Council Member Gabe Teran (Photo by Chris Frost)
Oxnard– The Finance and Governance Committee, Tuesday, October 25, passed the City’s Targeted Risk Assessment Plan and what to look forward to as a City.
The report outlines the City’s plan for a Targeted Risk Assessment for the fiscal year 2023.
A Risk Assessment identifies and analyzes risks facing the City while it seeks to achieve its objectives and provides the basis for prioritizing and developing appropriate internal controls that eliminate and reduce risks related to accounting and financial reporting.
Internal Controls Senior Manager Jennifer Hiraoka presented the video, which is part of the Accounted Controls Integrated Framework, and she recommended the committee forward it to the City Council.
The City completed adopting the Internal Controls Integrated Policies in December 2021, designed to improve the City’s overall control and operating environment.
“Policy 1.05, City Council’s risk assessment responsibilities, established that the City Council ensures that risk assessments are performed,” she said.
She noted that the Finance & Governance Committee received training from its independent financial auditor, Eadie & Payne, in internal control compliance and risk assessment management in September and November of 2021.
“The City’s Annual Audit for the Fiscal Year 2014-2015 produced an audit finding that two types of risk assessments need to be performed, a fraud risk assessment and an accounting and financial reporting risk assessment,” Hiraoka said.
In response to the audit finding, she said the City engaged Price, Page & Company to perform a fraud risk assessment and perform detailed reviews of reporting and compliance risks in high-priority areas.
“With the implementation of the new Enterprise Planning System, it is important to maintain internal controls, especially those put in place as a result of a previous audit finding, which is why the framework and plan for a Targeted Risk Assessment, designed to focus on attaining existing internal controls were created,” she said.
The Targeted Risk Assessment Life Cycle was adopted in June 2022, as the City implemented the new ERP System and started with the planning phase of the risk assessment process.
“We identified the processes, developed a timeline, and finalized our scoping,” she said. “From July until October, we’ve been working on developing risk and control matrices and developed self-control assessment questionnaires. From October through March 2023, we’ll be conducting interviews with departments to gather responses to those questionnaires and develop a plan to test the key controls.”
From April through June 2023, Hiraoka said they’ll review the risk assessment results and identify significant issues requiring a mediation plan.
“In July through October 2023, we’ll work with the departments to create a remediation plan and prepare a presentation to report the results,” she said. “It is important to note that to stay on a schedule of providing these annual risk assessment updates and to identify issues prior to our 2023 fiscal year 23-24 financial audit. We will have some overlap, and we’ll have to start the Fiscal Year 23-24 full risk assessment in May 2023 while we’re wrapping up the Fiscal Year 22-23 Targeted Risk Assessment.”
In the Fiscal Year 23-24, she said they’ll expand the process universe in May 2023 and develop risk and control matrices for the new processes.
“In June until October 2023, we’ll create a timeline for performing quarterly risk assessment activities and will perform process walkthroughs to update and, in some cases, expand or create process narratives that explain the process and controls that are performed,” she said. “During October 2023 through March 2024, we’ll perform controlled testing. From April 2024 through June 2024, we’ll review the Risk Assessment results. From July until October 2024, we plan to report the results and hopefully identify and mitigate issues prior to our annual audit.”
She said the Targeted Risk Assessment focuses on processes impacted by the ERP implementation, including purchasing, vendor master maintenance, purchasing cards, accounts receivable, General Ledger, Accounts Payable, Capital Assets, and Grants.
“We are currently getting ready to conduct interviews with departments to gather responses to the control self assessment questionnaires,” Hiraoka said. “We will return to you in the fall of 2023 to report the fiscal year 2022-2023 Targeted Risk Assessment results.”
At the meeting, Chief Financial Officer Betsy George said the City continues to mitigate all its audit problems from past years.
For the complete story, visit tricountysentry.com.
