720-913-5000 auditor@denvergov.org

Audit Report

Denver Preschool Program – Office of Children’s Affairs

To assess the effectiveness of the Denver Preschool Program’s efforts to increase access to and quality of preschool programs for Denver residents—including the City and County of Denver’s oversight and management of program administration and expenditure of funds derived from the Denver preschool tax.

Watch the Audit Committee presentation here soon.

The Urban Area Security Initiative, or UASI, grant is one of three grants within the larger Homeland Security Grant Program managed by the U.S. Department of Homeland Security. According to the department, the goal of UASI is “to assist high- threat, high-density urban areas in building, sustaining, and delivering the capabilities necessary to prevent, protect against, mitigate, respond to, and recover from acts of terrorism.”

The Federal Emergency Management Agency has awarded the City and County of Denver a UASI grant every year since 2003. Denver’s Office of Emergency Management and Homeland Security manages the grant for a 10-county region surrounding the Denver metro area.

We assessed the Office of Emergency Management and Homeland Security’s compliance with federal requirements for the Urban Area Security Initiative grant, including a review of City guidance. We also reviewed performance and governance topics that could have an effect on the efficiency and effectiveness of the agency’s grant management.

For example, while reviewing whether all grant costs were allowable according to grant regulations, we took note of Emergency Management’s methods for tracking grant expenditures and grant- purchased assets. Despite Emergency Management generally following grant requirements, we found a few areas for improvement.

Although the Office of Emergency Management and Homeland Security Has Met Many Requirements of the Urban Area Security Initiative Grant, Systemic Problems Exist

  • Emergency Management uses spreadsheets, which are prone to error, for grant management.

    Tracking of grant expenditures and grant-funded assets occurs in two systems, with spreadsheets used as the primary system.

  • Emergency Management’s policies and procedures for grant management are insufficient and incomplete.

    Turnover and a lack of formal succession planning and cross-training result in systemic issues. Insufficient policies and procedures have contributed to questioned costs and other effects. Reimbursement requests are not submitted in a timely manner.

1.1 Determine Workday Capability for Expenditures – The Office of Emergency Management and Homeland Security should work with the Department of Finance and the Technology Services agency as necessary to determine how Workday can meet the operational and reporting requirements of the Urban Area Security Initiative grant expenditures currently being recorded in spreadsheets. If Workday meets these operational and reporting needs of Denver’s UASI program, Emergency Management should work with the Department of Finance and Technology Services to develop an implementation plan based on those agencies’ ability to complete the project.

Agency Response: Agree, Implementation Date Feb. 1, 2020

1.2 Determine Workday Capability for Assets – The Office of Emergency Management and Homeland Security should work with the Department of Finance and the Technology Services agency as necessary to determine how Workday can meet the operational and reporting requirements of Urban Area Security Initiative grant asset tracking and monitoring now being recorded with spreadsheets. Emergency Management should consider the following improvements as Workday functionality is being determined:

  • Recording and tracking of both Denver- and non-Denver-owned assets,

  • Inclusion of more specific locations of assets, and

  • The ability to track and calculate depreciation using the useful lives and depreciation methods set by partner agencies responsible for the assets.

If Workday meets these operational and reporting needs of Denver’s UASI program, Emergency Management should work with the Department of Finance and Technology Services to develop an implementation plan based on those agencies’ ability to complete the project.

Agency Response: Disagree
Auditor’s Addendum: See page 25 under Recommendation 1.2

1.3  Tighten Controls over Critical Spreadsheets – Until Workday’s grant-tracking functionality is determined, the Office of Emergency Management and Homeland Security should develop the following spreadsheet controls:

  1. Change controls – develop controls to highlight changes made to the spreadsheet calculations or reporting.
  2. Version control – set- up automated version control of all files when they are updated to allow tracking of changes made.
  3. Access control – restrict users’ access to the folders where the critical files are stored, and set up password protection of individual files.
  4. Input controls – Set up “check sum” totals to confirm the accuracy of data entered, and lock cells with formulas to prevent them from being accidentally changed.
  5. Documentation – create documentation for each spreadsheet to describe the purpose, methodology, source of data, and outputs.
  6. Backups – ensure the folders where the spreadsheets are stored are regularly backed up to a different location.

