Audit Report On The Financial Controls Over Cash Receipts At The Department Of Finance Business Centers

EXECUTIVE SUMMARY

This audit determined whether the New York City Department of Finance (DOF) maintains adequate financial controls over cash receipts collected at its six Business Centers.

(DOF) assesses the values of all New York City properties, maintains property records, administers business income and excise taxes, and oversees the operations of the Parking Violations Bureau. DOF is also responsible for the efficient collection of taxes and other revenue due the City. DOF operates six walk-in Business Centers—two in the Bronx and one in each of the other four boroughs—that provide services and accept payments for parking violations, red-light camera traffic fines, property taxes, water charges, etc. According to DOF, during calendar year 2006, the Business Centers collected $4.8 billion.

Audit Findings and Conclusions

DOF maintains adequate financial controls over cash receipts collected at its six Business Centers. These controls generally adhere to and comply with Comptroller’s Directives #1 and #11. Based on our observations, DOF maintained adequate segregation of duties over the handling, processing, and reconciliation of cash receipts. Further, the cash receipts, totaling $43.1 million, collected by 39 cashiers on the days of our observations at particular centers were appropriately reconciled and found to be accurate, timely, and complete.

However, regarding other related matters, we found that DOF did not have formal written policies and procedures to cover all aspects of the cash collections and reporting functions. In addition, while DOF has general and technical controls in place to protect NYCServ data and ensure the availability of system services, the agency does not have a formal business continuity and disaster recovery plan for NYCServ.

While these conditions do not detract from our overall opinion regarding the controls over cash receipts at the Business Centers, they do increase the risk that DOF may not be adequately prepared to respond to a major disaster or unplanned disruption of NYCServ and other mission-critical DOF system operations. These matters are discussed in greater detail in the following sections.

Audit Recommendations

To address these issues the audit made two recommendations. We recommend that DOF should:

• Ensure that written policies and procedures for each work unit involved in cash collections (i.e., Payment Operations, Reconciliation Unit, etc.) comprehensively document and address the various processes, controls, and levels of responsibility. The written policies and procedures documentation (e.g., manual) should be distributed to appropriate DOF departments and personnel and be updated periodically to address newly implemented or restated procedures.

• Develop and periodically test a formal BCP-DRP to ensure that NYCServ and other agency mission-critical applications are adequately protected in the event of a disaster or unplanned disruption in operating capabilities. The BCP-DRP should incorporate plans for an alternative processing facility, Business Center recovery strategies, and written backup and off-site storage procedures.

Agency Response

DOF agreed with the two recommendations made in this audit. The full text of the DOF response is included as an addendum to this report.