City of Beacon – Internal Controls Over Cash Receipts and Information Technology (2012M-224)

Issued Date
January 18, 2013

Purpose of Audit

The purpose of our audit was to examine the effectiveness of internal controls over selected financial activities for the period January 1, 2011, to May 31, 2012.

Background

The City of Beacon is located in Dutchess County, and has a population of approximately 15,500. The City Council is comprised of the Mayor and six Council members who are the legislative body responsible for setting the City’s governing policies. The 2012 general fund budget was approximately $18.4 million.

Key Findings

City officials did not exercise proper oversight of cash receipts and did not establish comprehensive written policies and procedures that provide adequate guidance and internal controls over the cash receipt function from waste water, park and recreation, or building permit fees.

  • Invoices for payment of sludge fees were not always billed to customers.
  • Due to the lack of the use of sequential receipts there is no guarantee that all payments for building permits and parks and recreation fees are being remitted to the Clerk.
  • Internal controls over the issuance of parking tickets were not established to provide reasonable assurance that all tickets were accounted for.
  • Procedures for the collection and payment of delinquent taxes are not in compliance with the Law.
  • City officials did not adopt a comprehensive IT security plan, disaster recovery plan and breach notification policy.

Key Recommendations

  • Ensure that sludge treatment services provided to customers are billed correctly.
  • Implement procedures requiring the issuance of sequential, press- numbered receipts for all collections.
  • Adopt policies requiring City police and MTA officers to issue parking tickets in a sequential order and maintain copies of all tickets issued.
  • Have a written agreement with the Beacon City School District for delinquent school tax collection.
  • Develop a comprehensive IT security plan and disaster recovery. Adopt a breach notification policy.