city of dallas management responses to audit july 3 2014

Memorandum

iiaJDATE July 3, 2014 CITY OF DALLAS

TO Members of the Budget, Finance & Audit Committee: Jerry R. Allen (Chair),Jennifer S. Gates (Vice Chair), Tennell Atkins, Sheffie Kadane, Philip T. Kingston

Management Responses to the City Auditor's Follow-up Audit of Prior AuditRecommendations - Follow-up to Questions asked during June 16th Briefing

SUBJECT

During the committee meeting on June 16th, additional information was requested

regarding the reasons for missing implementation dates. Below is a summary offor missina the initial imolementation date or not achievina full imolementaf- -Reason for Missing Initial Implementation Date Number of Perce~tage of

Recommendations Recomn endationsCorrective actions were implemented; however, Auditor's review

22determined the risk was not completely mitigated. Management 38%will be/has initiated additional corrective actions.Insufficient technology resources at the time of the 18 31%recommendation to implementImplementation was delayed to address more critical priorities 14 24%Recommendations are no longer applicable 3 5%Management did not agree to implement 1 2%Total Recommendations Deemed Not Implemented by City Audito 58

Please find attached the detail responses for the non-confidential auditrecommendations.

Please let me know if you need additional information.

(/gIIMI'M I ~10~ ~~i~;rfieldChief Financial Officer

Attachment

c: Honorable Mayor and Members of City CouncilA.C. Gonzalez, City ManagerWarren M.S. Ernst, City AttorneyCraig D. Kinton, City AuditorRosa A. Rios, City SecretaryDaniel F. Solis, Administrative JudgeRyan S. Evans, Interim First Assistant City Manager

Jill A. Jordan, P.E., Assistant City ManagerForest E. Turner, Assistant City ManagerJoey Zapata, Assistant City ManagerCharles M. Cato, lnterlrn Assistant City ManagerTheresa O'Donnell, Interim Assistant City ManagerShawn Williams, Interim Public Information OfficerElsa Cantu. Assistant to the City Manager

"Dallas-Together,we do it better!-

Risk Status key:M - MitigatedNM - Not Mitigated

Current Status key:I - Implemented

NI - Not Implemented Page 1 of 11

Implementation Status of Audit Recommendations Included in Follow-up Audit Issued May 9, 2014

Original Audit Report Information Mgmt AUD After Follow Up Recommendation Tracking

Re Df e Implemen- Implemen- Implemen- Reason For Missing Initial

Report p tation tatlon Risk Current tation Implementation Date/Not

# Number Issued Report Name t Audit Recommendation ... Results Results Status Status Date Department Comments Achieving F,ullimplementation

1 A12-00l Nov-ll Audit of Department DFR We recommend the Fire Chief annually I NI NM NI 07/31/14 Although not fully implemented, DFRbudget analysis Corrective actions were

of Dallas Fire-Rescue determine the optimal number of firefighters prepared May 2011 for FY2012: implemented; however, Auditor'sOvertime for Uniform needed to maintain daily staffing without using -FY2012 budget included hiring 200 firefighters (100 over review determined the risk wasPersonnel overtime to cover attrition, scheduled, and attrition) not completely mitigated.

unscheduled leave. The annual review should -FY2013 reduced overtime expense by $7.1M (including Management will be/has initiatedinclude the comparison of total cost of hiring pension and FICA)compared to FY2012 additional corrective actions.additional firefighters, including the time it takesto recruit and fully train new firefighters, and the DFRwill begin including unscheduled leave as a componenttotal cost of overtime. oftheir budget planning in July 2014 for FY2014-2015. DFR

will use trend analysis of their daily staffing data todetermine the minimum number of firefighters that arehired back each day to cover unscheduled leave.

