May 14, 2009 - Staus of open audit recommendations as of ...boardarchives.metro.net/BoardBox/BB2009/2009_05_May/BB 051409.pdf · Balance Scorecardis lackingindicators for "improve

Metropolitan Transportation Authority

Metro

One Gateway PlazaLos Angeles. CA 90012-2952

213.922.2000 Telmetro.net

FROM:

May 14, 2009

TO: BOARD OF DIRECTORS

THROUGH: ARTHUR T. LEAHY fI!'"CHIEF EXECUTIVE dFFICER

RUTHE HOLDEN~CHIEF AUDITOR, MANAGEMENT AUDIT SERVICES

SUBJECT: STATUS OF OPEN AUDIT RECOMMENDATIONS AS OFMARCH 31, 2009

ISSUE

At the March 2005 Executive Management and Audit Committee meeting, the committeerequested that the status ofall open audit recommendations be reported monthly. Thisincludes audits performed by Management Audit Services (Management Audit) and, incompliance with policy, external audits performed by outside auditors.

DISCUSSION

Management Audit's monthly audit follow-up report includes all open auditrecommendations related to findings reported by Financial Audit, Information Technology(IT) Audit, Operational Audit, and outside auditors; statistics on the number ofrecommendations closed or completed since the last report; and a summary ofauditactivities in Contract Audit and Grant Audit.

During the month ofMarch, Management Audit issued two reports: Health Care BenefitEligibility (09-TRS-F01) , which contained no recommendations, and Audit of ProcurementCard Program (07-PMM-IlO), which contained five recommendations. The Office of theInspector General issued one report, Follow-up ReviewofMetro Rewards Program (09AUD-02), which contained five recommendations. The new open audit recommendationsare included in the attachment as items 7 - 9, 48 - 51, and 57 - 58. One recommendationfrom an audit issued in March was closed, and ten recommendations open from theFebruary report were closed during March. We are activelyworking with staffto close eachrecommendation as quickly as possible. The total open recommendations as of March 31,2009 are included in Attachment A.

The following table summarizes the follow-up activity for audit recommendations duringMarch 2009.

Table 1Summary of Financial, IT, Operational and External Audit Recommendations

As ofMarch 31, 2009

Closed or Under Not Yet TotalExecutiveArea

Completed Review Extended DueOpen

Recom.ChiefFinancial Services

1 6 6OfficerChiefAdministrative Services

4 1 8 26 35OfficerChiefReal Property

1 3 4Management & Development

ChiefPlanning Officer 2 2Chief Communications

1 5 4 9OfficerGeneral Mgr. Rail Operations

Chief Operations Officer 1 3 2 3 8ChiefCapital Management

4OfficerTotals 11 10 12 42 64

Contract Audit conducts audits related to pre-awards, change orders, and incurred costs, aswell as providing support for claims, contract closeouts and contract related litigation. GrantAudit conducts closeout audits ofprojects funded by the Call-for-Projects.

During March 2009, 115 contract audits remained open pending the results ofnegotiations.Grant Audit issued two final audit reports.

NEXT STEPS

Management Audit Services will provide the next monthly status report for the periodending April 30, 2009.

Attachment A: Open Audit Recommendations Report

All Current Audit RecommendationsStatus as of March 31,2009

Attachment A

Audit Rec Original ExtendedNo. Report Number Report Date

EntityTitle Exec Area Finding /Corrective Action Completion Completion Com mentsNo

Date Date

Balanced Scorecard consists pri marily offina ncial indicators and islacking in operational performance indicator s. Management agreesto request that ITS investigate and recommend options for thereplacement of the Balanced Scorecard application and to meet thegoal of having the reporti ng ofall key perform ance meas ures "in oneplace." Management will make a recommendation for fundi ng a stud yto determine the scope, schedule and cost ofthis effort in development

1 08-0PS- OOl 11/26 /2008 MASBalanced Chief Financial of the FYl0 budget. Management does not recommend cust omizati on

Scorecard Services Officer 1 of the Balanced Scorecard to handle non -numerical measures because 5/ 31/2009it is a commercially off the shelf (COTS) application that utilizesnumerical values and management has been notified that the vendorwill shortly discontinue sup port for this software.

