►
From YouTube: April 27, 2020 Audit Committee
Description
Minneapolis Audit Committee Meeting
https://lims.minneapolismn.gov/
D
Good
morning,
welcome
to
the
regular
meeting
of
the
Audit
Committee
for
April
27th
2020
I
am
Lynn
a
Palmisano
and
I'm
the
chair
of
this
committee.
As
we
begin,
I
will
note
for
the
record
that
this
meeting
has
remote
participation
by
committee
members
and
staff
as
authorized
under
Minnesota
statutes,
section
13
d,
dot
0:21
due
to
the
declared
local
public
health
emergency
I
will
ask
the
clerk
to
call
the
roll,
so
we
can
verify
a
quorum
for
this
meeting.
Mrs.
Kasper.
C
D
D
D
A
E
A
C
D
F
D
A
E
A
D
D
D
I'm
pleased
to
welcome
council
member
Fletcher
councilmember
Fletcher
takes
Abdul
Waris
Ami's
place
as
council
member
saumui
stepped
down
from
the
Minneapolis
City
Council
to
take
on
a
new
role
as
head
of
the
mPHA,
the
Minneapolis
public
housing
authorities.
So
with
those
changes
come
some
new
assignments
and
councilmember
Fletcher
has
willingly
stepped
in
to
the
audit
committee.
I
wanted
to
offer
sorry
I
haven't
prepped
you
for
this
first
council
member,
but
I
wanted
to
see.
If
you
wish
to
say
a
few
words
or
anything
to
us
in
this
committee.
E
Sir,
thank
you
for
that.
I
I'll,
just
say
that
I
have
really
appreciated
the
output
of
this
committee.
I
think
the
the
work
of
the
Audit
Committee
gives
us
confidence
in
some
of
our
analysis.
You
know
at
the
council
and
has
given
us
some
tools
to
make
some
policy
decisions
that
are
very,
very
important,
so
I'm
appreciative
of
the
work
you
all
have
already
been
engaged
in
and
excited
to
get
to
play
a
role
in
it.
So
thank
you
for
welcoming
me
thank.
D
You
you'll
do
a
great
job
and
we
welcome
your
questions
and
comments
as
soon
as
as
soon
as
you
feel
ready.
We
have
them.
As
we
start,
we
have
some
new
business
and
most
of
the
rest
of
this
presentation,
I
think
will
be
from
director
interim
director
Patrick
unless
he
hands
it
over
to
others
on
his
team.
D
But
I
will
just
say
our
next
item
of
business
is
the
annual
risk-based
audit
plan
amendment
and,
as
I
mentioned
in
my
email
to
committee
members
last
week,
I
asked
our
audit
team
to
basically
throw
out
the
rest
of
their
year's
work
plan
as
they
wrapped
up
these
few
projects
and
take
a
look
at
what's
important
now
and
how
they
could
be
of
strategic
value
to
our
city
Enterprise.
At
this
time
they
have
responded
wonderfully
and
I'm
eager
to
have
interim
director
Patrick
talk
about
that
a
little
bit
more,
so
we're
in
new
business.
B
Thank
You
chair
Palmisano,
first
things.
First,
I'm
gonna
update
everyone
on
the
risk
assessment
and
that
will
lead
into
our
discussion
of
the
updates
to
the
audit
plan.
So
if
we
could
go
to
the
next
slide,
so
I'll
talk
first
about
the
process
and
results
the
impact
of
the
pandemic
on
the
assessment,
our
proposed
new
approach
to
addressing
Kovan
19
and
then
discuss
the
proposed
audit
plan
modifications
we
can
head
to
the
next
slide.
B
So
the
purpose
of
an
annual
risk
assessment
is
that
we
can't
entirely
avoid
risk
being
defined
as
events
which
impair
an
organization
and
achieving
objectives,
but
assessments
help
us
identify
quantify
and
rank
risk.
That's
what
drives
our
audit
plan?
We
base
our
work
on
risks
that
we
may
not
achieve
our
objectives
and
help
try
and
mitigate
those
risks,
via
audits
for
the
next
one.
B
So
if
we
look
back
at
the
February
update,
this
is
what
I
provided
to
you
that
we
had
completed
a
city
leadership
risk
assessment
survey.
We
met
with
department
heads
all
throughout
the
city,
including
Council,
and
mayor's
office,
sent
out
surveys,
both
managers
and
leadership,
and
then
started
prioritizing
projects
based
on
those
results
and
I
mentioned
that
at
this
meeting,
I
would
be
proposing
a
new
audit
plan
updated
to
reflect
current
enterprise
risks
at
this
meeting.
B
So
if
we
go
to
the
next
slide,
so
we
sent
out
those
surveys,
we
had
those
meetings
in
a
completely
different
set
of
circumstances.
All
of
these
surveys
were
conducted
prior
to
kovat
19
and
leadership
was
responding
to
what
they
saw
as
risks
in
that
prior
environment,
we're
in
a
rapidly
changing
in
complex
environment
and
one
that
certainly
impacted
by
kovat
19
and
as
we'd
like
to
meet
with
all
the
department,
heads
and
review
their
results
and
possibly
update
them.
Everybody's
been
working
very
hard.
B
It
wasn't
necessarily
time
given
that
it
took
us
months
to
complete
it
under
ideal
circumstances
to
do
that
update,
but
we
shouldn't
throw
out
those
results
just
because
leadership
was
responding.
In
those
circumstances,
some
of
the
risks
that
we
identified
are
just
amplified
by
the
current
situation
and
therefore
it's
worth
taking
a
look
at
those
and
seeing
how
they
might
be
impacted
by
Kovan.
So.
B
Next
kind
of
about
the
top
three
results
that
we
saw
during
that
risk
assessment
process,
so
the
first
and
kind
of
overwhelmingly
common
result
that
leadership
expressed
related
to
resources
and
staffing.
So
this
is
kind
of
a
common
thing
that
comes
up
regularly,
and
these
are
all
quotations
from
those
meetings
and
those
those
risk
assessment
surveys
that
we
sent
out
so
FTE
staffing
shortages,
turnover,
the
right
staff,
staffing
below
industry
standards.
You
see
the
same
comments
kind
of
popping
up
in
nearly
every
survey
that
we
did
with
leadership.
B
Well,
how
is
that
impacted
by
Kovan
if
we
have
massive
turnover
or
we
have
potential
layoffs?
If
we
have
situations
where
we
have
a
large
portion
of
the
workforce
out
or
unable
to
work
risk
that
was
identified
under
ideal
circumstances
is
certainly
amplified
in
the
current
environment
hope
to
the
next
line.
B
So
those
not
the
workgroups
not
having
best
practices
or
not
having
access
to
best
practices,
some
inefficient
workflows
that
led
to
delays
potential
for
non-compliance,
lack
of
oversight
over
assets
and
internal
controls.
So
if
we
were
already
missing
some
best
practices,
we
were
missing
some
policies
and
workflows
in
a
situation
where
things
have
totally
changed
and
people
are
following
entirely
new
workflows
because
of
remote
work
because
of
possible
work
shortages.
This
risk
is
certainly
amplified
over
the
next
slide
so
again,
Kovan
19
impacts.
All
of
these,
the
top
three
and
certainly
most
common
identified,
risks.
B
B
So
if
we
look
back
at
our
audit
plan,
this
is
the
stuff
that
we
add
on
for
kind
of
the
rest
of
the
year.
Some
would
have
moved
into
2021.
We
look
at
things
that
we
were
planning
to
audit
such
as
affordable
housing,
hiring
IT
governance
and
cybersecurity
revenue
collections
park
board
patron
safety.
These
are
all
things
that
look
really
different
in
the
current
environment.
B
If
we're
talking
about
affordable
housing
as
the
current
economic
situation
evolves
and
changes,
the
plans
that
we
use
to
address
them
might
change
so
taking
a
look
at
what
we're
currently
doing
and
auditing
what
we're
currently
doing.
As
those
things
change,
we
might
be
just
auditing,
outdated
information.
The
same
is
true
for
hiring.
The
same
is
true
for
governance
and
cybersecurity.
B
B
The
red
items
that
I
highlighted
are
ones
that
I
perceived
as
being
deeply
impacted
by
kovat
19,
so
several
of
those
related
the
arcgis
governance
and
IT
controls.
This
is
to
do
with
IT
related
information
for
our
mapping
systems.
So,
while
that
is
impacted,
its
the
mapping
system
is
fairly
static,
but
we
wanted
to
review
controls.
So
I
didn't
see
that
as
necessarily
as
impacted,
nor
did
I
see
it
as
the
same
level
of
priority.
B
Thank
you
for
question,
chair,
Palmisano,
Thanks,
so
I'm
proposing
six
parts
in
a
three-phase
special
project
that
internal
audit
can
use
to
address,
go
vat19,
so
I'm
gonna
walk
through
each
of
the
six
parts
and
talk
about
how
they
fit
into
a
new
audit
plan
over
our
over
three
phases.
That
is
likely
going
to
last
six
to
eight
months,
so,
first
audit,
as
we
function,
we
really
look
at
best
practices
in
the
industry.
