The state Auditor’s Office says problems with Tacoma’s new computer system created “significant weaknesses” in the city’s financial controls, created security problems and increased the risks that mistakes or misappropriations might not be quickly detected – or detected at all.
Auditors recommended that Tacoma officials take several steps to solve the problems, including pursuing an independent audit of the computer system.
The city’s poor handling of its computer conversion project generated the only “finding” in the state audit. The audit covered mostly 2003. But auditors looked at the computer system from October 2003 through September 2004.
The report underlines problems pointed out by critics and documented by The News Tribune this week in a four-part series. City Council members on the government performance committee got a preview of the audit Wednesday from Mark Rapozo, the state’s lead Tacoma auditor. The latest report won’t be final until the city formally responds to it, likely later this week or next.
Councilman Mike Lonergan, chairman of the performance committee, said the city recognizes that it could have handled the computer project better, and it’s working to address problems.
“All we can do is look ahead,” he said.
But the audit looks back – to flaws in the implementation of the new computer system, which was turned on in October and November of 2003. Auditors said city officials should have conducted a study before embarking on the project to determine if it was worth doing.
Once the project was under way, officials should have done a better job of training employees to use the system, the report says.
As a result of the failures, officials turned on the system before they were certain that internal controls were adequate, the report says. And once they turned on the system, officials couldn’t fix problems without the help of outside consultants, adding to the cost of the project.
Yet as of September, the city still had not received all the functions it paid for, the report adds.
The failures led to errors in utility billing, accounts payable and payroll. Other problems documented in the audit include:
• Budgeting. “The system was designed to budget by cost center, not by funds. The City adopts its budget at the fund level. There are no ‘hard stops’ programmed into the system to prevent departments from exceeding their budgets.”
• Treasury reports. “For almost a year, staff in the City Treasurer’s Office had to work around the new computer system using a spreadsheet program in order to determine why cash didn’t balance. During our audit of cash and investments, we determined the problem was a system flaw that caused interest to double post.”
• Security. “Under the new system, many City employees in various departments have been granted access to confidential customer account information, such as Social Security numbers. This increases the potential for misuse of personal information and increases the risk of identity theft. Although the City has a confidentiality policy that gives the City recourse against employees found misusing personal information, this policy does little to prevent theft of information and provides no recourse to the victims.”
The 2003 audit marks the second straight year in which the city has received a “finding” on its audit.
Last year’s audit contained 10 findings, or instances where auditors dinged the city for sloppy accounting practices and failure to follow city rules and regulations.
State Auditor Brian Sonntag praised city officials for their response to the issues identified last year. Many of them are considered resolved, and the city is making progress on the others, he said.
“They took it seriously and went to work on some things,” Sonntag said.
But Sonntag said this year’s finding regarding the computer system is significant because the system affects so many aspects of city government.
“It’s one finding, but it’s a huge deal,” Sonntag said.
Lonergan said that the city already has completed or is working on many of the recommendations in the draft audit.
For instance, the city is preparing to seek proposals for an independent audit of the computer system.
Immediately following Rapozo’s presentation, council members heard an update from computer department director Dave Otto on efforts to get an independent audit of the system.
Officials hope to recommend a company to the government performance committee in late April and complete a study before the end of the year.
A second portion of the audit cited problems with the way the city handled two federally funded programs. The report says officials failed to obtain required certification from a company that got funding for a salmon recovery project and from five recipients of law enforcement block grant funds.
Auditors determined that all of the recipients were eligible to get the money. The failure to obtain certification could jeopardize future federal funding.
In addition, the audit recommended that Tacoma give back about $1 million to Tacoma Public Utilities following a court ruling that said a city cannot charge utility customers for general street lighting.
In 2003, TPU transferred a little more than $1 million to the city’s general fund to pay for city-owned street lights.
The ruling came from a case regarding the City of Seattle. The auditors noted that Seattle is in the process of refunding unauthorized charges.
Tacoma failed to follow industry best practices in the acquisition and launch of its new computer system, the state Auditor’s Office concluded. It cited these failures:
• Not conducting a return-on-investment study prior to turning on the system. “Stakeholders need to have confidence that the information they receive is reliable so as to make better decisions to evaluate if the project is worth doing,” the report says.
• Not thoroughly testing each phase of the project before turning it on. “Although the city did testing, it failed to identify the types of errors that occurred after the system was put to use.”
• Not considering the best time to turn it on. “The implementation plan should consider how and when to implement the new system and must weigh the pressures on the organization to ‘go live’ with the risks to the organization if the new system fails.”
• Not investing enough in training. “Many end-users were unprepared to effectively use the new system,” the report says.
How to fix the problems
The Auditor’s Office recommends that the city take these steps to correct problems outlined in the audit:
• “Obtain a detailed report of utility account adjustments that can be regularly reviewed by management. Any questionable adjustments should be followed up on immediately.”
• “Ensure the system has the necessary controls to guarantee budgetary compliance.”
• “Verify that proper purchasing approval authority is established for each user of the system. Controls should be in place to ensure vendors are paid in a timely manner and that expenditures are correctly posted to the system.”
• “Provide employees and supervisors with sufficient training in use of the system.”
• “Control access to confidential account information and limit access to authorized individuals. Confidential information should not appear on computer screens observable by unauthorized staff or the public.”
• “The City Council continue to pursue an independent audit of the computer system. However, such audit should be independent of the BIS (computer) Department.”
Jason Hagey: 253-597-8542