Audio check.

This is an audio check for the captioners, test one, test two, audio check for the captioners, test one, test two, audio check, test one, test two, audio check, test one, test two, audio check for the captioners, audio check, test one, test two, audio check, test one, test two for the captioners, audio check, audio check for the captioners, test one, test two, audio check, audio check for the captioners, test one, test two, one, two, three, four, audio check for the captioner, test one, test two, audio check, audio check for the captioners, test one, test two, audio check for the.

Communications are ready to begin.

Sounds good.

One moment, please.

I'm Jay Singleton, and I'm the vice chair of this committee.

I want to offer a friendly reminder to all members, staff, and the public that these meetings are broadcast live to enable greater public participation.

These broadcasts include real-time captioning as a further method to increase the accessibility of our proceedings to the community.

Therefore, all speakers need to be mindful of the rate of their speech so that our captioners can fully capture and transcribe all comments for the broadcast.

We ask all speakers to moderate the speed and clarity of their comments.

At this time, I'll ask the clerk to call the roll so that we can verify a quorum for this meeting.

Audit member Al Muwafak.

Yes.

Committee member Chugtai.

Present.

Engelhard.

Here.

Opposed by present.

Peterson.

Here.

Vice Chair Singleton.

Present.

Chair Payne is absent.

There are six members present.

Let the record reflect that we have a quorum.

I'll also note that we have two new members joining us today.

And let me extend a warm welcome to committee members Alam Wafak and Peterson.

I did that okay.

Thank you for being here, and we're excited to have you join us.

Colleagues, our agenda is before us.

May I have a motion?

So moved.

So moved.

All right.

All those in favor say aye.

Aye.

Those opposed, say nay.

That carries.

The agenda is adopted.

Next, we had the acceptance of minutes from our April 20 regular meeting and our April 22nd adjourned meeting.

May I have that motion?

So moved.

All those in favor say aye.

Aye.

Those opposed, say nay.

That carries, and the minutes are accepted.

We have four items in new business today.

Item three is the workforce optimization and comparative benchmarking report.

City Auditor Robert Timorin will join us to give that report.

Welcome, auditor.

Thank you.

Good morning, audit committee, uh, and good morning, Chair Singleton.

Uh the workforce optimization report that was before you on April 20th of this year had a minor change to it.

The neighborhood community relations section uh has been updated.

Uh, I hate to admit it, but there was a confusion between NCR and NSD in uh some of the work that uh we had done in that report with our consultant.

And so I believe it's page 134 of that report through 1040.

They've been updated.

The updated report is on our website, and this item is simply to enter the amended report into public record.

Thank you.

Do any of my colleagues have any questions?

Um, I will now direct the staff to publish that revised report.

Uh members, may I have a motion?

So moved.

Um the clerk will call the roll.

All right.

Maybe we can do a voice vote.

Sure.

Okay.

All those in favor.

Any opposed?

That carries.

All right, new business item number four is the 2026 Meet Minneapolis Contract Management Audit Report.

We'll be joined by Siddhartha Pujal, Director of Internal Audit for this presentation.

Welcome.

Good morning, Vice Chair Singleton and the member of the audit committee.

My name is Siddhartha Podel.

I'm the director of Including Audit, and I'm here to present the results of the recently completed and audit of the city's contract with Meet Minneapolis and the Associated Contract Management Practices with the Minneapolis Convention Center.

So this is the overview of the presentation.

I'm going to present about the background, audit objectives, scope and methods, conclusion findings, and recommendations, as well as the management action plans.

So why audit on this topic?

So we perform this engagement to ensure contractual obligations are clearly defined, properly monitored, and consistently enforced.

This way we can proactively respond to identified contract management risks, confirm compliance with contract terms, and mitigate performance reporting gaps, strengthen documentation internal controls, and city oversight.

Together, these actions serve to maintain accountability, data integrity, and public trust in how city contracts are administered.

So providing uh you uh with a little background, uh, City of Minneapolis supported the creation of the Meet Minneapolis and executed the contract to promote the city as a major convention exhibition, tourist and visitors destination.

Most of the Meet Minneapolis scope of services are focused on marketing and sales at the convention center, but they also provide support assistance for community events and the 12 Minneapolis sister city relationship in the sister city program.

The Minneapolis Convention Center manages the contract between the city and Meet Minneapolis.

So basically, they're the contract holder on behalf of the city.

So from uh payment standpoint from January 2021 to December 2025, the city paid about 56.3 million dollars to Meet Minneapolis for this purpose.

The this chart is based on the data provided by MCC and the city's AP system.

Uh normally the payment is based on the quarterly payments as well as if they meet uh certain uh KPIs, there is an in incentive portion as well.

So the city measures Meet Minneapolis performance through the following four KPIs.

The first one is the Minneapolis Convention Center revenue portion, which is the generated specifically as the convention center from events.

So the second one is gross lodging tax earned, uh the third one is annual partnership and growth, and the fourth one is future room nights.

So the audit objectives uh of this audit were to assess compliance with the city's contract monitoring procedures, the objectivity of the contract key performance indicators, and whether strategic business plan initiative were met in 2025.

Next, talking about the scope and methodology.

Uh, this audit focused on process and controls around contract monitoring and performance, including but not limited to contract agreement terms, meet Minneapolis Strategy Business Plan 2025, KPI goals, city contract management procedures, and our scope covered related activities from January 1st, 2025 to December 31st, 2025.

So basically, we looked at the most recent uh signed contract, which started at January 1st, 2025, which and also runs up to December 2029.

So, basically, for that contract period, one year had passed.

So, basically, we chose to review that portion of it.

So, we use audit methods such as interviews with uh Minneapolis Convention Center and Meet Minneapolis staff to understand the process.

We also conducted walkthroughs of systems they used to capture information to make sure there is a data reliability and approvals, and also we reviewed the controls as well.

Uh, specifically, we looked at the controls related to the KPIs related to industry benchmark and also the strategic business plan.

And the key areas that we focused for this audit is related to compliance with the contract terms, operational and financial.

So, uh, based on our review, we came to the conclusion that MCC, Minneapolis Convention Center, could strengthen processes and oversight by documenting procedures for departmental contract management and Meet Minneapolis strategic business planning, and by reviewing Meet Minneapolis partner performance measures, which is one of the KPIs.

And there are three findings, which we'll cover in the next few slides.

So two of them are moderate finding and one is low.

So the first finding is related to the strategic business plan process.

The business plan creation process could be better documented through roadmap that outlines process deliverables and timelines needed to create a good plan and fulfill contractual obligations.

So when we reviewed it, the business plan does not include a key date that is part of the agreement, as well as documenting the process of producing the plan.

So we noted that all the staff they know how to go about creating this business plan, but it was not documented properly so that if we need to retrain existing staff or train new staff in future, so that way we don't have to rely on the existing staff.

So we have that documented process well written so that we can use that for that purpose.

So basically, we're saying is they know what they're doing, but at least they need to document those things.

So as a part of the recommendation, we mentioned that uh Minneapolis Convention Center management should ensure that the business plan that is provided for review contains the creation date and the date it was received by the executive director because when you look at the contract, it should be received by September preceding the year when the plan is executed.