We
try
and
develop
criteria.
B
That's
been
tested
across
jurisdictions
across
the
country,
we're
looking
at
key
performance
indicators
and
best
practices,
research
we
like
to
have
a
strong
knowledge
bank
before
we
approach
a
project
and
that
way
we're
providing
the
most
relevant
and
reliable
results.
We
want
to
be
able
to
work
with
departments
and
and
speak
with
authority
and
as
we've
shifted
into
this
new
environment,
so
much
has
changed,
and
this
is
true
across
the
entire
auditing
field.
B
My
team
and
I
have
been
meeting
weekly
with
auditors
from
around
the
country,
we're
all
looking
at
the
situation
and
recognizing
that,
while
we're
not
ittle
quick
to
address
this
audit
is
a
really
great
resource
to
addressing
the
new
and
amplified
risks
during
this
during
this
time.
But
we
don't
have
that
same
level
of
baseline
research.
We
don't
have
that
knowledge
well
to
pull
upon.
B
We've
moved
into
a
completely
different
environment.
We
departments
are
working
differently
now
and
having
to
work
differently
than
they
have
in
the
past
and
with
that
comes
all
sorts
of
new
policies,
procedures,
standard
operating
procedures,
both
those
documented
and
those
without
supporting
documentation.
B
As
the
city
works,
we
develop
processes
over
time
and
they
may
be
in
place
for
years
without
changing,
because
that
best
fits
the
workflow
when
something
comes
in
and
shakes
everything
up
like
this,
we're
all
forced
to
work
in
in
new
ways,
sometimes
that
policymaking
and
that
that
process
documentation
moves
slowly,
but
audit.
This
is
something
that
we
are
experts
at
is
documenting
and
really
breaking
down
a
process
to
its
components
and
making
sure
that
all
portions
are
covered
and
documented.
B
The
nice
thing
about
this
moving
along
with
the
criteria
and
best
practices,
research
is
that
we
can
draw
on
our
expertise
as
process
documenter
zand
evaluators.
Well
we're
not
using
kovat
related
information
to
do
that.
We're
helping
departments
really
make
sure
that
they
have
all
those
new
and
improved,
workflows,
documented
and
clearly
laid
out
so
that
that
helps
mitigate
some
risk
so
part
three.
It
will
need
to
be
fueled
by
that
criteria.
Best
practices,
research,
it's
looking
at
department,
continuity
planning
in
that
rapidly
changing
financial
environment.
B
So
we
know
that
there
is
going
to
be
an
economic
impact
on
the
city
related
to
kovat.
That
is
absolutely
clear.
We
also
know
that
it's
going
to
impact
the
workforce,
it's
gonna
impact
discretionary
budgets
and
a
wide
variety
of
items.
Could
we
go
back
one
slide
Thanks
as
we
feel
these
impacts.
We
also
need
to
use
the
research
that
we
tackle
in
part
one
to
help
departments
plan
and
become
resilient,
that
as
things
change
as
things
shift
we're
looking
ahead
and
making
sure
that
we're
mitigating
the
risks
that
pop
up
further
down
the
road.
B
The
impact
of
this
is
going
to
be
long-lasting.
It's
not
simply
gonna
change
overnight
and
we
need
to
work
with
departments
as
we
do.
An
audit
on
special
projects
to
help
them
plan
become
resilient
and
mitigate
risks
that
they
aren't
able
to
achieve
their
objectives
by
adequately
planning
for
the
future
can
move
to
the
next
line.
B
B
There
are
plenty
of
people
out
there
who
are
willing
to
take
advantage
of
the
situation
and
as
economic
pressures
increase
for
people
and
businesses,
we
start
to
lose
some
of
the
normal
processes
that
we'd
follow
we're
required
to
work
faster
and
with
less
resources,
and
that
sometimes
this
opens
us
up
to
fraud,
waste
and
abuse.
What
sectors
are
really
impacted?
B
I
mean
it's
starting
to
become
more
clear
in
my
conversations
with
department
heads
where
they're
seeing
these
types
of
issues
pop
up,
but
we
need
to
make
sure
that
as
we're
working
in
audit,
we
are
making.
We
are
focusing
first
on
those
sectors
where
we
can
help
prevent
and
mitigate
the
risk
that
we
experience,
fraud,
waste
and
abuse
five
is
there
may
be
single
audit
requirements
related
to
Kovan
19
funding.
B
So,
as
we
get
grant
money
from
the
federal
and
state
federal
government
in
the
state
government,
there
may
be
audit
requirements
attached
to
those
attached
to
grants
and
whatnot.
They
may
require
that
we
produce
documentation
and
we
want
to
work
with
departments
who
are
receiving
that
money
to
make
sure
that
they're
adequately
documenting
what
they're
doing
with
it.
So
that
they're
prepared
for
audit
audit
prepared
is
really
important.
It
allows
that
department
to
execute
it
without
it
significantly
impacting
their
their
work
and
their
staff
time.
B
If
internal
audit
for
the
city
is
helping
them,
prepare,
it's
not
going
to
impact
them
as
severely
when
they're
forced
to
turn
over
significant
amounts
of
documentation
to
that
funding.
So
six-
and
this
is
far
down
the
road,
but
it's
looking
at
the
continuity
of
operations
and
analyzing
how?
How
did
we
do
as
a
city?
Did
we
stick
to
our
continuity
of
operations
plan
and
was
that
plan
effective?
Will
we
have
the
right
data
to
be
able
to
evaluate
our
response
and
moving
forward?
B
Are
we
using
the
best
information
to
inform
how
we
change
that
that
plan
in
the
future?
So
that's
obviously
later
down
the
road
when
we
do
have
the
opportunity
to
look
back
we'd
like
to
work
on
that
and
work
with
teams
to
see
how
their
continuity
of
operations
plan
was
able
to
help
them
address
the
crisis
over
the
next
slide.
B
So
my
recommendations
related
to
this
risk
based
assessment.
First,
we
have
to
work
to
understand
and
remediate
resource
resource
constraints
and
I'm
speaking
specifically
to
internal
audit.
Excuse
me,
as
our
budget
changes
and
as
our
staff
changes
staff
time
changes
because
we're
addressing
so
many
things.
We
know
that
we
can't
do
as
many
audits
not
related
to
Kovan
19
as
we'd
like,
so
we
first
need
to
prioritize
and
that's
that's.
B
A
really
key
part
of
risk-based
assessment
is
that
you
are
placing
priorities,
your
priorities
in
the
right
places
and
therefore
we
should
modify
our
audit
plan
and
address
prior
identified
issues,
because
those
risks
are
amplified
and
supplemented
with
current
projects
to
really
address
the
current
situation.
We'd
like
to
open
quarter
two
of
this
year
to
proceed
with
this
kovat
19
approach
and
I'll
kind
of
explain
the
phases
a
little
further,
but
a
quarter
two.
B
We
need
to
be
working
with
departments
across
the
country
to
make
sure
that
everybody
is
well
informed
and
we
can
proceed
with
the
most
effective
plan
in
the
future.
So
we're
recommending
also
that
some
of
the
future
audits
are
split
and
those
concepts
and
perhaps
move
to
consultations,
which
is
a
different
type
of
process.
That
audit
uses
to
work
with
departments.
B
So
this
is
the
new
proposed
2020
audit
plan
that
I
have
for
you.
The
first
two
items
you'll
see
in
italics.
Those
are
projects
that
are
already
moving
forward,
so
we're
already
in
the
work
phase
on
them
and
while
they
were
proposed
prior
to
kovat
19,
they
are
really
relevant
to
the
current
situation.
So
so
one
is
the
contract
amendments
review
as
we
are
forced
to
contract
in
a
rapidly
changing
environment.
It's
important
to
understand
our
control
environment
and
make
sure
that
they're
adequately
designed
to
mitigate
risks.
B
So
luckily
this
project
was
already
in
place,
but
it's
become
more
relevant
than
it
was
when
it
was
initially
put
on
the
audit
plan.
The
second
relates
to
grant
administration
as
grant
money
flows
in.
We
want
to
make
sure
that
we
are
looking
at
key
controls
and
addressing
them.
So
it's
good
that
both
of
these
projects
are
in
place.
We
want
to
continue
with
them
and
we
have
the
resources
to
do
so.
They
are
certainly
covin
19
related,
so
the
yellow
items
are
items
that
I
recommend
modifications
or
additions.
B
So
first
is
the
quan
köppen
19
related
consultation,
Projects,
phase-one,
I've
split
that
six
point
approach
into
three
phases
and
the
first
is:
we
want
to
collaborate
with
the
alga,
which
is
the
Association
of
local
government
auditors
and
Auditor
audit
directors,
audit
shops
around
the
country
to
build
that
knowledge
bank.
We
need
to
speak
from
a
place
of
authority
and
the
only
way
we're
going
to
do
so
is
if
we
have
adequate
information.
Unfortunately,
there's
not
a
ton
of
that
that
looks
at
what
a
pandemic
that
spreads
over
six
to
eight
months.
