The URL can be used to link to this page

Home My WebLink About04.c. Review Agreement for Internal Auditing Services with Macias Gini & O'Connell Page 1 of 31 Item 4.c. CENTRAL SAN BOARD OF DIRECTORS ' POSITION PAPER DRAFT MEETING DATE: OCTOBER 23, 2018 SUBJECT: REVIEW DRAFT POSITION PAPER TO AUTHORIZE THE GENERAL MANAGER TO EXECUTE AN AGREEMENT FOR INTERNALAUDITING SERVICES WITH MACIAS GI NI & O'CONNELL LLP (MGO) FOR AN AMOUNT NOT TO EXCEED $450,000 TO PROVIDE INTERNALAUDIT AND RISK MANAGEMENT SERVICES FOR A THREE-YEAR PERIOD WITH A POSSIBLE TWO-YEAR EXTENSION SUBMITTED BY: INITIATING DEPARTMENT: PHILIP LEIBER, DIRECTOR OF FINANCEAND ADMINISTRATION-FINANCE ADMINISTRATION REVIEWED BY: ANN SASAKI, DEPUTY GENERAL MANAGER ISSUE Board authorization is required to execute an agreement in an amount greater than $100,000 for internal audit and risk management services. BACKGROUND Central San commenced an internal audit function during Fiscal Year (FY) 2017-18, with three internal audits completed. The initial internal audit work was completed through a District temporary employee and an external accounting firm. In recent months, due to the departure of the temporary internal auditor, staff has concluded that retaining the services of a consulting firm with expertise in internal audit and risk management is the preferred course of action to continue building the internal audit function. This approach is expected to provide improved continuity of service, depth of resources, and breadth to address a wider range of subject matters. To obtain such services, a Request for Proposal (RFP)was released in August 2018. The RFP requested firms provide proposals to perform internal audit services with a three-phase scope of work, including assisting in completing an agency-wide risk inventory to be used as the basis for selecting internal audit focus areas, internal audit services, internal control assessments, and the development of internal controls. The contract is to be for a three-year period with an option to extend for an additional two years. • Phase One — Risk I nventory/Assessment and I nternal Audit Workplan (fall 2018) • Phase Two — Performance of and reporting on internal auditing procedures (fall 2018 through contract duration) October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 125 of 160 Page 2 of 31 • Phase Three — Ongoing Advice and Consulting (throughout contract duration) A detailed scope of work as provided in the RFP is included as Attachment 1. Six prospective vendors submitted proposals to provide such services to Central San. The proposals were evaluated and three finalist firms were interviewed by staff. All three firms were impressive and had good qualifications. The panel selected MGO as the best qualified firm based on their experience and approach. The proposed MGO team of resources had excellent credentials and real world experience working for and with a broad range of public sector organizations in the state (see Attachment 2 for this information). MGO is based in Sacramento, and has a local office in Walnut Creek. ALTERNATIVES/CONSIDERATIONS Committing to an internal auditing function is a best practice to ensure efficient operations, reduce risk, and to maintain an effective system of internal controls as required by State law. Internal audit services could be procured by retaining a full-time staff person, a District temporary employee, or an outside firm. Entities often use a mix of such resources. For the reasons noted above, proceeding with an outside firm is viewed as optimal at this stage in the development of the internal audit function at Central San. FINANCIAL IMPACTS The proposed contract does not provide an up-front fixed price for a defined scope of work. Instead, the work will be agreed to in negotiated task orders for each project based on agreed hours and hourly rates. Proposed rates range from $140 per hour for staff and up to $335 per hour for partners. The scope of work each year will be based on the proposed audit plans that fit within the context of the overall work specified in the RFP per Attachment 1. The proposed contract amount of $450,000 over three years would be funded from the $150,000 that Central San has budgeted for internal audit services during the current fiscal year, and other resources (including future year's budgets). Additional funding could be directed toward internal audit this year, depending on the results of the risk inventory, the extent of the proposed audit plan, and funding availability from other budget sources. The capital budget for the Enterprise Resource Planning (ERP) project may be used in part for work related to design of appropriate internal controls in the new ERP system, and MGO may assist with this work. It is possible that staff may return to the Board for an increase in the contract amount if discussions between MGO, staff and the Board lead to a decision to perform more internal audit work than can be accomplished within this initial funding allotment. COMMITTEE RECOMMENDATION The Finance Committee reviewed this matter on October 23, 2018 and recommended RECOMMENDED BOARD ACTION Authorize the General Manager to approve a consulting services agreement with MGO for an amount not to exceed $450,000 to perform internal audit services for a three-year period, with a potential two-year extension. October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 126 of 160 Page 3 of 31 Strategic Plan Tie-In GOAL THREE:Be a Fiscally Sound and Effective Water Sector Utility Strategy 1 - Conduct long-range financial planning, Strategy 2- Manage costs ATTACHMENTS: 1. Scope of Work 2. Staff and Firm Qualifications October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 127 of 160 Page 4 of 31 Attachment 1 : Internal Audit RFP SCOPE OF WORK SCOPE OF WORK The District desires to contract with a firm providing internal audit services, internal control assessments, and with experience in the development of internal controls for a three-year period with an option to extend for an additional two years. The work scope will also include assistance in the development of a risk inventory to be used in part as the basis for selection of internal audit focus areas. The risk inventory may also be used as the basis for an ongoing enterprise risk management function. Scope of Services To Be Provided: The firm selected should provide a full range of internal auditing services including: Phase One — Risk Inventory/Assessment and Internal Audit Workplan (to be completed within two months of Notice to Proceed) • In conjunction with key staff, finalize an agency-wide risk inventory that can serve as the basis for prioritizing the areas for continued internal audit work. The District has conducted a bottoms-up risk inventory through discussions with managers. The work has not been validated with Executive Management. The consultant should expect to propose an approach to complete this work. This may include discussions with executive management and the inclusion of additional risks, review and rescoring of existing risks, or the use of an industry standard template or approach for developing a risk inventory. • From this assessment, and through other inputs including discussions with executive management and the Board, propose an annual internal audit workplan with estimated hours. • Perform a review of the entity-wide internal control environment and provide a report on such. Phase Two — Performance of and reporting on internal auditing procedures (fall 2018 through contract duration) • Perform internal audits of divisions/processes each year according to the prioritized schedule; • Review other areas as deemed necessary or as requested by the Board of Directors; • Provide internal audit reports generally in the format of: o Audit objective o Background o Audit scope and limitations o Methodology o Summary o Findings including ■ recommendations for strengthening internal controls in order to lower identified risks; Central Contra Costa Sanitary District Internal Auditing and Risk Management Services RFP NO.18-19-XX Page 1 of 2 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 128 of 160 Page 5 of 31 ■ recommendations for implementing "best practices" in instances where policies, procedures and processes do not exist or need improvement/revision; o Management Response • Perform operational reviews of key business practices to identify deficiencies • Performance of and completion of audits in accordance with the approved plan; and • Submit audit findings/reports to management and the Board of Directors (and relevant Board Committees) at regularly scheduled meetings. Phase Three— Ongoing Advice and Consulting (throughout contract duration) • Assist in the tracking and follow-up on previous internal audit findings/recommendations. • Advise on the development of internal controls (including risk mitigation measures identified as "to do" items in the risk inventory) • Advise on the development and implementation of a new Enterprise Resource Planning System (anticipated for 2019-2020) Expected Outcomes and Deliverables for the Phases Noted Above: • Completed Risk Inventory available to provide, in some format (may be a summary rather than the full document), to the Board of Directors • Proposal for FY 2018-19 internal audit work plan with estimated hours required; and the same for each subsequent year of the contract at the start of each fiscal year. • Report on assessment of entity-wide control environment • Recommendations, when applicable, for improving operations, internal controls and reducing risks • Written internal audit reports and an annual presentation to the Board committee on work performed The Board of Directors will accept the proposed internal audit plan for the fiscal year. The selected firm will be expected to perform the procedures set forth in the approved annual internal audit plan. District staff will provide access to requested documents and respond to questions that may arise during the performance of the procedures. The firm will be expected to draft audit reports and provide them to designated District staff for response, prior to finalization of the reports. Internal Audit reports will be delivered to the Board of Directors and relevant Board Committee. Consultant will attend such meetings to present and answer questions on the report. REPORTS TO BE ISSUED The internal auditor is expected to complete internal audits and internal control assessments and to issue a report on findings, for use by Management and delivery to the Board of Directors. Example reports completed during FY 2018-19 are attached as an example. Additionally, an example "agreed upon procedures" report for work completed by the District's financial statement auditor in connection with the internal audit program is also attached. Other reports and deliverables are noted in the Scope of Work section above. Central Contra Costa Sanitary District Internal Auditing and Risk Management Services RFP NO.18-19-XX Page 2 of 2 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 129 of 160 Page 6 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE 4 Partner, Supervisory, and Staff Qualifications and Experience The engagement team selected to serve Central San represents a strong, balanced blend of talent, professional skills,and industry experience that is most critical to working effectively with clients of your size and complexity. Our engagement team possesses: • Broad government industry experience • Specific experience related to forensic audits, internal controls, risk assessments, compliance and performance audits,financial reporting, documentation standards,and accounting policies