So there are like certain dates in the contract, and when we reviewed the actual business plan, we couldn't identify because it's like a collaborative process between MCC convention center and meet Minneapolis.

So they are working together on those.

So they are they know what's going on.

But when we just compare that with the contract itself, we couldn't find that specific date.

Collaborate with uh Meet Minneapolis to document step-by-step process for the developing the business plan, uh collaborate with Meet Minneapolis to ensure that cost estimates are clearly articulated in the plan as well.

Uh collaborate with uh Meet Minneapolis to ensure if the website contains maintenance information that can be used to determine if the information on the site is up to date and when the site was last updated.

Also, uh we recommended uh MCC to work with Meet Minneapolis to formally document the KPI's indicator development process, and the last one is to ensure that Meet Minneapolis provides clearly defined industry and trend indicators and agreed upon measurement data in the business plan as provided in the section 2.2 of the contract.

So the next one is related to the contract management procedures within uh Minneapolis Convention Center.

So that we found that the Minneapolis Convention Center could better document its internal contract contract management related procedures, which would ensure that transfer of knowledge is protected and distributed to others.

Similarly, uh to the finding one, so this one is they know what they're doing, and they have uh decades of experience as well.

But again, if you need to train or retrain new or existing staff, we need to have like a proper formally documented procedures as well.

Uh most of the time uh city finance does have their policy regarding what needs to be done, but from procedure standpoint, these procedures have to be specific regarding specific departments.

Uh, so we saw like there were some, but it could always be enhanced in that regard.

So, from recommendation standpoint, uh, um we recommend uh Minneapolis Convention Center Management should formally document internally internal contract-related procedures so that staff can follow standardized processes for contract oversight, create a repository of Meet Minneapolis contract documents accessible by appropriate staff to provide records of historical data for compliance and future planning purposes, and the third one is related to the objectivity of the KPI metrics.

So the annual partnership and growth and retention KPI goal.

So basically, when we look at one of those KPIs, it mentions about like a the gain of eight partners from 2024 to 2025.

So our initial question was like why the city is spending so much money to gain you know eight more uh partners, but when we reviewed in detail, we identified.

I mean, we meet Minneapolis gained 126 new partners in 2025, but at the same time they lost 117, so that difference is like eight.

So they are gaining those uh partners and losing some of the partners, which sometimes are not in their controls because sometimes they are like small vendors, so they sometimes they go out of business as well.

So we understand, so you know that's part of the business as well, but what we're saying is like probably they need to be uh shown as one of the KPIs a little bit better way as well.

And we also found the partner listing does not align with the number of active partners with paid dues.

While we did not find any duplicate records, the number of partners and payments did not match.

And when we talked to uh Meet Minneapolis uh man's management and staff, they mentioned that sometimes um some businesses are built under another business as well, so it's not always one-to-one uh when we look at number of partners versus the number of dues paid as well.

So basically, um the plan does not directly describe an existing partner retention goal, uh rate goal as well because ultimately the long-term partners may be more engaged with the organization and provide financial stability and increased retention may be more cost effective than the constant recruitment and outleeds.

So it's good that we're growing the partners, but it's also important to retain some of the existing partners as well, which is always from cost standpoint is more efficient.

So, in terms of recommendation, uh we are recommending the MCC management collaborate with Meet Minneapolis to revise the agreed upon measurement data to accurately report partnership growth and retention activity, ensure that the business plan addresses retention, and work with Meet Minneapolis to revise the partner report, verifying either payments are made or balances due.

And in terms of management action plan, MCC management agreed to all the recommendations and developed their own corrective action plan accordingly as well, which are primarily related to the internally and um so those existing updating and drafting those existing procedures both internally and with uh meet Minneapolis leadership, assess if the partnership goals need to be updated, and then for all the three findings that we have, they came up with the plan completion date of December 31, 2026, and their corrective actions will sufficiently remediate the issues identified in the audit and their management action plan are included in the report under the management response letter uh in details uh as well.

So that's the presentation uh for the Meet Minneapolis contract management audit.

Now I stand for any questions.

Thank you for that presentation.

Do any of my colleagues have questions um about this report?

Committee member Hosbein.

Thank you, Chair Singleton.

Uh Director.

I have two like I don't know the city questions, if you could help me clarify.

Um this is related a little bit to I feel like in 2023, 2025, and then today we're all kind of around these same contract issues within these same groups.

And maybe I'm just not connecting all the acronyms, and maybe this is to the earlier point as well.

So NCR neighborhood community relations, does that connect at all to the neighborhood safety department?

No.

No, that's those are two separate.

Thank you.

Because that was the audit from February 2025 that I feel like had some very similar.

And NSD, the neighborhood safety department, they fall under the Office of Community Safety.

Okay.

And NCR fall under the Office of Public Service.

So, yeah.

Okay.

And then this one's the one that came out of the 2023 safety risk assessment, right?

This was the thing that I put on hold and kept so this one.

So we always had plans regarding the phase two of the contract management.

So basically, the first phase was more in general.

And so basically for this one, we were thinking about what we focus should what should we focus on as a part of the phase two.

And we thought, so this audit was done sometime maybe seven or eight years ago.

Yeah, okay.

And we just wanted to do a follow-up audit, because at that time we did have uh few uh findings.

So our goal was to follow up on those findings as well as to make sure whether they have been corrected or not, and to make sure those some of these KPIs at that time we had we found some findings related to KPIs as well.

So we thought it would be a good idea to do a follow-up audit as part of the phase two.

Perfect, thank you.

And I think maybe I'll follow up separately because I think there's a lot of work around this 2023 community safety risk assessment, and there were like several updates that I don't think is related to this, but I'm struggling to figure out how that one fits into all these.

Yes.

So basically at that time, we used to have like a two separate report, one for um community safety side, and also for the all the rest of the departments and city as well, but since then we it doesn't make sense for our office to come up with a two different audit plan and the uh report as well.

So then we decided to combine those together as one uh plan and the report.

So, okay, thank you for that help.

Because I think we're the root of my questions is should some of this already have been taken care of?

Because I feel like it's not the first time we've seen this, it's not the first time, but I get that there is um, and we've talked about this before, the historical documentation and when there's change, that's not always moved from one to another.

Um so I would just say like I think probably comments that come across the committee every time is just this is a persistent issue, and I think just continuing to elevate this, and I it's not the first time we've seen the convention center as part of that either in terms of contract management.

Um I don't have a whole lot of sense of it.

I feel like we've said all the things before about we need better tax and balances, the influence piece, especially when it comes to the neighborhood safety piece, like that's such a um perception and trust issue too, um especially when it's this kind of money um in a city where we're being told we're having huge cuts and we can't get audit staff and other things when there's this big of money.

So I just um thank you for this work and thanks for connecting the dots for me.

And also through the chair uh uh committee member husband.

So that's why in the past we have mentioned the importance of the enterprise risk management as well, right?

Because some of these issues should be fixed at that level so that if we they see some type of issue, whether it's contract related to management related in one department, then they should be able to go to other department to see if there are like similar uh issues in those departments and try to fix on it on their own versus audit individual audit.

Perfect.

Thank you.

Committee member Al Mwafek.

Thank you for the presentation, and I just have a few questions.

Sure.

Uh it mentioned her that uh phase two of this contract is 82.6 million.