B
There's
just
not
a
lot
of
that
research
out
there
and
we're
working
to
develop
it
right
now.
We
need
that
information
to
specifically
work
with
departments
on
identifying,
documenting
and
strengthening
key
control
processes.
So
over
q2
and
q3,
we
plan
to
first
really
build
that
knowledge,
bank
and
second
use
it
to
inform
our
work
with
departments.
B
So
again,
as
we
finish
that
moving
into
the
second
phase
of
our
Kovan
19
related
work,
reviewing
department
strategies
to
cope
with
budget
and
staffing
constraints,
we
know,
based
on
the
risk
assessment,
that
staffing
is
a
major
issue
for
departments
across
the
city.
We
need
to
work
with
them
to
kind
of
mitigate
some
of
those
risks
that
they
felt
that
they
were
experiencing
the
major
constraints,
given
that
the
financial
situation
and
the
current
environment
is
totally
different.
B
So
we
plan
to
once
we
have
that
knowledge
bank
review
key
Department
strategies
that
cope
with
this
very
issue.
That's
gonna
be
a
significant
lift
and
it's
gonna
be
a
challenging
project
in
a
lot
of
ways,
but
we
will
be
working
with
department,
heads
and
adding
value
by
helping
them
figure
out
how
to
mitigate
some
of
those
risks.
So
the
next
yellow
highlighted
item
is
actually
part
of
something
that
was
on
the
audit
plan,
but
now
I've
split
it
into
two
parts.
B
So
first
is
addressing
the
maturity
and
readiness
of
the
city
I
t's
governance
and
cybersecurity
risk
management
programs.
So
you,
if
you
see
that
and
then
kind
of
the
last
highlighted,
yellow
item,
assessing
the
maturity
and
readiness
of
the
cybersecurity
risk
management
programs.
Both
are
critically
important.
Governance
deals
with
this
kind
of
structure
in
which
we
address
cybersecurity
data
security
and
system
security.
B
So
the
cybersecurity
audits.
There
are
pretty
pretty
specific
and
require
a
significant
degree
of
kind
of
IT
experience.
So
it's
not
something
that
my
team
we're
not
we're,
not
IT,
auditors
per
se.
This
is
something
we
typically
work
with
Contractor
on
someone
who
is
a
specific
cybersecurity
analyst
so
later
down
the
road
we'd
like
to
work
with
them
to
do
the
type
of
testing
that
really
determines
whether
or
not
our
cyber
security
systems
are
functioning
effectively,
but
that
is
just
because
the
systems
are
working.
B
If
we
don't
have
a
coherent
governance
strategy,
it
is
less
effective,
so
I
think
we
should
prioritize
first,
something
that
my
team
can
work
on
and
that's
looking
at
governance
frameworks
and
then
later
down
the
road
test.
Those
systems
I
have
still
on
here
the
q3
revenue
and
collections
on
it.
So
initially
that
project
was
to
look
broadly
across
the
city,
look
at
all
the
revenue
streams
and
how
we
collect
money
and
make
sure
that
we're
mitigating
any
risks
related
to
collection
of
that
money.
B
So
now
I,
because
that
has
changed
so
much
I'd
still
like
to
keep
that
on
the
audit
plan.
It
may
not
start
necessarily
in
q3
but
we'd
like
to
keep
it
on
there,
but
we
would
like
to
focus
specifically
on
departments
that
collect
revenue
that
may
be
deeply
impacted
by
kovat
19,
so
in
q4-
and
this
is
a
pretty
ambitious
plan
to
address
phase
three-
that's
reviewing
compliance
with
the
continuity
of
operations
plan
during
the
pandemic.
This
is
on
is
q4
that
may
be
pushed
into
the
following
year.
B
We
don't
know
necessarily
when
that
might
happen
now,
but
we
want
to
make
sure
that
it's
on
the
plan
and
that,
as
we're
discussing
with
department
heads
all
the
other
things
that
we're
working
on
that
we're
keeping
in
mind
that
down
the
road
we're
going
to
address
that
issue.
It
gives
us
when
it's
on
the
plan.
It
is.
It
highlights
our
need
to
make
sure
that
we're
preparing
and
helping
departments
with
audit
preparedness
for
that
future
audit,
affordable
housing
and
equity,
and
hiring
both
very
relevant
items.
B
Right
now,
the
like
I
mentioned
before
looking
at
affordable
housing
right
now
as
we're
in
this
rapidly
changing
environment
might
not
be
the
most
effective.
That's
why
I
pushed
it
down
the
road
on
this
proposed
audit
plan,
how
we
can
move
to
the
next
slide.
So
you'll
still
see
the
audits
that
we
mentioned
earlier
that
we're
on
the
plan
they're
bumped
to
2021.
Those
are
all
very
relevant
audits.
That's
why
they
were
on
the
plan
before
we'd
still
like
to
keep
him
on
the
plan,
we're
not
striking
them.
B
We
just
think
that
they
would
be
more
addressable
in
2020
after
we've
really
spent
the
bulk
of
our
resources
on
addressing
kovat
19
move
to
the
next
lane.
Oh,
that
may
be
the
last
line
so
that
those
are
the
proposed
changes.
I
have
I
think
it
gives
my
team
the
most
flexibility
to
address
the
emerging
challenging
environment.
It
allows
us
to
take
some
time
to
really
focus
on
addressing
Kovan,
19
and
building
that
knowledge
bank.
B
We
are
going
to
be
a
key
resource
and
we
want
to
be
a
key
resource
to
departments
making
sure
that
we're
adding
value
not
getting
in
their
way,
given
that
their
workloads
are
very
intense,
but
allowing
us
to
work
with
them
to
address
this
kind
of
wildly
changing
environment.
With
that,
I
would
be
happy
to
answer
questions
and
appreciate
your
input
journey.
D
Of
my
colleagues
have
comments
or
questions
about
this
item
as
people
think
about
it.
I'll
just
say
that
I've
been
meeting
frequently
with
internal
audit
to
hear
what
they're
doing
and
how
they've
been
working
in
this
rapidly
changing
environment,
I'm,
especially
pleased
to
hear
how
not
just
director
Patrick
every
member
of
our
audit
team
is
reaching
out
to
other
cities
right
now
and
I.
Think
that's
really
I
think
that's
really
important.
I
think
it's
easy
and
natural
to
kind
of
narrow
one's
focus
to
immediate
needs
in
this
kind
of
ant
pandemic,
environment.
D
Right,
there's
so
much
outside
of
our
control
that
I
think
people
tend
to
I
mean
you
need
to
narrow
and
just
focus
on.
What's
immediately
in
front
of
you,
but
I
have
been
so
happy
that
internal
audit
is
regularly
in
contact
with
their
peers
in
other
cities,
some
that
are
further
ahead
in
the
pandemic
curve
and
some
that
I
think
are
less
ahead
and
I
really
think
that
shows
in
the
approach
that
they've
taken
here.
Miss
Johnston
has
a
question
or
comment:
go
ahead.
F
A
question
my
comment
is
to
thank
you
for
really
showing
the
leadership
to
ask
for
a
revision
of
the
plan.
I
think
that
was
really
great
and
we
have
to
learn
from
all
the
craziness.
That's
out
there
right
now,
so
I
want
to
just
thank
you
and
also
for
director
Patrick
Burt
for
taking
it
on
and
doing
such
a
nice
job.
I
thought
he
did
a
nice
review.
F
One
of
my
question
really
is
is
if
the
departments
are
able
to
have
take
advantage
of
this
disruption
in
service
to
work
on
some
things
that
sometimes
our
back
burner
when
you're
not
providing
the
direct
service,
something
some
companies
have
done
a
lot
more
training
online
training.
Things
like
that
and
trying
to
take
advantage
of
the
disruption
and
I
was
just
wondering
if
you
had
heard
of
any
of
that.
Thank
you.
B
Not
sure
Palmisano,
Council
or
committee
member
Johnston,
yes
kind
of
two
parts
to
that
question
one
is
some
back
burner.
Stuff
has
actually
been
easier
to
address
during
this
time.
It's
interesting
as
people
go
to
work
remotely.
Some
people's
workload
has
changed,
so
we've
actually
been
able
to
tackle
some
projects
and
meetings
that
we
people
might
have
been
too
busy
to
tackle.
Otherwise.
So
there
is
some
work
that
is
easier
or
more
accomplishable.
B
That's
a
word.
During
this
time
period,
and
particularly
when
people
have
work
with
so
much
electronic
documentation,
they
don't
need
to
have
physical
access.
We've
been
able
to
complete
some
of
those
projects
to
the
training
question.
Certainly
there
have
been
so
many
kovat
related
trainings
kind
of
opportunities
to
do
those
types
of
activities.
I
hope
people
are
taking
advantage
of
it.
My
team
has
certainly
been
attending
many
webinars
mom
put
on
by
alga
and
we're
building
that
resource
bank.
