We received the final report from the State Auditor’s office regarding the Lone Peak Fire District. There are a number of things that the district can improve on and I am thankful to the state auditors for putting together a comprehensive list of items to work on.You can read the report below (click here to view the official pdf version of the report).
Here are links to stories in the media that cover the report:
- Deseret News: Audit: Lone Peak fire must tighten up discipline, use of credit cards
- The Salt Lake Tribune: State audit recommends the Lone Peak Fire Department improve its financial policies
LONE PEAK PUBLIC SAFETY DISTRICT
Lone Peak Fire Department
Findings and Recommendations
For the Period July 2013 through March 2017
Report No. LPPS-17-SP
OFFICE OF THE
John Dougall, State Auditor
Julie Wrigley, CPA, Audit Manager
Tyson Plastow, Special Projects Senior Auditor
Lone Peak Fire Department
For The Period July 2013 Through March 2017
TABLE OF CONTENTS
- THE BOARD, EXECUTIVE DIRECTOR, AND FIRE CHIEF SHOULD STRENGTHEN THE “TONE AT THE TOP” AND THE CONTROL ENVIRONMENT
- FAILURE TO FOLLOW POLICY AND RETAIN ADEQUATE DOCUMENTATION FOR PURCHASE AND SALE OF VEHICLES
- INADEQUATE INTERNAL CONTROL OVER CREDIT CARDS
- DISTRICT LACKS ADEQUATE POLICIES OVER CERTAIN HIGH RISK AREAS
- INCREASED RISK BY USING CREDIT CARDS VERSUS PURCHASE CARDS
- AUTOMATIC PAYROLL DEDUCTIONS FOR THE EMPLOYEE ASSOCIATION FUND MAY IMPLY LPFD OVERSIGHT THAT DOES NOT EXIST
Checklist of Best Practices for Board Members of Limited Purpose Entities (Attachment A)
Entity’s Response (Attachment B)
OFFICE OF THE
REPORT NO. LPPS17-SP
August 29, 2017
Lone Peak Public Safety District c/o Alpine City
20 North Main
Alpine, Utah 84004
Dear Mr. Wimmer:
The Office of the State Auditor has a hotline program through which we receive complaints with financial or compliance implications related to state and local governments. We received numerous allegations of impropriety regarding various aspects of Lone Peak Fire Department (LPFD) within the Lone Peak Public Safety District (District). We limited our investigation to those complaints that we deemed to involve public funds, involved events that fell within the time period noted below, and could be supported with sufficient evidence.
We performed the following procedures at the LPFD for the period July 2013 through March 2017 unless otherwise noted.
- We made inquiries and reviewed certain accounting records and other supporting documentation to evaluate various allegations.
- Due to the high risk nature of credit cards, we reviewed all credit card purchases for the Fire Chief from July 2013 through March 2017 and for the Secretary and Treasurer from January 2016 through March 2017 for propriety and compliance with policy.
- We reviewed certain compensation and payroll related data.
- We reviewed certain petty cash expenditures.
The results of our investigation are included in the attached findings and recommendations section of this report.
Our procedures were more limited than would be necessary to express an opinion on any of the items referred to above or to express an opinion on the effectiveness of the District’s internal control or any part thereof. Accordingly, we do not express such opinions. Had we performed additional procedures or had we made an audit of the effectiveness of the District’s internal control, other matters might have come to our attention that would have been reported to you.
By its nature, this report focuses on exceptions, weaknesses, and problems. This focus should not be understood to mean there are not also various strengths and accomplishments. We appreciate the courtesy and assistance extended to us by the personnel of the District during the course of the engagement, and we look forward to a continuing professional relationship. If you have any questions, please call Julie Wrigley, Audit Manager, at 801-538-1340.
Office of the State Auditor
cc: Nathan Crane, District Executive Director and Highland City Administrator
Shane Sorensen, Alpine City Administrator,
Chandler Goodwin, Cedar Hills City Manager
The Lone Peak Public Safety District (District) is an “interlocal” entity formed under Utah Code 11-13, Interlocal Cooperation Act. The Interlocal Agreement exists between Alpine City, the City of Highland, and the City of Cedar Hills and provides for police, ambulance, fire, and emergency medical services to those cities. Our investigation was limited to the Lone Peak Fire Department (LPFD) which is part of the District. The District is overseen by a Board comprised of elected officials from the member cities. The Board appoints an Executive Director to provide oversight and administrative support to the District. The Board also appoints the Fire Chief who manages the LPFD.