So, how much the increase of the phase one of this contract?

So, um, through the chair, um, committee member Alma Fox.

So, so when we I talked about the phase one and phase two, it was related to the audit that we had scheduled in the audit plan, but for this contract specifically, so it has been going since I think 1986.

So there is no phase one or phase two for this contract with Meet Minneapolis.

So the phase one and phase two we talked about was what was um as a part of the audit plan we had.

So in the past we had the phase one of the contract management audit.

So we completed that back in 2023, and we also has the phase two, which we completed right now, but uh, so that six million questions dollar question.

So this contract specifically with the Meat Minneapolis, we had this for a long time.

So this is not the phase two of the like a contract itself.

Okay, when I had a look at the contract term sheet, that for this this, for example, period is for 2025 until 2029.

Yes.

And what is for example the previous period of that one?

For example, is that from 2021 until 2024?

Because when you mentioned the payments through that contract from 2021 until 2025.

Yeah.

So there is overlap of one year, I mean, just to to if we would like to compare the the cost or the dollar amount of the contract.

So basically, so that dollar amount exactly um, so the payment-wise, it was including the incentive, it was 56.3 million, and based on so from that point, there was an increase of 13.4% increase in the unrestricted fund, and uh 22% increase in all funding, which totals up to be uh 82.6 million for this contract period from 2025 to 2029, it was um so it's gonna be 82.

So before that, uh it was around like 50 some million for that last five period before 2025.

So is there change in the scope and the services that meet Minneapolis will provide for MCC that for that extra amount of this contract?

So that one is also based on some of the increase in the the cost of living as well because some of this um so from expenditure standpoint um for meat Minneapolis it automatically increased as well, so portion of that is covered for primarily to that, and there are like some increase in the goals amount as well, because in the past it used to be total 500,000 of incentive amount per year versus now it's uh 800,000.

Uh so there are some increase in the cost in that regard, considering the cost of living and whatnot, but from the goal standpoint or adding more scope of services, I don't think it has been drastically different.

So it's similar, but uh it's primarily based on the cost of living and other uh increase in the individual goals, how much money we have allocated.

Thank you.

I have also other questions regarding the KPIs.

When they are developing the KPIs, are they developing them based on the baseline of previous years or for example just I'm not sure how they are developing the KBIs because what I can say, what can what I what I what can I see there in the figure two in your report that the KPIs for let's say for uh annual partnership growth and retention and also future room and night for fiscal year 2026 are less than 2024 and 2025.

So, what is the baseline should be when they are developing this KBIs?

So basically it's combination for the looking at the past one as well, also looking at the industry trend uh as well, so it's combination of both, so it's just not the the previous ones.

I understand uh uh so it has decreased a little bit, but it also based on uh the nationwide industry standard, how those should be based on the the size of the city, and I don't know, maybe Jeff or Sandy.

I know you have more knowledge about this one, so if you can maybe come up here and answer those questions.

Thank you.

Thank you.

Thank you, uh Vice Chair, members of the committee.

I'm Sandy Christensen.

I'm the senior vice president of finance and business operations for Meet Minneapolis.

I'm happy to answer questions about the KPIs.

Which of the four would you particularly like to focus upon?

The annual partnership growth and retention.

Yes.

And the future room nice.

Yes, thank you for that.

The annual growth and retention in the partnership is actually based upon the performance from the prior year.

So how that KPI is derived is the number of partners that are current with Meet Minneapolis on December 31st of the calendar year is considered a baseline going into the upcoming year.

And if we retain 100% or maintain that number, we would uh result in the tier two or maintain that same level.

We also know with that with the business changes that uh were articulated with businesses coming and going that retaining 95% of that number is also somewhat challenging challenging given the business cycles.

So tier one of that KPI is a 95% retention rate of that year-end number.

And then additionally, 105 or 105% of that year end number is considered the tier three.

So the baseline for all intents and purposes is 100% at tier two.

And then for the future room nights, as was articulated, it's based upon industry industry trends as well as um some information that we derive from third party uh resources, and we look at what um what activities or conferences are currently on the books.

So future room nights are room nights that are booked this year for any period into the future.

So if we know, for example, that the uh rotary is coming in the in 2028, which we do know, the year in which we booked that, it's 30,000 room nights.

So in that year that we book rotary, we are able to I would say claim 30,000 room nights being booked.

That's few and far between that we're able to generate that level of business in any one year.

So you see that there's fluctuations over time.

So we take historical performance, what we know about the future, and also the third-party research uh that is provided to us.

Uh regarding the gross lodging task iron in the tier two and tier three, it is not dollar amount in this figure.

I'm not sure that is a table or something because here, for example, I can see five on 509, 524 in tier two and tier three.

I would posit that those numbers are an error.

Uh because the um the lodging tax earnings are always going to be in the tens of millions of dollars.

Okay.

Uh I still have one question, Chair.

Uh, regarding, for example, the retention record for for the partnership.

Do we have also that the reason for not be able to, for example, making this retention for each of these partners, for example, one of them just make out of the business, other one just with some of the reasons.

So we we know what is the reasons for not be able to just to keep this retention?

Yes, vice chair, and uh that we do document every single cancellation that comes through.

Uh there's more, there's probably about five general um reasons that uh businesses may choose not to renew with us.

Going out of business, obviously, is one of them.

The other is that they are feeling strained on their financial resources and need to deploy their dollars elsewhere.

Uh, they may have changed their scope of business, sometimes they don't feel that they're getting the value for uh what they're paying.

And of course, we do follow up with any of those reasons to um delve more into what we could do better and what we can apply to the future to ensure that we retain those members.

Okay, thank you.

Thank you.

Thank you.

Any other questions?

All right, thank you.

Thank you.

Seeing no further questions or comments from committee members, I'll direct the clerk to receive and file this report.

I'll now direct direct staff to publish this report.

Members, may I have a motion?

So move.

Thank you.

And the clerk will now call the roll.

Member Al Mawapak.

Yes.

Committee member Chugtai is absent.

Engelhart.

Aye.

Hosebee.

Aye.

Peterson.

Aye.

Vice Chair Singleton.

Aye.

Chair Payne is absent.

There are five ayes.

That motion carries.

Members will now move on to new business item number five, which is the neighborhood safety contract management audit.

We'll be joined by Michael Coaters, hopefully I got your name pronounced correctly.

Um, Director of Special Reviews and Advisory Service.

Vice Chair, Committee, thank you for having me.

It's uh K Waters, but you were pretty darn close, so you still get points.

I stand to present the Office of City Auditors' report on the Neighborhood Safety Department contract management audit.

Due to a lengthy presentation, I ask you to hold your questions until the end.

Today's presentation will go through a brief background of NSD and its place in city services.

We will cover the objective of this audit, the scope and methodology performed, our conclusion and results, including findings and observations, as well as recommendations.

Lastly, the city provided management action plan.

This is my first presentation, and so far so good.

As part of the City of Minneapolis Office of Community Safety, the Neighborhood Safety Department provides programming for prevention, intervention, and restorative services.

NSD contracted services for 8.1 million dollars out of their ten point five million dollar 2026 annual budget.

Within NSD, roles are assigned for coordinating such services across each full contract cycle.