F
D
D
C
D
A
C
D
Next,
we
have
our
C
ped,
grant
management
audit
report
and
because
this
has
been
an
audit
engagement
and
one
that
we're
wrapping
up
now,
it's
a
little
bit
more
familiar
when
we
do
this
in
person
and
it's
a
little
bit
more
organic,
but
in
this
virtual
environment,
I
still
have
asked
director
Frank
to
join
us
today.
As
the
audited
clients,
we
typically
ask
them
to
to
offer
up
some
thoughts
or
to
see
how
this,
how
this
project
has
perhaps
impacted
them
or
how
it's
gone
for
them.
D
It's
their
opportunity
to
to
say
a
few
words,
so
I
have
asked
director,
Frank
David
Frank,
to
join
us
here
today
and
I'll.
Let
him
start
us
off
in
terms
of
the
grant
mat
management
work,
which
is
one
small
but
really
important
part
of
what
he
has
in
our
economic
development
department.
Director
Frank
thank.
G
G
This
is
taxpayer
money,
even
though
it's
not
City
money
that
we
are
passing
through
and
our
policies
should
be
followed
and
so
we're
glad
to
work
with
the
audit
team,
including
director
Patrick,
to
make
sure
that
we
are
doing
everything
that
we
need
to
be
doing
and
I'm
pleased
to
say
we're
on
board
I'm
happy
to
be
here,
and
we
think
this
is
good
work
happy
to
answer
any
questions
before
or
after
the
director's
presentation.
Thank
you
thank.
D
You
I'll
go
ahead
and
turn
it
over
now
to
director
Patrick
to
give
us
the
meat
of
that
audit
report,
and
just
so
people
know
David
Frank
and
his
team.
They
have
seen
and
even
had
a
chance
to
respond
to
the
audit
before
you
so
there.
There
are
no
surprises
in
this
in
terms
of
how
C
ped
sees
this
audit,
as
is
typical
in
the
audit
work
that
we
do
so
director
Patrick.
B
Thank
You
chair
Palmisano,
first
things
first
well,
I'll
be
presenting
on
the
contents
of
audit
results
and
in
the
auditor,
update
I'll,
discuss
on
@issue
follow-up
and
continuous
monitoring
I
like
to
acknowledge
my
team,
normally
we'd
have
them
presenting
and
answering
questions
in
typical
fashion,
because
this
is
their
hard
work
that
let
us
get
to
this
point.
It's
challenging,
given
that
we're
doing
this
meeting
over
teams
and
in
a
remote
environment
so
I'll
be
presenting
the
work,
but
I
want
to
acknowledge
who
gets
very
hard
work
on
this
grant
management.
B
Audit
Travis's
work
in
all
of
these
audits
and
audit
issue,
follow-up
and
komlin
working
very
hard
in
each
of
these
audits
and
looking
at
continuous
monitoring
so
I
just
before
we
get
started
just
because
I'm
presenting
this,
they
really
did
a
lot
of
the
legwork
and
I'm
deeply
appreciative
that
they've
been
able
to
accomplish
so
much
in
this
new
environment.
So
with
that,
we
can
go
to
the
next
slide.
B
So
the
objective
in
this
grant
management
audit
was
to
work
with
C
ped
on
addressing
internal
controls,
whether
they
were
adequate
to
ensure
compliance
and
efficient
grant
management.
C
ped
manages
tens
of
millions
of
dollars
worth
of
grants,
and
this
audit
looked
at
the
controls
they
have
in
place
during
that
know,
the
next
slide.
B
So
the
scope
looked
at
the
grant
management
process
during
January
1st
2018
through
December
31st
2019.
So
we
were
looking
specifically
at
the
processes
in
economic
policy
and
development
and
housing
policy
and
policy
development.
So
these
are
two
areas
that
that
handle
a
lot
of
grants
and
our
scope
included
roughly
a
two
year
period
move
to
the
next
slide.
B
We
reviewed
their
Palestine
procedure
documents
to
ensure
rules,
regulations,
grant
management's,
were
adequately
communicated
to
recipients
and
staff
comply
with
those
requirements
and
have
information
to
perform,
see,
fed
grant
administration
duties.
We
address
the
adequacy
of
the
monitoring
process
to
mitigate
financial
compliance
and
fraud,
risks
and
assess
the
adequacy
of
sub
recipients
and
contractors
to
ensure
that
grant
contracts
are
appropriately
executed,
effectively
managed
in
terms
and
conditions
adhere
to.
B
We're
addressing
also
just
the
completeness
accuracy
and
timeliness
of
the
closeout
and
reporting
process,
and
not
just
the
administration,
but
the
closeout
process
as
well.
What's
the
next
slide
so
first
things
first
before
we
talk
about
the
one
audit
issue
see
ped
like
I
mentioned,
is
dealing
with
tens
of
millions
of
dollars
worth
of
grants.
And
it's.
If
you
look
in
the
report,
the
report
that
was
sent
out
earlier
this
week,
you'll
know
that
we
found
widespread
compliance.
That
risks
were
adequately
managed.
This
is
a
very
clean
bill
of
health.
B
See
ped
is
certainly
addressing
the
risks
and
monitoring
and
new
changes
in
the
compliance
landscape
and
their
plans
adequately
address
risk.
We
had
one
low
risk,
rated
audit
issue,
low
risk,
rated
issue,
meaning
we
don't
really
see
a
need
for
a
management
plan.
This
is
a
low
issue
and
one
that
maybe
industry
best
practices,
but
not
necessarily
a
compliance
issue,
and
in
this
instance
it
was
just
that
policy
and
procedure
documents,
don't
always
contain
a
date
that
indicates
when
it
was
last
reviewed
and
updated.
We're
not
saying
that
policies
aren't
reviewed
on
a
regular
basis.
B
Nor
are
we
saying
that
they're
not
updated
to
address
the
changing
in
compliance
requirements
simply
that
they're
not
dated.
So
that's
that's
a
very
low-risk
issue
and
I'd
like
to
say
that
see:
ped
arrested
almost
immediately
their
dating
policies
and
this
issues
mitigated.
So
that's
as
far
as
things
are
concerned,
a
very
clean
bill
of
health
and
one
that
would
allow
us
to
feel
confident
that
that
risks
are
sufficiently
addressed.
D
As
I
wait
to
see
if
there
are
others
that
want
to
speak
with
comments
or
questions
to
this
audit,
I
will
say,
I
think
it
was
rather
fortuitous
that
this
was
in
progress
before
before
we
ever
were
starting
to
see
or
prepare
for
Co
vid
related
issues
in
our
city.
But
this
is
a
group
that
will
soon
potentially
handle
grants
and
loans
for
emergency
kovat
assistance
and
director
Frank.
D
If
you
would
correct
me
if
I'm
wrong
in
that,
but
but
I
do
think
that
they
will
be
handling
some
of
the
processing
of
things
so
for
this
small
ish
Department
within
your
larger
part
of
the
organization,
it
would
really
go
from
an
audit
risk
standpoint
from
a
lower
risk.
Perhaps
infrequently
look
that
committee
on
a
risk
panel
to
being
very
high
risk.
Indeed,
so
it
seems
like
it's
really
nice
to
see
this
clean
bill
of
health
and
that
everything
is
working
well.
G
G
Yes,
we
are
inventing
new
programs
for
a
small
business
and
for
emergency
housing,
assistance
and
modifications
to
stable
home,
stable
schools.
So
it's
not
it's
not
exactly
the
same,
but
yes,
I,
agree
with
you.
It
is.
It
is
timely
and
it
is.
We
appreciate
getting
the
alcohol
clean
bill
of
health,
as
the
director
said,
just
as
we're
embarking
on
new
programs
that
hand
out
different
kinds
of
taxpayer
money.
We
appreciate
it.
D
D
Okay,
then
I'll
ask
them
is
Casper
to
as
the
clerk
to
call
the
roll
on
item
number
five
and
that
would
be
true.
Steven
filed
this
report
and
direct
staff
to
publish
the
report
which,
for
new
audit
committee
members
is,
is
a
little
different
than
how
we
operate
in
regular
city
business.
There's
very
specific
reasons
for
that
on
audit
committee,
that
I
won't
bother
to
go
into
unless
people
have
concerns,
but
so
item
number
five
is
to
receive
file
and
publish
this
report
and
make
it
public
newscaster.
A
D
D
B
You
so
this
was
another
audit.
We
can
move
to
the
next
slide.
B
So
we
looked
at
the
workflows
and
I
want
to
say
also
that
we
worked
on
this
with
our
partners
at
Baker
Tilly.
So
they
were
really
the
experts
on
this
project
and
I'm
happy
to
take
questions
on
it
and
normally
we'd
have
them
here.
To
answer
questions
I
can
take
questions
and
forward
them
to
our
partners
at
Baker
Tilly,
but
they
were
really
the
experts
on
this.
So
looked
at
user
access
interviewed
observed
inspected.
B
We
followed
our
normal
audit
process,
looking
at
charts,
workflows
all
of
that
stuff
to
make
sure
that
the
system
was
working
effectively
captured
those
workflows.
This
is
a
pretty
standard
audit
of
a
new
system.