Balance Scorecard is lacking indicators for CEO priorities "Improvetran sit service" and "Deliver quali ty capital proj ects on time andwithin budget." Management agrees that such additionalperformance measure s be developed and willrequest that ITS provide

2 08-0 PS·OOl 11/26/2008 MASBalanced Chief Financial

2 options for their implementation. Management willmake a 5/ 31/2009Scorecard Services Officer recommendation for fun ding the implementation effort aftercompletion of the FYI0 study to determine the best tool to present theinform ation .

Balance Scorecard is lacking indicators for "improve transitservices. " Rail Operation's management recommends a focus on the

3 08-0PS·OOl 11/26 /2008 MASBalanced Chief Financial

2athree un iversally reported performance measures of 1) on-time

5/3 1/2009Scorecard Services Officer performance; 2) mean time between failures for vehicles; and 3) servicehours actual compa red to planned.

Balanced Socrecard is lacking indicators for" Secure local, state andfederal funding: and Maintain open lin es ofcommunication."Management will proceed to establish an organizational mechanism to

4 08-0PS ·OOl 11/26/ 2008 MASBalanced Chief Financial

3 develop metrics for the goals "Secure local, state and federal funding; 5/3 1/ 2009Scorecard Services Officer and Maintain open lines of communication ."

1 of 14

All Current Audit RecommendationsStatus as of March 31, 2009

Attachment A

Audit Rec Original Extend edNo. Report Number Report Date

EntityTitle Exec Area Finding/Corrective Action Completion Completion CommentsNo

Date Date

CBA Rules and HR Policy are not Programmed in E-time. The ChiefFinancial Services Officer and Treasurer submitted to IT's a service ITS cannot

Audit of EvTime Chief Financial request to enhance the E-Time system where the programm ed complete5 07-ACC·IOS 8/1/2008 MAS

System Services Officer1 validation controls comply with the relevant timekeeping CBA and HR 3/3 1/ 2009 service request

policies . until October2009.

System 's edit and validation controls n eed improvement . The ChiefFinancial Services Officer and Treasurer willinvestigate the feasibility ITS cannot

Audit of E·Time Chief Financial ofcreating a database for Payroll to efficiently an d effectively monitor complete6 07-ACC·IOS 8/1/2008 MAS

System Services Officer2 bereavement, jury duty and FML by March 2009. 3/31/2009 service request

until October2009.

Inadequate supervison resulted in inapproriate and non-compliant

Procurem entChief purchases. Requir e that approvers sign a form similar to the

7 07-PMM·110 3/31/2009 MAS Administrative 1 cardh olders which re-emph asize their responsibilities in oversight. 9/ 30/2009Card Program

Services Officer

Inadequate supervison resulted in inapproriate and non-compliantpurchases. Clarify the definition ofrestricted food purc hases and the

ProcurementChief restriction on purchase ofgift cards; and require that approvers

8 07-PMM·110 3/3 1/2009 MAS Administrative 2 provide cardholders with a writte n pre -authorization explaining wha t 9/ 30/ 2009Card Program

Services Officer can be purchased, and from where.

ChiefInadequate supervison resulted in inapproriate and non-compliant

Procurement purchases . Institute an enhanced follow-up process for monthly9 07·PMM·110 3/31/2009 MAS

Card ProgramAdministrative 3 statement package 9/3 0/2009Services Officer

20f 14


Attachment A


EntityTitle Exec Area

No Findin g/C orrective Action Completion Completion CommentsDate Date

Departments have not validated and assessed business andinformation security risks as required by Metr o policy. TheInformation Techn ology Services will communicate, reinforce, andprovide guidelines to Metro business units on their responsibility tovalidate and assess information security risks. The ITS Department ,Records Management Center, and County Counsel will collaborate anddevelop an agency-wide Inform ation Security Standard Operating

Department Chief Procedures that Metro business units will implement and utilize to

10 OS·AVD·1S 2/24 /2009 OIG Inforrmation Administrative 1a accomplish and maintain uniform ity and consistency of procedures 8/30/ 2009Security Services Officer used to validate and assess information security risks by: (a)

Developing a new Information Security training module that will beoffered through the OD&T Management Orienta tion Program (MOP).The training module will be conducted by ITS in conjun ction withRecords Management Training cour se.