1 THE BOARD, EXECUTIVE DIRECTOR, AND FIRE CHIEF SHOULD STRENGTHEN THE “TONE AT THE TOP” AND THE CONTROL ENVIRONMENT
Utah Code 11-13-402 indicates that the Board is ultimately accountable for the District’s orderly operation. The findings below indicate that the Board could improve their oversight and should be more proactive in setting policies, procedures, and internal controls over LPFD’s activities.
In addition to the matters discussed below, we investigated allegations about actions with ethical implications. In several cases, we found that the District had investigated these incidents when reported and that involved employees were disciplined. However, we are concerned that the discipline may be perceived as having been too lenient. In one case, an employee was demoted for misusing funds from the employee association (see Finding No. 6), but was given a significant promotion a short time later. Although we recognize that management has discretion in these matters, discipline that is perceived as too lenient can contribute to a weak control environment where employees may not believe that management places a high value on ethical behavior and adherence to rules. This type of environment can lead some employees to believe the “rules don’t matter” which might result in employees ignoring the rules or practicing unethical behavior.
It was reported that employees were allowed to work on personal matters while on duty after regular business hours. We have found this is a somewhat common practice among fire departments. While it seems reasonable to allow employees some leeway to attend to personal matters on long shifts, we noted at least one employee had worked on his own personal, for- profit business matters while on duty. The District should exercise caution to avoid the perception that employees are able to benefit improperly while on duty.
We received another allegation of unethical behavior which occurred prior to our testwork period, but we were able to determine that it did, in fact, occur. In this instance, the Fire Chief asked an employee to provide a service on his behalf during the second half of the employee’s 48-hour shift. The Fire Chief justified the action by using six hours of his own comp time and also by indicating that he would have responded to an incident if necessary. In our judgment, the Fire Chief’s actions were improper since 1) the employee was paid by the District for the portion of the shift during which he was providing the service for the Fire Chief, 2) the Fire Chief benefitted personally, and 3) the Fire Chief put the subordinate in a difficult position by directing him to do something improper. Although this incident happened prior to our testwork period, we are concerned that this and the other incidents noted above may be indicative of a weak ethical culture.
These types of weaknesses could be mitigated through the District’s adoption of a code of ethics. In addition, the Board could improve its oversight of the District by performing a self assessment and implementation of best practices using the “Checklist of Best Practices for Board Members of Special Purpose Entities” (Attachment A) taken from A Review of Best Practices for Internal Control of Limited Purpose Entities, Report No. 2017-05, issued by the Legislative Auditor General, June 2017.
We recommend the Board:
- Implement policies as noted in the specific recommendations below.
- Conduct periodic reviews of policies to ensure adequacy.
- Perform a self-assessment and implementation of best practices using the “Checklist of Best Practices for Board Members of Limited Purpose Entities” (Attachment A).
We recommend the Executive Director:
- Establish procedures to ensure compliance with existing and newly established policies.
We recommend the Board, Executive Director, and Fire Chief:
- Adopt, communicate, and enforce a code of ethics for the District which clearly states the organization’s values and standards of behavior.
2. FAILURE TO FOLLOW POLICY AND RETAIN ADEQUATE DOCUMENTATION FOR PURCHASE AND SALE OF VEHICLES
The LPFD failed to strictly adhere to policies and retain adequate supporting documentation for the sale and purchase of vehicles and the recording of those transactions. Adding to the questionability of these transactions is the fact that they occurred between the LPFD and its employees.
- The LPFD sold a surplus vehicle to an LPFD employee in August 2013. Reportedly, the vehicle was advertised on ksl.com and bids were received from both the public and the employee. However, the LPFD did not maintain documentation to evidence the posting of the vehicle or the competing bids. The District’s “Disposition of Surplus Property” policy requires a public auction with notice in a newspaper of circulation throughout the LPFD. Also, the LPFD should have kept records documenting the posting of the vehicle and the competing bids for at least five years according to the State’s General Records RetentionSchedule, Section 9-8. Without this evidence, we were unable to verify that the sale was performed according to policy and that the public had an opportunity to bid on the vehicle.