2 A12-001 Nov-ll Audit of Department DFR We recommend the Fire Chief, in cooperation I NI NM NI 06/30/15 DFRis working with the Internal Control Task Force to Corrective actions were

of Dallas Fire-Rescue with the City Controller, the Director of Human develop a payroll reconciliation process with CCOPayroll implemented; however, Auditor'sOvertime for Uniform Resources,and the Department of and HRto ensure payroll records for hours paid reconcile to review determined the risk wasPersonnel Communication and Information Services, IDSand any adjustments. not completely mitigated.

improve payroll processing controls and Management will be/has initiatedoperational efficiencies of the Dallas Fire-Rescue additional corrective actions.time and attendance system and the Lawsonpayroll process to ensure: (11payroll records aresupported by time and attendance records.

3 A12-00l Nov-ll Audit of Department DFR We recommend the Fire Chief, in cooperation NI NM NI 06/30/15 DFRis working with the Internal Control Task Force to Implementation was delayed toof Dallas Fire-Rescue with the City Controller, the Director of Human develop a payroll reconciliation process with CCOPayroll address more critical priorities.Overtime for Uniform Resources, and the Department of and HRto ensure payroll records for hours paid reconcile toPersonnel Communication and Information Services (CIS), IDSand any adjustments.

improve payroll processing controls andoperational efficiencies of the Dallas Fire-Rescuetime and attendance system and the Lawsonpayroll process to ensure: (2) payroll records areverified against time and attendance records todetect improper or incorrect payments.





Original Audit Report Information Mgmt AUD After Follow Up Recommendation TrackingRe Df e Implemen- Imp lemen- Implemen- ReasonFor Missing Initial

Report p tatlon tatlon Risk Current tation Implementation Date/Not# Numb~r Issued Report Name t Audit Recommendation Results Results Status Status Date Department Comments AchievingFull Implementation

4 A12-00l Nov-ll Audit of Department DFR We recommend the Fire Chief, in cooperation I I Mof Dallas Fire-Rescue with the City Controller, the Director of HumanOvertime for Uniform Resources,and the Department ofPersonnel Communication and Information Services (CIS),

improve payroll processing controls andoperational efficiencies of the Dallas Fire-Rescuetime and attendance system and the Lawsonpayroll process to ensure: (3) payroll correctionsare approved and adequate support retained.

5 Al2-001 Nov-11 Audit of Department DFR We recommend the Fire Chief, in cooperation NI NM NI 06/30/15 DFRis currently developing trend analysesof each type of Implementation was delayed toof Dallas Fire-Rescue with the City Controller, the Director of Human manual payroll adjustment to determine if the number of address more critical priorities.Overtime for Uniform Resources,and the Department of adjustments is trending downward. For any adjustmentPersonnel Communication and Information Services (CIS), - types that are not trending downward, DFRwill research

improve payroll processing controls and causesand take actions to mitigate, as appropriate.operational efficiencies of the Dallas Fire-Rescuetime and attendance system and the Lawsonpayroll process to ensure: (4) manualadjustments are minimized.

6 A12-001 Nov-ll Audit of Department DFR We recommend the Fire Chief require Fire I NI NM I 05/31/14 AUD acknowledged that approval ofTAP pay was achieved Corrective actions wereof Dallas Fire-Rescue Dispatch personnel to record and authorize for all 48 dispatchers, but 4 staff officers were not included. implemented; however, Auditor'sOvertime for Uniform Temporary Assignment Pay(TAP)pay in review determined the risk wasPersonnel employees' tlmesheets. DFRhas since created a new form to document the not completely mitigated.

approval of TAPpay for the 4 staff officers. Management will be/has initiatedadditional corrective actions.

7 A12-001 Nov-ll Audit of Department CCO We recommend the City Controller and the I I Mof Dallas Fire-Rescue Director of Human Resourcesensure thatOvertime for Uniform documents approving payroll corrections bePersonnel retained and easily retrievable.






Re 0f e Implemen- Implemen- Implemen- Reason For Missing Initial


# Number Issued Report Name t Audit Recommendation Results Results Status Status Date Department Comments Achieving Full Implementation

8 A12-004 Jan-12 Audit of Department EBS The Director of Equipment and Building Services I I Mof Equipment and should improve fuel inventory managementBuilding Services Fuel controls as follows: (1l1mplement a perpetualManagement inventory system to maintain inventory records

for EBS'fuel storage tanks and generate monthlyreports needed for reconciliation purposes.These reports should include the beginninginventory, purchases, consumption, and endinginventory.