and procedures • Demonstrated technical proficiency • Familiarity with enterprise resource planning software • Requisite relevant continuing professional education DEEP EXPERTISE In addition to in-depth government experience as described in the MGO TAILORED TO YOUR UNIQUE NEEDS team resumes, key team members have significant internal control and Your engagement team combines compliance experience.The proposed engagement team has firsthand subject matter experts from a wide variety of relevant fields experience in conducting the engagement's scope of services. Central Contra Costa Sanitary District Scott Johnson ENGAGEMENT PARTNER I Mark Cousineau Jasmine Costa INTERNAL AUDIT DIRECTOR IT MANAGER Peter Hughes RicJazale Byron Matson INTERNAL AUDIT DIRECTOR BENCH INTERNAL AUDIT DIRECTOR BENCH INTERNAL AUDIT DIRECTOR BENCH Adrian Gonzales MANAGER Harrison Murk CONSULTANT SUPERVISOR/ Grlgor Gevorgyan INTERNALAUDITOR SENIOR CONSULTANT INTERNAL AUDITOR OtherMGO Resources SENIOR ASSOC ATES& EXPERIENCED ASSURANCE STAFF 57 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 130 of 160 Page 7 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Scottjohnson,, CPA,, CGMA ENGAGEMENT PARTNER RESPONSIBILITIESPROPOSED ROLE& coordinatesLeads and project projectassistance Leads Works closely with your management team Available throughout the engagement to ensure proactive issue identification • service delivery SUMMARY ASSOCIATIONS As a former Finance Director and Assistant City Manager for • Past President and former Board of Director of large California cities,Scott has years of hands-on operational California Society of Municipal Finance Officers experience,as well as experience in public accounting. (CSMFO) • American Institute of Certified Public Scott is the leader of MGO's State and Local Government Advisory Accountants Services. During his municipal career,Scott has been accountable . Government Finance Officers Association for high performance.He has maintained a reputation of flexibility (GFOA) and innovation that has resulted in meeting the needs of all stakeholders;constituents,elected officials,senior management, • Association of Government Accountants and internal/external customers.Regardless of who the client is, • Former board member for retirement and service is his key objective,resulting in a high return on value. deferred compensation plans Scott has over 30 years of high-level organizational management • Committee member,AICPA Government and leadership experience.He is nationally recognized as a leader Performance and Accountability Committee in managing city finances,investments,and budgets. REPRESENTATIVE CLIENT EXPERIENCE Scott's areas of expertise include fiscal and internal operations Engagement Partner for the following recent/current of large multi-billion dollar government organizations as well as projects: medium sized local governments,such as the cities of Santa Clara, City of Berkeley,City Auditor:The City Milpitas,San Jose,Oakland and Concord,and the County of Santa of Berkeley engaged MGO to conduct a Clara.He has served as the Assistant City Manager,Assistant performance audit to assess the City's payroll City Administrator,Director of Finance,and Controller-Treasurer. operations carried out by the Internal Auditor's Several of these local governments had municipally-owned water Office Internal Audit Division.the objectives of and wastewater operations. our engagement were to(1)Determine whether the divisions internal control practices,policies, procedures,and environment adequately and Scott has extensive experience in Finance operations. He was the appropriately protect against fraud,waste, champion and executive team lead of several process improvement and abuse;and operate in compliance with and streamlining initiatives for accounts payable,disbursements, established Federal,State,and City policies, P-card,and travel programs while in San Jose. He also led efforts rules,and regulations,(2)Assess whether in reviewing and modifying controls, policies,practices,and the division's practices,policies,procedures, procedures for these business operations and re-engineering the and protocols are uniformly and consistently processes with system enhancements. applied,and ensure that pay and benefits are accurately and appropriately paid to,or applied EDUCATION,LICENSES,AND CERTIFICATIONS to,City of Berkeley employees,and(3)Identify • B.S.,in Business Administration,Accounting California State the extent that the City's systems and processes University, Hayward are in place to be compliant with the Patient • Certified Public Accountant,California Protection and Affordable Care Act(ACA)and • Management Accountant(CGMA) California's Public Employee's Pension Reform Chartered Global Mana g Act of 2013(PEPRA). 58 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 131 of 160 Page 8 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE CLIENT EXPERIENCE • County of Sacramento:Conducted a Risk Assessment Study and developed a risk-based model and audit/review plan for the County. • State of California Department of Toxic Substances Control:Conducting a performance audit of a$176 million dollar program to determine whether internal controls over program accounting and reporting are performed in accordance with GAAP. • City of Santa Ana: Medical Marijuana Business License Tax Audits(up to 10 dispensary locations annually);train City staff to perform same;regulatory and tax compliance assessments;and assist in developing recommended internal control standards and policies and procedures. • City of Tracy:Assessed Finance Department's internal control environment. Reviewew business process for finance and development services and developed recommendations and best practices. Assisted in reviewing finance department roles and responsibilities and developed job classification descriptions. • San Diego Unified Port District:Conducted an internal operational audit to determine whether 1)the District's Jurisdictional Runoff Management Program(Plan)addressed the investigative and enforcement provisions of the District's Regional Water Control Board National Pollution Discharge Elimination Permit;2)the District complied with its Plan when conducting its investigative and enforcement program activities;and 3)developed a risk register framework for the District's environmental programs. • City and County of San Francisco:Concessionaires and Airlines Performance Audits to determine if concessionaires and airlines substantially complied with their respective concessionaire agreements,and whether the amounts paid were materially correct. • County of Alameda:Conducted an operational review of the County's Investment Unit to assess the performance of the County's portfolio to assess the operations of the Investment Unit of the Treasurer-Tax Collector,including compliance,best practices,and organizational structure. Reviewed the Unit's investment performance,organizational structure,operating environment,work processes,and reporting activities.Developed recommendations to strengthen its Investment Policy,better assess its performance,improve the reliability of its data,and plan for future staffing. • City of Oakland-Procurement Department:In preparation for the system upgrade and concerned about oversight activities while looking to improve operations of the City's procurement department,the City contracted with MGO to review the operational efficiency of its Administrative Services Department's Fiscal Services Division Purchasing function. We examined the extent to which the procurement process allows management to provide effective oversight.We also determined how the City's purchasing processes and organizational structure compare with similar organizations and leading practices,i.e.,are delegated authority levels comparable with cities of similar size and procurement models.We developed recommendations to increase operational efficiency and effectiveness in the procurement process as well as strengthen internal controls,mitigate risks,and better align current processes with best practices and industry standards. (April and September 2015). • City of Riverside:Conducted a performance audit over the Public Utilities Department's overtime hours for the past five years to determine if there was any potential fraud or abuse. Reviewed and assessed department procedures and policies,union contracts,employee contracts,and tested over 5,000 samples. • County of Alameda,Auditor Controller:We performed a financial performance evaluation of its ambulance service provider,Paramedics Plus Ambulance Inc.(PPlus)operations.After PPlus requested a subsidy from the County due to operational losses,the County requested that MGO assist the County by conducting a review of PPlus's financial operations through a performance audit.(August-October 2015). • City of Pasadena:An enterprise risk assessment for the Water&Power Department's Power Delivery,Power Supply, Water Delivery,Finance&Administration,and the General Manager business units is underway. The risk assessment includes fraud,people,technology,business processes,and business strategies for each of the business units. In 2016, performed a fraud risk assessment for the Departments of Finance,Public Works,Housing and Career Services,Human Services and Recreation,Public Health,and Transportation. Prepared a fraud prevention and detection manual and provided fraud training. • County of Stanislaus-Employee Benefits Division:We performed an operational review of their Deferred Compensation(457)program.This review included a governance best practices comparison where we researched leading practices specific to Retirement Board committees;documented components related to plan governance;and compared against Committee activities as documented in the minutes over a three-year period.We assessed general oversight activities,communication protocols,and other relevant criteria such as fiduciary responsibility of each/all parties.(April- November 2015). S9 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 132 of 160 Page 9 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Mark Cousineau CPA, CGMA, CITP, CIA, CGMA, CG FM, CAFE, CLAP, CRMA INTERNAL AUDIT DIRECTOR PROPOSED ROLE&RESPONSIBILITIES Coordinates with Engagement Partner on the overall delivery of the advisory Provides identificationassistance Avail ctive issue .• • • • • •.