Contract administrators provide financial oversight, program managers provide performance oversight, and NSD must align practices with the requirements of both city policies and the COPLA settlement agreement.

For the objective of this audit, we asked is the neighborhood safety department providing sufficient contract oversight and managing contracts effectively.

This audit focused on their financial and oversight practices during the period between January 1, 2020 through December 31st, 2025.

We acknowledge challenges in reviewing activities under such a long time frame.

The criteria for this audit included NSD policies and procedures, but also enterprise-wide policies, specific contract language, and the requirements of the COPLA settlement agreement, which fell within this period of review.

Our audit work was conducted by interviewing NSD and other staff, but also document requests and reviews like policies and procedures, contracts and invoices, as well as other relevant supporting documentation.

This audit concluded that the neighborhood safety department is not providing sufficient contract oversight or managing contracts effectively.

This is based on several findings and observations.

Finding one falls under the category of oversight, a lack of cross-departmental communication and alignment leads to an ineffective oversight environment among neighborhood safety department contracts.

For example, identifying unallowable expenses or how to properly escalate concerns.

Communication gaps and unclear roles limit the city's ability to identify risks or respond to concerns in a timely way.

For finding one, we issue recommendation one, where OCS, OPS, NSD, and the CAO ensure clear roles and responsibilities, particularly in shared processes.

These departments should establish or better establish processes for discussing issues, needs, or other concerns to help align practices with requirements, including how to review and document deviations.

This recommendation pursues clear and consistent support for continued coordination among these departments.

Finding two falls under the category of influence and pressure, where we found the city does not have sufficient controls for mitigating pressures or potential conflicts of interest.

For example, a documented escalation path does not appear to exist for instances where contractors bypass contract managers.

Such examples highlight that the city does not have strong safeguards that protect the contracting process from pressure or influence.

Expectations for communication between staff, elected officials, and contractors are not clear or not documented.

We recommend leadership from both the Office of Community Safety and Office of Public Service, and also the CAO to establish with procurement guidance for departments on how to manage and mitigate potential pressures, and make sure there is clear guidance for situations like city representatives responding to outreach or what contracting departments can share with others not involved in the contracting process.

Finding three falls under the category of policies and procedures, where we found that NSD does not have complete or finalized policies and procedures for its core contracting work.

NSD has worked to establish such directives during the course of our audit, but many documents remain in draft form, which leaves staff without consistent guidance and creates uneven practices across programs.

For example, NSD has created invoicing processes for standard and alternative invoicing, but must still align these with enterprise policies and the pro in the requirements of the COPOLA settlement.

We recommend for finding three that NSD leadership, working together with the City Attorney's Office, and Finance and Property Services, finish in-progress policies for all contracting staff, comprehensively incorporate city expectations in the requirements of the COPOLA settlement agreement, and provide well-documented training to staff and new hires.

Finding four relates to the invoicing process.

NSD's invoicing process does not fully align with enterprise expectations or COPLA settlement requirements.

For example, some contractors submitted limited documentation and NSD requested the remainder months later.

Additionally, we observed a lack of cross-departmental alignment on the invoicing process.

This increases the risk of paying for work the city cannot fully verify.

Therefore, as reflected in recommendation 4, with the City Attorney's Office and Finance and Property Services, NSD should establish a clear, consistent process for invoice review that is in alignment with enterprise expectations.

Also, NSD should build out an internal compliance function that regularly reviews contracts, invoices, and payments.

Further, the Office of Public Service leadership should coordinate with NSD on invoice process documentation that aligns with enterprise expectations, including record storage and confirm it matches other departments, noting any agreed deviations.

Finding five.

NSD does not consistently track or document contractor training, including required two-hour sessions for certain violence prevention contracts.

As a result, NSD cannot reliably show that contractors received information needed to follow city requirements.

Bless you.

For finding five, we recommend that NSD formalizes its training for contract oversight and management, then memorialize its training and directives.

It can share with all contract administration staff.

Finding six relates to contractor site visits.

NSD does not have a standardized process for conducting and documenting site visits.

Current site visit practice depends on individual program manager relationships and routine touch points rather than a structured oversight process with a monitoring schedule.

The frequency, content, and documentation of these visits are inconsistent, limiting the department's ability to confirm that servicers and services occurred as expected.

We recommend that NSD management finalize the site visit SOPs that were being developed during this audit, including criteria for following up and escalating concerns.

Further, NSD should use a risk-based assessment of active contractors to set each contractor's monitoring schedule and feed the contract monitoring assessment tool piloted in April.

Every site visit should be documented, and NSD should conduct a review at least quarterly to confirm monitoring is consistent across all contractors and programs.

Finding seven falls under the category of contract documentation and contractor communication.

NSD does not have a department-wide standard for saving contract records or documenting communication with contractors.

Records are stored in different locations and formats, which complicates oversight and creates risk when staff transitions.

Therefore, we recommend NSD management, set clear policy expectations for preserving contract-related documents, communicate the policy to staff, train contract and program managers, and apply these practices consistently.

OPS and OCS in partnership with NSD finance procurement and the city attorney's office agree to the audit recommendations and have drafted a corrective action plan that currently projects action items are complete by June 30, 2027.

OPS and OCS will coordinate multiple city resources pursuant to increasing oversight and accountability.

NSD will ensure practices comply with the requirements set forth by both the city and the Coppola Settlement Agreement.

The Office of City Auditor will follow up by September 30 for the first anticipated deliverable of the corrective action plan, these entities have communicated.

We thank the various partners for their participation in this audit and hope we have produced a useful report.

I thank you for your attention throughout this presentation.

Are there any questions related to our report, which I have presented here?

Thank you for that presentation.

Do any of my colleagues have questions?

Yeah, uh in throughout thank you for this report.

I think this this is a really important issue, and I've had concerns as well.

And I'm not tracking the uh timeline on all of this.

I know like Agape's contract was up recently.

Um, and I believe I'm not even sure what what ended up happening there, but that said, uh, in terms of the contracts, the literal contracts, the language in the contract.

If a contractor is, you know, one of these entities, a name to Agape is deemed to be, you know, doing gross misconduct or are really not meeting uh the needs.

Uh what level is the city compelled to continue paying or to to continue working with the contract?

Can we terminate the contract?

What does the language look like there?

Uh well, we would probably comment on the formation of actual contracts that would be outside of the scope of the city auditor, and maybe I'll invite the city auditor up to make a comment after.

Um I would say that generally we're looking at the controls uh rather than the individual instances and uh with the particular case of NSD, uh we found that the controls could probably be increased or strengthened so that individual or special instances are uh meeting city expectations.

With that, I'll hand it over to the city auditor.

Oh, I'm sorry, through the Chair uh Singleton, um, uh Commissioner Engelhard.

So, like uh Director K.

Waters mentioned, so the the scope of this audit and was going to do how NSD manages the contract and not into like individual contract itself and the um exit and termination clause.

So basically, we looked at what kind of oversight the NSD has regarding the all contract management process.

So we didn't go through like individual details regarding individual contract itself, but we just wanted to from process standpoint whether there is a uh adequate and effective contract management process is there or not, so as a part of the scope, it was not our part of the scope regarding those individual contracts.

Okay, thank you.

