Purpose of Audit

The purpose of our audit was to determine whether District officials used public resources economically and appropriately for the period January 1, 2011, to October 31, 2012.

Background

The Roosevelt Fire District is located in the Town of Hempstead in Nassau County. The District is governed by the Board of Commissioners which comprises five elected members. Expenditures for the fiscal year ended December 31, 2011 were $2,380,104.

Key Findings

• The Treasurer submits monthly financial reports to the Board that contain incomplete information, and the District’s financial records have not been audited by an independent public accountant (IPA) since the 2010 fiscal year.
• The Board also does not formally approve attendance at conferences, and could have saved approximately $2,000 on two conferences had it adopted more reasonable meal and lodging per diem rates.
• Although the District has hourly payroll expenditures that total approximately $81,000 per year, the District does not have procedures that provide reasonable assurance that employees report time worked accurately on their time cards.
• Although the Board has adopted a policy to address computer and Internet use and password security, it has not distributed this policy to District members.
• The District has no disaster recovery plan, and although the District’s third-party IT services provider is supposed to restart the District’s IT operations from daily back-up files the event of an emergency, this process has never been tested. District officials do not review audit logs.

Key Recommendations

• Require the Treasurer to prepare and present comprehensive monthly financial reports. Obtain an annual audit of the District’s records by an IPA, as required by law.
• Adopt a travel policy and procedures that provide clear and specific guidelines. Consider revising the daily maximum amounts that it authorizes for meals and lodging per diems to not exceed GSA rates.
• Develop and implement timekeeping procedures that require all payroll activity, including overtime, to be properly documented and approved.
• Distribute and enforce the adopted IT policy provisions.
• Develop and adopt a disaster recovery plan that formalizes the procedures to store data offsite and maintain backup files, and establishes a procedure to periodically restore back-up files to ensure the data is accessible. Implement procedures to periodically produce and review audit logs.