The URL can be used to link to this page

Home My WebLink AboutItem 6h. Acceptance of the Federal Single Audit for Fiscal Year 2023-24 Item 6h Department: 4 Cost Center: 2005 For Agenda of: 5/20/2025 Placement: Consent Estimated Time: N/A FROM: Emily Jackson, Finance Director Prepared By: Debbie Malicoat, Deputy Finance Director Tavy Garcia, Senior Accountant SUBJECT: ACCEPTANCE OF THE FEDERAL SINGLE AUDIT FOR FISCAL YEAR 2023-24 RECOMMENDATION Review and accept the Federal Single Audit Report for Fiscal Year 2023-24. POLICY CONTEXT The City’s Charter under Section 810 requires the employment of an independent, certified public accountant to examine the City’s financial statements. DISCUSSION Background The City’s independent auditing firm, Badawi and Associates, have prepared the Single Audit Report which provides several items. First, it provides a report on the City’s internal controls related to financial reporting. Second, it provides a schedule of expenditures that were funded by Federal Grants and the City’s compliance with applicable Federal regulators. Third, it provides a schedule of findings and questioned costs, if any. Findings are areas of improvement when it comes to the internal controls that are designed to manage the risk of how the City’s assets are safeguarded, and its finances are accurately reported, which then translates into the proper administration of Federal funding. For the 2023-24 fiscal year, there are two findings and no questioned costs. The City’s responses to the auditor’s findings are incorporated into the Single Audit Repo rt (Attachment A). The auditor’s comments generally reflect the difficulties encountered when implementing the Enterprise Resource Planning/Human Capital Management (ERP/HCM) cloud-based Oracle system and both are continuations from the prior year. The City is currently working to resolve these issues, utilizing an Oracle consultant for the necessary reconfigurations. The lack of any new findings reflects the significant time and effort that has been dedicated to ongoing configuration work. Page 233 of 555 Item 6h Public Engagement The City’s Single Audit Report fulfills a legal requirement and does not have a public engagement component outside the presentation before the Council during a public session. ENVIRONMENTAL REVIEW The California Environmental Quality Act does not apply to the recommended action in this report, because the action does not constitute a “Project” under CEQA Guidelines Sec. 15378. FISCAL IMPACT Budgeted: Yes Budget Year: 2024-25 Funding Identified: Yes Fiscal Analysis: The City budgets the cost for the auditing firm annually. The cost is appropriated with the annual budget adoption and encompasses the Annual Comprehensive Financial Report (ACFR), Transportation Development Act (TDA), Single Audit, and the Whale Rock Reservoir audit. The current fiscal year contains a budget of $75,000 for the previous fiscal year audit. Actual costs were $67,491 in accordance with the City’s contract with the auditing firm, no additional funding is requested at this time. ALTERNATIVES There are no viable alternatives to accepting the Single Audit Report for the fiscal year 2023-24; it is prepared in conformance with a variety of accounting, Federal, and State reporting requirements and represents the professional evaluation and analysis by the City’s independent auditors. ATTACHMENTS A - Single Audit Report, Fiscal Year Ended June 30, 2024 Page 234 of 555 City of San Luis Obispo San Luis Obispo, California Single Audit Reports For the year ended June 30, 2024 Page 235 of 555 Page 236 of 555 City of San Luis Obispo Single Audit Reports For the year ended June 30, 2024 Table of Contents Page Report on Internal Control over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance with Government Auditing Standards ................................................................. 1 Report on Compliance for Each Major Federal Program and on Internal Control over Compliance in Accordance with the Uniform Guidance And on the Schedule of Expenditures of Federal Awards ................................................................................3 Schedule of Expenditures of Federal Awards ...........................................................................................................7 Notes to the Schedule of Expenditures of Federal Awards..................................................................................... 9 Schedule of Findings and Questioned Costs ........................................................................................................... 