And is is it is there I I may have missed it, it's a good and thorough report, but uh is there a recommendation to enhance the ethics the city's ethics policy because the as I was reading through um some of the some of the aspects of this maybe you know the ethics policy doesn't cover this, yeah.

Yeah, so we have um uh those recommendations to enhance the ethics policy as well, and also as a part of this year's um um audit plan audit and strategic plan, we have also included to look at the ethics policy and those um as a part of a future audit at by end of the year as well.

So we're gonna combine this recommendation and that separate audit as a part of that how that um ethics policy and the training looks like at the city as well, and what kind of enhancements if any that needs to be made, so that we have a separate plan for those processes in future as well.

Thank you.

Thank you, committee member, for those questions, vice chair.

Uh committee member husband.

Thank you, Vice Chair.

Uh thank you for the presentation.

Um and I really appreciate the kind of multiple layers of the um resolution and the management response, and I think this is a really great opportunity when it does involve procurement and finance and responsibilities outside the ethics officer um outside of the specific um department.

Like if we could start memorializing whatever those practices are, and so then when the next audit comes up and we have the same findings, like oh, those high-level um departments are already having best practices.

So I guess maybe the the question and the question or the question and the comment, is there even though it's not an SD specific, are there expectations that the other departments involved start working on those kind of high-level objectives and consistent guidance when they're brought into these management responses?

Yes, and it's an excellent question.

Uh, we believe that uh city leadership has committed to those actions which would strengthen things like oversight and accountability, and that would be a programmatic fix rather than an individual fix.

And I think that um along the lines of what your suggesting we also include in this report as um recommendations for controls that uh are either could be strengthened or could better leverage the expertise that exists across the city.

Absolutely, thank you.

Yeah, and I think with uh in the absence of that enterprise risk level, these groups are gonna have to fill that spot, so it's not just the city um audit department.

So thank you.

Thank you, committee members.

Do I have any other questions?

All right.

Seeing no further questions or comments from committee members, I'll direct the clerk to receive and file this report.

I'll now direct staff to publish this report.

Members, may I have a motion?

I move with a motion.

Thank you.

Uh the clerk will now call the roll.

Member Al Muafark.

Yes.

Committee member Chog Tai.

Engelhart.

Aye.

Peterson.

Aye.

Vice Chair Singleton.

Aye.

Chair Payne is absent.

There are six ayes.

Thank you.

That motion carries.

Committee members, our last item of new business is item six, the enterprise-wide open corrective action plans and updated process for monitoring and communicating corrective action plan progress.

We we will now be joined again by um city auditor Robert Timmer, Robert Timmerman.

Uh thank you, Chair Singleton, audit committee members.

Committee member Hosbein, we're very excited to share this presentation because it gets at the questions you were asking.

It gets at uh questions that came up in both presentations as far as monitoring tracking and moving forward with enterprise risk management.

I would like to introduce Nikita Lane, who has uh since my very first day here about 15 months ago been really pushing for uh enterprise risk management and enhancing that across the enterprise.

I think your work has been phenomenal, and I'm excited to introduce her to you to speak about this.

Uh we'll also have uh our quality assurance manager Jessica Peterson speak during this presentation, and then I'll speak a little bit to the open corrective action plan.

So, Nikita.

Thank you, Auditor Timmerman.

Good morning, Vice Chair Singleton and members of the audit committee.

My name is Nikita Lane, and I'm a staff auditor here at the city.

Um, we are going to be presenting on the follow-up request from our April 20th audit committee meeting.

And we will revisit the audit committee process, the new project tracker, the updated risk categories, unresolved audit recommendations, the tableau dashboard, the communication process, and enterprise risk management.

But first, we wanted to refresh everyone's understanding of the current audit committee process, which is a receive and file process, meaning that the Office of City Auditor performs audit engagements, the audit reports are presented to this body.

The committee receives and files the report.

And that process works well when findings are straightforward and are not complex in nature.

The audit is responsive and resources are readily available.

The process does not function as intended when findings are complex, the auditee is unresponsive, and resources are not readily available to resolve the finding.

Good morning, Vice Chair Singleton and members of the audit committee.

Thank you, Nikita, for the presentation.

My name is Jessica, and I'm the Quality Assurance and Training Manager for the Office of City Auditor.

And our office continues to strive for excellence in audit work and operational effectiveness to increase audit impact and value to the city of Minneapolis.

Our office recognized the opportunity to refine the audit findings process by leveraging technology to implement project management tools to effectively oversee the progress of open management action items.

We have partnered with the city's IT department to construct a custom interface platform for our team to enter each audit, each finding recommendation, and management action item from the auditee, projected due dates are captured, and effective dates for implementation of new processes.

Um track all open and closed audits, monitor findings, recommendations, and management corrective action plans.

Securely transmit text and file information to auditees related to their audit findings.

Automate scheduled communication related to corrective action plan status updates, provide the Office of City Auditor with consistent and improved reporting capabilities, provide the audit committee with on-demand access to unresolved audit recommendations, and make relevant information available to the public to enhance transparency and community oversight.

Having developed this new tracking database internally, the Office of City Auditor has leveraged available talent, both in-house and through the IT department or information technology department to save public funds and leverage already available resources.

This also allows us to have readily available competent support.

His contributions have contributed to the development of this system.

More information is further explained on the companion report pages four and five.

Additionally, developing this system in-house rather than using a vendor, mitigates risk related to data loss and digital security.

The PowerPoint shows the auditee findings tracker, a screenshot of what we see on our side.

The home page displays all audits entered into the dashboard.

The findings tracker has the capability to organize each audit title by year, capture the progress of the corrective action plans, and gather all supporting documentation for the validation process to close out findings.

The bottom of the screen shows the color coordinated associated with the status, so green indicates closed findings, yellow indicates open findings, and red indicates that a finding is passed to the questions for the auditee to answer for the action plan steps are designed to be categorized based on identified four types of justifying factors causing delays in application, which include budget, technology, policy and procedure, and cross-departmental.

Each auditee will explain which factor is impacting the extenuating management action plans and articulate the reasonable efforts completed to address and overcome the challenges.

The auditee can relay progress in seeking the corrective action plans, such as progress meetings, requesting budgetary resources, documenting cross-departmental efforts to mitigate risk, and attach supporting documentation.

The full audit report is attached to each audit entry.

To the left of each audit report in the dashboard is a letter icon.

The auditor will enter the report into the dashboard for the auditee to reference and obtain context of the findings and recommendations provided.

The risk levels are tracked per finding and recommendation, so we have low, moderate, and high, and the finding status is also documented.

So we can see the options here are open, closed, future audit follow-up or not applicable.

We have a search feature box for auditors to utilize internally.

The pie chart here represents the data collected from the responses received pertaining to the complex challenges identified.

So we have policy, budget, technology, and cross-departmental.

Currently, this graph represents 14 out of 68 open items.

Not every single response must identify a challenge.

They can just submit a response as well.

Moving forward, we will continue to track these categories and provide an update on the data.

Next, I would like to discuss the tableau dashboard, which was also constructed in collaboration in-house with the legislative department to support audit committee engagement and oversight by showing each report on the dashboard.

Also the actions articulated the audit totals on the dashboard to also promote transparency and accountability.