The
next
line,
where
there
were
three
findings,
no
high
risk
rated
findings,
but
we
wanted
to
walk
through
the
findings
and
observations
and
also
note
that
we
have
management
responses
in
the
document.
B
Some
of
those
responses,
while
they
could
have
been
maybe
mitigated
faster
because
of
kovat
19.
We
granted
extensions
to
some
of
them,
so
the
team
has
an
opportunity
to
address
them,
so
the
user
access
reviews,
so
our
user
access
reviews
completed
on
a
timely
prescribed
basis.
We
noticed
not
necessarily
that
it
wasn't
happening,
but
there
needed
to
be
a
formal
user
access
with
you.
That's
performed
at
least
annually.
B
So
our
second
finding
related
to
system
configuration
changes
and
our
recommendation
was
to
implement
a
formal
change
management
policy.
So
this
is
something
we
see
regularly
that
as
the
workflows
change
and
as
changes
are
made
in
a
new
system,
because
it's
common
to
have
changes
and
tweaks
to
a
system
going
on
that
there's
an
adequate
change
management
policy
that
documents
the
changes,
testing
and
approval
prior
to
it
actually
moving
to
productions
before
the
changes
are
actually
implemented
in
the
system
that
they
follow
a
change
management
process
to
do
so
with
adequate
testing.
It's
not
that!
B
B
So
the
last
is
final
approval
of
provision,
roles
and
preferences
for
new
users
not
consistently
documented.
So
again,
this
is
just
implementing
a
formal
procedure
to
document
approved
roles
and
preferences
for
new
user
requests.
So,
as
users
are
added
to
the
system
and
user
accesses
change
that
there
is
a
formal
documentation
system
that
we
can
look
back
on,
make
sure
that
it's
happening
correctly
and
that
users
are
getting
that
least
necessary
access.
So
a
lot
of
these
findings
relate
to
more
documentation
of
process.
B
It's
not
that
because
they're
not
high
risk
rated
findings,
we're
not
saying
that
those
things
aren't
happening.
The
recommendations
tied
more
into
making
sure
that
this
is
all
formally
documented
addressed
and,
like
I
mentioned
earlier,
we've
already
hammered
out
a
timeline
to
address
these.
These
findings
there's
already
a
plan
in
place
and
we'll
be
happy
to
report
back
in
the
near
future
that
that's
occurred.
D
A
B
Hello
again
and
again,
I'd
like
to
credit
our
work
with
wild
card,
their
firm
that
we
work
with
on
IT
and
cyber
security,
related
audits
and,
as
they've
been
working
with
us
on
body
camera
audits.
They
become
kind
of
experts
in
the
field.
So
thank
you.
Wild
card
they're,
not
presenting
with
me,
as
they
normally
would
during
the
audit
committee,
but
I'm
happy
to
go
through
the
results.
This
is
something
I'm,
also
quite
familiar
with,
as
I've
worked
on
past
body
camera
on
it.
So
we
can
discuss
this.
B
There
are
a
lot
of
slides
in
this
report.
That's
because
there's
so
many
components
that
are
required
by
state
law
to
be
audited
to
mange,
maintain
compliance
so
I'm
going
to
go
through
this
kind
of
quickly,
but
I'd
like
to
note
that
they
have
a
totally
clean
bill
of
health
before
we
get
started,
we'll
go
through
each
item,
but
the
park
board
has
done
a
great
job.
Maintaining
compliance
with
state
law
requirements
move
to
the
next
slide.
D
As
we're
getting
to
the
right
slide
here,
allow
me
to
jump
in
similar
to
how
director
Frank
came
to
our
committee
and
talked
a
little
bit
about
the
audit
that
his
group
was
part
of
I
did
I
invited
chief
ohad,
oh
the
Park
Police
police
chief,
to
see
if
he
wanted
just
to
make
any
comments
that
I
would
share
so
that
he
didn't
need
to
get
set
up
on
Microsoft
teams
and
be
present
for
a
whole
meeting
and
that
kind
of
thing
in
this
environment.
He
has
a
lot
going
on,
but
he
did.
D
He
responded
not
just
informally,
even
but
with
a
full
letter
to
to
all
members
of
the
audit
committee
that
they
I
regret.
I
got
it
on
Friday
and
I
didn't
share
with
you,
but
I
will
share
it
and
also
give
it
to
the
clerk
to
publish
with
on
limbs
as
you
wish.
But
I
will
just
summarize
what
it
says
he
wanted
to
recognize
and
thank
the
audit
committee
and
staff
from
our
internal
audit
department
for
their
sincere
support
and
professionalism
over
the
past
18
months.
D
He
talked
a
little
bit
about
how
this
started
in
2018
and
how
they
worked
with
wildcard
and
here's.
What
I
think
is
the
crux
of
what
he
said.
He
said
the
audit
process
not
only
has
reduced
risk
for
the
MPR,
be
it
is
resulted
in
practices
that
better
serve
the
residents
of
Minneapolis
and
all
those
who
visit
our
park
system.
So
that's
from
Chicco
Hado
and
I
just
wanted
to.
Maybe
you
can
introduce
that
along
with
this
audit
to
does
the
tech
team
have
the
slide
that
you
want
up
yet
I.
Don't.
B
See
it
but
I
have
them
in
front
of
me.
I
can
just
talk
through
some
of
this
I
think,
because
there
are
no
findings.
It's
it's
possible
that
we
can
just
talk
through
this
I'd
sent
out
the
report
in
advance
and
sure
we
can
read
through
it.
So
let
me
just
let
me
just
go
through
them:
I
have
them
open
in
front
of
me
on
my
computer,
so
that
says.
D
B
Excellent
and
it's
it's
a
number
of
slides,
but
again
I'm
gonna
go
through
it
kind
of
quickly,
just
based
on
the
fact
that
this
committee
has
received
body-worn
camera
reports
in
the
past,
and
we
have
no
findings
on
this
on
this
report.
So,
first
just
looking
at
the
scope,
the
criteria
that
we
use
for
this
is
all
related
to
state
law
requirements.
So
you
can
see
in
the
report
the
number
of
statutes
that
touch
on
this
specific
issue.
B
We
tested
compliance
with
all
of
the
state
statutes
that
are
required.
Our
methodologies,
this
common
framework
that
we
used
based
on
the
American
Institute
of
CPAs,
the
information
and
system
audit
Control
Association.
This
is
a
pretty
standard
audit
and
one
that
we
become
pretty
comfortable
with,
given
that
we've
been
working
with
MPD
on
this
biannual
basis
to
do
their
audit.
So
it's
a
three
phase:
audit
planning
execution
reporting
using
that
methodology.
B
First
for
most
Minneapolis
parks,
Police
Department,
is
compliant
with
Minnesota
statutes.
So
again,
there
are
no
findings.
They
are
compliant
with
statutes.
They
have
a
written
policy
that
addresses
all
the
mandatory
components
in
Minnesota
statute.
Thirteen
point
eight
two,
five
Oh
excellent,
so
the
policy
upon
its
review
meets
all
of
the
mandates.
We
can
move
to
the
next
slide
data
classification,
so
data
is
required
to
be
classified
as
public
non-public.
There
are
some
specific
components,
but
Park
Police
has
adequately
set
up
the
system
to
classify
data.
B
Everything
is
above
board
in
that
regard,
move
to
the
next
one
body,
worn
cameras,
assign
the
categories
by
officers
and
that
categorization
is
reviewed
by
supervisors.
So
it
has
the
appropriate
retention
policy
and
data
is
automatically
destroyed.
After
that
time
period
is
lapse.
That's
compliant
with
state
statute
and
supervisors
are
adequately
doing
this
and
move
to
the
next
line.
B
Part
of
the
state
statutes
requires
a
police
department
to
be
able
to
produce
a
report
that
details,
inventory
recordings
and
data
captured
and
Park
Police
Department
has
it
in
place
that
they
can
quickly
generate
that
report,
so
they
are
compliant
with
that
state
law
component
move
to
the
next
line,
handling
of
data
requests
they
receive
requests.
They
have
a
process
to
validate
that
the
individual
is
making
that's
making
the
request,
because
some
of
this
data
is
non-public.
B
B
One
more
slide,
so
data
is
secure.
They've
implemented
correct
user
access
rules
to
make
sure
that
people
don't
have
access
to
portions
of
the
system
that
they're
not
required
to,
and
they
have
a
written
authorization
process,
that's
a
confirmed
by
via
email.
So
there
is
a
documentation
process
that
indicates
that
people
are
getting
in
access
according
to
what
they're
able
to
reveal
move
to
the
next
slide.
That
may
be
it
no.
A
B
More
procurement
process
that
integrates
all
the
state
law
requirements,
no
major
procurements
that
fall
within
the
audit
period,
but
they
do
have
the
process
in
place.
I
believe
that's,
that's
the
final
slide.
So
with
that
being
said,
we
looked
at
all
of
the
required
components
required
by
state
law
and
found
in
each
instance
that
the
Park
Board
has
adequately
met
those
state
law
requirements.
We
have
no
findings
related
to
this.
The
program
is
healthy
and
running
as
expected.