�• service delivery SUMMARY EDUCATION.LICENSES,AND CERTIFICATIONS Mark has over 25 years of high-level organizational management • B.S.,in Business Administration,California State and leadership experience. Mark is an expert in the state and local University,San Bernardino sector. His areas of expertise include internal controls,internal • Chadron State College; MBA currently enrolled, audit activities including annual audit plan risk assessments, expected 2017 proprietary accounting and reporting with emphasis on self- • Certified Public Accountant,California insurance funds and municipal landfills,federal cost principles • Certified Internal Auditor (2 CFR 200),and fraud hotline oversight. Mark is an experienced • Certified Fraud Examiner financial reporting professional who brings information technology • Certified Government Financial Manager and local government expertise. • Certified Government Audit Professional { • Chartered Global Management Accountant, He directed,managed,supervised,and performed governmental AICPA operational audits over the expenditure cycle(procurement to Certified Information Technology Professional payment)using Government Auditing Standards(performance Certification in Risk Management Assurance audit standards)and the International Standards for the Certified Computer Security Auditor Professional Practice of Internal Auditing for more than 10 years as the Chief Deputy Auditor for the County of San Bernardino Auditor- ASSOCIATIONS Controller/treasurer/tax Collector and as a Chief Accountant for California Housing Foundation, Board of the Riverside County Auditor-Controller's office. In addition, Directors-Secretary Mark served as the Deputy Chief Controller overseeing a voucher/ American Institute of Certified Public accounts payable process for a$5 billion dollar county budget that Accountants included purchase cards,low value purchase orders,purchase California Society of Certified Public orders,and contracts that used wires,warrants/checks,and Accountants electronic fund payments to disburse funds to vendors. Institute of Internal Auditors(IIA) • Association of Certified Fraud Examiners Mark is certified by the State of California Department of justice as Association of Government Accountants a Computer Security Auditor. IIA, Inland Empire Chapter, Board of Governors 60 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 133 of 160 Page 10 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE CLIENT EXPERIENCE • County of Sacramento:Conducted a Risk Assessment Study and developed a risk-based model and audit/review plan for the County. • City of Riverside:Conducted a performance audit over the Public Utilities Department's overtime hours for the past five years to determine if there was any potential fraud or abuse. Reviewed and assessed department procedures and policies, union contracts,employee contracts,and tested over 5,000 samples. • City of Santa Ana: Medical Marijuana Business License Tax Audits(up to 10 dispensary locations annually);train City staff to perform same;regulatory and tax compliance assessments;and assist in developing recommended internal control standards and policies and procedures. • State of California Department of Toxic Substances Control:Performance audit of a$176 million dollar program to determine whether internal controls over program accounting and reporting are performed in accordance with GAAP. • San Diego Unified Port District:Directed an internal operational audit to determine whether 1)the District's jurisdictional Runoff Management Program(Plan)addressed the investigative and enforcement provisions of the District's Regional Water Control Board National Pollution Discharge Elimination Permit;2)the District complied with its Plan when conducting its investigative and enforcement program activities;and 3)developed a risk register framework for the District's environmental programs. • City of Pasadena:An enterprise risk assessment for the Water&Power Department's Power Delivery,Power Supply, Water Delivery, Finance&Administration,and the General Manager business units is underway. The risk assessment includes fraud,people,technology,business processes,and business strategies for each of the business units. In 2016, performed a fraud risk assessment for the Departments of Finance, Public Works, Housing and Career Services, Human Services and Recreation, Public Health,and Transportation.Prepared a fraud prevention and detection manual and provided fraud training. • California Electronic Recording Transaction Network Authority(CeRTNA):Computer security audits of systems and networks: o CeRTNA Electronic Recording Delivery System(statewide) o County of Butte o County of Napa o County of Placer o County of Shasta o County of Sonoma o County of Tehama • City of San Bernardino and County of San Bernardino: Financial assurance engagements. • City of Santa Monica;County of Los Angeles;County of Orange,Port of Los Angeles,Orange County Sanitation District,and San Diego City Employee Retirement System:Financial Assurance Information Technology General Controls(ITGC)review over financial reporting. • As Chief of Central Collections and Chief Deputy Auditor,Mark planned,directed,and controlled revenue enhancement operations of the County of San Bernardino's Office of Central Collections'96 staff through 10 subordinate managers and supervisors. He also conducted single source and formal procurements of information,software,mail and presort services,remote letter generation,security installations,and informal bids of supplies. • As Finance and Human Resources Manager at the Victor Valley Reclamation Authority,Mark,managed a$30,000,000 treasury using the California Local Agency Investment Fund,certificates of deposit,and federal agencies instruments. Prepared capital replacement financing plan.Participated in development of 20-year facility plan.Developed and presented to the Board of Commissioner's member entity withdrawal valuation analysis,and an overcharge adjustment plan that received unanimous Board of Commissioner's approval. • As Regional Account Manager,Mark managed customer relations for court-related revenue recovery,including providing staffing to courts for customer interaction.Collaborated with court management to resolve customer service issues. Participated on Request-For-Proposal team that was awarded contracts for approximately 40%of the California court collection market. • As Accounting and Audit Services Officer,Mark standardized court fine and fee distribution for eleven 11 geographically located courthouses to obtain operational efficiencies and meet statutory remittance deadlines. Researched bills and statutes and made recommendations to executive management. • As a professional staff,Mark planned and performed audits,reviews,and compilations of municipal governments and entities in the manufacturing,distributor,retail,service,and construction industries.Served as controller for premier manufacturer of food industry single serve packaging machines.Developed an algorithm to compute estimated parts cost for inventory purposes based on volume,materials,and surfaces. 61 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 134 of 160 Page 11 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Jasmine Costa., C1.1carAl INFORMATION TECHNOLOGY MANAGER RESPONSIBILITIESPROPOSED ROLE& Conducts . controls . focus reviews on system security . governance as directed . the Engagement Team Works closely with engagement team conduct the information systems review Participates in the communication with IT management regarding IT findings and recommendations SUMMARY Jasmine has worked in a variety of industries As part of her role with First Advantage,Jasmine from healthcare and for-profit higher education helped to manage the Organization's Enterprise- to financial services. Wide Information Security Risk Assessment Program, which involved defining and maintaining consistent She has a proven track record in facilitating and repeatable risk management and compliance practices(such as business impact analyses, service partnerships between IT, internal and external offering Information security risk assessments,and auditors,and business management in order to data classifications)for the entity's 26 business units achieve compliance for the client. in order to increase and maintain the compliance levels the company needed to meet from both a EDUCATION, LICENSES,AND CERTIFICATIONS regulatory and an information risk management University College London,U.K., perspective.This work entailed providing consultative Undergraduate Master of Science in Computer and advisoupport to the business, IT,and Science employees Zrfoquestions about security, policies, Certified Information Systems Auditor(CISA), procedures,and standards. California Jasmine has over 10 years of experience in IT audit and compliance, risk management,and information ASSOCIATIONS security,with a major emphasis on IT SOX 404 and ISACA operational audits. Her areas of expertise include developing and executing comprehensive IT general REPRESENTATIVE CLIENT EXPERIENCE controls and application controls test plans, development of controls where necessary, • ALT Systems,Inc. documentation,testing, • City of Lodi and remediation,and overall project management. • City of Los Angeles She has also managed first year audits and IT • City of Pasadena compliance initiatives, Including SSAE16 SOC reviews, • First Capitol Consulting,Inc. mapping of service provider controls to company's • LJR Holdings, Inc. internal control framework, and working with third- • Terra Tech Corp party vendors to ensure compliance with company's policies and standards. Additionally,she has had exposure to financial controls and has assisted in testing and evaluating said controls under the SOX 404 program. 62 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 135 of 160 Page 12 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE CLIENT EXPERIENCE • County of Orange: Performed IT Risk Assessment Consulting Services in accordance with Statements on Standards for Consulting Services as issued by the American Institute of Certified Public Accountants(AICPA) to assist A-C/IAD in identifying areas of IT risks using the ISACA and IIA Guidelines. The IT Risk Assessment Consulting Services were performed using criteria and guidelines established by the IIA, Information Systems Audit and Control Association (ISACA), and National Institute of Standards and Technology(NIST). • City of Pasadena:Assisted with the enterprise risk assessment for the Power Delivery and Power Supply business units(project still in progress). ■ City of Santa Ana: Performed regulatory compliance assessment for four Santa Ana Medical Marijuana collectives. • County of Alameda: Performed a review of the County's Treasurer/Tax Collector Information Technology General Controls(ITGC). • City of San Diego: Conducting cannabis regulatory and tax compliance services. • City of Salinas: Conducting cannabis regulatory and tax compliance services. • IT General Controls(ITGC)reviews to assess controls that apply to all systems, components, processes, and data to ensure the proper development and implementation of applications, as well as the integrity of programs, data files, and computer operations for MGO's following governmental assurance clients: o City of Lodi o City of Los Angeles o County of Alameda o County of Los Angeles o County of Orange o County of Tuolumne o Housing Authority of the City of Los Angeles o Nevada Public Employees' Retirement System r o Orange County Employees Retirement System (� o San Diego City Employees' Retirement System OTHER RELEVANT CAREER EXPERIENCE • NuVasive, Inc.,2015-2016 Lead IT Internal Auditor • Sharp Healthcare,2015 IT Risk Management, Change Management & Project Implementation • Bridgepoint Education,2011 -2015 IT Compliance • CoreLogic,2007-2011 Enterprise Risk Management& Information Security 63 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 136 of 160 Page 13 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Ric Hjazaie, MAcc, CPA/CFF/CITP/ CGMA,, CIA, CFE,, CISA INTERNAL AUDIT DIRECTOR BENCH , PROPOSED ROLE&RESPONSIBILITIES Internal Audit Director resource with competency needed and availability to help CCCSD with their internal audit department development. SUMMARY EDUCATION.LICENSES,AND CERTIFICATIONS Ric has over 17 years of hands-on operational,financial, • Master of Accountancy(Financial Forensics),Golden and Information Technology audit experience with various Gate University scopes of work proposed by each engagement client,as • B.S., in Business Administration,Accounting, well as experience in public accounting. His career began Finance,Internal Auditing;San Francisco State with California Department of Finance as a technology University specialist, performing audits of California's five largest data • Certified Public Accountant(CPA),CA centers.As an IT Auditor, he was responsible for testing the • Chartered Global Management Accountant(CGMA) internal controls and identifying risks of State's technology • Certified in Financial Forensics(CFF) networks. His role included finding the weaknesses in a • Certified Information Technology Professional(CITP) system's network and creating an action plan to prevent • Certified Internal Auditor(CIA) security breaches in the technology infrastructures. • Certified Fraud Examiner(CFE) • Certified Information Systems Auditor(CISA) Ric also specializes in information technology system • Licensed Private Investigator(LPI) implementation as an Independent Verification and Validation(IV&V)specialist. During his career, Ric has ASSOCIATIONS been responsible for various system implementations and American Institute of Certified Public Accountants upgrades and acted as the Audit Committee's specialist (AICPA) attesting to the implementation procedures, budgetary California Society of CPAs(CaICPA) controls, and ensuring contractors were meeting the Association of Certified Fraud Examiners(ACFE) agreed-upon milestones. He is accountable for high Institute of Internal Auditors(IIA) performance and working with integrity and ethical Information Systems Audit&Control Association standards. He has maintained a reputation of efficient and (ISACA) effective work products that have resulted in meeting the needs of all stakeholders; constituents, elected officials, REPRESENTATIVE CLIENT EXPERIENCE senior management, and internal/external customers. Conduct comprehensive security risk Regardless of who the client is, providing an outstanding assessments and surveys of information service is his key objective, resulting in a high return on technology controls to determine areas value. Some of Ric's current clients include California State to be audited, as well as review of client's Auditor,County of Los Angeles, City of Los Angeles, and internal controls over general and application County of Orange, among many other larger and medium- controls.These tools were created by Ric sized cities. based on his experiences. • Interact with senior management on a regular basis to provide status of all pending issues. • Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance. 64 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 137 of 160 Page 14 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE CLIENT EXPERIENCE(continued) • Direct and/or perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems. • Data mining and analysis, including database construction of financial records, accounting data, database extracts, etc.; analyze and reconstruct fraudulent transactions, complex transactions,financial statements, etc. • Audit surveys, including researching legal mandates and other background information, determining needs of key stakeholders, identifying potential risk areas, understanding relevant internal controls, and identifying potential sources of evidence. • Oversee a team of auditors and ensure their audit is in compliance with firm and professional • standards. • Provide consulting services, including both assurance and consulting services,to clients with SOX/FISMA, and SOC requirements. • Conduct entity-wide risk assessments, IT security analysis, and present results to a wide array of audiences. SPECIAL SKILLS • Computer applications proficiency: Excel,Word, Power Point,Access, Outlook, QuickBooks,Visio, TeamMate, CaseWare, IDEA,Active Data, and ACL. • Computer forensic analysis, using EnCase and other data recovery tools. • Extensive knowledge of IT auditing techniques and generally accepted government auditing standards, specifically with the Federal Information System Controls Audit. • Proficient in statistical analysis and developing financial models. • Excellent project management skills. • Advanced written and verbal communication skills. • Integrity within a professional environment. • Entrepreneurial abilities, client focus, and the ability to work independently or as part of a collaborative team. • Strong analytical and interpersonal characteristics. • Leadership skills such as ability to take charge, confidence to interact with all levels,set objectives, result driven,team player, and friendly personality. • Experience managing multiple projects and processes simultaneously and under deadlines and ability to handle multiple tasks and work in a demanding environment. 65 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 138 of 160 Page 15 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Peter Hhes,, MBA, CPA,, CIA, CFE,, CITPI, CCO INTERNAL AUDIT DIRECTOR BENCH PROPOSED ROLE& RESPONSIBILITIES Internal yt r Audit •r resource with competency '•e• . • availability to help CCCSD with their internal audit departmentt development. SUMMARY Certified Fraud Examiner(CFE) As the Assistant Auditor-Controller for Los Angeles UCLA Anderson Graduate School of Management's County(LAC),Dr.Hughes oversees a$28 million annual Corporate Board of Directors Oversight Program budget and 150 staff that make up the audit,compliance (qualifies him to serve as a board member on both a and investigative functions for the County.He was corporate or governmental entity) commissioned to establish LAC as the next generation for ASSOCIATIONS "auditing best practices"for internal auditing.Under Dr. American Institute of Certified Public Accountants Hughes'innovations and leadership,LAC has cut the cost (AICPA) of its audits by 50%,saving millions in audit cost;cut the Current member of the IIA's National American turnaround time from ten months to four;significantly Center for Government Auditors(ACGA) expanded audit coverage without any additional staff, Served as ambassador for the AICPA National realigned the audit focus to address the Board's strategic Government Performance and Accountability goals;and,cut the length of the audit reports in half while Committee(GPAC) significantly improving their usefulness.LAC is the largest • Served as a member of the IIA's Board of Research county in the USA,with a$30 billion annual budget and and Education Advisory Committee 110,000 employees that serves over 10 million residents • Currently serving on the ACFE's Editorial Board of and 88 cities.Its budget is bigger than the budget of 22 Advisors states and it serves more residents that 42 states possess REPRESENTATIVE PROFESSIONAL EXPERIENCE in total population. Dr.Hughes is a highly experienced executive who EDUCATION,LICENSES,AND CERTIFICATIONS currently holds the position of Assistant Auditor- Ph.D.,Oregon State University,Public Administration Controller for Los Angeles County.In addition,he has • MBA,University of California,Riverside,Statistics and held leadership positions as the Acting Controller for Organization Theory Caltech,Assistant Controller for CBS, Performance Audit Director and Director of Internal Audit for • BA,Pomona College,Claremont,Ethics and Moral Orange County as well as the Director of Internal Audit Philosophy for Caltech,NASA's Jet Propulsion Lab and for the • Certified Public Accountant(CPA) Oregon University System.He is easy to work with, • Certified Internal Auditor(CIA) eager to tackle new and challenging assignments,and consistently rated as an outstanding partner,innovator, • Certified Corporate Compliance&Ethics Professional 'Change Agent'and communicator.He has extensive (CCEP) experience in re-engineering cumbersome and even • AICPA Certified Information Technology Professional 'adversarial'processes into'Customer-Centric'services (CITP) that are highly cost effective,timely and closely aligned • Institute of Internal Auditors'(IIA)Accredited Peer with the key stakeholders'and clients'priorities and Reviewer strategic plans. 66 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 139 of 160 Page 16 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE PROFESSIONAL EXPERIENCE(continued) Along with his County internal auditing experience at both Los Angeles and Orange County, Dr. Hughes has served as the Director of Internal Audit for three world-class organizations;California Institute of Technology (Caltech), NASA's jet Propulsion Laboratory(JPL)and the Oregon University System of Higher Education. Additionally, Dr. Hughes served as Acting Controller for Caltech and was Assistant Controller/Director of General Accounting and Finance for a major subsidiary of Columbia Broadcasting System(CBS). He also worked for Arthur Andersen in Los Angeles and was a professor of accounting at California State Polytechnic University at San Luis Obispo.and developed each of his audit department into a world class audit function as reflected in his Peer Reviewers comments. Dr. Hughes is a noted speaker at international conferences and has been a trainer for the California Board of Accountancy. He is recognized as a leading authority in creating customer-centric and innovative business processes that are highly cost efficient and effective that are aligned closely with the needs of the customers.Additionally, he is one of the originators of"high impact"risk-driven auditing for universities, city and county government. He is a highly sought-after expert on implementing cost effective controls and educational programs for stopping and spotting fraud; ensuring SOX and HIPAA compliance;and hotlines and ethics programs. Dr. Hughes has played a pivotal role in establishing and refining Anti-Fraud Programs, Ethics Committees,and Hotlines at NASA's Jet Propulsion Lab, Oregon University System,and for Orange and Los Angeles County and has either personally conducted or directly supervised over 1,000 investigations. He is a strong advocate of the adage"an ounce of prevention is worth a pound of cure"and has lectured on the benefits of effective educational and monitoring programs to reduce process inefficiencies and fraud. Dr. Hughes is recognized as an authority in improving the cost effectiveness and efficiencies of governmental entities having designed and facilitated over 130 Control Self-Assessment and Process Improvement workshops involving 2000 participations that identified and implemented over 3,000 improvements. He has led his audit departments successfully through seven IIA,and GAO Yellow Book(GAGAS) Peer Reviews and is a recognized authority on preparing and conducting them as well as on the application of IIA's Capacity Model Guide as a quick way to self-assess one's current state of capacity against their desired capacity. 