work
with
contractors.
Do
that
highly
specific
work?