Agency Response: Agree, Implementation Date – Jan. 1, 2020

1.4 Ensure Recording of Two Assets in Workday – The Office of Emergency Management and Homeland Security should work with the Controller’s Office to ensure all UASI assets have been appropriately recorded in Workday, including the police helicopter radio communications system and the generator at the Denver Animal Shelter.

Agency Response: Agree, Implementation Date – Feb. 1, 2020

1.5 Develop Succession Planning and Cross-Training – The Office of Emergency Management and Homeland Security should develop a formal succession plan and supporting cross-training program to help reduce systemic and operational issues that may arise due to staff turnover and potential loss of institutional know-how.

Agency Response: Agree, Implementation Date – Feb. 1, 2020

1.6 Develop Policies and Procedures – The Office of Emergency Management and Homeland Security should further develop grant management policies and procedures. At a minimum, newly developed policies and procedures should include guidance in the following areas:

  • Cost tracking – Systems must be used to track actual costs applied to the grant, instead of using estimated amounts, so that Emergency Management can request reimbursement for the exact proportional amount of the expense. Examples include, but are not limited to, splitting up printing costs (including lease fees and materials) and payroll costs (such as benefits, salaries, cell phone stipends, etc.).

  • Prudent spending – There is a requirement that all grant spending must be consistent with the actions of a prudent person, as required by the Code of Federal Regulations 200.404. Policies and procedures should include examples or philosophies to inform staff how to apply these guidelines to future grant spending.

  • Tagging assets – There should be clear procedures for ensuring each of the UASI- purchased assets that are being delivered directly to third parties are treated consistently and have an asset tag attached. Assets found to have missing asset tags should have asset tags applied.

  • Managing agreements – There should be further development of policies and procedures for ensuring intergovernmental agreements do not expire prior to executing a replacement agreement. Procedures should explain the timeline for the development and the execution of new agreements, list major milestone meetings, players involved (such as safety organizations within the North Central All-Hazards Region or the City Attorney’s Office), and the deliverables required to keep the agreement replacements on track. 

Agency Response: Disagree

1.7 Comply with Reporting Deadlines – The Office of Emergency Management and Homeland Security should ensure quarterly financial and narrative reports for the Urban Area Security Initiative grant are always submitted in a timely manner to the state to comply with grant reporting requirements.

Until Fiscal Accountability Rule 9.2 is modified by the Controller’s Office, the office should also submit expenditures for reimbursement to the state by the end of the following month or request a waiver from the Controller’s Office if the rule is too onerous for the agency.

Agency Response: Agree, Implemented

 

The objective of our audit of the Urban Area Security Initiative grant was to determine whether the Office of Emergency Management and Homeland Security is complying with grant requirements. I am pleased to present the results of this audit.

The audit revealed the Office of Emergency Management and Homeland Security is generally in compliance but could benefit from more robust use of the City’s accounting system instead of relying on spreadsheets. The office also needs better guidance to ensure compliance with the grant’s many requirements.

Through a stronger system for grant management and more thorough policies and procedures, those in charge of compliance with the grant will be better equipped to properly track and document compliance. This would help ensure the City continues receiving the grant funding. Our report lists several related recommendations.

This performance audit is authorized pursuant to the City and County of Denver Charter, Article V, Part 2, Section 1, “General Powers and Duties of Auditor,” and was conducted in accordance with generally accepted government auditing standards. Those standards require we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Appendix A includes the schedule of findings and questioned costs based upon our audit.

We extend our appreciation to the Office of Emergency Management and Homeland Security personnel who assisted and cooperated with us during the audit. For any questions, please feel free to contact me at 720-913-5000.

Follow-up report

A follow-up report is forthcoming. 

Audit Team: Kevin Sear, Cody Schulte, Rob Farol, Marc Hoffman