10 Page 237 of 555 Page 238 of 555 REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING AND ON COMPLIANCE AND OTHER MATTERS BASED ON AN AUDIT OF FINANCIAL STATEMENTS PERFORMED IN ACCORDANCE WITH GOVERNMENT AUDITING STANDARDS Independent Auditor’s Report To the Honorable Mayor and Members of City Council of the City of San Luis Obispo San Luis Obispo, California We have audited, in accordance with the auditing standards generally accepted in the United States of America and the standards applicable to financial audits contained in Government Auditing Standards issued by the Comptroller General of the United States, the financial statements of the governmental activities, the business-type activities, each major fund, and the aggregate remaining fund information of the City of San Luis Obispo, California (City), as of and for the year ended June 30, 2024, and the related notes to the financial statements, which collectively comprise the City’s basic financial statements and have issued our report thereon dated December 24 , 2024. Report on Internal Control Over Financial Reporting In planning and performing our audit of the financial statements, we considered the City’s internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the circumstances for the purpose of expressing our opinions on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the City’s internal control. Accordingly, we do not express an opinion on the effectiveness of the City’s internal control. Our consideration of internal control over financial reporting was for the limited purpose described in the preceding paragraph and was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies and therefore, material weaknesses or significant deficiencies may exist that have not been identified. However, as described in the accompanying schedule of findings and responses, we identified certain deficiencies in internal control that we consider to be material weaknesses and significant deficiencies. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis. A material weakness is a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. We consider the deficiencies described in the accompanying schedule of findings and questioned costs as item 2024-001 to be material weaknesses. Page 239 of 555 To the Honorable Mayor and Members of City Council of the City of San Luis Obispo San Luis Obispo, California Page 2 A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. We consider the deficiencies described in the accompany schedule of findings and questioned costs as item 2024-002 to be significant deficiencies. Compliance and Other Matters As part of obtaining reasonable assurance about whether the City’s financial statements are free from material misstatement, we performed tests of its compliance with certain provisions of laws, regulations, contracts, and grant agreements, noncompliance with which could have a direct and material effect on the financial statements. However, providing an opinion on compliance with those provisions was not an objective of our audit, and accordingly, we do not express such an opinion. The results of our tests disclosed no instances of noncompliance or other matters that are required to be reported under Government Auditing Standards. City of San Luis Obispo’s Response to Findings Government Auditing Standards requires the auditor to perform limited procedures on the City’s response to the findings identified in our engagement and described in the accompanying schedule of findings and questioned costs. City’s response was not subjected to the auditing procedures applied in the audit of the financial statements and, accordingly, we express no opinion on the response. Purpose of this Report The purpose of this report is solely to describe the scope of our testing of internal control and compliance and the results of that testing, and not to provide an opinion on the effectiveness of the entity’s internal control or on compliance. This report is an integral part of an audit performed in accordance with Government Auditing Standards in considering the entity’s internal control and compliance. Accordingly, this communication is not suitable for any other purpose. Badawi & Associates, CPAs Berkeley, California December 24, 2024 2 Page 240 of 555 REPORT ON COMPLIANCE FOR EACH MAJOR PROGRAM AND ON INTERNAL CONTROL OVER COMPLIANCE IN ACCORDANCE WITH THE UNIFORM GUIDANCE AND ON THE SCHEDULE OF EXPENDITURES OF FEDERAL AWARDS Independent Auditor’s Report To the Honorable Mayor and Members of City Council of the City of San Luis Obispo San Luis Obispo, California Report on Compliance for Each Major Federal Program Opinion on Each Major Federal Program We have audited the City of San Luis Obispo, California’s (City)compliance with the types of compliance requirements described in the OMB Compliance Supplement that could have a direct and material effect on each of the City’s major federal programs for the year ended June 30, 2024. The City’s major federal programs are identified in the summary of auditor’s results section of the accompanying schedule of findings and questioned costs. In our opinion, the City complied, in all material respects, with the types of compliance requirements referred to above that could have a direct and material effect on each of its major federal programs for the year ended June 30, 2024. Basis for Opinion on Each Major Federal Program We conducted our audit of compliance in accordance with auditing standards generally accepted in the United States of America (GAAS) ; the standards applicable to financial audits contained in Government Auditing Standards,issued by the Comptroller General of the United States(Government Auditing Standards); and the audit requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Our responsibilities under those standards and the Uniform Guidance are further described in the Auditor’s Responsibilities for the Audit of Compliance section of our report. We are required to be independent of the City and to meet our other ethical responsibilities, in accordance with relevant ethical requirements relating to our audit. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion on compliance for each major federal program. Our audit does not provide a legal determination of the City’s compliance with the compliance requirements referred to above. 3 Page 241 of 555 To the Honorable Mayor and Members of City Council of the City of San Luis Obispo San Luis Obispo, California Page 2 Responsibilities of Management for Compliance Management is responsible for compliance with the requirements referred to above and for the design, implementation, and maintenance of effective internal control over compliance with the requirements of laws, statutes, regulations, rules, and provisions of contracts or grant agreements applicable to the City’s federal programs. Auditor’s Responsibilities for the Audit of Compliance Our objectives are to obtain reasonable assurance about whether material noncompliance with the compliance requirements referred to above occurred, whether due to fraud or error, and express an opinion on the City’s compliance based on our audit. Reasonable assurance is a high level of assurance but is not absolute assurance and therefore is not a guarantee that an audit conducted in accordance with GAAS, Government Auditing Standards, and the Uniform Guidance will always detect material noncompliance when it exists. The risk of not detecting material noncompliance resulting from fraud is higher than for that resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. Noncompliance with the compliance requirements referred to above is considered material if there is a substantial likelihood that, individually or in the aggregate, it would influence the judgment made by a reasonable user of the report on compliance about the City’s compliance with the requirements of each major federal program as a whole. In performing an audit in accordance with GAAS, Government Auditing Standards, and the Uniform Guidance, we: •Exercise professional judgment and maintain professional skepticism throughout the audit. •Identify and assess the risks of material noncompliance, whether due to fraud or error, and design and perform audit procedures responsive to those risks. Such procedures include examining, on a test basis, evidence regarding the City’s compliance with the compliance requirements referred to above and performing such other procedures as we considered necessary in the circumstances. •Obtain an understanding of the City’s internal control over compliance relevant to the audit in order to design audit procedures that are appropriate in the circumstances and to test and report on internal control over compliance in accordance with the Uniform Guidance, but not for the purpose of expressing an opinion on the effectiveness of the City’s internal control over compliance. Accordingly, no such opinion is expressed. We are required to communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and any significant deficiencies and material weaknesses in internal control over compliance that we identified during the audit. 4 Page 242 of 555 To the Honorable Mayor and Members of City Council of the City of San Luis Obispo San Luis Obispo, California Page 3 Report on Internal Control over Compliance A deficiency in internal control over compliance exists when the design or operation of a control over compliance does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, noncompliance with a type of compliance requirement of a federal program on a timely basis. A material weakness in internal control over compliance is a deficiency, or a combination of deficiencies, in internal control over compliance, such that there is a reasonable possibility that material noncompliance with a type of compliance requirement of a federal program will not be prevented, or detected and corrected, on a timely basis. A significant deficiency in internal control over compliance is a deficiency, or a combination of deficiencies, in internal control over compliance with a type of compliance requirement of a federal program that is less severe than a material weakness in internal control over compliance, yet important enough to merit attention by those charged with governance. Our consideration of internal control over compliance was for the limited purpose described in the Auditor’s Responsibilities for the Audit of Compliance section above and was not designed to identify all deficiencies in internal control over compliance that might be material weaknesses or significant deficiencies in internal control over compliance. Given these limitations, during our audit we did not identify any deficiencies in internal control over compliance that we consider