Santa Barbara County 1998-99 Grand Jury Report
Audit and Finances of
Released March 5, 1999
Each year the Grand Jury must report on "…those operations, accounts and records of the officers, departments or functions of the County." California Penal Code Section 925 and various relevant sections of the California Government Code mandate this responsibility. To fulfil this mandate, the 1998-99 Grand Jury elected to report on the following topics:
To meet the statutory requirements of California Penal Code 925 to investigate and report on the operations, accounts, records, departments and functions of the County.
In conducting their investigation, the Grand Jury interviewed various County officials, representatives of KPMG (the independent auditor) and Nasiff, Hicks and Harris (the local auditor). They also attended the exit interview for the general audit, Financial Information Network training and budget training for department heads and staff.
Documents reviewed by the Jury included:
The County of Santa Barbara signed a three-year contract in 1998 with KPMG for independent auditing services. The independent auditor begins each fiscal year audit in March and works closely with the Auditor-Controller's office to conduct a material audit of the County’s financial position. To expedite this, the Auditor-Controller and staff close the books for the County in a timely manner, allowing the independent auditor to present the Comprehensive Annual Financial Report (CAFR) by mid-August.
The primary audit conducted each year is a general audit performed to report on the material condition of the County’s finances, resulting in the CAFR.
In addition to the general audit, KPMG conducts two other audits: a single audit to audit compliance with federal grant guidelines and regulations and a Retirement Investment Fund audit that reports on investment practices, material condition and other material financial issues related to the Retirement Investment Fund. A local auditing firm, Nasiff, Hicks and Harris, performs this audit as a subcontractor for KPMG. For the purposes of this report, the Grand Jury focused on the general audit and resulting CAFR and management letter.
The independent auditor found no reportable conditions with respect to the financial statements and expressed this opinion in the transmittal letter for the CAFR. During the course of the general audit, certain internal controls were observed by the auditors but not examined as to effectiveness. No opinion was issued as to the reliability of those internal controls. However, the management letter offers comments and recommendations on internal controls and procedures that were observed in the process of conducting the general audit. Five areas were specifically noted:
With the exception of the Y2K problems, these issues have been raised in earlier management letters by independent auditors and addressed by previous Grand Juries. Our report will review the current status of each area and offer findings and recommendations where appropriate.
The inability of many software programs, embedded chips and other microprocessors to process data or recognize dates after December 31, 1999, is the basis for current concerns regarding information systems dependent on those same programs and processors for vital services. The County has been addressing this issue for several years. Compliance is being monitored, but not directed, by the Information Systems Advisory Council (ISAC). The responsibility for identifying, evaluating and remediating all software, hardware and vendor issues related to the year 2000 has been assigned to each department. In 1997 ISAC surveyed each of the departments to inventory all Y2K problems. They were asked to detail their plans to resolve the problems and the time expected until completion. Many departments have either completed their internal evaluations and upgrades or have plans to install new systems prior to the year 2000 to correct known problems. Departments report to ISAC at bimonthly meetings. Because of the decentralization of the process and the infrequent ISAC meetings, there is, at this writing, no identified authority to ensure deadlines are being met.
The County has been focusing on hardware and software issues and little attention has been paid to Y2K compliance status of outside vendors on whom the County relies for goods and services or external interfaces. Those vendors who supply the County with critical goods and services should be surveyed to verify that their systems are Y2K compliant.
The County is relying on a variety of external consultants and software/hardware providers for "fixes" to Y2K problems. Many department installations are scheduled for as late as the third quarter of 1999, giving rise to a concern that those providers will become increasingly busy with other customers as the year 2000 approaches and be unable to meet the County’s deadline.
To address possible community emergencies the County may face as a result of Y2K failures, the County Administrator has appointed a special project manager to prepare a risk assessment plan and develop an emergency preparedness plan that addresses potential disruptions in the community created by Y2K problems. The plan from this task force is scheduled to be in place and ready for testing by June 30, 1999. This plan does not include County administrative or operational issues related to Y2K problems.