B
This
is
specifically
related
to
state
law
requirements.
We
looked
at,
though
we
looked
at
adequacy
for
some
issues,
so
it
didn't
just
touch
on.
Did
it
meet
the
minimum
basic
requirements,
but
there
was
an
somewhat
of
an
added
adequacy
component
to
it.
So
not
only
are
we
noting
and
the
findings
that
they
met
state
law
requirements,
but
that
their
policies
adequately
cover
the
range
of
work
that
they're
doing
mm-hmm.
E
B
May
not
know,
we've
had
passed
Minneapolis
Police,
Department
audits,
that
added
issues
that
didn't
specifically
tie
two
state
law
requirements.
That's
not
what
this
audit
was
doing
per
se,
but
it
is
as
a
first
audit
of
a
body,
worn
camera
program,
it's
good
to
test
and
make
sure
that
they
are
compliant
with
those,
and
we
also
wanted
to
note
that
they
went
through
a
consultation
process
prior
to
implementing
body
cameras.
B
So
that's
an
important
thing
to
note
that
they
work
with
our
audit
team
in
implementing
their
program
to
make
sure
that
they
were
addressing
these
state
law
requirements.
So
it's
nice
to
see
the
connection
between
that
consultation
that
happened
early
on
before
body
wearing
cameras
were
implemented
and
how
it's
resulted
in
a
clean
bill
of
health.
At
this
point,
yeah.
D
C
Thank
You
chair
Palmisano,
mr.
Patrick
I'm,
not
sure
this
is
within
a
scope
of
the
audit.
You
did
the
body
worn
camera,
but
does
the
Park
Board
the
perk
word?
Please
have
the
same
policy
that
if
the
city
please
do
that
they
are
required
to
turn
on
their
body
cams
when
they
are
engaging
with
citizens
at
any
time.
B
I'm
happy
to
send
over
a
copy
of
the
park,
Police
Department's
body-worn
camera
policy.
They
are
addressing
activation
in
a
similar
way
to
the
Minneapolis
Police
Department
I,
don't
believe
they
have
the
exact
same
policy,
given
that
their
department
does
some
different
things,
but
I'm
happy
to
send
along
a
copy
of
that
policy.
If
it's
not
an
appendix
in
the
actual
report,.
D
C
D
You
that
carries-
and
that
item
is
approved
last
but
not
least
in
our
items
of
a
new
business
I-
need
to
make
a
motion
to
extend
the
employment
of
director
Patrick
to
this
interim
position.
So
if
you
would
remember,
our
initial
appointment
of
him
was
at
least
in
contract
form,
if
not
spoken,
and
Audit
Committee
was
a
temporary
one
of
a
few
months
in
time.
I
think
you
will
agree
with
me
that
he
is
doing
just
fantastic
work
in
this
role
and
for
the
time
being,
we
need
to
keep
up
his
interim
status.
D
A
D
D
B
Thanks
for
Palmisano
and
again,
I
want
to
just
thank
my
staff's
hard
work
on
putting
together
to
this
auditor
update.
Well,
I
am
presenting
on
it.
It's
the
work
of
the
entire
team
they're
doing
an
amazing
job
in
the
crisis
and
they've
worked
very
hard
to
continue
to
the
work
about
it.
That
kind
of
meat
and
potatoes
of
our
work
and
I
think
you'll
see
in
this
auditor
update
that
that
work
is
continuing,
so
we
can
move
to
the
first
line.
So
first
I'll
do
some
audit
project
updates
kind
of
the
work
in
progress.
B
A
B
Projects
here
you
see
and
move
forward,
one
slide
budget
three
projects.
So
this
this
all
happened.
What's
in
the
last
quarter,
we
managed
to
complete,
since
the
last
Audit
Committee
meeting
in
February,
we've
managed
to
continue
to
complete
projects
and
they're
all
very
relevant
while
we
didn't
anticipate
kovat
19
prior
to
starting
these
projects,
I
think
they're,
really
important
and
I'm
glad
that
my
team
was
able
to
complete
them.
B
Given
the
current
crisis,
move
to
the
next
lay
so
again,
the
prior
audit
projects
that
are
currently
in
progress,
rather
than
halting
these
in
addressing
simply
Cova.
These
are
coded
related.
So
it's
really
important
that
we
continue
that
work,
the
construction
contracts,
audit
phase,
two
looking
at
city
contracts
and
construction
contracts
and
change
orders
to
specifically
address
controls.
B
This
is
really
critical
right
now,
as
we
are
doing
all
sorts
of
contracting
and
buying
and
changing
that
we
might
not
have
been
doing
otherwise
so
making
sure
that
this
process
is
effective,
absolutely
critical,
I'm
glad
that
it's
an
honor
project
in
progress.
The
second
is
the
park
board:
grant
management
audit
much
like
the
c-pen
grant
management
audit.
It's
really
important
to
look
at
grants
that
we're
receiving
and
making
sure
that
compliance
and
fraud
risks
are
sufficiently
mitigated.
B
This
again
is
super
relevant
right
now
very
relevant
right
now
and
I'm
glad
that
this
projects
currently
in
place
move
to
the
next
Lane.
So
next
I'll
talk
about
continuous
monitoring.
We
are
always
monitoring
issues
that
are
of
high
risk
of
fraud,
waste
and
abuse
that
hasn't
changed,
get
in
the
current
environment
and
I'm
just
gonna
provide
some
updates
on
how
that
that
process
is
going
move
to
the
next
slide.
So
first
is
something
we
report
on
every
quarter
related
to
finance.
B
There
are
internal
controls,
testing
and
the
state
of
internal
controls
for
the
city,
so
happy
to
report
that
all
the
controls,
testing
that
was
scheduled
for
2019
was
completed,
which
was
great
and
internal
controls,
given
that
they've
been
able
to
test
all
of
these
are
moving
forward
with
a
new
2020
follow-up
plan
to
address
anything
that
came
up
during
that
internal
controls
testing,
and
at
this
point,
chair,
Palmisano
I,
would
ask
for
your
permission.
I
have
Chris
Fittipaldi
who's
directly
tied
to
this
work
and
overseeing
this
work.
H
Good
morning,
hi,
everyone
thank
you
for
inviting
me
to
today
give
you
a
little
update
on
what's
going
on
with
the
internal
controls
area
within
the
city.
First
of
all,
I
thought
it
might
be
helpful
to
describe
to
you
what
the
vision
the
general
vision
is
for.
The
internal
controls
is
to
monitor
and
evaluate
policies
and
procedures
to
protect
our
assets,
provide
reliable
financial
information,
promote
effective
and
efficient
operations
that
ensure
compliance.
H
By
doing
this,
we
will
minimize
fraud,
theft
and
errors,
develop
and
maintain
reliable
financial
and
management
reporting
and
comply
with
state
statutes
and
all
regulations
and
assure
overall
operational
efficiency.
So
to
that
end,
my
tenure
here
has
been
three
years
and
I'm
entirely
charged
with
implementing
evaluating
documenting
internal
controls
within
all
of
the
business
units
within
fps.
H
So
so
to
that
end,
we
have
created
a
tools
and
processes
to
to
document
the
business
unit,
key
controls
for
their
narratives,
the
17
point
checklist
of
risk
assessments
and
to
do
a
strategics,
SWOT
analysis
of
all
key
controls
and,
lastly,
to
to
test
key
controls
and
I.
Think
a
distinction
worth
noting
here
is
that
there's
a
difference
between
internal
audit
and
internal
controls
is
that
80%
of
the
work
that
we
do
in
internal
controls
is,
we
is
process
related.
In
other
words,
we
focus
on
our
best
business
industry
practices
being.
H
Executed
on
a
daily
basis
when
it
relates
to
transaction
processing-
and
we
focused
on
the
safeguarding
of
the
assets,
segregation
of
the
duties
making
sure
all
transactions
are
properly
authorized
and
at
the
end
of
every
month,
making
sure
reconciliations
are
done
and
that
at
a
high
level
making
sure
monitoring
is
done
to
make
sure
that
everything
is
supposed.
That's
supposed
to
happen
within
a
business
unit
happens
and
those
things
that
aren't
supposed
to
happen.
H
They
focus
more
on,
as
as
Ryan
pointed
out
in
his
presentation
today,
he
is
all
the
results.
Oriented
and
here's
where
everything
lies.
Our
goals
is
to
similar
to
Ryan
is
to
partner
up
with
all
the
business
unit
department,
heads
and
their
teams
to
help
point
out
to
them
any
processes
that
need
to
be
shored
up
to
make
sure
that
we
are
recording
all
the
transactions
and
conforming
with
the
best
industry,
practices
that
are
prescribed
by
the
co
so
unit
and
and
and
internal
controls.
B
Yes
thanks
mr.
Fittipaldi,
that's
a
great
overview
and
I've
been
really
appreciative
of
our
collaboration.
I
think,
as
resources
are
tested
and
expertise
is
needed.
It's
been
very
great
work
across
departments
and
I
see
our
two
work
units
really
collaborating
in
the
future
to
make
sure
that
we're
addressing
risks
and
emerging
issues
I'm
very
happy
to
be
working
with
your
team
and
I
look
forward
to
that
collaboration
in
the
future.