to be material weaknesses, as defined above. However, material weaknesses or significant deficiencies in internal control over compliance may exist that were not identified. Our audit was not designed for the purpose of expressing an opinion on the effectiveness of internal control over compliance. Accordingly, no such opinion is expressed. The purpose of this report on internal control over compliance is solely to describe the scope of our testing of internal control over compliance and the results of that testing based on the requirements of the Uniform Guidance. Accordingly, this report is not suitable for any other purpose. Report on Schedule of Expenditures of Federal Awards Required by the Uniform Guidance We have audited the financial statements of the governmental activities,the business-type activities,each major fund, and the aggregate remaining fund information of the City, as of and for the year ended June 30, 2024, and the related notes to the financial statements, which collectively comprise the City’s basic financial statements. We issued our report thereon dated December 24, 2024, which contained unmodified opinions on those financial statements. Our audit was conducted for the purpose of forming opinions on the financial statements that collectively comprise the basic financial statements. The accompanying schedule of expenditures of federal awards is presented for purposes of additional analysis as required by the Uniform Guidance and is not a required part of the basic financial statements. Such information is the responsibility of management and was derived from and relates directly to the underlying accounting and other records used to prepare the basic financial statements. The information has been subjected to the auditing procedures applied in the audit of the financial statements and certain additional procedures, including comparing and reconciling such information directly to the underlying accounting and other records used 5 Page 243 of 555 To the Honorable Mayor and Members of City Council of the City of San Luis Obispo San Luis Obispo, California Page 4 to prepare the basic financial statements or to the basic financial statements themselves, and other additional procedures in accordance with auditing standards generally accepted in the United States of America. In our opinion, the schedule of expenditures of federal awards is fairly stated in all material respects in relation to the basic financial statements as a whole. Badawi & Associates, CPAs Berkeley, California March 31, 2025 except for the schedule of expenditures of federal awards on pages 7, which are as of December 24, 2024 6 Page 244 of 555 City of San Luis Obispo Schedule of Expenditures of Federal Awards For the year ended June 30, 2024 Assistance Listing Pass-through Program Grantor Agency and Grant Title Number Number Expenditures CDBG - Entitlement Grants-Cluster Department of Housing and Urban Development Passed Through the county of San Luis Obispo Community Development Block Grants/Entitlement Grants 14.218 417,368$ Total CDBG - Entitlement Grants-Cluster 417,368 U.S. Department of Justice Direct award: Bulletproof Vest Partnership Program 16.607 8,766 Edward Byrne Memorial Justice Assistance Grant Program 16.738 16,271 Total U.S. Department of Justice 25,037 U.S. Department of Transportation Direct award: Federal Transit Formula Grants 20.507 3,486,773 Total Federal Transit Cluster-Cluster 3,486,773 Passed Through the California department of transportation Highway Planning and Construction 20.205 103,654 Total U.S. Department of Transportation 3,590,427 Department of the Treasury Direct award: Coronavirus State and Local Fiscal Recovery Funds 21.027 10,396,711 Coronavirus State and Local Fiscal Recovery Funds Total Department of the Treasury 10,396,711 U.S. Department of Health and Human Services Passed Through the California department of Community Services and Development Low Income Household Water Assistance Program 93.499 17,487 Total U.S. Department of Health and Human Services 17,487 U.S. Department of Homeland Security Direct award: Disaster Grants - Public Assistance (Presidentially Declared Disasters)97.036 358,157 Passed Through the California 's Office of Emergency Management Hazard Mitigation Grant - California Office of Emergency Management 97.039 974,845 Direct award: Assistance to Firefighters Grant 97.044 123,790 Total U.S. Department of Homeland Security 1,456,792 Total Expenditures of Federal Awards 15,903,822$ See accompanying Notes to Schedule of Expenditures of Federal Awards.Page 245 of 555 This page intentionally left blank 8 Page 246 of 555 City of San Luis Obispo Notes to the Schedule of Expenditures of Federal Awards For the year ended June 30, 2024 A.Reporting Entity The City is a California charter city. It was incorporated on February 19, 1856 and chartered on May 1, 1876. It is organized in accordance with the Council-Mayor-City Manager form of government. With a population of approximately 47,788, the City provides a broad range of municipal services, including police and fire protection, parks and recreation, water and sewer