Departments have not validated and assessed business andinformation security risks as required by Metro policy. b) The ITSDepartment, Records Management Center (RMC)and Coun ty Coun selwill collaborate and develop an agency-wide Information Security

Departm ent ChiefStandard Operati ng Procedures (SOPs) that Metro business un its willimplement and utilize to accomplish and maintain uniformity and

11 08·AVD·IS 2/24/2 009 OIG Inforrmation Administrative 1b consistency of procedures us ed to validate and assess inform ation 6/30 /2010Security Services Officer security risks . The Information Securi ty (IT 1) Policywill also be

revised to reiterate and refer the bus iness units to the SOPs fordirection and guidance .

Departments have not develop ed written procedures (SOPs) oninformation security as required by Metro policy. The additionaldirection and guidance will be addressed in the new inform ation

Department Chief security train ing module in con junction with the Records Management12 08·AVD-IS 2/24 /2009 OIG Inforrmation Admi nistrative 2 Training course and the Information Security SOPs. In addition, 8/ 30/2009

Security Services Officer information securi ty awareness sessions will be conducted to facilitatethe implementation ofthe Inform ation Security SOPs.

3 0£14


Attachment A

Aud it Rec Original ExtendedNo. Report Number Report Date Title Exec Area Finding/Corrective ActionEntity No Completion Completion Comments

Date Date

It is important that Departments im plement wri tte n standard

Department Chief operating procedures (SOPs) to protect da ta. The Information13 08·AVD·IS 2/24/2009 OIG Inforrmation Admi nistrative 3a Securi ty SOPs will include directions and guidance for bus iness units 6/30{20IO

Securi ty Services Officer to follow to assess information security risks .

It is importa n t th at Departments impleme nt wri tten standardoperating procedures (SOPs) to protect data. The req uirement for

Department Chiefbus iness units to define all data resources under their controlincluding sensitivity and privacy consi dera tions , will be included in the

14 08·AVD·IS 2/24 / 2009 OlG Inforrmation Administrative 3bGEN 8 Policy, and guidelines to assist departments with m eeting this 6/30{2010

Securi ty Services Officerrequirement will be provided in the Information Security SOPs .

It is important that Departments implement written standardoperating procedures (SOPs) to prot ect data. The requirement for

Department Chiefbus iness units to identify the scope and access of appro priate staffwill

IS 08·AVD ·I S 2/24/2009 OIG Inforrmation Administrative 3cbe included in the reviewed GEN 8 Policy, and guidelines to assist

6/ 30/ 2010business units in m eeting thi s requirement will be provided in th eSecurity Services Officer

Information Security SOPs.

It is importa n t that Departments im pleme nt wri tten standardoperating procedures (SOPs) to protect data. The revisions to the

Department Chief GEN 8 Policy will include guidelin es for identi fying an d controlling all

16 08·AVD-IS 2/24/2 009 OlG Inforrmation Administrative 3ddata /i nformation taken outside of Metro works ite, More detailed

6/30 /201 0Securi ty Services Officer procedures will be outlined in the Information Security SOPs that will

be followed by all departments.

It is im porta nt that Departments implement written standardoperating procedures (SOPs) to pro tect data. The revisions to theGEN 8 Policy will include guidelines for identifying and controlling all

Department Chief data /i nformation taken ou tside of Metro worksi tes, which will include

17 08·AVD·IS 2/24/2009 OIG Inforrmation Administrative 3e the use ofencryption and/or password protection. Specific procedures 6/30 /2010Security Services Officer will be outlined in the Information Security SOPs that must be

followed by all business units .

4 of 14


Attachment A


EntityTitle Exec Area Finding/Corrective Action Completion Completion CommentsNo

Date Date

Establish policies that define the acceptable use of removable storage

Department Chiefmedia. The revisions to the GEN8 Policywill include guidelines foridentifying and controlling all data/information taken outside of Metro

18 08-AVD-IS 2/24/2009 OlG lnforrmation Administrative 4a worksites, which will include the use of encryption and/or password 6/30/2009Security Services Officer protection.

Establish policies that define the acceptable use ofremovable storagemedia. The GEN 8 policywill be revised to include the requirementfor controls such as logs for sensitive data fries taken outside of Metro

Department Chief worksites. Procedures for implementing this part of the policywill be19 08·AVD-IS 2/24/2009 OIG Inforrmation Administrative 4b included in the Information Security SOPS, and communicated and 6/30/2009

Security Services Officer reinforced through Records Management MOP Training course.