9 A12-004 Jan-12 Audit of Department EBS The Director of Equipment and Building Services I I Mof Equipment and should improve fuel inventory managementBuilding Services Fuel controls asfollows: 121Perform monthlv ohvsicalManagement inventories of fuel storage tanks' contents.

10 A12-004 Jan-12 Audit of Department EBS The Director of Equipment and Building Services I I Mof Equipment and should improve fuel inventory managementBuilding Services Fuel controls as follows: (3) Reconcile the monthlyManagement physical fuel inventories to the Fleet FocusM5

records.

11 A12-004 Jan-12 Audit of Department EB5 The Director of Equipment and Building Services I I Mof Equipment and should improve fuel inventory managementBuilding Services Fuel controls as follows: (4) Determine the causeofManagement any variances noted between the physical

inventories and the recorded amounts and takeappropriate corrective actions.

12 A12-004 Jan-12 Audit of Department EBS The Director of Equipment and Building Services I I Mof Equipment and management should implement proper fuelBuilding Services Fuel order and delivery controls and enforce existingManagement E85 delivery verification procedures as follows:

(1) Implement a fuel order tracking system tomaintain fuel order data in compliance withrecords retention poliCiesso that fuel orderinformation is accessible to responsibleindividuals within EB5Fuel Division.




Implementation Status of Audit Recommendations Included in Follow-up Audit Issued May 9,2014



Report p tation tation Risk Current tation Implementation Date/Not

# Number Issued Report Name t Audit Recommendation Results Results Status Status Date Department Comments Achieving FulllmplementatbJn

13 A12-004 Jan-12 Audit of Department EBS The Director of Equipment and Building Services I I Mof Equipment and management should implement proper fuelBuilding Services Fuel order and delivery controls and enforce existingManagement EBSdelivery verification procedures asfollows:

(2) Verify and sign vendor's fuel delivervmanifests to acknowledge the deliveries. Retainthe deliverv manifests bills of ladinu and VenderRoot readings at the time of the delivery. andperform a fuel delivery reconciliation to verifythe amounts received.

14 A12-005 Feb-12 Audit of Department DFR We recommend the Fire Chief ensure that Dallas I I NM NI 09/30/14 The 2012 International Fire Code (IFe)was adopted by theof Dallas Fire-Rescue Fire-Rescue(DFR)Policies and Procedures and Fire Code Advisory & Appeals Board on March 12, 2014 andFire Inspections inspection forms are up-to-date and consistently submitted to ATTfor review and approval on March 20,

aligned. Specifically: (1) The DFRPolicies and 2014. Adoption of 2012 IFCby the City Council isProcedures should be reviewed annually to anticipated by September 2014.reflect the most current Fire Regulations.

15 A12-005 Feb-12 Audit of Department DFR We recommend the Fire Chief ensure that Dallas NI NM NI 11/30/14 The 2012 International Fire Code (IFe) was adopted by the Implementation was delayed toof Dallas Fire-Rescue Fire-Rescue(DFR)Policies and Procedures and Fire CodeAdvisory & Appeals Board on March 12, 2014 and address more critical priorities.Fire Inspections inspection forms are up-to-date and consistently submitted to ATTfor review and approval on March 20,

aligned. Specifically: (2) The DFRinspection 2014. Adoption of 2012 IFCby the City Council isforms should include: anticipated by September 2014. After adoption by the City- The most current Fire Regulations source Council, DFRwill update the fire inspection forms.

~- The most current revision Date

16 Al2-DOS Feb-12 Audit of Department DFR We recommend the Fire Chief in coordination NI NM NI 09/30/15 Once the BusinessTechnology Request (BTR)is approved Insufficient technology resourcesof Dallas Fire-Rescue with the Interim Director of the Department of an interface will be designed to provide one data entry at the time of theFire Inspections Communication and Information Services point that will send data to CRMS,POSSEE,FIREBASEand recommendation to implement.

evaluate whether all four computer systems SAP.(CRMS,Firebase, POSSE,and Pay))are requiredor whether the Inspection process and/or datacould be streamlined.