F
B
We've
been
working
with
also
NCR
or
neighbourhood
community
relations
to
improve
neighborhood
organization.
Monitoring
we've
been
meeting
with
them.
They're
gonna
submit
new
guidelines
to
the
City
Council
in
August
and
they're
gonna
include
a
number
of
accountability
measures
for
neighborhood
organizations
and
that
will
involve
audit
projects.
So
this.
A
B
Is
moving
along
despite
the
current
situation,
and
we've
been
working
with
them
to
make
sure
that
they're
addressing
all
those
key
issues
move
to
the
next
line,
so
also
with
continuous
monitoring,
we've
been
working
with
the
Park
and
Recreation
Board
in
their
five-year
RIA
credit
Asian
process.
So
every
five
years
there
reoccur
edited
as
an
agency.
This
has
first
happened
in
2010
RIA
credited
in
2015,
so
2020
is
the
second
renewal
of
this
process.
B
Obviously
it's
happening
at
a
kind
of
unique
time
in
Park
history,
so
it's
good
that
we're
they've
been
incredibly
transparent
with
us,
and
hopefully,
we've
been
helpful
to
them
in
making
sure
that
they
can
continue
to
be
regretted,
move
to
the
next
slide.
Next
I'll
talk
about
prior
audit
issue
follow
up
again.
Thank
you
to
my
team
for
working
on
these
issues.
B
So
we
had
21
open
audit
issues
in
January.
We
still
have
21
open
audit
issues.
Some
are
coming
up
is
due,
even
though
we
haven't
been
able
to
close
out
at
issues
at
the
rate
we
were
before,
we
were
very
close
to
closing
audit
issues
before
the
pandemic
struck
and
that
work
is
in
progress
and
absolutely
will
be
closed
as
time
permits
and
as
time
goes
on,
we
granted
extensions
to
a
number
of
departments
because
of
kovat
19
impact
and
really
every
department
has
been
impacted
by
it.
B
But
it's
been
challenging
to
close
some
issues
because
they
require
development
of
processes
to
address
the
audit
issues.
Well,
at
the
same
time,
every
department
is
trying
to
develop
a
new
process
for
working
remotely
for
making
sure
that
people
are
protected
and
safe.
So,
as
we
were
in
discussions
to
finally
close
out,
some
of
these
audit
recommendations
pandemic
struck,
I
guarantee
you
departments
are
working
to
close
them
and
we'll
have
more
closed
issues
in
the
future
move
to
the
next
line.
B
B
G
B
Non-Public
audit
reports
that
have
open
audit
issues
specifically
related
to
the
peoplesoft
web
portal
security
and
police
information
security.
We've
been
working
with
man
to
remediate
those
issues
and
we're
very
close
to
doing
so
again.
Kovat
19
has
really
impact
the
ability
of
people
to
respond
to
these
at
the
moment,
but
they
are
working
on
those
I
move
to
the
next
line.
So
we
here's
the
detail,
you
can
see
it
in
the
report
of
open
audit
issues.
Most
of
them
are
moderate.
B
Several
are
high
and
you'll
see
the
extensions
that
were
granted
in
in
the
open
audit
issue.
Detail
move
to
the
next
slide,
I'm,
not
going
to
provide
a
specific
state
auditor
finding
update.
We
know
there
are
some
new
new
findings
that
are
being
addressed
and
previously
reported
finding
I'd
like
to
say
that
mr.
Fittipaldi
responded
specifically
to
the
monitoring
of
internal
controls,
finding
that
is
being
remediated
and
I.
Think
as
the
state
auditor
audit
that
is
currently
going
on,
I
think
you'll
see
some
remediated
issues
move
to
the
next
one.
D
C
B
We
go
back
back
one
more
up
for
everyone
all
right,
so
you
can
see
some
in
the
records
management.
Audit,
I'm,
sorry
that
the
records
management,
not
it,
we
have
I.
My
sorry,
my
gray
bar
is
covering
the
ones
down
at
the
bottom,
so
the
AG
contract
management
on
it
is
overdue.
So
that
specifically
relates
to
entertainment
and
that
in
industry
has
been
impacted.
Looking
at
it,
it
was
due
March
31st.
B
They
have
actually
addressed
that
issue,
we're
doing
the
review
of
how
they've
addressed
that
issue
via
audit
and
we
will
be
able
to
close
or
report
back
on
that
issue
in
the
very
near
future.
But
again
an
industry,
that's
been
impacted.
We
respect
that
and
we'll
work
to
address
that
issue
in
in
the
coming
quarter.
The
MPD
third
party
audit
related
to
return
to
duty
determination
so
that
that
is
overdue.
However,
we
were
in
final
meetings
to
finish
that
project
and
I.
Don't
I,
don't
want
to
report
on
something
that
isn't
specifically
documented.
B
We
don't
have
the
documentation,
but
I
can
say
that
MPD
had
specific
plans
in
place
to
address
return
to
duty,
so
that
will
be
happening
as
soon
as
we're
able
to
validate
that
open
issue.
We'll
be
able
to
close
that
out.
So
I
think
on
the
overdue
audit
issues.
We
were
very
close
to
finishing
those
some
of
those.
A
B
They
related
to
older
audits,
I,
know,
kind
of
records,
management
and
some
of
those
issues
they
they
will
be
addressed
in
upcoming
audits,
but
they
are
kovat
impacted
and
so
addressing
the
risks
is
important,
but
making
sure
that
they've
addressed
kovat
impact.
Those
previously
reported
findings
is
also
important,
and
some
of
the
issues
that
were
overdue
they've
been
extended.
B
A
B
They
were
overdue.
We
were
in
the
process
of
validating
closing
these
out.
So,
yes,
there
is
an
impact
when
audit
issues
aren't
addressed,
but
that
doesn't
just
because
we
haven't
closed
them
out
doesn't
mean
the
department
hasn't
done
significant
work
to
mitigate
those
risks.
We
just
have
a
very
specific
process
where
we
validate
that
those
audit
issues
are
closed
and
we
may
not
have
been
able
to
do
that
during
the
last
quarter.
B
B
So
we
can
move
ahead,
several
slides
so
again
the
state
auditor
findings
there.
There
have
been
a
lot.
There's
been
a
lot
of
motion
at
the
city
to
address
these
audit
findings
and,
as
a
state
auditor
prepares
their
report
on
the
audit
that
they're
currently
doing
I
think
you'll
see
a
lot
of
these
risks
have
been
addressed,
move
add
one
more
so
last.
B
One
remaining
point
I'd
like
to
address
relates
to
our
last
meeting,
specifically
the
sexual
assault,
evidence
kits
we
that
was
a
consult,
so
there
weren't
open
audit
issues
related
to
it,
but
we
have
been
doing
follow-up
with
MPD
and
wanted
to
report
on
some
of
the
progress
they've
made
related
to
that
project.
Not
so
if
we
can
move
to
the
next
slide,
so
that
report
was
presented
on
February
3rd
and
we
had
recommendations
to
management
on
how
they
handle
sexual
assault
examination
kits,
and
we
move
this
to
a
continuous
monitoring
state.
B
It's
not
again
they're,
not
audit
findings,
because
this
was
a
consultation,
but
those
recommendations
were
taken
seriously
and
to
their
credit.
They've
done
a
pretty
amazing
job
following
up
on
them.
I'll
move
to
the
next
line,
so
our
first
recommendation,
just
a
refresh
procedures,
should
be
reviewed
and
updated
to
include
key
roles
and
processes.
So
management
is
in
the
process
of
implementing
policies
and
procedures,
and
they
have
implemented
a
lot
in
in
this
regard.
B
So
they
are
currently
forming
that
and
they've
made
significant
progress
and
I'm
sure
in
a
future
meeting
they'll
be
able
to
report
back
that
clear
documentation.
Recommendation
to
was
really
critically
important.
If
you
remember
the
notification
system
that
would
allow
MPD
to
know
that
a
kit
was
collected
and
needed
to
be
transmitted.
There
was
no
central
notification
system,
we're
happy
to
report
back
that
they
have
implemented
a
centralized
notification
system
for
one
attack.
It's
ready
to
be
picked
up
so
that
that
recommendation
has
been
addressed.
B
Move
to
the
next
line,
MPD
in
the
County
Attorney's
Office
incorporated
the
recommendations
for
their
backlog,
tracker
and
they've
enhanced
that
tracker
in
the
methodology
they
use
to
track
sexual
assault
kits.
So
this
this
recommendation
has
been
implemented
and
they're
using
a
more
robust
tool
to
track
and
categorize
sexual
assault,
kids
and
finally,
MPD
should
form
a
stakeholder
group
ensure
that
all
the
stakeholders
are
in
alignments
that
the
testing
of
backlog
kits
is
timely.
Management's
been
in
regular
contact
with
the
BCA
through
bi-weekly
meetings
that
workgroup
is
happening
and
happy
to
report.
