Why the Controller’s Office Conducted the Audit
In accordance with the Philadelphia Home Rule Charter, the Office of the City Controller (Controller’s Office) audited the City of Philadelphia’s (city’s) basic financial statements as of and for the fiscal year ended June 30, 2022, for the purpose of opining on its fair presentation. As part of this audit, we reviewed the city’s internal control over financial reporting to help us plan and perform the examination. We also examined compliance with certain provisions of laws, regulations, contracts, and grant agreements to identify any noncompliance that could have a direct and material effect on financial statement amounts.
What the Controller’s Office Found
The Controller’s Office found that the city’s financial statements were presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States of America and issued a separate report that accompanies the city’s Annual Comprehensive Financial Report (ACFR) for the fiscal year ended June 30, 2022. The audit procedures used to arrive at our conclusion regarding these financial statements led us to identify matters involving the city’s internal control over financial reporting that require management’s attention. Some of the more important matters include:
- Inadequate oversight and review procedures over the city’s financial reporting process, along with ongoing staffing shortages and the lack of a comprehensive financial reporting system, continued and led to (1) the Finance Office failing to detect errors totaling $1.1 billion during preparation of the city’s ACFR and (2) the untimely preparation of the Schedule of Expenditures of Federal Awards (SEFA) which resulted in the late submission of the single audit reporting package to the Federal Audit Clearinghouse.
- Various weaknesses in information technology (IT) access controls and segregation of duties (SoD) were noted for certain key financial-related applications, including:
- With regard to periodic user access reviews (UARs), (1) an UAR had not yet been performed for the recently implemented Philadelphia Revenue Information System Management (PRISM) application; (2) the review of the OnePhilly UARs for sampled departments noted the results were missing details such as an assessment of user permissions and SoD as well as management signoff; and (3) there was no evidence that UARs had been performed for certain other applications.
- Duties were not adequately segregated in multiple instances. For example, there were several non-IT personnel with either system administrator access or both system and domain administrator access.
- The Treasurer’s Office bank reconciliation procedures still required improvement. Treasurer personnel were still not timely in their investigation and resolution of reconciling items, with 36 out of 65 bank accounts having long outstanding reconciling items. As of June 30, 2022, there were 829 bank reconciling items over 90 days old with a net total dollar amount of $34.1 million and 1,279 book reconciling items over 90 days old with a net total dollar amount of $56.3 million. Additionally, our testing again noted noncompliance with the Pennsylvania escheat act with $12.7 million in outstanding vendor and payroll checks not yet escheated to the state.
What the Controller’s Office Recommends
The Controller’s Office has developed a number of recommendations to address the findings noted above. These recommendations can be found in the body of the report.