17 A12-00S Feb-12 Audit of Department DFR We also recommend the Fire Chief: ilL NI NM NI 09/30/15 Once the BTRis approved an interface can be designed to Insufficient technology resourcesof Dallas Fire-Rescue implement a process to periodically verify that provide one data entry point that will send data to CRM5, at the time of theFire Inspections the physical addresses in Firebase are up-to- POSSEE,FIREBASEand SAP. After which, DFRwill recommendation to implement.

date. implement a process to periodically verify that the physicaladdresses are updated.








# Number Issued Report Name t Audit Recommen.dation Results Results Status Status Date Department Comments Achieving Full Implementation

18 A12-00S Feb-12 Audit of Department DFR We also recommend the Fire Chief: ill NI NM NI 09/30/15 Once the BTRis approved an interface will be designed to Insufficient technology resourcesof Dallas Fire-Rescue imnlement a formal nrocess to monthlv reconcile provide one data entry point that will send data to CRMS, at the time of theFire Inspections the data included in the computer svstems used POSSEE,FIREBASEand SAP. After which, DFRwill recommendation to implement.

in the Inspection process to ensure that implement a process to monthly reconcile the dataInspections that occurred are documented. included in the computer systems used in the Inspectionpermits are processed correctly, appropriate process to ensure that Inspections that occurred arefees collected. and that these fees are applied to documented, permits are processed correctly, appropriatethe appropriate accounts. fees collected, and that these fees are applied to the

appropriate accounts.

19 Al2-007 May-12 Audit of Monitoring PBW We recommend the Director of Public Works I I MControls Over Capital establish formal written policies and proceduresConstruction for for the capital construction inspectionStreets and monitoring activities. These policies andThoroughfares procedures, at a minimum, should address the

following:(l) Monitoring oversight responsibilities(2) Frequency and exceptions to monitoring, ifany(3) Documentation standards(4) Project file organization standards

20 Al2-007 May-12 Audit of Monitoring PBW We recommend the Director of Public Works I I MControls Over Capital ensure the unit's monitoring documentation isConstruction for accurate, consistent, and complete inStreets and accordance within formalized procedures.Thoroughfares

21 A12-00B Jun-12 Audit of Controls Over BDPSWe recommend the Director of Business I I Mleased Equipment Development and Procurement Services require

Xerox to report performance metrics in theformat as stated in the Master ServicesAgreement Statement of Work Addendum.

22 A12-00B Jun-12 Audit of Controls Over BDPSWe recommend the Director of Business I I Mleased Equipment Development and Procurement Services require

Xerox to use an automated system for receiving,processing, and recording service calls.

40 A12-009 Jun-12 Audit of Selected AVI We recommend the Interim Director of Aviation I I MSafety and Security develop formal policies and procedures thatOperations of the provide Aviation personnel guidance on theirDepartment of duties.Aviation




Report p tation tation Risk Current tation Implementation Date/Not# Number Issued Report Name t Audit Recommendation Results Results Status Status Date Department Comments Achieving Full Implementation

68 AlO-Oll Apr-l0 Audit of Dallas Police DPD We recommend the Chief of Police ensure that: NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime (1) The ability to delete Direct Entry Field integrated with the new RMSsystem. As the new RMS at the time of theStatistics Reporting System (DEFRS)records be eliminated system just which went live June 1, 2014, DPDwill test the recommendation to implement.

and an option to void a record. after obtaining new system over the next few months to validateapproval. be added so when correcting entries recommendation implementation.are necessary a more complete audit trail isavailable

69 A10-0ll Apr-10 Audit of Dallas Police DPD We recommend the Chief of Police ensure NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime that:(2)Remote local Area Network (LAN) Nodes integrated with the new RMSsystem. As the new RMS at the time of theStatistics (RLNs)are phvsically located and documented system just which went live June 1, 2014, DPDwill test the recommendation to implement.

new system over the next few months to validaterecommendation implementation.

