Audit Report on the Internal Controls of the Landmarks Preservation Commission over Permits

June 17, 2010 | MG10-073A

Table of Contents

    AUDIT REPORT IN BRIEF

    The objective of this audit was to determine whether the Landmarks Preservation Commission (LPC) had adequate controls over its permit issuance process.

    LPC is responsible for safeguarding the City’s historic, aesthetic, and cultural heritage; improving property values in historic districts; and promoting the use of landmarks for the education, pleasure, and welfare of the public.  By law, the agency must review any proposals for alterations to landmark buildings and determine whether they have any effect on the significant features of a building or a historic district.  Before performing work on landmark properties, building owners or tenants must apply for a permit from LPC.  All LPC permits fees are calculated and collected by the New York City Department of Buildings (DOB).

    During Fiscal Year 2009, LPC recorded 9,018 new permit records in its computer permit database corresponding to 17 different types of permits.  According to the Comptroller’s “Comprehensive Annual Financial Report” (Annual Report), LPC generated $1.4 million in permit fees in Fiscal Year 2009.

    Audit Findings and Conclusions

    LPC has inadequate controls for its permit issuance process: it lacks written documentation of supervisory review, lacks adequate controls over its perforation machines (which are used to authenticate approved permits and documents with LPC’s official imprint), and lacks secure storage for LPC files.  Although we did not find any instances in which unauthorized permits were issued, LPC’s poor controls create an environment that could allow the issuance of unauthorized permits without detection.  In addition, LPC does not track or reconcile the LPC permit fees collected by DOB with the permits LPC has issued, which increases the risk that lost revenue or fraud could remain unidentified and unaddressed.  Finally, we found that LPC’s computer permit database is not secure.

    Audit Recommendations

    To address these issues, we make eight recommendations, including that LPC should:

    • Ensure that supervisory reviews are documented in writing (initialed and dated) at key steps throughout the permit process.
    • Restrict access to its perforation machines to protect its official LPC imprint.
    • Reconcile DOB Revenue Reports with permits LPC has issued and promptly report discrepancies to DOB for follow-up.
    • Deactivate inactive user accounts on PATS (Permit Application Tracking System).
    • Periodically review activity on the computer system to detect unauthorized uses.
    $242 billion
    Aug
    2022