Currently, the audit committee dashboard will display office metrics per year, which include the report, the number of audit plans, audit reports, total presentations provided, and staff direction and updates.

Now I will turn it over to Robert Timmerman to present on the open management action items.

Thank you.

Thank you.

All right, Chair Singleton and audit committee members.

Um I usually get myself in trouble when I go off script, but uh what I want to share is that the information in the report in uh conjunction with the information in this presentation, as well as the information in the 80s page appendix, all taken together can help provide a nice overview and a thorough overview of all open corrective action items.

Historically, our office has requested corrective action updates from the administration or from management, our auditees on an ad hoc basis.

We typically reach out to our auditees before each audit committee meeting, try to get an update.

Uh, and this process has worked over the years, but it was time consuming, it was inefficient.

Building this new system will be uh incredibly helpful for efficiency in our office.

The increasing volume of our work has outpaced our ability to manually monitor and follow up on corrective action plans.

Uh, and so the new database that uh Jessica just talked to you about.

The coolest part about it is you will all have access to it.

Uh we will ensure that you have direct access to it.

You can drill down into auditi responses, um, and you can do that in live time, and that way we can be uh collectively prepared at audit committee meetings for uh some very good discussion on any open items.

That said, in preparation for this report, we did again uh reach out to all auditees with open corrective action plans.

We asked them to use the new database to respond to us, so uh maybe a little unbeknownst to them.

They were they were being the guinea pigs for testing this out.

Um, and and so we really do thank them for that.

Um it will take some time to transition stakeholders, including the audit committee, our audit staff, and uh the administration in using this, um, but I think we're off to a very good start.

Uh I will mention that the two audit reports presented today for NSD and Meet Minneapolis, they are not uh factored into the numbers in what we'll see in the slides and what's um in the report itself, but over the next few days we will get those added.

And my hope is that within the next few weeks, we'll be able to send you a link to be able to actually get in the dashboard yourself.

All right, so looking back, and this has uh been questions that uh I would say have come up at uh several of the last few audit committee meetings.

What are our open findings?

Um we've always provided kind of a number of very brief update.

Uh the the report itself goes into great detail on each of those.

And so starting on page eight, uh that is what aligns with the slide on the screen here.

Um, we're looking at each audit that has open findings year by year.

Uh the first was uh 2019 audit that was performed.

This was on police off duty work.

Um in the report, you will see that there's information about MPD's response that they are uh still working on some of this.

The first finding was related to technology enhancements for improving tracking, management reporting, and the analysis of police off duty work.

Um based on MPD's response on this particular item, and Jessica mentioned we we also are reassessing on all open items the the risk level.

Um the Office of City Auditor traditionally uh categorized almost everything as a high risk, and that's not necessarily appropriate when we have a high number of of audit findings that need attention.

So we have to be more uh more critical of how we're doing that.

In a in a few slides, I will explain how we uh have developed our low moderate and high evaluation for uh the findings but for now the find the first finding of police off-duty work, um, we've re-evaluated from high to moderate, and uh this particular item has not seen progress.

And the MPD is still using the same call in system in system.

They've not gone to a five-digit call sign, which we had recommended at the time.

Uh they are using a four-digit call sign.

Um, and then the reality of this item and what the Office of City Auditor recommends on this one because it is now seven years old, and the MPD is continuing to use the same system that they've used.

We classify this as an item that's been accepted, the risk has been accepted by MPD.

Um, whether that's right or wrong, uh, what we are going to do is we are going to mark this particular item as closed in our tracker.

What we'll mark it as closed in our tracker, and then we're going to rebuild a new audit on this subject.

And so what the tracker does is it allows us to maintain every single finding, whether it was closed on time, whether it's um was beyond its target date, it will always be in there, and so that when we hit the next audit, we review it.

And I I get the feeling that why would we close something that's been open for seven years?

That doesn't mean it's not still an issue.

That doesn't mean it's not something that doesn't get follow-up.

But what we're trying to do as a part of our discussion on enterprise risk management as a discussion on the administration taking responsibility for their audits and for their corrective action plans that they've self-identified that they've set target dates for, um, I think that we need to transition to that enterprise risk management accountability of them monitoring this, and then audits role, and and this is based on internal control standards, audits role then is the next time we audit is we assess whether or not that finding is still open, whether that finding has been addressed, and then we escalate that audit.

So for example, if we were to go in and audit uh police off-duty now, and had we closed that finding as a risk accepted by management, we would go in and say, look, we don't agree with your assessment that you've closed this risk.

We're now going to elevate it from a moderate issue to a high issue.

And so that's everything kind of plays together as far as the assessment of risk, the responsibility of administration, our tracking, and ultimately the way internal audit is supposed to work, is that the monitoring is a responsibility of management of the auditee, and the auditor then reassesses the next time they audit a particular program.

That's just not the way things have been happening.

And if we are able to see enterprise risk management and that function move forward as we've continued to push for, we should be able to work this.

So what I'm telling you is this doesn't actually go away.

What it means is that it's seven years old, doesn't it does not look like there's going to be progress on this.

And so the next time that we audit them, that issue will be elevated.

We will continue to discuss it.

So the second finding on 2019 police off duty audit, um, a little bit different on this one.

And you'll see on page, let's see here, six of the report, we have a table that indicates all of the open findings, all of the open corrective action plans, and what we believe the audit committee should do at these.

And so this is where we say they absolutely should come in front of the audit committee again, whether that is in October, which we're proposing because there's a lot of them, and it will take some follow-up on our part to get invitations out.

Uh, the the recommendations within the report is on any finding that we've said should come in front of the audit committee, that the audit chair draft a formal letter, and I can help do that and send that to the administration to come with a response prepared.

Um, we have a slide and uh in a little bit here that shows exactly what we would want the administration to present to the audit committee.

Um, so there is a plan for kind of next steps and a recommendation to the audit committee on bringing uh auditees in front of this body if they have not closed.

So that said, if we have something that we say the administration seems to have accepted the risk on this, we do still have them coming.

We can still ask them about them.

So with the second finding on the 2019 police off-duty work, this is one that we uh strongly suggest that the audit committee bring in front of them in October.

Uh I can help coordinate with the chair of the audit committee to draft that letter and the expectations for what is presented.

Um, but with this particular item, uh it is it is truly the monitoring of overtime.

This is where the main problem is.

This is an issue that we maintain a high risk classification for.

Um, I think that when you take off duty work and you take overtime work and you look at the total number of work hours, it also presents a real safety risk to the city when officers are working as many hours as they are.

So, as you know, and if you remember from this report and many, many other conversations that the council has had with MPD, this is a real issue, and we need to make sure that we follow up on it.

Uh, there is a third finding very similar in nature that I I think we should continue to ask MPD about.

Um, but this is one that they have made some progress on.

Uh, in the report on page nine, they detail some of the progress actions.

This one I would say uh is not accepting based on them accepting the risk.

This is they identified the uh mitigating factors that they have implemented, which satisfied the audit findings.

I would suggest that with this particular item and that the way we set it up for October is that we have each auditee or or department speak to a particular audit, and then we transition to the next audit.

So I would say, even if we're saying for tracking purposes, that we make sure that we talk to that auditee about any of the findings of the report, not just the ones that are open.

Let's get updates on the ones they've closed over time as well.