- The LPFD purchased a vehicle from the Fire Chief in March 2014. Documentation indicates that the Fire Chief had personally purchased this vehicle in September 2013 from an auction at the same time the LPFD purchased a vehicle. Reportedly, the LPFD determined that the vehicle they purchased at the auction did not meet their needs and so they sold the vehicle to an outside party at a gain (see 2.c. below). The LPFD then purchased the vehicle from the Fire Chief for the same price the Fire Chief had paid at auction for $5,280. LPFD Procurement Code requires the authorization of the executive director or his/her designee for purchases of goods under $7,500; however, we found no indication of authorization. Furthermore, we found no evidence that the LPFD had made efforts to comparison shop or verify that the price paid for the vehicle was competitive. The LPFD should ensure that they follow policy and obtain authorization for purchases from the executive director or his/her designee. Further, the LPFD should ensure that all purchases, particularly purchases made from employees, are reasonable, proper, and supported by documentation that indicates a fair price.
- As noted in 2.b. above, the LPFD sold a vehicle to an outside party who paid cash, following which the LPFD used part of the proceeds from the cash sale to purchase a vehicle from the Fire Chief. As a result of the methods used for these transactions, only the difference between the two transactions was recorded as a cash receipt in the LPFD’s records and deposited. Proper cash receipting procedures require that the LPFD should have recorded and deposited the full amount received from the vehicle sale and should have issued a check to the Fire Chief for the full amount of the subsequent purchase of his vehicle. The failure to follow these procedures indicates a weak internal control environment, which increases the risk that funds could be used improperly without detection and that accounting transactions may not be accurate.
Failure to follow policy and retain the appropriate documentation increases the perception that employees of the District may be benefitting from their position.
We recommend that the District follow proper procedures for the sale and purchase of vehicles or other items and exercise caution when conducting transactions with employees in order to avoid any perception of bias or favoritism. Specifically, we recommend that the District:
- Conduct sales of surplus property in accordance with the District’s “Disposition of Surplus Property” policy and retain all documentation for the time period specified in the retention schedule adopted by the Board.
- Obtain the required District level approval for purchases and retain appropriate supporting documentation.
- Ensure that staff understand and follow proper procedures for cash receipting and recording transactions.
3. INADEQUATE INTERNAL CONTROL OVER CREDIT CARDS
We reviewed the credit card transactions for three employees of the District who are authorized credit card holders. We reviewed transactions on the Fire Chief’s card for the period July 2013 through March 2017 and transactions on the LPFD Secretary’s and District Treasurer’s cards for the period January 2016 through March 2017. During this time, there were 232 transactions totaling $35,101. We noted the following issues:
- The Board has not developed a policy governing credit card use. See further discussion related to policies in Finding No. 4.a. below.
- An independent review of the treasurer’s credit card purchases is not performed. Because the treasurer is tasked with payment of the credit card bill, the District should implement an independent review of the treasurer’s credit card purchases.
- For 88 of 89 purchases of “supplies, materials, or equipment” under $7,500, the District lacked sufficient evidence of approval by the executive director or his/her designee as required by the District’s Procurement Code section (5)(1).
- There was insufficient supporting documentation for 104 (45%) transactions totaling $11,865. While many of the transactions appeared reasonable based on vendor and amount, without proper documentation we were unable to conclude with certainty the propriety of the transactions. Furthermore, without sufficient supporting documentation the District cannot perform a proper review and approval of transactions.
- We noted 35 instances where credit cards were used by someone other than the card holder. In one of these instances, a computer was purchased and sent to an employee’s residence instead of to the LPFD’s address. We determined that the computer was used for LPFD business; however, the use of a credit card by someone other than the card holder increases risk of misuse and decreases accountability.
- Credit cards were used to purchase gift cards in five instances amounting to $1,255. The District indicated that the gift cards were for a retirement gift and employee incentives. Using a credit card to buy gift cards increases the risk of misappropriation of public funds since public funds can easily be converted to cash by this practice. The District should either eliminate the practice or establish controls to track the purchase and distribution of gift cards appropriately. See further discussion related to gifts in Finding No. 4.b. below.