70 A10-0ll Apr-10 Audit of Dallas Police DPD We recommend the Chief of Police ensure that: NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime (3)Only authorized users with a valid business integrated with the new RMSsystem. As the new RMS at the time of theStatistics reason retain RLNaccess system just which went live June 1, 2014, DPDwill test the recommendation to implement.


71 A10-0ll Apr-10 Audit of Dallas Police DPD We recommend the Chief of Police ensure NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime that:(4)RLN permissions are periodically integrated with the new RMSsystem. As the new RMS at the time of theStatistics reviewed and limited to those necessaryfor the system just which went live June 1, 2014, DPDwill test the recommendation to implement.

user to accomplish tasks specific to their job new system over the next few months to validatefunction. recommendation implementation.

72 AI0-0ll Apr-l0 Audit of Dallas Police DPD We recommend the Chief of Police ensure that: NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime (5) accessto DEFRSis granted only after user integrated with the new RMSsystem. As the new RMS at the time of theStatistics authorization and authentication. system just which went live June 1, 2014, DPDwill test the recommendation to implement.


73 AI0-0lO Apr-lO Audit of Dallas Police DPD We recommend the Chief of Police ensure that NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime (6) the DPDand CISpersonnel oeriodically integrated with the new RMSsystem. As the new RMS at the time of theStatistics review DEFRSaccessand audit trail logs to system just which went live June 1, 2014, DPDwill test the recommendation to implement.

monitor DEFRSaccessand ensure that data new system over the next few months to validatechanges were approved and necessary. recommendation implementation.

74 AI0-0ll Apr-10 Audit of Dallas Police DPD We recommend the Chief of Police: (1) Ensure NI NI 09/30/14 A coding system with these abilities was developed and Insufficient technology resourcesDepartment's Crime that the information teChnology system includes integrated with the new RMSsystem. As the new RMS at the time of theStatistics the research and analytical functionality system just which went live June 1, 2014, DPDwill test the recommendation to implement.

necessary to reduce manual verification of UCR new system over the next few months to validateinformation. recommendation implementation.







Implementation Status of Audit Recommendations Included in Follow-up Audit Issued May 9,2014



Report p tation tation Risk Current tatlon Implementation Date/Not


75 A10-0ll Apr-10 Audit of Dallas Police DPD We recommend the Chief of Police: ill NI NI 09/30/14 A coding system with these abilities was developed and lnsufficlent technology resourcesDepartment's Crime Require DPDpersonnel to use standard offense integrated with the new RMSsystem. As the new RMS at the time of theStatistics titles when entering information into DEFRSor system just which went live June 1, 2014, DPDwill test the recommendation to implement.

any subsequent records management systems new system over the next few months to validaterecommendation implementation.

76 A10-013 Jun-10 Audit of Reduction in CIS (1) We recommend the Director of I NI NM NI 12/31/14 When an employee who has accessto the Computer Aided Corrective actions wereForce Employee Communication and information Services (CIS) Dispatch (CAD)system is terminated, the CADsystem implemented; however, Auditor'sProcessing Controls develop a monitoring process to ensure administrator is included in the email distribution list for review determined the risk was

transferring and terminating employee computer the Electronic Termination Notification Form. The not completely mitigated.accessis deactivated timely notifications are used to disable an employee's accessto Management will be/has initiated

the CADsystem. additional corrective actions.

When an employee who has accessto the Computer AidedDispatch (CAD)system is transferred, the CADsystemadministrator is included in the email distribution list forthe lawson "Changes Report." The ChangesReport is usedto disable an employee's accessto the CADsystem.

Transferring and terminating employee accessissue will bereviewed for other CiS-managedDPD/DFRapplications toensure that transferring and terminating employeecomputer accessis deactivated timely.

77 A10-013 Jun-10 Audit of Reduction in CIS (2) The Director of CISshould also work with I I MForce Employee Human Resources(HR)to ensure that HR',ProcessingControls clarified policies, procedures, and forms include

notifications to CISfor adding, deleting, and/orchanging employee's computer access.








