Report on Internal Control and on Compliance and Other Matters City of Philadelphia Fiscal Year 2023


Date: July 8, 2024
Categories
  • Finance & Policy
Controller: Christy Brady

Executive Summary


Why the Controller’s Office Conducted the Audit

In accordance with the Philadelphia Home Rule Charter, the Office of the City Controller (Controller’s Office) audited the City of Philadelphia’s (city’s) basic financial statements as of and for the fiscal year ended June 30, 2023, for the purpose of opining on its fair presentation. As part of this audit, we reviewed the city’s internal control over financial reporting to help us plan and perform the examination. We also examined compliance with certain provisions of laws, regulations, contracts, and grant agreements to identify any noncompliance that could have a direct and material effect on financial statement amounts.

What the Controller’s Office Found

The Controller’s Office found that the city’s financial statements were presented fairly, in all material respects, in accordance with accounting principles generally accepted in the United States of America and issued a separate report that accompanies the city’s Annual Comprehensive Financial Report (ACFR) for the fiscal year ended June 30, 2023. The audit procedures used to arrive at our conclusion regarding these financial statements led us to identify matters involving the city’s internal control over financial reporting that require management’s attention. Some of the more important matters include:

  • Inadequate oversight and review procedures over the city’s financial reporting process, and the lack of a comprehensive financial reporting system, continued and led to (1) the Finance Office delaying the implementation of new accounting standards and (2) the untimely preparation of the Schedule of Expenditures of Federal Awards (SEFA) which resulted in the late submission of the single audit reporting package to the Federal Audit Clearinghouse.
  • Various weaknesses in information technology (IT) access controls and segregation of duties (SoD) were noted for certain key financial-related applications, including:
    • With regard to periodic user access reviews (UARs), a UAR had not yet been performed for the Philadelphia Revenue Information System Management (PRISM) application, the OnePhilly application, and certain other applications.
    • Duties were not adequately segregated in multiple instances. For example, there were several non-IT personnel with system administrator access and multiple IT personnel with domain administrator, system administrator, and database administer access.
  • The Finance Office along with city departments did not timely identify and close out remaining balances for certain completed grants. Our review of the six departments with the largest accounts receivable and advance balances on the fund schedule identified $89.8 million in accounts receivable and $150.9 million in advances for grants that had no current year activity and the grant award date expired three or more years ago, ranging from fiscal years 1998 to 2020.

What the Controller’s Office Recommends

The Controller’s Office has developed a number of recommendations to address the findings noted above. These recommendations can be found in the body of the report.