Establish policies that define the acceptable use ofremovable storageDepartment Chief media. The revised GEN 8 Policywill prohibit attaching Metro data

20 08-AVD-IS 2/24/2009 OlG Inforrmation Administrative 4c files to e-mails for non-business purposes. 6/30/2009Security Services Officer

Establish policies that defme the acceptable use ofremovable storagemedia. The current GEN8 Policyaddresses opening or saving Metrodata fries on employees' personal computers in section 1.S.3.3

Department Chief Employee Copying and Use ofMTA Records, and section 1.S.3.421 08-AVD-IS 2/24/2009 OIG Inforrmation Administrative 4d Results of Using Personal Computers or Other Electronic Devicesto do 6/30/2009

Security Services Officer MTAwork. This will be included in the revised policy as well.

Metro made most payments to vendors, employees (non-wage), andpublic agencies via paper check. Management believes thatopportunities exist for Metro to increase efficiency and security bymaking greater use of EFT payments. Procurement agrees that EFTshould become the default method of payment for all new contracts

Use of Chief and purchase orders unless the vendor submits a written request to optWill close in

22 08-AVD-12 10/17/2008 OIG Electronic Fund Administrative 2 out. Procurement will add appropriate language to all new 1/31/2009April.

Transfer Services Officer solicitations. Accounting and Procurement will continue to worktogether to encourage existing vendors to sign up for EFTpayments.

Sof14


Attachment A



NoFinding/Corrective Action Completion Completion Comm ents

Date Date

Compliance toDue to decen tralized IT responsibility, there is a lack ofmonitoringofcomputers. Create and m aintain an agency-wide computer

Software Chief inventory list, inclu ding laptops .23 06·ITS·I12 9/ 30/2008 MAS License Administrative 1.1 12/ 31/2009

Agreements & Services OfficerLACMTA Policy

Compliance toITS list of software inventory is not compreh ens ive. Create and

Software Chiefmaintain an agency-wide software inven tory list.

24 06·ITS·I12 9/30 /20 08 MAS License Adm inistrative 1.2 12/31 /2009Agreements & Services OfficerLACMTA Policy

Non-Compliance to Software Licensing. Develop detailed guidelines

Compliance to which include complia nce to licensing agreements , com puter and

Software Chief software inventory process in conjunction with the Asset Tracking

2S 06·ITS·I12 9/30 /2008 MAS License Administrative 1.S Policy, and reporting un-licensed software. 9/30/2009Agreements & Services OfficerLACMTA Policy

Non -Compliance to Software Licensing. Set up a secure repository forCompli ance to all related software documents and CDs.Software Chief

26 06·ITS·I12 9/ 30/2008 MAS License Administrative 1.6 12/31 / 2009Agreem ents & Services OfficerLACMTA Policy

Comp liance toNon-Compliance to Software Licens ing. Perform a periodicmonitoring and oversight to ensure compliance to th ese policies.

Software Chief27 06· ITS·I12 9/ 30/2008 MAS License Adm inistrative 1.7 12/3 1/2009

Agreements & Services OfficerLACMTA Policy

60f14


Attachment A

Audit Rec Ori ginal ExtendedNo. Report Number Report Date


No Finding/Corrective Action Completion Completion Com mentsDate Date

Vend or File Maintenances Needs Strengthening. Procurement andMaterial Management - Client Vendor Services will continue to reviewvendor data as part ofthe daily business process . In the first quarter of

Audit ofFIS- ChiefFY09, Client Vendor Services will initiate a meeting to coordinate with

28 07-ACC-I08 9/29/ 2008 MAS Vendor Master Administrative 4.3key departments [i.e., ITS, Human Resources and Management Audit)

3/31 /2009Will close in

to iden tify and document activities necessary from their area of May.File Services Officer operations to established procedures for performing annualmaintenance ofthe FIS Vendor data.

Monitoring ofInactive Inventory Needs to be Strengthened.Inventory Chief Inventory Manager will update procedures related to idle, inactive and

29 08-0 PS-OOS 8/28/2008 MAS Management Administrative 1.1 obsolete bus inventory item s and Material Staff will receive training on 6/30 /2009Audit Services Officer the updated procedures.