# Number Issued Report Name t Audit Recommendation Results Results Status Status Date Department Comments Achieving Fullimpiementation

78 A10-014 Jun-10 Audit of Selected CIS (1) We recommend that the Director of NI NI 06/30/14 In April 2010, CISchose the industry best practice, process- Implementation was delayed toGeneral Computer Communication and Information Services (CIS) oriented service-delivery framework, Information address more critical priorities.Controls for the Dallas establish a general computer controls framework Technology Infrastructure Library (ITIL). Monitoring,Police Department and that aligns with best practices that are commonl controls and reporting are key components of developingthe Dallas Fire-Rescue used and accepted in the United States - such as ITILprocesses including Change Management. Of the ITILPrimarily Administered Control Objectives for Information and Related processes,CIShas adopted ChangeManagement, Releaseby the Department of Technology (CoBIT),and one that provides the & Deployment, and Incident Management.Communication and City Council, management, as well as the OfficeInformation Services of the City Auditor and external auditors, a

consistent means to evaluate whether generalcomputer controls are improving.

79 A10-014 Jun-10 Audit of Selected CIS (2) We also recommend that the Director of CIS NI NI 09/30/15 Since 2011, CIShas established and performed security self- Implementation was delayed toGeneral Computer perform regular general computer control self- assessmentson systems that provide accessto the City's address more critical priorities.Controls for the Dallas assessments to ensure that the general network and on systems with potential financial risksPolice Department and computer controls framework is designed and including HRIS,SAP,and Advantage3.the Dallas Fire-Rescue operating as intended.Primarily Administered CISwill perform a security self-assessment on CADbyby the Department of December 2014. CISwill develop assessmentsfor otherCommunication and critical CiS-managedsystems.Information Services

80 A10-014 Jun-10 Audit of Selected CIS (1) We recommend the Director of CIScomply NI I 12/18/13 For CIS-managedsystems, a formal change management Implementation was delayed toGeneral Computer with Administrative Directive (AD) 2-28 Change process was implemented in July 2011. As part the process, address more critical priorities.Controls for the Dallas Management of Information Technology by a Review Control Soard (RCS)was created. The RCSPolice Department and developing, documenting, and implementing consists of Sr. Managers in CISwho review and approvethe Dallas Fire-Rescue formal change management procedures that are changes to production systems.Primarily Administered standard, reliable, and consistent so that onlyby the Department of authorized, planned, prioritized, and testedCommunication and changes are made to data and systems.Information Services

Risk Status key:

M - Mitigated

NM - Not Mitigated

Cu rrent Status key:

I - Implemented




R

e D

f e Implemen- Implemen- Implemen- Reason For Missing Initial



81 A10-014 Jun-10 Audit of Selected CIS (2) We also recommend the Director of CIS NI I 12/18/13 Implemented in July 2011, the Computer Associates Implementation was delayed to

General Computer maintain a central repository of all change application manages, tracks and logs change orders created address more critical priorities.

Controls for the Dallas events. as part of the Change Management process. The Change

Police Department and Management process applies to all CIS-managed DPD/DFR

the Dallas Fire-Rescue systems.

Primarily Administered

by the Department of

Communication and

Information Services

90 AIO-021 Sep-10 Audit of Dallas Police DPD (1) We recommend the Chief of Police I NI NM NI 06/30/15 DPD Assessment: DPD partially implemented a paperless Corrective actions were

Department Overtime implement a paperless system that includes the system. implemented; however, Auditor's

for Uniform Personnel proper controls for requesting, approving, and review determined the risk was

documenting all uniform overtime. DPD Actions: A meeting has been held with the CIS and not completely mitigated.

Human Resources Department regarding issues with the Management will be/has initiated

Lawson payroll system that limit the ability to implement a additional corrective actions.

paperless system for overtime. Based on this meeting, the

Human Resources Department will be scheduling a

demonstration of the KRONOS payroll system with the

command staff. The KRONOS system has a more detailed

documentation system which should allow a clear audittrail.