67 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 140 of 160 Page 17 of 31 SECTION 5A E STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Byron L. Matson, MA, CRMA INTERNAL AUDIT DIRECTOR BENCH PROPOSED ROLE&RESPONSIBILITIES neededInternal Audit Director resource with competency and availability to help CCCSD with their internal audit department , development. SUMMARY ASSOCIATIONS Byron is a certified internal audit professional with over 30 Member and Committee Chair,Institute of Internal years of staff and management experience in all aspects of Auditors,Sacramento Chapter the profession.He has a strong background in identifying Adjunct Faculty(Accounting and Internal Controls) and assessing risks and the internal controls designed University of Phoenix to mitigate such risk,as well as communicating audit observations and recommendations for improvement to REPRESENTATIVE CLIENT EXPERIENCE senior and executive management. lniernal Control and Cam nc�Reviews • City of Burbank:Reviewed internal controls Byron's experience encompasses a highly diverse set of and wrote policies and procedures for general clients,including the Federal Government(home and accounting,accounts payable,accounts receivable, abroad),the international arena with the North Atlantic budget,fixed assets,payroll and purchasing. Treaty Organization,higher education,state and local Performed a SSAE 16 assessment where we government,and the commercial sector. Additionally, reviewed management's assessment of their Byron has held manager and director-level positions controls and provided an opinion on its validity. in three public corporations,as well as consulting City of Ventura:Conducted a review of cash engagement positions in state,local and higher education handling in the Parks Department resulting agencies. in numerous control improvements aimed at reducing losses. EDUCATION, LICENSES,AND CERTIFICATIONS City of Beverly Hills:Reviewed processes and • MA(National Security Analysis&Strategic Studies)U.S. developed recommendations for improvements in Naval War College,Newport,Rhode Island the City's real estate management system. • BS(Accounting),Magna Cum Laude,James Madison City of Los Angeles Convention Center: University,Harrisonburg,Virginia Developed policies and procedures for the Convention Center staff to better manage the • Certified Internal Auditor(CIA),Institute of Internal contract between the City and the Convention Auditors Center operator,improve financial reporting • Certification in Risk Management Assurance(CRMA), controls,and strengthen operations overall. Institute of Internal Auditors California State University(CSU)System- CSU Dominquez Hills and CSU Los Angeles: Developed cost allocation methodology for departments to better manage and allocate costs. 68 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 141 of 160 Page 18 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE CLIENT EXPERIENCE(continued) Internal Control and Compliance Reviews[continued] • City of Compton:Completed five separate internal audits of the following operations and functions:(1) contracting,financial management,and business practices at the Housing Authority;(2)the City's implementation of correcting journal entries related to PERS contributions,accounts payable,and enterprise accounting;(3)the City'Planning Department's sufficiency of cash handling controls(Cash handling audit);(4)self-insurance activities related to assessing whether or not the City appropriately implemented administrative leave policies,appropriately classed employees correctly to benefit packages,and accurate payment of worker compensation claims,and(5)adequacy of planning and budgeting of the re-hiring of retired City employees. • City of Newport Beach:Reviewed the City's operation of Tidelands Trust Funds to determine compliance with California Land Commission rules and procedures. • City of Beverly Hills:Reviewed and tested controls over pay and benefits of the various bargaining units that represent City employees. • Acclamation Insurance Management Services(AIMS):Reviewed the control objectives and control activities at AIMS,a publicly traded company,to verify that they exist and are designed as described. We tested the effectiveness of the controls in order to determine that they can reasonably meet the control objectives they were designed to meet. • Reclamation District 1000 Sacramento:Reviewed financial statements for compliance with Government Accounting Standards Board(GASB)provisions.We provided recommendations for improvement resulting in numerous changes. • Consulted with a bank and a stock brokerage firm to write and test internal controls over financial reporting.This entailed working closely with major departments to determine how the financial data flowed into the financial statements.Once the major controls were identified,described and tested,gaps were determined and recommendations for improvements were provided. After gap remediation,controls were retested and certified.Trained key staff members on periodic testing and gap remediation techniques. • Validated a claim for reimbursement submitted by a credit union reporting fraud.The work entailed determining the occurrence of other fraud cases,and validating how reported incident occurred,including examining the sufficiency of controls. • Served as an internal audit manager and senior internal auditor for Health Net Inc.,Rancho Cordova,CA and the University of California/Davis Health Campus,Sacramento,CA. • Health insurance underwriting:Reviewed underwriting practices company-wide and recommended improvements in the application of actuarial data to specific underwriting categories and found solutions to problems in setting,evaluating and correlating policy rates to various underwriting classes of policy holders.Policies were also evaluated for compliance with state and federal regulations regarding out-of-area coverage and issues related to denial of coverage. • Membership Accounting:Reviewed membership policies including how membership is established and billed to member companies.This includes evaluating problems with the ways insurance coverage is established for new employees and terminated for departing employees.This includes transition to COBRA and other plans for departing employees. • Health Care Marketing:Reviewed policies and procedures related to issuing new coverage options and the process of pricing new plans and plan options. • Medical security issues:Reviewed issues related to patient privacy in line with federal HIPPA and state regulations regarding the handling of medical information within the company and information that is passed to other providers and insurance plans. • Call center operations:Reviewed health system call centers to recommend improvements on call waiting and call distribution,as well as evaluated the accuracy of information provided by call center staff to plan policy holders and medical providers. • Medical fraud:Reviewed medical issues to determine the extent that plan policyholders and plan medical providers commit fraud. Additional emphasis on out-of-area fraud prevention returned recommendations that resulted in significant savings. • Medical claim processing:Reviewed systems designed to pay claims in the most accurate and efficient manner.Provided recommendations to pay claims quicker with more automation and a greater emphasis on fraud prevention and waste. • Home Health Care:Reviewed the process that the company employed to provide home health services.Recommendations to outsource the services to local firms resulted in significant savings. Performance Audits • State of California Department of Toxic Substances Control:Performance audit of a$176 million dollar program to determine whether internal controls over program accounting and reporting are performed in accordance with GAAP. • County of Alameda:An Operational Audit of the County's Investment Unit to assess the performance of the County's portfolio to assess the operations of the Investment Unit of the Treasurer-Tax Collector,including compliance,best practices,and organizational structure. • Los Angeles Housing and Community Investment Department:Conducting a Fiscal Review of Housing Projects. • City of Riverside:Conducted performance audit of the City's sewer bonds,to include determining how well bond proceeds were spent in support of City and taxpayer objectives. • City of Sacramento,Utilities Division: Completed a performance audit,the objectives of which were to:(1)evaluate the system of internal controls utilized in the Department's Billing&Collections function,(2)test the accuracy of utility bills, and(3)assess the City's ability to recover amounts owed. • California Department of Developmental Services:Performance audit of the Department regarding its use of First Five grant program funds,including services provided and program recipients served. • U.S.Government Accountability Office,Washington,DC:Audit manager for 25 years mainly conducting performance audits of federal programs in the Departments of Labor,Defense,Health and Human Service,Treasury,and Agriculture. 69 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 142 of 160 Page 19 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Adrian Gonzales PROJECT MANAGER RESPONSIBILITIESPROPOSED ROLE& Develops workplans,designs methodology,establishes project objectives ope Designs structured interview guides, data collection instruments StandardsConducts data analysis and performs report writing Ensures all workpapers are prepared in accordance with the Statements on -. by Certifiedthe American Institute of Public .. SUMMARY ASSOCIATIONS Adrian is an experienced public sector management Member,Association of Local Government Auditors consultant possessing a diverse background advising Education Committee over 40 agencies,including cities,counties,special Chair,City of San Jose Board of Fair Campaign and districts,and nonprofits,on how to be more efficient, Political Practices effective,and economical. He has managed and performed a range of services for state and local Lead Advisor, EI Camino YMCA Youth&Government government clients including financial assessments, legislative analyses,policy studies,performance and REPRESENTATIVE CLIENT EXPERIENCE compliance audits,and other consulting engagements. Internal Control/Performance Audit • *County of Santa Clara:Managed comprehensive He has performed over 30 operational assessments performance audits,policy studies,and fiscal for cities,counties,special district,and nonprofits, analyses to assist the County Board of Supervisors to improve efficiency and transparency.Noteworthy in managing its$6 billion annual budget and experience includes providing analytical support for the $5.5 billion worth of taxpayer-funded assets. City of Stockton as it went through the AB506/Chapter Achievements included:Identifying opportunities for 9 bankruptcy and organizational restructuring of over the County Controller to implement a management $500 million in debt. information system that tracks where,when, and why payroll errors occur to recover up to$2 million annually that is lost to employee errors and Adrian's experience includes providing analytical fraud;worked with the Child Abuse and Neglect support for the City of Los Angeles City Administrative Call Center to design an automated dashboard for Officer on a variety of policy issues including regulating real-time performance management,empowering banks,regulating the adult film industry,tracking the department to more efficiently deploy staff and the City's annual budget reduction efforts,among increase its call response rate from 80%to nearly others.He also provided analytical support for the City 100%. of Whittier's City Manager on public transportation planning,monitoring capital improvement spending, *County Santa Clara:Management Audit the public hearing management,and online presence. Assess Appeals Process-Comprehensive review of the County's process for administering refunds EDUCATION,LICENSES,AND CERTIFICATIONS to taxpayers after a successful assessment appeal. Recommendations resulted in improving internal - B.A.,Political Science/Public Policy,Whittier College, controls during the processing of information Whittier,CA between three different departments and four different business units to mitigate improper refunds that triggered this audit. 