ChiefInventory Turnover Rates are not Consistent with Inventory

Inventory Man agement Policy & Procedures. Inventory Manager will review,30 08-0PS-OOS 8/28 / 2008 MAS Management Administrative 2.1 upda te and republish Inventory Procedures . 6/ 30/ 2009

Audit Services Officer

Inven tory Turnover Rates are not Consistent with Inventory

Inventory Chief Managem en t Policy & Procedures. Inventory Manager will develop

31 08·0 PS·OOS 8/28 /20 08 MAS Management Administrative 2.2 and publish Rail Policies and Procedures. 11/30/2008 6/30 / 2009 Extended once.Audit Services Officer

Invento ry Turnover Rates are not Consi stent with InventoryManagement Policy & Procedures. Inventory Managementdeveloped an inventory turn report which was included with July'smonthly Material Management Statistical Report . Lead times areadjusted regula rly and automatically by M3 based on actual lead timesfor the most recent five procurements for each item code. Reorder

Inventory Chiefpoints and safety stock are currently updated semi -annually at division

Under review.storeroom locations and with every replenishment for stock purchase32 08-0PS-OOS 8/28/2008 MAS Management Administrative 2.3 Mars for the "sup plied by" warehouses . Inventory Management is 12/3 1/2008 Will close in

Audit Services Officer implementing Dynamic Inventory Optimizatio n system (DIOS) April.

maintain closer tolerances on th ese metrics. All but service levels arecomplete. The Inventory Manager will identify and publish servicelevel requirements by December 31, 2008.

70f14


Attachment A


EntityTitle Exec Area Finding/Corrective Action Completion Completion Comm entsNo

Date Date

Classification of Active Inventory Items is not Consistent withInve ntory Management Policy & Procedures. Inventory Man ager will

Inventory Chief develop and employ a mon itoring process to ensure that the existing

33 08·0PS-OOS 8/28/20 08 MAS Management Admi nistrative 4.2 policies, proce dures and controls for inventory item classifications are 6/ 30/2009Audit Services Officer consistently and accurately applied. Inventory Manager will develop

and publish by June 2009.

Min / Max inventory Level adjustment process Needs Strengthening.

ChiefInventory Manageme nt willestablish a structured monitoring process

Inventory to ensure consistent and accurate utilization ofthe Min/Max system.34 08·0 PS-OOS 8/28 /2008 MAS Management Administrative 5.1 Inventory Man ager will develop an d publish the monitoring process by 6/30/2009

Audit Services Officer June 2009.

ChiefLack of Policy to regulate the installation of Wirel ess Networks. TheCIO corrected the weaknesses identified in the aud it for M3. In Extended once .

WirelessAdministrative addition, the CIO will draft an agency-wide policy for wireless systems Draft policy

35 07·CEO·I06 10/ 24/2007 MAS NetworkServices Officer;

1 and will coordinate a review of the draft policy with ATMS and UFS 12/ 31/2007 12/ 31/ 2008 has beenSecurity

Gen . Mgr. Rail management. submitted forOperations; Chief

Real Prope rtyreview.

Inconsistencies and control weakn esses found in th eChief implementation ofwireless networks. The CIO has corre cted the M3

WirelessAdministrative issues identified in the report. Project Management and Rail

36 07·CEO·I06 10/24/2007 MAS NetworkServices Officer;

2 Operation ma nage ment will work together with the CIO to identify the 6/ 30/ 2008 6/30/2009 Extended once.Security

Gen. Mgr. Rail mo st cost effective an d efficient methods to correc t the specific wirelessOperations; Chief weaknesses identified in the report.

Real Property

Lack ofsoftware purchase and u sage poli cy and procedures. Th e CIOExtended

Software Chief will finalize the draft ofthe IT Stand ards Compliance Policy in

37 06·ITS·I09 4/13/ 2007 MAS License Policy Administrative 1.2 accordance with GEN 5 prior to adoption and ensure it includes th e 8/31 /2007 11/ 30/2008twice. Policy

and Procedures Services Officer recommended areas. ITl still underrevision.

80f14


Attachment A



NoFinding/Corrective Action Completion Completion Comments

Date Date

Written poli cies and procedures had not been developed for erasin gdata from computer hard drives prior to their disposal. ITS willwork

Disposal of together with Records Management to resolve the conflict with the Policy will beComputer Chief language in Policy GEN 8 which states that only Records Managem ent aggen dized for

38 06-AUD-12 9/ 15/2006 DIG Equipment and Administrative 2 Center staff are authorized to delete or destroy public records, 12/31 /2006 12/ 31/2007 Board approvalData Storage Services Officer including erasing data from hard drives. The revised language will fourth quarterMedia clarify responsi bilities. 2009.

