Audit Report On The Department Of Transportation Controls Over Parking Card Distribution And Sales Revenue

June 26, 2006 | MG06-081A

Table of Contents

    AUDIT REPORT IN BRIEF

    This audit determined whether the Department of Transportation (DOT) maintained adequate financial controls over revenue generated from the sale of parking cards, and whether it had adequate safeguards over the inventory and distribution of the parking cards.

    DOT manages the City’s transportation infrastructure. In Fiscal Year 2002, the DOT Division of Traffic Operations’ Parking Bureau introduced the NYC Parking Card, a stored-value card sold in denominations of $20 and $50 by mail, over the Internet, and at retail locations in the City. The cards can be used in place of coins to pay for parking meter fees in all municipal parking fields, municipal meters (muni-meters), and certain single-space meters in the City. In Fiscal Year 2005, DOT reported revenues totaling $10.9 million from the sale of Parking Cards.

    Audit Findings and Conclusions

    DOT generally maintains adequate financial controls over revenue generated from the sale of parking cards. In addition, the physical security and safeguards over parking cards provide reasonable assurance that the parking-card inventory is protected against theft and misappropriation. Further, DOT maintained accurate and complete parking-card inventory records.

    However, the Parking Bureau does not reconcile on a monthly basis Electronic Fund Transfer (EFT) payments resulting from Internet credit-card sales transactions to monthly Internet sales nor verify the accuracy of the monthly credit card processing fees. Also, cash-receipt control procedures were not consistently followed, and DOT operating procedures were outdated. These weaknesses, however, were not sufficiently significant to detract from our overall opinion.

    Even though we did not audit or render an opinion on the E-Card system as a whole, our audit disclosed general control weaknesses and deficiencies that could materially compromise the system, raise concerns over the reliability, completeness, and accuracy of the E-Card data, and lead to greater inefficiencies in the processing of customer-parking card orders.

    Audit Recommendations

    To address these issues, the audit made 12 recommendations. Among them, we recommend that the DOT should:

  • Implement procedures requiring the Parking Bureau to reconcile EFT transfer payments for Internet parking card orders on a regular (e.g., monthly) basis to ensure that transaction settlement amounts match total Internet sales.
  • Verify that the fees incurred by DOT for credit card processing are appropriate.
  • Ensure that remittance checks received and processed by the Parking Card Unit are restrictively endorsed upon receipt, in accordance with Comptroller’s Directive #11.
  • Ensure that MIS and Parking Bureau officials develop a plan and implement procedures to ensure that E-Card is appropriately supported by MIS so that proper resources are made available to address routine system maintenance and to investigate and appropriately resolve persistent problems, particularly those with Internet sales orders.
  • Develop and periodically test a formal disaster recovery plan to ensure that E-card and other agency mission-critical applications are adequately protected in the event of a disaster or unplanned disruption in operating capabilities.
  • Deactivate inactive user IDs as well as those for CHC consultants and DOT personnel no longer employed by the agency.
  • Review E-Card, evaluate and document deficiencies (i.e., reporting functions and inventory module), and establish a plan and timeline for the remediation of such deficiencies with collaboration between MIS and Parking Bureau departments. Require that proper monitoring, program-change control, and system-documentation procedures be followed.

    • Agency Response

    DOT agreed with ten audit recommendations and disagreed with two others that addressed programmer access to automated business activities and the agency’s formal disaster recovery plan.

    $279.14 billion
    Mar
    2025