Okay.

So that sets the stage.

We'll go through each year.

We didn't have any uh reports in 2020 that still had open corrective action items.

In 2021, there were five with 12 total findings.

One of those has a past due management uh corrective action item.

And on page 10 of the report, you will see that.

That is finding four of the personal work-issued mobile device policy.

This one uh the we received responses from IT, we received responses from the clerk's office, we received responses from the city attorney's office on this particular item, and their response is on page 10 and 11.

They have updated this policy, they have done some training on this.

In fact, time has gone by that they are now reviewing to update this policy again.

And so, based on the information that they provided, we are satisfied to close this particular finding.

Um, and that is the extent of any open findings for 2021.

2022, there were three audits that had 30 total findings.

Uh, none had open management action items, so we don't have anything to touch on there.

2023 uh gets a little more full though.

So most open corrective action items, of course, are more current.

Um, and as we get a little closer to 2025 and 2026, you'll see that as the volume increases.

Uh, but for 2023, there are um there are a few audits that have open corrective action items.

Uh, and you'll notice that we're also trying to change the language that we use.

These are management corrective action plans.

These are items that, in response to findings and recommendations from the Office of City Auditor, management, the administration, the auditee, whatever you whatever term you use, they developed the corrective action plan.

They set their initial target date, and ultimately they are responsible then for completing that corrective action plan.

So the monitor that monitoring that we've been doing and will strengthen now with this new uh system and oversight is to really keep tabs on that to make sure it doesn't get seven years stale, and that if management accepts a risk, they're coming in front of the audit committee to say here's why we believe we can accept that risk.

Uh 2023, sexual assault examination kit.

I cannot go into the details on this because this uh the findings were redacted because it's very um security sensitive.

The last time that MPD and property and evidence came in front of the audit committee, we had a closed session in June of last year.

And so I would suggest for anything open still uh related to this or property and evidence that have redacted responses or redacted findings that we also have a closed session to discuss those.

You of course have uh reason to know the updates on those areas.

We just had to be uh somewhat mindful of the security on what was presented here.

What I will say is that with the first finding on the sexual assault examination kit, uh the primary reason for delay is cost.

Uh let's keep in mind this is three years past now.

The costs of this project, which would require some construction, is estimated at roughly $300,000.

I would say that this is an incredible uh risk to the city with high risk classification.

That does not change, and the MPD should prioritize this.

Uh, so this is one I would strongly suggest we bring in front of the audit committee in October.

The second item is is actually related.

The language is is different in the finding itself, but we'll we'll just say it's it's budget related with the same amount.

Uh that moves us into revenue and collections audit phase one.

Uh so this particular review in 2023 looked at the Minneapolis Animal Care and Control and kind of how that area is managed and property services and how they interplay with one another.

This is another one that was high security, and so the the item is redacted.

Um this one though, it sounds like the um we should be able to actually verify the security features that they have that they have used to mitigate this risk by mid-August.

And so if you go back to that table on, I think page nine, um, it it shows another column of things that we should be able to verify based on the updates that we got.

So there are several that we should be able to uh close out after mid-August.

This is one of those based on their response.

We weren't comfortable closing it now, but they provided enough information where we should be able to physically verify the mitigation.

Uh the same is true on finding seven on that same audit.

Uh, and then that moves us into 2024.

Uh 2024, there were six audits.

Uh property and evidence.

This is uh another one where there are several findings that are still open.

They are passed due.

Um, on that table on page nine, it shows the original target date that management had self-established.

Um the first finding on the property and evidence audit.

Uh that was another one that was uh redacted as high security.

Uh and in fact, it is related to the one that is in the uh sexual assault uh audit, and so that is the same issue that we would ask MPD to come speak to in a closed session to the audit committee.

Uh that is one that they are saying that they're continuing to work with MPD executive leadership, that they have uh spoken with other partners across the city, and that they don't currently have the budget for it.

Again, I think we need to be very uh strong in encouraging the city council to to help fund that or find funding for that if MPD can't do it on their own.

Um save my comments on whether or not they should be able to do it on their own for a later conversation.

Um finding two in that report, very similar in nature, high risk classification.

Um, I believe it's the same issue.

Finding four in that report is still open.

We recommend that MPD come speak to the audit committee in October at that same meeting we've been proposing.

Uh, this one is about a new roof on the property service, or I'm sorry, on the uh property and evidence warehouse.

This is an item that uh had been evaluated as high risk, we're reassessing it as moderate risk.

The reason for that, your initial reaction, at least my initial reaction, is if the roof floods because of leaks and we damage property and evidence, that's an incredibly high risk.

Uh, they did provide updates on mitigating factors, immediate repair to any damage, immediate repair to any leaks.

That said, it's still a significant project that needs to be undertaken.

Um, and when we weigh risk, we think of two things.

We think of the likelihood of the risk occurring, and so what I explained is the the whole roof collapsing, the likelihood of that is very small.

Um, but then we also consider the impact if that uh activity or action were to occur.

And in this case, the impact would be severe.

And so that's kind of a taste of how we identify risk, and like I said, we'll get to that slide.

Um that one, they've said that um significant maintenance has been completed.

They need three million dollars for the roof, uh, and that they have put in a capital budget request for that.

Uh, it seems like their timeline is 2026 to 2031.

And so again, I believe October is a good time to bring them in to discuss this.

Finding six in that same audit talks about evidence continuity, evidence continuity field is not always properly logged by officers and PIMS.

This is one where MPD provided enough evidence to satisfy the uh the office that the risk has been mitigated.

They talked about the training that they had developed and uh presented to staff uh some visual indicators and signs throughout various facilities to remind officers to properly do this.

So this one we are comfortable closing.

Uh finding seven in that report.

Uh talked about property warehouse precinct lockers, um, and the inconsistencies in descriptions and temporary evidence, uh storage.

So uh this one to MPD provided enough information for us to feel comfortable closing this.

Um they have developed training for new officers that touch on this.

They created a training video for existing officers, and again, they've updated some signage.

So they they did more than they had initially committed to on that one.

Finding nine.

Uh similarly, this one can be closed.

Um, MPD will be adding a quality administrator position to the property and evidence unit in 2026.

Uh they have ethics training that was implemented in 2024, and they have language in their policy about conflicts of interest.

So those things have been implemented.

Okay, one more, I believe, for 2024.

And there are a lot of findings in this one.

Um, but this is the MPD fleet management off uh audit.

Uh this one we have several items where we think they should come in front of the audit committee in October to explain their progress or lack thereof if that's the case, or to talk about any findings that have been closed that you may have questions on.

Uh so the fleet management audit uh finding one talked about accident investigations.

There are delays in investigating vehicle accidents involving MPD employees, leading to a backlog of cases.

Uh this one, MPD provided a lengthy response, which you'll see on page 17 of the report, uh, talking about how cases have continued to be assigned, that there's still significant staffing issues.

There's it seems only one person uh trained in certain systems or investigative techniques for this.

Uh, and so this one um, although we do recommend reducing the the risk assessment from high to moderate on this because there's again at that high risk, we're thinking about is there uh a risk of immediate harm, safety, death.

These are after-the-fact investigations, and so if this were a finding that we come across repetitively or a second time on the next audit, that gives us room to escalate it then.