Disposal ofLACMTA departments were not following th e requirement in Policy

Policy willbeGEN 8. Records Management an d Legal Counsel willreview PolicyComputer Chief GEN 8 and add pro cedures for destroying unneeded or damaged aggendized for

39 06-AUD-12 9/ 15/ 2006 DIG Equipm ent and Administrative 4 electronic storage media. 12/ 31/2006 12/ 31/ 2007 Board approvalData Storage Services Officer fourth quarterMedia 2009.

LACMTA departments were n ot following th e requirement in PolicyGEN 8. An updated opini on by Legal Counsel is that publi c record sare defined according to Governme nt Code 6252(e) of the CaliforniaPublic Records Act, and ifa definition is included in the policy, th en

Disposal of the policy willbecome outdated when the government code changes. Policy willbeComputer Chief Therefore Counsel suggested tha t in the body ofth e policy, the first aggendized for

40 06-AUD-12 9/15 /2006 DIG Equipment and Administra tive 5 time the term "public records" is used, there will be a notation 12/ 31/2006 12/ 31/ 2007 Board approvalData Storage Services Officer referencing th e code [i.e. publ ic records is defined according to fourth quarterMedia Government Code section 6252(e) of the CPRA). This way the validity 2009.

of the policy willnot effected should th ere be changes to the code.

LACMTA departments were not following th e requirement in Policy

Disposal of GEN 8. Upon the completion ofrevisions to Policy GEN 8, the Policy willbeComp uter Chief Records Manager willissue a communications memo to all staff aggendized for

41 06-AUD-12 9/ 15/20 06 DIG Equipment and Administrative 6 informing them of policy requirem ents. The Records Manager will 1/ 31/ 2007 12/ 31/2007 Board approvalData Storage Services Officer also update the instructions of the relevant quarterly Management fourth quarterMedia Orientation Progra m (MOP) training courses. 2009.

90f14


._-- -------- . -----

Attachment A



No Finding/Corrective Action Compl etion Completion CommentsDate Date

52% ofthe Rental Agreements requiring adjustments were notadjusted. Real Estate has developed a matrix which schedules 375revenue agreements for market rate adjustments in 2008. To completethis goal they will prioritize these agreements and will seek additional

PropertyChief Real staff resources. They will complete appraisals using both in-house and

ManagementProperty outside fee appra isers. Those agreements which are determined to be

42 08·REA·F01 8/28/2008 MAS and RentManagement & 1 in the highest priority categories will be adju sted, with a goal to 7/ 31/ 2009

CollectionDevelopment complete all such rental adjustments by Decemb er 2008. The

Controls remaining lower-priority 2008 adjustments will be carried over to 2009and made during the period of Janua ry to July 2009.

PropertyChief Real

Real Estate does not maintain a vacant property listing. The ITS canno tManagement

PropertyDepartment will work with the ITS Department to develop a vacant complete

43 08·REA·F01 8/ 28/2008 MAS and RentManagement & 2 property listing report . 1/ 31/ 2009 service request

CollectionDevelopment until April

Controls 2009.

Past due Rental Income Receivable. Real Estate and Accounting haveworked together to revise rent collection and delinquency procedures,

PropertyChief Real to improve invoicing control by using the new Rental Property

Mana gementProperty Management Information System , and to provide tenants the

44 08·REA·F01 8/ 28/2008 MAS and RentManagement & 5 opportunity to pay rent through Electronic Fund s Transfer. Changes 3/3 1/2009 Under review.

CollectionDevelopment to the filling and categorization process will be made to give a more

Controls accurate depiction ofthe collection activityin the future.

Inadequate Internal Controls over Real property and Collection ofRental Income for the last 12 years . Real Estate acknowledges thatoutsourcing certain ofthe prop erty management functions may be an

PropertyChief Real

option to address the concerns raised in this audit. Outs ide support inManagement

Propertyfollow-up on delinquencies and conduct ofinspections could be

45 08·REA·F01 8/2 8/ 2008 MAS and RentManagement & 6 considered if the strategies outlined in thi s response prove not to be 5/ 31/2009

Collection effective in their implementation . Outsourcing will be furtherControls

Developmentreviewed after a period of6 to 9 months of the processes discussed inthis response.

