The City of Springfield announced the completion of three audits of city operations conducted by RubinBrown Certified Public Accountants & Business Consultants.
The first audit looked at transactions at the Springfield Art Museum from January 1, 2018 through August 31, 2018. The audit found several issues:
- RubinBrown tested 20 daily cash receipts and found that we were unable to trace 15 receipts to daily deposits on bank statements at the City Finance due to the way the receipts were reconciled.
- An examination of refund and void transaction receipts found the following:
- No evidence of management review and approval as required by the financial control procedures for three of 10 sampled refunds/voids;
- No supporting documentation was retained regarding the reason for three of seven online refunds.
- RubinBrown sampled 20 permanent and loaned artwork inventory items. They found a discrepancy between the location of one piece of art as recorded in the system and the actual location of the piece.
The audit of the city’s Loan Programs and Grant Processing showed several best practices, including that monthly “reconciliations are performed timely and variances are investigated and resolved.”
However, the firm made observations and recommendations for improvement of:
- The Planning and Development department performs loan aging manually via an Excel spreadsheet. The City’s loan portfolio averaged approximately $40M during FY18.
- The Health department does not maintain formal policies and procedures for grant processing.
- Document the steps completed for each part of Planning and Development three-way reconciliation so that a back-up staff member can perform the reconciliation without one-on-one guidance from a current reconciler.
- Ensure that participants in the Missouri Work Assistance program at the Missouri Job Center check the box on the TRE form acknowledging that the gas card will be deducted from their next TRE benefit.
Finally, the HIPAA Internal Controls Audit of the Springfield-Greene County Health Department noted the department obtaining accreditation in 2018 from the Public Health Accreditation Board, but also observed:
- There are five policy documents that refer to or require HIPAA compliance, including Administrative Memo #5, which is the department’s HIPAA policy. The department does not maintain a single comprehensive HIPAA compliance policy.
- RubinBrown performed a user access review of Patagonia and found three former employees with active accounts, 26 accounts with passwords that don’t expire, three generic accounts, and seven accounts with six or more roles.
- The administrator for Patagonia does not have personnel that could act as a true back-up to perform the required responsibilities.
- RubinBrown reviewed HIPAA training records for five employees who have access to Patagonia and found that two of five did not have a record of training within the last year.
- Although the HIPAA compliance officer is performing internal audits of user access to Patagonia, the audits are not documented as required by Administrative Memo #5. Additionally, internal audits of observations of clinical procedures were not documented or retained.
- The divisions within the department maintain separate confidentiality release forms. These forms do not have uniform legal language for the release and use of protected health information (PHI).
“The Springfield-Greene County Health Department takes our responsibility to ensure patient privacy and confidentiality very seriously, which is why we asked for this audit to ensure we are following current best practices. Our staff have already begun to implement these recommendations,” Director of Health Clay Goddard said in a statement.
Springfield City Councilman Mike Schilling said in a statement the audits provide important information and accountability to Springfield taxpayers.
Audits of Springfield city departments can be found on the city’s website.