70 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 143 of 160 Page 20 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE REPRESENTATIVE CLIENT EXPERIENCE(continued) Capital Improvement Projects • *County of Santa Clara: Management Audit of the County Communications Department-Conducted a comprehensive evaluation of the County's consolidated emergency dispatch center,including the department's asset maintenance and replacement plan.Recommendations included working with County administration to continually monitor and record the conditions of the Department's capital assets to better prioritize CIP maintenance and replacement funding needs. Cost Study • *City of Sacramento:Development Services Review and Fee Study-Consulting engagement that assisted the Development Services department in evaluating its business practices for processing building permits,as well as reviewing and revising the department's cost allocation methodology for calculating service fees. Fiscal Analysis/Review • City and County of San Francisco:Sales and Use Tax Consulting-Consulting engagement to assist the City/County in negotiating and administering a fair audit process from the State regarding the City's sales and use tax reporting. • *City of Long Beach:Fiscal Sustainability Initiative. • *City of Monrovia:Citywide Organization Study. • *City of Campbell:Fiscal Sustainability Plan. Information Technology • City and County of San Francisco:IT Review-a review of the implementation of the City's financial management system. Litigation Support/Expert Witness • *City of Stockton:Litigation Support for the AB506/Chapter 9 Bankruptcy Restructuring and Ineligibility Lawsuit from Credits-Provided analytical support for City management and its legal team to demonstrate the City's due diligence in reducing operational costs and optimizing revenues before filing for bankruptcy.We also provided analytical support for demonstrating how the City's significant budget cuts had drastically impacted the City's service levels. Organizational/Operational Assessment • *City of Stockton:Chapter 9 Bankruptcy Restructuring-Provided analytical support for various consulting engagements to help the City continue to reduce operational expenses while minimizing the negative impact on service levels.Studies addressed opportunities for the City to reduce dispatching costs by consolidating service with other agencies in the County,or outsourcing;opportunities to reduce labor costs by more appropriately managing overtime eligibility and use; opportunities to reduce fleet management costs by downsizing fleet size and improving shared services,among other issues. • *Tri-Valley Utilities:Coordination/Integration Study-Collaborative study commissioned by the Cities of Livermore, Pleasanton,Dublin,and San Ramon,the Dublin-San Ramon Services District,and Zone 7,to identify opportunities to improve operational efficiency in collecting,transmitting,discharging,treating,and storing water,wastewater,and storm water for the region. • *Orange County Fire Authority:Organizational Structure and Management System Review focused improving the agency's organizational structure and staffing arrangement. • *City of Tracy:Fire Governance Study focused on evaluating different models for governance over fire protection services delivered between the City of Tracy and Tracy Rural Fire Protection District.We recommended that the District annex the City into its service area to protect property tax revenues for fire protection services. • *Los Angeles Civil Grand Jury:Investigation of Towing and Impound Practices focused on evaluating how twelve cities in the county managed the performance of towing vendors and impacts on the community. Compliance • *City of Long Beach:Audit of BVI-Compliance audit focused on determining whether the City's primary vendor for operating beach concessions was appropriately reporting their gross receipts and subsequently paying the appropriate monthly remittance based ❑n three different lease/contract agreements with the City.We found that the vendor lacked the appropriate internal controls to verify whether gross receipts were being reported correctly,and with the receipts that were available,found that the vendor was behind in payments to the City. • City of San Diego: Marijuana Compliance Audit that focuses on regulatory and tax compliance assessments. • County of Santa Clara:Measure A Oversight Committee Independent Auditor Services-Ongoing contract to serve as the independent auditor reporting to the Oversight Committee responsible for ensuring that Measure A bond funds are appropriately being used for approved affordable housing programs. * Prior to joining MGO 71 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 144 of 160 Page 21 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Harrison Murk CONSULTANT SUPERVISOR/INTERNAL AUDITOR PROPOSED ROLE&RESPONSIBILITIES Conducts - . ; Reviews and analyzes client internal controls SupervisesResearches issues as -. by Engagement Manager Reviews all workpapers before Manager for further review SUMMARY properly supported and whether the committee Harrison has three years of experience in governmental complied with campaign finance laws. auditing,accounting,advisory,training,and management • County of Santa Clara: Assisted in developing services. His areas of expertise include financial and a general compliance checklist relating to the compliance audits,as well as assessing internal controls, County's single audit and related grant programs. performing control and execution testing and variance • Santa Clara Valley Transportation Authority: analysis. Assessment of National Transit Database(NTD) Methodology EDUCATION. LICENSES,AND CERTIFICATIONS • B.S.Accounting,University of Kentucky City Governments • B.B.A. Finance,University of Kentucky Berkeley • Fremont REPRESENTATIVE CLIENT EXPERIENCE Fresno • Richmond Housing Authority: Performed Oakland consulting services which included assessing existing controls and operational compliance with County Governments these controls through detail testing.Identified San Mateo Medical Center areas of risk of fraud and misconduct,and Santa Clara recommended improvements and best practices. • City and County of San Francisco:Conducted Dissolved Redevelopment Agencies/Successor airport audit concession and airlines performance Agencies audits to determine if concessionaires and airlines City of Fresno Redevelopment Successor Agency substantially complied with their respective City of Oakland Redevelopment Successor Agency concessionaire agreements,and whether the amounts paid were materially correct. Retirement Systems • California Department of Toxic Substances City of San Francisco Employees'Retirement Control:Performance audit of a$176 million dollar System program to determine whether internal controls over program accounting and reporting are Special Districts performed in accordance with GAAP. Alameda County Water District • City and County of San Francisco Ethics Commission:Conducting assessments of Airports&Ports campaign contributions and expenditures for 12 Los Angeles International Airport committees of publicly financed candidates that Port of Oakland received public funds during the 2016 election Port of San Francisco { cycle to determine if campaign contributions and San Francisco International Airport expenditures were reported accurately and were 72 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 145 of 160 Page 22 of 31 SECTION 5A II STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Grigor Gevorgyan,, CPA SENIOR CONSULTANT/INTERNAL AUDITOR RESPONSIBILITIESPROPOSED ROLE& Conducts - . . SupervisesReviews and analyzes client internal controls Researches issues as -. by Engagement Manager Reviews all workpapers before Manager for further review SUMMARY City of Santa Ana:Conducting Medical Grigor has over four years of professional experience Marijuana Business License Tax Audits; providing auditing and accounting services with expertise training City staff to perform same;assisting with city and county governments. He has lead financial in developing recommended internal control statement and compliance audits,attestation of forecasts, standards and tax budget revenue forecast and consulting engagements for major counties,cities, model. airports,and other transportation agencies in California. Los Angeles World Airports&San Francisco His areas of expertise include assessing internal controls, International Airport: Performed an performing control and execution testing,and variance attestation of the forecasted revenues and analysis.He is most passionate about identifying, expenses resulting from the construction of the researching,analyzing(at both high and detailed level),and rental car facilities to be covered by customer improving upon existing business processes. facility charges. • Santa Clara Valley Transportation Authority: EDUCATION, LICENSES,AND CERTIFICATIONS Performed an analysis of the existing cost allocation plan,determined if reasonable,and • B.S.(Professional Accountancy),California State proposed a revised methodology for allocating University of Northridge various costs to the different transportation • Certified Public Accountant(CPA),California modes. Based on the proposed methodology, configured an excel template to automate the PROFESSIONAL MEMBERSHIPS allocation process by simply pasting the general • American Institute of Certified Public Accountants ledger detail into the workbook. (AICPA) • California Society of CPAs(CaICPA) REPRESENTATIVE CLIENT EXPERIENCE • Association of Certified Fraud Examiners(ACFE) County Governments • Los Angeles REPRESENTATIVE CLIENT EXPERIENCE • County of Sacramento: Performed an internal audit City Governments risk assessment for the County,including all of its 37 • Compton departments. Reviewed and assessed most current • Los Angeles and past external and internal audits,budget data, • Rolling Hills Estates departmental surveys,and interviewed department Retirement Systems personnel. • Pasadena Police&Fire Retirement System • City of Los Angeles:Performed an audit of the City's cost allocation plan for fringe benefits,central Airports,Ports,and Other Transportation services,compensated time off,and administrative • Hollywood Burbank Airport and support costs of 33 departments with multiple • Los Angeles World Airports cost centers. • Palos Verdes Peninsula Transit Authority • City of San Diego:Conducting cannabis regulatory • Port of Los Angeles and tax compliance services. • San Francisco International Airport • Santa Clara Valley Transportation Authority 73 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 146 of 160 Page 23 of 31 SECTION 5A STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Firm Qualifications and Experience As noted in Section 2A of our proposal (Company History and Overview), MGO has approximately 300 professionals. The firm's staff providing services comparable to those in this RFP are identified in this section of our proposal (Section 5A, Staff and Firm Qualifications and Experience). All of them are employed with MGO on a full-time basis,with the exception of Ric Jazaie, a former MGO employee now working as an independent contractor,who is highly credentialed and has extensive expertise with internal controls and risk assessments. We also have additional staff in our firm who have the experience and expertise to fulfill this engagement. Our Walnut Creek office will be the primary location of the office from which the work on this engagement is to be performed. Disciplinary Action There have been no disciplinary actions taken or pending against the firm during the past three years with state regulatory bodies or professional organizations, as well as any pending or settled litigation within the past three years. Relevant Projects A list of representative projects performed in the last five years that are similar to Central San's requested services is presented below: Internal Control Projects • Richmond Housing Authority:Currently performing consulting services which include assessing existing controls and operational compliance with these controls through detail testing. Identifying areas of risk of fraud and misconduct,and recommending improvements and best practices. • City of Berkeley: In 2016,we assessed the adequacy and effectiveness of segregation of duties and internal control procedures,including that of automated systems,the adequacy and accuracy of payroll systems and processes.We also assisted the City in the development of roles and responsibilities of the current payroll positions. Our evaluation identified several areas within the payroll and benefit payment process that required additional reconciliation and oversight to help ensure accuracy and completeness.Our evaluation identified several process and control areas that could be improved. We developed 10 prioritized recommendations for the City to enhance and improve operations. 