10 0f1 4


Attachment A

Audit Rec Original ExtendedNo. Repo rt Number Report Date

EntityTitle Exec Area Finding/Corrective Action Completi on Completion CommentsNo

Date Date

Adm inistra tive fess paid to brokers shoul d be reassessed afterch an ges to th e program have been m ade . Once the program is

Extended once.modified an d the details are finalized, staffwill reassess the feeReport on the keeping in mind th e ne w program requir em ent and funding Corrective

action hasIm m ediateChief Planning availability. Reduci ng emphasis on the taxi vouchers could help kee p

been delayed46 06·INTp·TCBA 5/10/ 2006 MAS Needs 5.1 the administrative fee in che ck. 6/30/2007 8/ 31/ 2008Officer until th eTra nsportationcompletion ofProgram (INTP)the FY08 auditin March 2009.

Future solicitation process for brokers ' contracts should beconsid ered . Once the program requirem ent, th e mission statementand th e taxi program are well defined, staffwill proceed with theprocurement to select agenci es to administer the program. Staff

Report on theconcurs with th e audit recommendations for general qua lification ofthe brokers, which are as follows: Not-for-profit status ; offices located

Im m ediateChief Planning within lA County; size and organ izational structure that provides

47 06·INTP·TCBA 5/ 10/2006 MAS NeedsOfficer

11 admi nistrative support to the program with low overhead costs; 6/30/2007 8/ 31/ 2008 Extended onc e.Transportation capab le ofma intaining lACMTA's insurance requi rements; offers aProgram (INTP) broad base of social service pr ogram s or provides transportation

services to th e underserved population of lA County.

In ventory and Reconciliation Practices Need Improvement. A cashcount ofgift cards balanced to accounting records will be done by th eProject Manager and Accounts Supervisor twice per fiscal year: once

Follow-upChief on February 10, an d again on August 15 or as close to these dates as

48 09·AUD-02 3/ 20/ 2009 DIGReview on

Communication s l a possible. The Project Manager and Accounts Sup ervisor will oversee6/ 30/ 2009

Metro Reward sOfficer the implem en tation ofthese steps. These dates will be included in th e

Program revised Rewards Policies, Procedures , and User ManuaL

Improvements can be made in managing and m aintaining

Follow-upChief

re aso nable inventory levels. The Inventory an d Projections Form as

Review on well as th e Policies and Procedures Manual to forecas t gift card49 09·AUD-02 3/ 20/2009 DIG

Metro RewardsCommunications l b purchasing will be revised. 6/30 /2009

ProgramOfficer

11 of14


Attachment A



No Finding/Corrective Action Compl etion Completion CommentsDate Date

Inven tory and Reconciliation Practices Need Imp rovement . The

Follow-up Metro Rewards Policies, Procedures, and User Manua l will be revised

Review onChief to require that a joint inventory and recon ciliation be taken when th e

50 09-AUD-02 3/20/2009 OIGMetro Rewards

Communications 2 Project Manager chang es. G/30/2009

ProgramOfficer

The Excel Inventory Spread sheet reported in accurate inventory

Follow-upbalanc es due to several input errors. Metro Commute Services is

Chief working with the ITS Department and is in the early stages ofcreating51 09·AUD·02 3/20/2009 OIG

Review onCommunications 5 a database to replace the current Excel spreadsheet to track and 12/3 1/2009Metro Rewards

Officer monitor the gift cards m ore efficiently.Program

Stockroom alarms did not tri gger during intrusion test. Customer

ChiefPrograms & Services will work with Safety & Security to develop a

Fare Media security checklist and establish a central, secure location for a52 08-0PS·OOG 10/7/2008 MAS Stockroom Commun ications 1a functional master key. 3/3 1/2009 Under review.

Audit Officer

Stockroom alarms did not trig ger during intrusion test. The

Fare Media Chiefstockroom alarm system will be tested on a quarterly basis.

53 08-0PS- OOG 10/7/2008 MAS Stockroom Communi cations 1b 3/ 31/2009 Under review.Audit Officer

Printing contractor in non-compliance with contract terms. The

Fare Media Chiefprinter has agreed to install a secondary storage space and lockeddoorway for our fare media and to document securi ty contr ol measures

54 08-0PS -OOG 10/7/2008 MAS Stockroom Communications 3a over fare media printing, receiving, and delivery. 3/3 1/2009 Under review.Audit Officer

Printing contractor in non-compliance with contract terms. On an

Fare Media Chiefannual basis the Director ofCustomer Programs and Services will

55 08·0PS-OOG 10/7/2008 MAS Stockroom Communications 3bconduct an un announ ced inspection of the printer.