Identification and resolution of Y2K operational issues in the County of Santa Barbara have not been subject to sufficient centralized coordination and verification.
The County Administrator should ensure that ISAC or a specially appointed task force with authority to act should take a more proactive stance regarding department resolution of Y2K issues, including the earliest possible installation and testing of fixes and new systems as well as ensuring that systems which interface with County computers will not impact operations.
There are no departmental accountability measures or standards in place to ensure Y2K compliance.
The County Administrator should direct ISAC to develop countywide standards and completion dates for resolution of Y2K issues and hold departments responsible for meeting those dates.
Disaster Recovery Plan
The 1997-98 Grand Jury agreed with the independent auditor that the County of Santa Barbara did not have a comprehensive disaster plan in place for information systems. Each department has been made responsible for the development of its own plan, including Y2K issues; however, there is no universal understanding of what is to be accomplished. In addition, there is no formal business recovery plan for the County. The County is attempting to address this issue. In October of 1998 a project manager in the General Services Department was appointed to organize the effort; the County plans to complete evaluation and revision of departmental disaster recovery plans by June 1999.
Federal Grants and Tracking of Grant Data
Approximately forty percent of the County’s funding comes from federal and state grants. Those grants may have terms that do not correspond to the County’s fiscal year. In addition to complying with the County’s tracking controls and accounting periods, grant funds must be reported and monitored based on grant terms and conditions to avoid disallowed costs. In recognition of the special handling needs of grant funding, the County has transferred accounting processes for departments whose funding is based primarily on grants from the general fund to special revenue funds this year. A task force has also been formed to evaluate the process of monitoring grants at the department level.
The risk management fund had a deficit of approximately $3.9 million at the end of fiscal year 1997-98. The deficit was due to a combination of having recorded loss reserves at a low confidence level (55%) and discounting loss reserves for general liability and workers’ compensation programs. The deficit was primarily related to workers’ compensation. There is a significant backlog of unprocessed workers’ compensation claims in the system. To address this issue the County will increase the worker's compensation rates and raise the confidence levels beginning in January 1999. The County has also hired a new Risk Manager.
Two issues regarding fixed assets were noted in the independent auditor’s letter. The first, timely updating of the general ledger to record the acquisition or disposal of fixed assets, was instituted in fiscal year 1998-99 and will be continued on a monthly basis. The second issue addressed the acquisition or disposition of an asset. Currently, there is no assurance the departments are following established policies and procedures regarding the disposal of fixed assets, thus creating the opportunity for unauthorized use.
The recording of the acquisition or disposal of a fixed asset remains a cumbersome manual process.
a) The Auditor-Controller should ensure that policies and procedures regarding the acquisition and disposal of fixed assets are implemented countywide and monitored for compliance on a regular basis.
b) The Auditor-Controller should take action to replace the manual method of reporting acquisitions and disposal of fixed assets with an efficient, software-driven system.
Unfunded Capital Projects and Liabilities
The Capital Improvement Plan developed for 1998–2003 (see Table 1) details capital projects that the County plans to implement in the next five years. Many of these projects have identified sources of funding through projected revenues and state or federal grants. These projects include new infrastructure, major equipment acquisitions, major improvements and road projects.
Unfunded projects include, but are not limited to, multiple County roads improvement projects, major infrastructure repairs and multiple information system acquisitions. Not included in the table is $103 million in unfunded projects identified for years beyond 2003. Funding for a North County jail facility ($82 million) is included in the future years’ unfunded amount.
In addition to planned capital projects, there is liability of $3.9 million that is unfunded in the Workers’ Compensation and disability insurance reserves, as well as an unfunded liability of $34.9 million in the Employee Retirement Pension fund. As of June 30, 1998, there was $13 million in uncompensated absences on the books and $11 million in potential litigation settlements or possible judgments against the County.
Unfunded capital improvements and liabilities have been identified but not presented in a manner that is easily available to the public.