74 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 147 of 160 Page 24 of 31 SECTION SA I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE • San Diego Unified Port District:In 2017,conducted an internal operational audit to determine whether 1)the District's jurisdictional Runoff Management Program(Plan)addressed the investigative and enforcement provisions of the District's Regional Water Control Board National Pollution Discharge Elimination Permit;2)the District complied with its Plan when conducting its investigative and enforcement program activities;and 3)developed a risk register framework for the District's environmental programs. • City of Ventura:Reviewed cash handling policies and procedures in 2016 at the Department of Parks, Recreation and Community Partnerships(PRCP);evaluated controls over cash handling at a variety of locations for 13 specific functional areas with PRCP. • City of Irvine:Performance Audit for the Payroll Function in 2013-Assessed the adequacy and effectiveness of segregation of internal control duties and internal control procedures,payroll system and processes accuracy,and payroll roles and responsibilities. • City of Santa Ana:Currently performing Medical Marijuana Business License Tax and regulatory compliance assessments;training City staff to perform same;assisting in developing recommended internal control standards. • City of Beverly Hills:Performance Audit of Payroll and Benefits Processing in 2014-Determined the adequacy and effectiveness of segregation of internal control duties and internal control procedures,payroll system and processes accuracy and identify process areas that required additional reconciliation and oversight. • City of Oakland:Finance Department-Procurement Division Operational Audit in 2016- • Assessed the adequacy of current policies and procedures governing purchasing activities,determined the extent to which they are up-to-date and aligned with current processes and leading practices; • Examined the extent to which the procurement process allows management to provide effective oversight;and, • Determined how the City's purchasing processes and organizational structure compare with similar organizations and leading practices;that is,are delegated authority levels comparable with cities of similar size and procurement models. • Developed recommendations to increase operational efficiency and effectiveness in the procurement process, as well as strengthen internal controls,mitigate risks, and better align current processes with best practices and industry standards. The scope of this performance audit included the procurement function and limited areas of its internal control environment,as well as portions of the City's information management systems. Additionally,we conducted a limited assessment of the organizational structure and operations of high level staff duties within the Purchasing Services Division. • City of Burbank:Performance Audit of Payroll and Benefits Processing in 2016-Reviewed internal controls and wrote policies and procedures for general accounting,accounts payable,accounts receivable, budget,fixed assets, payroll and purchasing. • City of Compton:Completed five separate internal audits of the following operations and functions:(1) contracting,financial management,and business practices at the Housing Authority;(2)the City's implementation of correcting journal entries related to PERS contributions,accounts payable,and enterprise accounting;(3)the City'Planning Department's sufficiency of cash handling controls(Cash handling audit);(4)self-insurance activities related to assessing whether or not the City appropriately implemented administrative leave policies,appropriately classed employees correctly to benefit packages,and accurate payment of worker compensation claims,and(5) adequacy of planning and budgeting of the re-hiring of retired City employees. 75 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 148 of 160 Page 25 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Risk Assessments MGO staff assigned to this project have conducted multiple risk assessments for the purposes of annual risk- based audit plans,five-year audit plans, and enterprise-wide risk assessments planning. Performing a risk assessment to identify areas for future audits requires more than simply identifying the risk universe.We look enterprise-wide to strengthen controls but also develop solid audit objectives tailored to departments,functional areas and process improvements. Further,our staff have completed scores of risk assessments ranging from large state agencies to county and city internal audit departments,therefore,we have the experience working with a range of size and complexity. Within the last five years,for example,we performed a county-wide risk assessment on behalf of an Auditor- Controller Department's Internal Audit division in order to assist them in developing their annual audit plan.We assessed the risk of 10 departments that comprised over 80 percent of the County's budget. Risks were assessed by department and functional area, i.e.,financial management,staffing resources, information technology, governance operations, procurement/contracts and cost savings/revenue enhancement.We found many trends among the departments wherein we identified the same functional areas posed risks for all departments.To conduct the assessment,we prepared data collection instruments to gather the required data and input the raw data into a large database.We graphically displayed the likelihood and impacts of functional risks in each department,as well produced as a County-wide heat map to show the risk profile for each department. The County of Sacramento Auditor-Controller's office has recently contracted with MGO to assist them in their audit planning efforts.The audit work plan will enable the County to effectively utilize limited audit resources by focusing on areas of highest need. MGO is currently in the process of conducting a risk assessment of department operations and activities to identify County departments that can potentially benefit from internal audit services, based on risk. MGO specializes in state and local government audits and has extensive experience conducting risk assessments. Specifically, MGO is looking at the following external and internal risks related to the following areas: EKBenrol lmtm ■ politica ■ caphul ■ Emrornic ■ People ■ •'■iel ■ Pr�oa� ■ Tech 1 ■ Tedywkw • Erwir�re��al To obtain the highest quality risk assessment to support a risk-based internal audit plan, MGO will work with Central San management to set the risk assessment in the proper context by taking into account internal audit activity,governance,and resources, both internal and external. We understand California Government Code sections 1236,26980-26990, as well as 26909 and its newly enacted provisions to allow county auditors to provide reviews and agreed-upon procedure engagements in lieu of financial statement audits when specific requirements are met. In addition, MGO internal audit and risk assessment professionals are knowledgeable about the additional duties that may be imposed on Central San via California Government Code sections 25259.5 and 26883. We will work with Central San to focus our risk assessment to match the anticipated resource levels, historical competencies,and any policy initiatives that seek to expand Central San's internal audit activity beyond financial and safeguarding internal control audits and reviews. Our risk assessment experience is not limited for purposes for audit planning: In 2016, MGO performed a fraud risk assessment for the Departments of Finance, Public Works, Housing and Career Services, Human Services and Recreation, Public Health, and Transportation for the City of Pasadena.We also prepared a fraud prevention and detection manual and provided fraud training to City staff. Pleased with our work,we were subsequently contracted by the City to perform an enterprise-wide risk assessment of the Power and Water Department's five business units in 2017-2018. 76 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 149 of 160 Page 26 of 31 SECTION SA I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE • Washington State Auditor's Office-In 2010,we completed a statewide risk assessment to identify areas of potential performance audits(to address identified risks)for the Washington State Auditor's Office as part of the Auditor's statewide performance review.We worked with 38 state agencies listed below and held an all-hands training meeting.Our teams worked with each of the 38 agencies to complete an assessment form and the tool was used to consolidate responses into a single database for analysis. Specifically we conducted a performance audit risk assessment to develop an audit work plan that examined agency efforts at accomplishing 9 different goals for improving service delivery and agency functioning. Examples of goals included cost savings,streamlining business functions,and outsourcing of services. Our work assessed the potential for cost savings and enhanced service delivery, including opportunities to enhance internal controls for the 38 state agencies.To develop the risk assessment,we prepared data collection instruments to gather the required data and inputted the raw data into a large database. Thirty eight graphs were then automatically generated by our benchmarking model that showed our metrics on likelihood that the agency will accomplish the goals and measures and the impact agency efforts would have on the intended goals. Department of ftki t m Office of Finandal Maretgernent Deparonem of LKBra ng Depmunent of Sooel and Health Ser Aces Office of the AtInrney General Department of Rsh and Wildide Liquor Control Board Comms of the Superinm ent of PublictnstnKfwn VNIm aftMAudlmr Department of General ?Airttary Department y Department ofTrwtsportadon AdmQ+ii- -on Department of Commerce Health Vase Authority ��of l 0fice ofthaTreasurer Department ofComtections DepamnantofFlpalth Parks arid Recreation Uti#rb"andTmmsparta w Commission Commission DWaof Mforrrmfion Department of Early Learning � Ds Mmu tit of Personnel Washington State Patrol Department of Ecology ofthe Insurance DepwWwrit of Revenue Employment Secwity Depsstrrterm.of La6ar and 0frxr of time Sommmy of State Department Industries 77 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 150 of 160 Page 27 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Other Relevant Experience Fraud Risk Assessments and Forensic Work • City of Pasadena Fraud Risk Assessment,Training and Fraud Manual Development: Currently conducting Phase 2, an enterprise risk assessment for Department of Water and Power. In 2016, performed a fraud risk assessment for the Departments of Finance, Public Works, Housing and Career Services, Human Services and Recreation, Public Health,and Transportation. Prepared a fraud prevention and detection manual and provided fraud awareness and