3/31 /2009 Under review.Audit Officer

12 of1 4


Attachmen t A



NoFinding/Corrective Action Completion Compl etion Comments

Date Date

Non-enforcement of contract terms ofdelivery of fare mediaoverruns and scraps to the Agency. Customer Programs & Services

Fare Media Chief will enforce the contract by requiring the printer to deliver the fare56 08-0P S-0 06 10/7 /2008 MAS Stockroom Communications 4a med ia overruns and scrap to the fare media stockroom. Stockroom 3/31/2009 Under review.

Audit Officer personnel will be responsible for storing and disposing overruns andscrap.

Pcard users in Transportation Contract Services Division have been

Procurement Chief OperationsExempt From Restrictions and Monitoring. Transportation Contract

57 07-PMM-!l0 3/31/2009 MAS 5 Services Division (SAFE)will write their own Pcard manual to comply 9/ 30/ 2009Card Program Officer with Metro policies.

Pcard users in Transportation Contract Services Division have beenExempt From Restrictions and Monitoring. Transportation Contract

58 07-PMM-!l0 3/3 1/2009 MASProcurement Chief Operations

7 Services Division (SAFE) will write their own Pcard manual to comply 9/30 / 2009Card Program Officer with Metro policies.

Fare MediaKey could not be located during intrusion test. Safety & Security will

59 08-0PS·006 10/7/2008 MAS StockroomChief Operations

lcimplement an Electronic Cabinet System to ensure keys are organized

12/31/2008 4/30/2009 Extended once.Audit

Officer properly, accounted for and located easily.

26 (31%) of85 Bus Operator Instructors do not have the certificationrequired by the California Education Code. Operations Managementconcurs with the recommendation. OCI will provide quarterly

Chief Operationsmon itoring and compare the OTIS instructors to the HR report (or

60 08-0 PS-007 8/ 1/2008 MASBus Operator

1 comparable) system that lists all current instructors. Any inconsistency 12/ 31/ 2008 Under review.SafetyTraining Officer foun d will be investigated by OCI and the appropriate record(s) will be

up dated accordingly.

13 of 14

.'


Attachment A

Audit Rec Original Extend edNo. Report Number Report Date

EntityTitle Exec Area Fin din g/ Corrective Action Completion Completion CommentsNo

Date Date

Some Bus Operators with avoidable accidents are not being trainedin a timely fashion. OCI is curr ently working to establish an oversightprocess/procedure for division instru ction staff to improvecommunication, trackin g of training and tim eliness oftraining.Division instruction staff personnel are responsible for ensuri ng

61 OS-OPS-007 S/1/200S MAS Bus Operator Chief Operations2

operators receive post accident training in a timely manner. OCI, in12/ 31/200S Under review.Safety Training Officer cooperation with division ins truction, will monitor the schedul ing and

completion ofpost acciden t training. When the process /procedur e isfinalized it will be distributed to staff immediately.

Some OCI Operation Training and Tracking Database Systemrecords are inaccurate. The OTIS is currently being modified to flag

62 OS-OPS-0 07 8/1/2008 MASBus Operator Chief Operations

3or block any attempts at inputting future dates or previous dates older

12/ 31/ 2008 Under review.Safety Training Officer th an six months.

Service Data Information needs to address FTA limited Englishproficiency. Departmental procedur es willbe developed to insure th atmaps used to validate Metro service compliance with Title VI

Tier 1 Service Chief Operationsincorpo rate a layer addressing limited English proficiency. Said map

63 07-0PS-011 6/1/2008 MAS 1 layer will require Census data not expected to become available until 11/30/ 200S 5/ 31/2009 Extended once.Changes Officer September 2012. The next revision to the Transit Service Policy will

include a reference to the limited English Proficiency procedure.

Three recs :Rec.1 willclose in April

64 07-0PS-006 12/6/2007 MASContinuity of Chief Operations

1 Security Sen sitive . Security Sensitive Information 12/ 31/200809; ree. 2

Operati ons Plan Officer closed March09; rec. 3closed inMarch 08.

140[14

Documents

May 14, 2009 - Staus of open audit recommendations as of ...boardarchives.metro.net/BoardBox/BB2009/2009_05_May/BB 051409.pdf · Balance Scorecardis lackingindicators for "improve