utilities, street maintenance, public transportation, parking, planning, and building and safety. B.Basis of Accounting Funds received under the various grant programs have been recorded within the special revenue funds of the City. The City utilizes the modified accrual method of accounting for the special revenue funds. Modified accrual accounting recognizes revenues when they become available and measurable and, with a few exceptions, recognizes expenditures when liabilities are incurred. The accompanying Schedule of Expenditures of Federal Awards (Schedule) has been prepared on the modified accrual basis of accounting. C.Relationship of Schedule of Expenditures of Federal Awards to Financial Statements The accompanying Schedule presents the activity of all federal financial assistance programs of the City. Federal financial assistance received directly from federal agencies as well as federal financial assistance passed through the State of California is included in the Schedule. The Schedule was prepared only from the accounts of various grant programs and, therefore, does not present the financial position or results of operations of the City. D.Pass-Through Entities’ Identifying Number When federal awards were received from a pass-through entity, the Schedule shows, if available, the identifying number assigned by the pass-through entity. When no identifying number is shown, the City determined that no identifying number is assigned for the program or the City was unable to obtain an identifying number from the pass-through entity. E.Indirect Costs The City did not elect to use the 10% de minimis indirect cost rate. 9 Page 247 of 555 City of San Luis Obispo Single Audit Reports Schedule of Findings and Questioned Costs For the year ended June 30, 2024 Section I -Summary of Auditor’s Results Financial Statements Types of auditor’s report issued:Unmodified Internal control over financial reporting: Material weakness(es) identified?Yes Significant deficiency(ies) identified? Yes Any noncompliance material to the financial statements noted? No Federal Awards Internal control over major programs: Material weakness(es) identified?No Significant deficiency(ies) identified? None noted Type of auditor’s report issued on compliance for major programs Unmodified Any audit findings disclosed that are required to be reported in Accordance with section 200.516(a) No Identification of major programs: Assistance Listing Numbe r(s)Name of Fe deral Progra m or Clus te r Expenditure s 21.027 Coronavirus State & Loca l Fiscal R ecovery Funds 10,396,711$ 97.039 Hazard Mitigation Grant 974,845 Tota l Expenditure s of All Ma jor Fe dera l Programs 11,371,556$ Tota l Expenditure s of Fe de ra l Aw ards 15,903,822$ Pe rce ntage of Tota l Expenditure s of Fe dera l Awards 71.5% Dollar threshold used to distinguish between type A and type B program $750,000 Auditee qualified as low-risk auditee under section 200.520? No 10 Page 248 of 555 City of San Luis Obispo Single Audit Reports Schedule of Findings and Questioned Costs For the year ended June 30, 2024 Section II –Current Year Findings A.Financial Statement Audit Finding 2024-001 Journal Entries Posting (Material Weakness) Criteria: The access to post journal entries in the general ledger should be restricted. Journal entries should be independently prepared, reviewed before being posted to the general ledger. Condition: During the review of the City’s journal entry approval matrix and JE testing, we noted the posting from the subledger to GL do not require approvals at the general ledger level nor at the subledger level.Considering the number of employees who can post entries through subledger without review and the fact that corrections to payroll, payable, revenue/receivables, cash management, capital assets all can be posted through subledger and do not require approval, it increased the risk of unauthorized or incorrect journals getting posted into general ledger. Cause: The City didn’t have control in place to ensure all journal entries are properly reviewed before posting. Effect:Journal entries recorded in the City’s accounting system may be inaccurate, unapproved, or unsupported. Recommendation: We recommend that the City limit the number of employees who can post journal entries in the subledger and general ledger and implement system control to ensure all journal entries are reviewed before posting. Management’s response: City management agrees with the recommendation and continues working with the internal IT team and consultants to modify the Oracle ERP system’s workflow to include approval for system-generated adjusting entries, which are currently posted automatically. Approval for manually generated journal entries was implemented in FY 2021-22 and remains in place. While the City has approval controls for manual entries, a solution for system-generated adjustments is still in progress. This goal is considered partially implemented by the City. 11 Page 249 of 555 City of San Luis Obispo Single Audit Reports Schedule of Findings and Questioned Costs For the year ended June 30, 2024 Section II –Current Year