detection training to City management. • California Community College District of San Francisco Forensic Audit: We conducted a forensic audit in response to multiple anonymous allegations of fraud.The review entailed reviewing each allegation to determine if there was sufficient information to support further investigation.To complete the audit,we performed interviews,assessed policies, procedures and processes, completed various transaction testing, conducted data analysis,and sought out the anonymous author of the allegations. • Santa Clara Valley Water District Forensic Audit: We performed an independent forensic audit of select District procurement processes and records and provided a risk assessment of any potential missed savings opportunities,financial loss,and misconduct related to the District's procurement of goods, maintenance/repair services,and other non-construction or non- consulting services. • County of Riverside: In 2012,conducted a county-wide risk assessment on behalf of the Auditor-Controller Department's Internal Audit division in order to assist them in developing their annual audit plan. Assessed the risk of 10 departments that comprised over 80 percent of the County's budget. Risks were assessed by department and functional area, i.e.,financial management,staffing resources,information technology, governance, operations, procurement/contracts and cost savings/revenue enhancement.We found many trends among the departments wherein we identified the same functional areas posed risks for all departments. Prepared data collection instruments to gather the required data and input the raw data into a large database. Multiple graphs were then automatically generated,which metrics on the likelihood and impacts of functional risks in each department,as well as a County-wide heat map that showed the risk profile for each department. 78 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 151 of 160 Page 28 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE • San Diego Convention Center: In 2011,conducted a risk assessment to develop an audit work plan for improving service delivery and agency functioning. Our work assessed risk and opportunities for improvement among finance, HR, IT, and marketing and sales.To conduct the assessment,we prepared data collection instruments to gather the required data and inputted the raw data into a large database. Multiple graphs were then automatically generated,with metrics on the likelihood the department would accomplish increased efficiency and effectiveness. Recent experience in forensic accounting investigations of whistleblower complaints • Conducted internal investigations related to embezzlement, whistleblower,financial reporting fraud,foreign corrupt practices act, loan fraud, construction fraud, Ponzi schemes, health care fraud, related party transactions, billing disputes, bankruptcy fraud, anti-money laundering,and other related matters • Southeastern Economic Development Corporation:After a media investigation and internal complaints,we were contracted by the City of San Diego to conduct a fraud,waste,and abuse audit of the Southeastern Economic Development Corporation,a non- profit organization that received substantial funds from the City.We analyzed the agency's revenue sources,forecasts,and evaluated the agency's methodology for its budgeting process.The results of the evaluation were used to assess the strengths and weaknesses of the entity's budgeting process and to develop solutions for improved budgeting and found ongoing fraudulent activities among high level staff who were later charged with crimes. • SunLine Transit Agency: Evaluated the effectiveness of the agency's operations, including its budgeting practices to develop recommendations for a more effective budgeting process. Reviewed the line item budget,the agency's strategic plan, and held meetings with agency management and Commission staff to identify the types of new financial reports needed within the agency to better monitor performance.The results of our review highlighted multiple areas at risk for waste and abuse. 79 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 152 of 160 Page 29 of 31 SECTION 5A I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE Forensic Accounting Recent experience in forensic accounting and investigations in bond programs or school district finances under the requirements of California state law • Directed audits of school claims and internal control audits of a centralized joint claims payment function of a county auditor- controller and county superintendent of schools, including site audits of 42 school districts. • Conducted a facilities program review of a large unified school district with more than 20,000 students to determine the district's compliance with policy, regulations, and laws over new schools construction and existing schools renovations. • Experience leading,designing,and conducting internal,compliance, and performance audits; program evaluations,and audits of state and local government agencies and programs relating to a variety of issues. • For the State of California Office of Public School Construction, conducted a financial analysis of school facilities costs under Title 5. One of our objectives was to determine the percentage of a school facility that could be built with the grants currently available under Title 5. • Directed financial, performance, and compliance audits of the third largest community college district in California. Experience with investigation of whistleblower complaints from staff and vendors.Worked closely with external litigators on Proposition 39 bond compliance and investigations related to the District's bond program. Recent experience in forensic data recovery • Data mining and analysis, including database construction of financial records,accounting data,database extracts, etc.;analyze and reconstruct fraudulent transactions, complex transactions, financial statements, etc. • Review documents; data mining and analysis,and prepare rebuttal reports and critiquing opposing expert reports • Computer forensic analysis, using EnCase and other data recovery tools Recent experience in forensic accounting of public construction projects and knowledge of industry benchmarking • County of Riverside: Provided audit expertise to the Project Management division of the Economic Development Agency. Conducted audits of construction projects done by the Project Management division. Audited a $60 million jail addition,and reviewed building/office remodels,the construction of an animal shelter,and a major upgrade to the County's data cable system. 80 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 153 of 160 Page 30 of 31 SECTION SA I STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE • Los Angeles County Metropolitan Transportation Authority (LACMTA), Management Audit Services: o Conducted a Performance Audit of the nearly$2113 Exposition Metro Construction Authority(Expo Light Rail) Project- Concerned about the substantial cost overruns experienced in the construction of the Expo Phase 1 project,the Los Angeles County Metropolitan Transportation Authority(MTA)Board requested us to perform an audit to determine: (1)the causes of cost overruns in the first phase,(2)the lessons learned, and; (3) how risks have been mitigated in the second phase of the project. o Conducted a Risk Assessment/Performance Audit Planning Assessment- Developed an agency wide risk-assessment model identifying a comprehensive list of risk categories and the needed data. Met with 8 Metro departments and 5 partner agencies, including Gold Line Construction Authority, ACE,Access(paratransit), and the Expo Construction Authority. We developed an implementation plan,and a set of data collection tools were developed and provided to MTA staff on the use of the tools. • City of Rancho Cordova:Assisted the City in validating that the methodology and approach used to develop the rates used by a contractor were sound and in adherence with the California Department of Transportation(Caltrans)Local Assistance Procedures Manual(LAPM). • State of California Office of Public School Construction: Conducted a comprehensive statewide statistically valid survey of California School Districts to determine the costs of building new elementary, middle and high schools.The results were used to compare school district costs with revenue allocated for construction by the OPSC in order to determine whether increases in revenue allocations were needed. One of our objectives was to determine the percentage of a school facility that could be built with the grants currently available under Title 5. • History San Jose Museum:To assist the City of San Jose determine appropriate levels of funding for the History San Jose Museum, conducted an audit which included benchmarking financial and performance benchmarks against other similar sized museums.We researched and obtained industry data from the American Alliance of Museums and compared History San Jose among similarly sized museums across 10 performance benchmarks. • County of Kern: KMC Physician Compensation Analysis-for three consecutive years, conducted a physician compensation analysis at Kern Medical Center.We compared over 40 physicians' compensation in five practice areas to benchmark data published by the Medical Group Management Association(MGMA). Our report compared physicians'compensation, including professional fees, against published benchmark data,to similarly sized hospitals in similarly demographic areas. 81 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 154 of 160 Page 31 of 31 SECTION 5A STAFF AND FIRM QUALIFICATIONS AND EXPERIENCE • Metrolink- In 2010, as contracted internal audit providers,we conducted an enterprise-wide risk assessment where we developed criteria for a risk model and planned and conducted the risk assessment.We conducted interviews and data gathering in the areas of finance, including accounting, budgeting and payroll,capital program management, contract administration, procurement, project control,and fare collection services. Our review identified areas of risk within the departments and assessed the likelihood and impact of a risk event occurring.The assessment included interviews with management and staff personnel as well as review of documentation such as policies and procedures, manuals, and communications. Our report included heat maps detailing each department's risk within specific functional and operational areas. • Pierce County,Washington-In 2010 we conducted a risk assessment to develop an audit work plan for improving service delivery and county agency functioning. Our work assessed risk and opportunities for improvement among 10 county departments.To conduct the assessment,we prepared data collection instruments to gather the required data and input the raw data into a large database. Multiple graphs were then automatically generated,with metrics on the likelihood the department would accomplish increased efficiency and effectiveness. • Golden Gate Bridge Authority-in 2010,the client requested that we conduct a risk assessment to develop an audit work plan for improving service delivery and Authority functioning. Our worked assessed risk and opportunities for improvement among 10 departments.To conduct the assessment,we prepared data collection instruments to gather the required data and inputted the raw data into a large database. Multiple graphs were then automatically generated,which metrics on the likelihood the department would accomplish increased efficiency and effectiveness. 82 October 23, 2018 Regular FINANCE Committee Meeting Agenda Packet- Page 155 of 160