C
D
Meant
from
my
colleagues
on
that,
one
I
might
just
share
that
in
follow
up
to
that
meeting.
Director,
Patrick
and
others
I
wanted
to.
Let
you
know,
I
did
have
a
conversation
with
drew
Evans
from
the
BCA
and
subsequent
follow-up
conversations
with
policymakers
at
the
legislature.
I
do
think
the
best
long-term
strategy
and
how
the
whole
system
works
of
sexual
assault
kits
is
to
have
a
centralized
system
at
the
state
level
for
everybody
in
Minnesota
and
gosh
February
seems
like
a
very
long
time
ago.
D
Right
now,
but
at
the
time
that
policy
seemed
to
be
moving
forward
through
the
state
legislature.
I
do
not
know
where
it
is
today,
but
on
a
much
and
a
different
level
and
on
a
different
scale
and
as
a
statewide
policy
change.
I
know
that
the
local,
our
local
representatives,
are
hugely
supportive
and
engaged
in
that
work.
So
just
as
a
tangent
really
not
related
to
MPD.
B
You,
chair,
Pablo
Senna
one
slide,
and
one
of
the
remaining
items
we'd
like
to
address
is
that
Minneapolis,
Park
and
Recreation
Board
went
through
an
enterprise
risk
assessment
in
consultation
with
internal
audit.
We've
worked
together
a
lot
on
this
we'd
like
to
recognize
that
they've
worked
extremely
hard
to
do
an
enterprise
risk
assessment
that
could
be
a
model
to
departments
across
the
city.
They've
done
an
amazing
job
with
it
and
we're
happy
to
share
it
with
you
and
just
kind
of
talk
through
some
of
the
components.
B
It's
it's
a
it's
phenomenal
work
that
they've
done,
and
it's
something
that
we
can
really
learn
a
lot
from
throughout
this
process.
So
go
to
the
next
slide.
So
again,
a
risk
assessment
gather
a
team
identify
key
risks,
bring
together
personnel.
Look
at
each
component
of
your
work
flow,
look
at
each
unit
that
is
functioning
in
your
department
and
make
sure
that
you've
systematically
categorized
risk
identified
it
and
work
to
mitigate
it.
You
need
management
and
staff
working
together.
B
B
When
we
get
down
to
the
department
level
in
doing
risk
assessment,
you
can
really
develop
an
effective
long-term
plan
to
mitigate
risk
to
the
next
Lane
they've,
revised
risk
management
policies
and
procedures
to
incorporate
this
whole
process,
so
they
they
have
really
incorporated
this
work
into
their
workflow,
and
it
helps
with
that
five-year
accreditation
process.
They've,
effectively
managed
and
met
risks
and
used
national
best
practices
to
make
sure
that
they
continue
to
be
accredited
in
completing
several
risk.
Functional
risk
assessments.
B
The
whole
organization
is
going
to
have
a
completed
risk
assessment.
Obviously
kovat
19
impacts
this,
but
the
plan
was
to
have
it
completed
by
the
end
of
2020.
It's
amazing
work
that
they're
actually
going
to
have
tackled
the
entirety
of
their
organization
for
unit
level
risk
assessments.
It's
it
really
does
do
a
lot
to
address
those
kind
of
day-by-day
risks
that
departments
face.
B
D
B
Sure,
absolutely
so
audit
typically
defines
risk
as
anything
that
may
impair
an
organization
from
achieving
its
goals.
So
when
a
department
has
a
strong
understanding
of
the
goals,
the
things
that
they
will
really
want
to
achieve
as
an
organization,
if
you're,
not
thinking
about
what
things
might
impact
your
ability
to
achieve
those
goals,
you're
your
missing
key
weaknesses
in
your
organization,
so
a
risk
is
generally
something
that
an
adverse
event.
B
You
know
one-off
instance
and
risk
is
broad.
It's
not
just
a
risk
that
finances
might
not
come
through.
It
can
go
across
multiple
categories,
for
instance,
reputational
risk
something
happens.
That's
not
necessarily
runs
afoul
of
state
law
or
runs
afoul
of
industry
best
practices,
but
really
looks
bad.
That
may
impact
a
department's
ability
to
achieve
their
mission
in
serving
the
clients
and
serving
the
people
of
Minneapolis,
so
in
a
risk
assessment,
you're
taking
working
with
every
unit
in
your
department
to
look
at
all
those
things
that
might
impact
your
ability
to
achieve
that.
B
Your
rating,
those
risks
high
medium
low,
using
that
to
inform
how
you
prioritize
resources
and
how
you
effectively
mitigate
them.
It's
something
that
every
department
can
benefit
from
and
it's
something
that
internal
audit
we're
experts
on
these
risk
assessments
and
that's
why
it's
great
and
we
can
work
together
in
this
type
of
situation,
to
complete
a
very
thorough
and
accurate
risk
assessment.
D
B
Audit
primarily
helped
with
the
process
of
risk
assessment.
Park
Board
is
the
expert
in
knowing
their
organizational
goals
and
understanding
deeply
how
those
goals
might
be
impacted
by
various
risks.
So
internal
audit
can
really
help
facilitate
the
process.
We
know
how
to
do
that
deep
dive
and
we
can
provide
that
framework,
but
these
business
owners
or
business
managers.
They
really
know
the
specifics
of
how
their
organization
operates.
We.
B
B
I
can
move
to
the
next
lane,
so
risk
that's
unavoidable.
You
can
there's
no
way
too
significant,
there's
no
way
to
completely
avoid
risk
if
there's
no
risk
in
something
you're,
not
you're,
not
really
doing
anything.
So,
given
that
you
can't
avoid
it,
the
risk
assessment
process
really
helps
you
respond
to
it.
It
helps
you
respond
to
it
proactively
before
a
risk
turns
into
a
significant
problem,
and
the
organization's
mission
is
impacted
so
audit.
B
So
again,
thank
you
to
the
park
board
for
that
hard
work
and
I'd
like
to
share
out
their
risk
assessment
plan.
To
the
extent
that
we
can
it's
a
really
good
model
for
a
lot
of
departments.
They
can.
They
did
an
amazing
job
and
we
we'd
like
to
continue
to
work
with
them
on
both
improving
that
plan,
but
also
making
sure
that
it's
a
model
that
we
see
across
the
city.
So
again,
thank
you
to
the
audit
committee.
I
know
I've
done
a
lot
of
presentations.
B
We
typically
like
to
break
it
up
and
let
the
people
are
kind
of
in
the
trenches
report
on
those
findings
because
they're
the
they're,
the
experts.
This
is
a
bit
of
a
different
format,
but
my
team
did
an
amazing
job.
Helping
me
prepare
for
this
and
doing
the
work
that
they're
doing
so.
Thank
you
to
you
get
Travis
komlin.
You
did
amazing
work
and
our
consultants,
Baker
Tilly
and
wild
card,
and
to
the
committee
for
receiving
these
presentations.
B
D
D
I
Councilmember
Palmisano
Ron
Susan
Trammell
here
apparently
I've
got
poor
call
quality,
so
I've
got
to
turn
my
camera
off
with
the
hope
that
that
helps.
Can
you
hear
me,
we
can
hear
you
just
fine,
okay,
good,
that
ethics
report
line
number
is
not
a
public
number.
That
number
is
for
employees
and
persons
appointed
to
boards
and
commissions,
only
it's
an
internal
number,
so
that
should
not
be
publicized.
We
don't
take
complaints
from
the
public
via
that
line.
I
see.
D
C
Thank
You,
chair
Palmisano,
mr.
Patrick.
This
is
a
kind
of
an
open-ended
question
where
I
think
it's
something
our
audit
committee
should
ask
Bradley
at
every
meeting.
Do
you
continue
because
your
department
continue
to
have
the
both
the
budgetary
and
personnel
resources
to
effectively
do
the
work
of
the
audit
committee.
B
Thank
you,
committee,
member
Fischer
and
chair
Palmisano,
our
department.
We
have
a
small
team,
but
we
work
very
hard
and
luckily
work
very
hard
with
talented
departments
to
complete
a
lot
of
this
audit
work.
Some
of
the
audit
work
I'd
note
specifically
cybersecurity
related
a
lot
of
work
requires
a
high
degree
of
technical
expertise.
So
in
those
instances
we
often
work
with
consultants
to
actually
carry
out
that
work,
because
it's
not
you
know
it's
not
in
our
wheelhouse
and
it
doesn't
necessarily
make
sense
to
have
a
full-time
IT
auditor
on
staff.
B
Well,
we
all
love
to
have
more
resources.
It
sounds
like
every
departments
and
a
similar
boat.
It
is
effective
when
we
can
work
with
contractors.
Do
that
at
highly
specific
work,
I
think
that
as
a
team
we're
working
effectively
to
mitigate
risk
in
the
way
that
internal
audit
does
I
know
that
budget
conversations
and
things
are
happening
in
the
future
and
we'll
be
looking
at
that
specific
issue
as
we
move
forward.
But
our
team
is
working
really
effectively
to
finish
the
audit
plan
and
address
the
issues
that
are
brought
forward.