Findings, continued A.Financial Statement Audit Finding, continued 2024-002 Payroll Module Implementation (Significant Deficiency) Criteria: An effectively implemented payroll system should process the payroll accurately, and an effective internal control system over payroll requires timely and accurate payroll processing. Condition: During the performance of the audit, we noted that – •The Oracle payroll module has overtime configuration implemented incorrectly, and the City has to manually track the payroll in a spreadsheet and correct the error as it occurs since the implementation. •The configuration of payroll journal entries posting was implemented incorrectly which caused the variance between the bank record and the City’s general ledger. Cause: The Oracle payroll module has not been implemented correctly. Effect: Errors and fraud can go undetected in payroll processing with a large volume of manual corrections needed. Recommendation:We recommend the City to work with the third-party vendor to correct the implementation of payroll module. Management’s Response: City Management agrees with the finding and has engaged a consultant to reconfigure the payroll module to correct overtime calculations. Significant progress has been made in identifying and testing solutions, with full implementation expected during the 2024-25 fiscal year. In the interim, the City continues to monitor payroll, manually correcting overtime issues each pay period. To enhance accuracy, staff has developed comprehensive training on time card entry and created Oracle Guided Learnings (OGLs) for real-time payroll module training. Additionally, the City has implemented the mandatory "Redwood" Oracle user interface upgrade, improving usability and time-tracking accuracy. Configuration of the payroll journal entries was a one-time occurrence that has since been corrected. 12 Page 250 of 555 City of San Luis Obispo Single Audit Reports Schedule of Findings and Questioned Costs For the year ended June 30, 2024 Section II –Current Year Findings, continued B.Federal Award Program Audit Finding No findings or questioned costs were noted in the current year. Section III –Prior Year Findings A.Financial Statement Audit Finding 2023-001 Journal Entries Posting (Material Weakness) Criteria: The access to post journal entries in the general ledger should be restricted. Journal entries should be independently prepared, reviewed before being posted to the general ledger. Condition: During the review of the City’s journal entry approval matrix and JE testing, we noted the posting from the subledger to GL do not require approvals at the general ledger level nor at the subledger level.Considering the number of employees who can post entries through subledger without review and the fact that corrections to payroll, payable, revenue/receivables, cash management, capital assets all can be posted through subledger and do not require approval, it increased the risk of unauthorized or incorrect journals getting posted into general ledger. Cause: The City didn’t have control in place to ensure all journal entries are properly reviewed before posting. Effect:. Journal entries recorded in the City’s accounting system may be inaccurate, unapproved, or unsupported. Recommendation: We recommend that the City limit the number of employees who can post journal entries in the subledger and general ledger and implement system control to ensure all journal entries are reviewed before posting. Status: Not implemented. See current year finding 2024-001. 13 Page 251 of 555 City of San Luis Obispo Single Audit Reports Schedule of Findings and Questioned Costs For the year ended June 30, 2024 Section III –Prior Year Findings, continued A.Financial Statement Audit Finding, continued 2023-002 Payroll Module Implementation (Significant Deficiency) Criteria: An effectively implemented payroll system should process the payroll accurately, and an effective internal control system over payroll requires timely and accurate payroll processing. Condition: During the performance of the audit, we noted that – •The Oracle payroll module has overtime configuration implemented incorrectly, and the City has to manually track the payroll in a spreadsheet and correct the error as it occurs since the implementation. •The configuration of payroll journal entries posting was implemented incorrectly which caused the variance between the bank record and the City’s general ledger. Cause: The Oracle payroll module has not been implemented correctly. Effect: Errors and fraud can go undetected in payroll processing with a large volume of manual corrections needed. Recommendation: We recommend the City to work with the third-party vendor to correct the implementation of payroll module. Status:Not Implemented.See current year finding 2024-002 14 Page 252 of 555 City of San Luis Obispo Single Audit Reports Schedule of Findings and Questioned Costs For the year ended June 30, 2024 Section III -Prior Year Findings, continued B.Federal Award Audit Finding No findings or questioned costs were noted in the prior year. 15 Page 253 of 555 Page 254 of 555