The Board of Supervisors should identify all unfunded liabilities and capital improvements each year in the annual budget document in a single, concise table.
Return of Revenue
From time to time, the State changes the calculations used by counties in determining revenue due the county. After a change was made in the Educational Resource Allocation Fund (ERAF) calculation, the Auditor-Controller miscalculated the amount for independent special fire districts. In the budget process more money was allocated to the special districts by the Auditor-Controller’s office than allowed by law. Those districts will now have to establish a payment schedule with the State and return the funds. Recently an error in the Teeter calculation, which relates to property tax revenue, was discovered during an audit of the County conducted by the State. Because of this miscalculation in 1994-95, the County was overpaid by $3.2 million and may have to repay that amount to the State of California.
Currently there is a new area of exposure. The trial court funding allocations have changed significantly, and the County has no staff or resources assigned to study the impact and analyze these changes in funding calculations.
In addition, the County of Santa Barbara, between November 4, 1986, and June 30, 1998, may have collected taxes in the amount of $5.3 million to which it is not entitled. The taxes collected were new taxes, not approved by the voters, and instituted after the effective date of Proposition 62, which requires that all new taxes levied be approved by the voters. If there is a final negative determination regarding this issue, there will be future tax penalties levied against the County.
Significant errors in calculating revenues due the County of Santa Barbara from the State may require the County to return revenue to the State.
The Auditor-Controller and the County Administrator should institute procedures and provide adequate resources to test and verify the formulas used for revenue calculations as they are changed by the State.
Segregation of Duties
In the past, independent auditors’ management letters have advised various departments to segregate duties where opportunities exist for mishandling or misappropriation funds. For example, this year a theft in excess of $200,000 occurred in the Treasurer-Tax Collector’s Public Administration Division. Prior to the discovery of this defalcation, only one signature was required to disperse money from estates held in trust by the County and the Public Administrator had the ability to act unilaterally. Because the Treasurer-Tax Collector is an elected official and not directly responsible to the Board of Supervisors or County Administrator, it is especially important to have a mechanism in place to provide oversight in this area.
There is no regular external audit procedure in place to audit and report on procedures in the Treasurer-Tax Collector’s office or other agencies that routinely handle large funds.
a) The Board of Supervisors should expand the annual independent audit to include an examination of the Treasurer-Tax Collector’s office and other agencies where appropriate, to assure that funds are being handled properly and opportunities do not exist for misuse or theft.
b) The Auditor-Controller should, at a minimum, perform operational audits bi-annually in those departments that routinely handle large funds.
Grand Jury Participation in Annual Audit
The 1997-98 Grand Jury elected not to participate in the hiring of an independent auditor for the County. This decision was made to avoid what the Jury considered a conflict of interest. In previous years, the Grand Jury had participated with the County in hiring an independent auditor to audit the County’s financial records. Because there is an inherent conflict in the timing of the negotiation of the independent audit contract and the selection and term of the Grand Jury, a newly seated Grand Jury does not have the option to elect whether or not to participate in the selection process and designation of the scope of work for the independent auditor but must rely on the previous Jury’s decision.
However, the Grand Jury is required each year to investigate and validate the material financial condition of the County. To do this effectively, the Grand Jury must have timely access to pertinent information regarding the audit. This year the Jury did not receive information regarding the audit unless it was specifically requested. This resulted in lost opportunities to observe the audit process.
The Grand Jury was not automatically informed of the independent auditor's progress during the course of the annual audit.
The Auditor-Controller should ensure that each Grand Jury automatically receives all information regarding the annual audits including, but not limited to, copies of correspondence, meeting notifications and flash reports generated by the auditors.
Board of Supervisors
Findings 1, 2, 4,
Recommendation 1, 2, 4
Findings 1, 2, 4, 5, 6, 7
Recommendations 1, 2, 4, 5, 6, 7
Findings 3, 4, 5, 6, 7
Recommendations 3, 4, 5, 6, 7