The term “internal controls” is used to describe processes put in place by the governing body, management, or others to provide consistent and efficient operations, including reasonable assurance that funds will be properly safeguarded. Proper internal controls include:
- establishing policies on the appropriate use and safeguarding of credit cards;
- separating certain responsibilities (e.g. using credit cards and reviewing and approving payment for purchases) so that no one person has the ability to improperly use public funds without detection;
- obtaining and retaining source documents, such as original receipts from the purchaser and original statements from the credit card issuer, to ensure that documents have not been altered to conceal inappropriate activity; and
- providing for a thorough independent review of credit card purchases to ensure they are necessary, reasonable, and approved in compliance with procurement policies.
- We found that the District’s existing procurement policies do not specifically address credit card use, which may have contributed to the internal control weaknesses noted above. Weak internal controls and a lack of policies increases the risk for misuse and misappropriation of funds.
We recommend the Board:
- Develop a policy governing the use of credit cards as discussed in Finding No. 4.a.
We recommend the Executive Director:
- Implement an independent review of the Treasurer’s credit card purchases.
- Approve all purchases of supplies, materials, or equipment under $7,500, as required by the District’s Procurement Code section (5)(1).
- We recommend the District:Retain all original, itemized credit card receipts or other documentation necessary to support credit card transactions.
- Ensure that credit card holders safeguard credit cards and not allow others to use the cards.
- Discontinue the practice of purchasing gift cards with credit cards or establish a system of accountability to track the purchase and distribution of gift cards.
4. DISTRICT LACKS ADEQUATE POLICIES OVER CERTAIN HIGH RISK AREAS
The District does not have adequate policies over certain areas that we generally consider to be high risk for waste and abuse. The District could improve its control environment by developing and implementing policies over the following areas:
- Credit Card Use – As noted in Finding No. 3.a., the District has various control weaknesses over the use of credit cards. In addition to the weaknesses noted above, the District lacks policies related to dollar limits, controls over the number of cards issued, the types of purchases for which credit cards are to be used, the requirements for documenting purchases, the cardholder’s responsibility for safeguarding the card, and the process for independent review and approval of credit card purchases. The use of credit cards can be an efficient method of making purchases, especially small dollar purchases. However, credit card purchases have a higher risk of improper use because controls usually rely on post-approval rather than pre-approval. As such, the District should implement appropriate credit card policies.
- Gifts and Donations – We noted 11 credit card transactions (including the five purchases of gift cards noted in Finding No. 3.f.) totaling $2,024 that appeared to be gifts and donations to employees and others. We also noted $2,000 in petty cash expenditures for gifts to employees. Any gifts or donations that are not approved by the Board through policy, the budget process, or some other method, would likely be deemed inappropriate. Some of these purchases appear to be employee incentives, which may be appropriate if allowed by policy. However, the District does not have a policy to define limits and controls over an employee incentive program. The District should consider implementing a policy governing gifts and donations. In addition, the District needs to ensure that any cash or cash equivalents, such as gift cards, provided to employees are included in taxable income as required by IRS rules and are reported as compensation on the Utah Public Finance Website.
- Meals/Food – We noted 28 credit card purchases of meals or refreshments totaling $2,454. For 7 of the purchases (also included in Finding No. 3.c. above) the District did not have documentation of the people for whom the food was purchased. The District does not have a policy on the purchase of meals and snacks outside of its travel policy. The District should implement a policy that places limits and controls over the purchase of non-travel related meals and snacks. A strong meal policy defines circumstances where meals/refreshments are allowed, establishes a per-person dollar limit for meals, and ensures that the business purpose for meals/refreshments is properly supported with a receipt, indication of those present, and explanation of the business purpose.
- Continuing Education – We noted 13 credit card purchases totaling $2,933 for various certifications, training, and memberships for District employees. The purchases appeared reasonable; however, the District should implement a policy that places limits and controls on the types of continuing education and memberships that are necessary and reasonable for the District.