(The June 2015 implementation date is based on KRONOS

being a viable solution. If KRONOS is not a viable solution,

the implementation date will be extended until a viable

solution is identified.)

91 AIO-Oll Sep-10 Audit of Dallas Police DPD (l)lf implementing a paperless system is not DISAGREE DISAGREE Management did not agree to

Department Overtime immediately feasible, we recommend the Chief implement.

for Uniform Personnel of Police improve existing manual overtime

procedures by: (a) Directing Dallas Police

Department CDPD) officers to submit copies of

Municipal Court Notify System CCNS)notices as

proof of over overtime claims. Once the City

court's CNS is upgraded for electronic sign

in/out. the Chief of Police should direct the

officers to submit a record of DPD officer court

attendance by the CNS









92 A10-021 Sep-10 Audit of Dallas Police DPD (3)lf implementing a paperless system is not I NI NM NI 12/31/14 DPDAssessment: DPDmade changes to the General Corrective actions were

Department Overtime immediately feasible, we recommend the Chief Orders in November 2010 as a result of the audit In implemented; however, Auditor'sfor Uniform Personnel of Police improve existing manual overtime addition, Court Notify allowed all supervisors to see check review determined the risk was

procedures by: Providing overtime in and out time for officers attending County Court not completely mitigated.documentation training to DPDpersonnel. However, this ability was lost on August 28, 2012 when Management will be/has initiatedincluding DPDGeneral Order overtime Intelligent Workforce Management (lWM) and Court Notify additional corrective actions.provisions. proper completion of overtime were merged. Currently, it can only be accessedbyrequest cards. and proper entry of overtime into personnel with administrative rights to IWM. City Courtthe timekeeping and payroll systems was manual sign in / out until February 2013 when the

electronic swipe sign in was installed. The Field TrainingOfficer program includes training on completing overtimeand comp time requests.

DPDActions: The Personnel and Development Division iscurrently working on updated overtime reporting training.This supplemental training will be offered through Breeze.

93 A1D-021 Sep-10 Audit of Dallas Police DPD (4)lf implementing a paperless system is not I NI NM NI 12/31/14 DPDAssessment: Court Notify allowed all supervisors to Corrective actions were

Department Overtime immediately feasible, we recommend the Chief see check in and out time for officers attending County implemented; however, Auditor'sfor Uniform Personnel of Police improve existing manual overtime Court However, this ability was lost on August 28, 2012 review determined the risk was

procedures by: Periodically reviewing overtime when IWM and Court Notify were merged. Currently, this not completely mitigated.claims to identify and correct data entry errors information can only be accessedby personnel with Management will be/has initiatedand improper overtime claims administrative rights to IWM. When an overtime issue is additional corrective actions.

suspected, Court Services Is notified so the documentationcan be researched. City Court was manual sign in / out untiFebruary 2013 when the electronic swipe sign in wasinstalled.

Personnel reviews payroll to identify potential issues. Anyissue identified is referred back to the officer's division forcorrection / investigation.

DPDActions: A meeting has been held with the CityAuditor's Office to receive guidance on how to constructpolicies and procedures to identify and correct data entryerrors and improper overtime claims. The Personnel andDevelopment Division will be designing the new proceduresbased on the auditors' recommendations.





Original Audit Report Information Mgmt AUD After Follow Up Recommendation Tracking ,R

L

e i Df e ' Implemen- Implemen- Implemen- Reason For Missing Initial

Repolit p tation tation Risk Current tation Implementation Date/Not',

# Number Issued Report Name t Audit Recommendation Results Results Status Status Date Department Comments Achievhjg Full Implementation

Summary of Reasons for Missing Initial Implementation Date or Not Achieving Full ImplementationCorrective actions were implemented; however, Auditors review determinedthe risk was not completely mitigated, Management will be/has initiatedadditional corrective actions,Insufficient technology resources at the time of the recommendation toimplementImplementation was delayed to address more critical priorities

Recommendations are no longer applicable IManagement did not agree to implement

22 38%

18 31%

1431

24%S%2%

58

city of dallas management responses to audit july 3 2014

Documents