- Procurement Policy – The District’s Procurement Code, section 5, requires the approval of the executive director for purchases of supplies, materials, or equipment as noted in 3.d. above; however, the code does not specify whether the approval must be obtained prior to purchase or after purchase. Furthermore, section 5.2 requires competitive bids for purchases over $25,000. We believe this amount is too high. In contrast, the State Procurement Code requires price quotes from at least two vendors for purchases over $1,000.
- Cell Phone Plan – The LPFD provides cell phone plans for certain employees and allows other employees and their families to participate in the plan as long as they reimburse the department. Depending on the timing of the District’s payment for the plan and reimbursement, this may constitute an unauthorized loan. If the District chooses to continue this practice, the District should establish a policy governing the program in order to authorize this action and reduce risk to the District.
Adequate policies create a framework for the proper use of public funds and help establish controls to ensure funds are used within approved parameters. The executive director and Fire Chief have not established a process to periodically review and update policies as necessary. The lack of policies increases the risk that funds may be used inappropriately.
We recommend that the District take a proactive approach in developing and reviewing policies that will help establish limits and controls over the expenditures of public funds. Specifically, the Board should establish policies that address the high risk areas noted above. Also, the Board should review the District’s Procurement Policy to ensure that it is clear and that dollar thresholds for bids and quotes are reasonable.
5. INCREASED RISK BY USING CREDIT CARDS VERSUS PURCHASE CARDS
The District has issued credit cards to three employees for LPFD use. The use of credit cards can be an efficient method of making purchases, especially small dollar purchases or “micro- purchases.” However, credit cards by their nature have a high risk of improper use because few controls exist over the creation of credit card accounts and an entity must rely heavily on detective controls rather than preventative controls to reduce the risk of abuse. Alternatively, the use of purchase cards, or p-cards, can effectively mitigate some of these risks, as the organization has more control in establishing p-card accounts. For example, organizations can mandate transaction limits unique to each p-card and, depending upon the p-card service provider, can limit purchases to certain merchant categories. Because p-cards are linked to an organization’s bank, only authorized employees may create p-card accounts.
In addition, p-card transaction details are electronically transmitted to the purchasing entity, allowing an organization to review the purchases timelier. Transmitted information typically includes the amount, the vendor’s name and address, and the date of the transaction. In some instances, p-card service providers may be able to transmit descriptions and quantities of items purchased; however, such line-item detail is only available from some merchants. Since p-card accounts are more difficult to create and allow establishment of unique restrictions, the District could minimize potential inappropriate purchases by using p-cards rather than credit cards.
Sound controls, such as those recommended above, are still critical for ensuring proper use of any "micro-purchase" cards, be they credit cards or p-cards.
We recommend that the District replace credit cards with p-cards.
6. AUTOMATIC PAYROLL DEDUCTIONS FOR THE EMPLOYEE ASSOCIATION FUND MAY IMPLY LPFD OVERSIGHT THAT DOES NOT EXIST
With consent of individual employees, the District deducts funds from LPFD employees’ paychecks and distributes them to the Lone Peak Fire Association (Association) which is managed by LPFD employees and uses the funds to purchase optional items (e.g. condiments, small appliances, etc.) for use by employees at the fire stations. We believe that such an arrangement may imply that the District endorses or oversees the Association, ensuring the proper use of these employee funds. The Association has no written bylaws that establish how the funds are managed and how the Association should report to its members. We noted that poor controls at the Association resulted in misuse of Association funds prior to our testwork period. The Association and the District dealt with that matter internally.
Under the current arrangement, it is not always possible for employees and the public to distinguish between the District and the Association. Because any misuse of Association funds reflects poorly on the District, we believe that the District should consider ending their direct involvement with the Association by ceasing to withhold contributions, and instead allowing employees to contribute directly. Furthermore, the District should encourage the Association to choose a name that minimizes confusion with the District or the LPFD.
We recommend that the District cease withholding employee payroll contributions to the Association. The District should also minimize confusion by encouraging the Association to choose a name that is not similar to the names of the District or the LPFD.
The checklist below was taken from
A Review of Best Practices for Internal Control of Limited Purpose Entities
Report No. 2017-05 issued by the Legislative Auditor General, June 2017
Checklist of Best Practices for Board Members
Of Limited Purpose Entities
Roles of Board and Staff
See report pages 23 to 27.
- The board takes ultimate responsibility for governance of the entity by (a) appointing an executive staff, (b) providing broad policy guidance, (c) authorizing the use of resources, (d) setting goals and expectations, and (e) monitoring results.
- The board members recognize their role is to be more than just a ceremonial body. They have a responsibility to lead and hold staff accountable for results.
- The board chair reviews and approves the agenda before each meeting, inviting other board members to propose additional agenda items, if desired.
- The executive director (a) helps the board draft a set of internal control policies and (b) guides staff as they carry out the board’s policies.
- To protect against fraud, staff duties are segregated such that no one person hascontrol over all parts of a financial transaction.
- The board appoints a board chair, a treasurer and a clerk.
- For organizations with an insufficient number of staff to achieve a proper separation of duties, board members serve as treasurer, and clerk.
- The board approves a staffing policy that defines the responsibilities of all those who handle different aspects of the entity’s finances.
- The board is solely responsible for hiring and directing the audit function.
See report pages 28 to 33.
- The board approves policies that govern the organization and addresses each best practice described in the best practice audit. This would include policies such as a personnel policy, a procurement policy, and records retention policy. A procurement policy is of particular importance with the recent instances of fraud, waste, and abuse that have occurred.
- The board regularly reviews a report of entity disbursements. The report includes the date, vendor and amount of each expense since the last board meeting.
- To control credit purchases, purchase cards (or “p‐cards”) are issued to a limited number of staff. Limits are placed on the dollar amount, type and number of charges made to each card.
- An independent person with no book keeping responsibilities is assigned to reconcile the bank statement each month with that month’s receipts and expenses.
- The board requires its formal approval of any expenditure above a certain dollar amount .
- The board requires that two people sign all local entity checks. Before signing, both signers will review and approve the attached requisition sheet.
- The board verifies that the entity has complied with applicable state laws including: certification and filing of annual budget (Utah Code 17B‐1‐614), notice of public meetings (Utah Code 52‐4), notice of board member contact information (Utah Code 17B‐1‐303), participation in Utah public finance website (Utah Code 63A‐3‐405.4), and financial statement reporting requirements (Utah Code 51‐2a‐202).
Recruiting Qualified Personnel
Report pages 33 to 37.
- Staff avoid recruiting individuals to serve as board members.
- Local entities publicize the opportunity to apply for any elected board seats that will soon be coming available and any vacant staff positions.
- Local entities follow an open and objective recruiting process when filling staff positions and hiring outside contractors. Hiring relatives or business associates of the board and management is avoided.
- Board and staff regularly receive the required training in open and public meetings, board governance and other matters applicable to the entity’s mission. Training can be obtained online at https://auditor.utah.gov/training/local‐district/, through in‐ house seminars, and at conferences such as those offered by the Utah Association of Special Districts.
- When in‐house expertise is not available to perform special tasks, the entity hires or appoints qualified outside experts.
Tone at the Top
Report pages 38 to 40.
- The board adopts a code of ethics that clearly states the organization’s values and standards of behavior.
- The board and management seek opportunities to reinforce the organization’s ethical standards during staff meetings, training, and newsletters.
- The board holds everyone accountable, including management, to high standards of performance.
- The board and executive director avoid using a compensation system and other incentives that encourage employees to take unnecessary risks.
- The board provides an ethics hotline and adopts a whistleblower policy.
- The board adopts a conflict of interest policy (based on Utah Code 10‐3‐13) describing how members should respond when their personal interests have the potential to conflict with their public duty.
LONE PEAK PUBLIC SAFETY DISTRICT
Ms. Julie Wrigley Audit Manager
Office of the State Auditor Utah State Capitol Complex
East Office Building, Suite E310 PO Box 142310
Salt Lake City, Utah 84114-2310
Re: Lone Peak Public Safety District Lone Peak Fire Department Report No. LPPS17-SP
On behalf of the Lone Peak Public Safety District (District) we would like to thank you for reviewing the operations of the District. We have reviewed the draft report and have determined to follow all of the recommendations outlined in the report. Implementation has already begun.
In addition, it would be beneficial if there any “best practices and model polices” that could be provided to assist the District in addressing the concerns and moving forward.
Sheldon Wimmer Chairman
Lone Peak Public Safety District Board