Um, but under our our new criteria for evaluating risk on our findings, this would fall in that moderate range.

Uh so that one we recommend uh the audit committee bring them in front of the body uh in October.

Finding two was related to fleet policies and procedures.

MPD policies and procedures related to fleet are not fully updated to reflect current practices and expectations.

Um the update that MPD provided to us, uh, the most recent uh more thorough update.

They had sent to us in April of this year.

Um they did respond uh and just tell us please refer to the response we provided in April.

Uh, I don't think there had been new progress since then.

Uh and so we do have a follow-up meeting with the chief of staff of Minneapolis Police Department later this week to get additional updates on all MPD findings.

Um I'm very pleased that we've been able to create a strong relationship in that role with the with the um uh with that individual because we typically will report our findings, request our updates across many individuals in MPD.

That's become problematic because we have so many findings.

And so the chief of staff is a nice conduit for those conversations.

So going forward, all communication that we're going to have is going to be with the chief, the two assistant chiefs and the um and the chief of staff.

There may be times where we reach out to other individuals if we need to get into the weeds more, but ultimately for MPD, that's where the responsibility lies is at that top executive leadership level.

So that should make our lives a little bit easier, and they should be able to facilitate providing updates to the Office of City Auditor and to the audit committee.

So finding two, they should come in October.

Finding three is related to GPS and vehicle tracking.

This is one that they indicated is ready to be closed.

They've uh taken the steps necessary to mitigate the risk that we had identified.

This we need to physically uh verify or receive some evidence on, and so by mid-August, we should be able to do that and close that particular finding.

Finding five on page 20 is related to external fuel cards.

Of course, external fuel cards, regardless of sector, uh, are always a risk to an organization.

On this one, MPD has uh stated that they've uh completed this, they've taken the actions necessary to mitigate the risk.

Uh, as I mentioned, we have a meeting later this week with the chief of staff to further verify this, and we'll hopefully be able to close this by mid-August.

Finding six on this report, uh, the auditee uh says that they are still in progress on this, and so this is one we suggest that they come in front of the audit committee in October.

This is related to enhancements to oversight and controls around fleet functions.

Uh, they've made some progress in this area, but uh we need to know uh what a realistic new timeline will be from them, and and so I think in October it'll be a great time for us to ask that.

Uh finding eight risk management alignment.

We talked about opportunities between MPD and risk management for aligning on vehicle accident um documentation processes.

Uh MPD said that they're still working on this, so again, this is one we should uh get an update from them in October.

Finding 10, uh I believe is the last of this particular audit, and that is the vehicle management system.

Uh it needs enhancements.

The details of that are in the report itself, which are in the appendix to the uh, sorry, in the original audit report, which are in the appendix to this report.

Uh MPD has said that they are near completion on this one, so this is another one we should be able to verify in August.

All right, we're getting near the end.

Um 2025 audits.

The first one starting on page 23, responding to a federal law enforcement operation.

If you remember, uh, this was the first time that there was uh observation of ice in the city on June 3rd, 2025.

Uh, we had done a narrow scope review of the city's response to that, both um the administration's response and the council's response and how they um interplayed.

These were not um audit findings and recommendations in the traditional sense.

This was more of a a very limited scope advisory review.

That said, the first three items that we identified have been accomplished.

Uh, and so uh we were uh and and we are going to continue tracking them because if we audit something like this again in the future, we want to look at what progress has been made.

Uh, and so they have been entered into our tracker.

Uh the first three, like I said, are closed.

The fourth, which we would say is still open, and I do think should still get some attention was an item that is more for the city council's consideration.

This was the item related to city council aides who were on site on June 3rd.

And the rhetorical question from the Office of City Auditor was: should there be something written into the ethics policy about council aides activity?

Council aides, like I suppose many individuals in this city are appointed, but they are in a unique uh position in the sense that they report to their council member that appoints them, even though administratively they are within the legislative department.

So the idea here is the council should create some sort of uh policy on what is appropriate behavior of council aides.

I would take that aside from ICE activities.

I would just say that that's something that uh, as employees, there should be direction on what is appropriate behavior as employees, especially considering the the strange alignment of their positions.

Uh 2025 also had an audit of the Minneapolis Parks Board.

This was related to um payment oversight.

These are not yet passed due.

Uh we do have thorough updates starting on page 23 on these, though.

Uh, MPRB was was very helpful in providing status updates.

Um they did adjust a few of their timelines from June 30th of this year to December 31st of this year.

They had good reason to do so.

Uh they have made progress in some areas.

Uh, I'm not going to go into the details on all of these, but uh, as far as training staff having conversations with site managers about issues that we brought up, they have completed those activities.

Uh, they want to do more in building out their formal policies and procedures.

Um, so I do suggest that uh after these come due December 31st, that uh anything that remains open, or even if they're all closed, uh we can invite them in February of 2027 to speak to the audit committee about progress or anything that uh is unresolved.

All right, the next one in 2025 was oversight of an urgent single source contract.

This was the Helix Health and Housing Health and Housing Services contract.

Uh, if you remember this one had some questions about uh perceived conflicts of interest, uh from direction from the mayor's office requesting this particular vendor for these services.

Uh, it did not go through the normal contracting process.

At the time, we had recommendations generally around uh developing policy to help alleviate conflict of interest to help strengthen department heads and contract managers' ability to push back on elected officials demanding a certain vendor be utilized, demanding that a contract um go around the established process.

Um, and so this was uh again an issue with contract oversight management.

So I think that uh this is one that I I believe uh we've said that there is uh uh um so on finding five on page 30.

This is one that there has not been sufficient progress on, uh and we suggest that they come in front of the audit committee in October to explain that.

The other items, however, they have uh provided significant detail on progress.

Um the finance department has updated procurement policies.

They've created some trainings, um, they are doing more in uh proactively looking for unallowable expenses.

Uh that said, although they've provided enough evidence for us to feel comfortable that the originally identified risk has been mitigated, because we're asking them to come in front of the audit committee in October.

I think we should ask them about all of these because I think we continue to see issues with contract management, procurement, and oversight.

So let's keep that on the radar.

And then getting into page 31, we're now into 2026.

Similar to MPRB, none of these are passed due yet.

I apologize.

I could have moved forward there for you.

But 2026 is the shooting of Davis Materian Death of Alison Lucher.

And we also had some commentary on the workforce optimization report, starting on page 31 in the report.

So none of the after action review items are past due yet.

Three of them we were able to verify as policies that have already been updated.

They provided the new policy to us.

Those were quick hits.

And so I believe of the 37 original findings, we're at about 31 that are still going to need their responsiveness.

When we worked with them in uh preparation for this project, we asked them if they believed that the target dates originally established by the former chief of police were reasonable.

They took time to reassess them.

They did establish target dates on the ones that had not had target dates established, and they did maintain some target dates of November of this year and request a few to be moved to January, I believe, of next year.

So I think that where we are with monitoring on this particular uh project, we're in a good place.

Again, this will be a topic of conversation when we meet with the MPD chief of staff later this week.

Um, but we will continue monitoring each of these findings for resolution.

Uh, and then as I mentioned, you'll have access to this system to do that yourself too, which is pretty cool.

The workforce optimization report, um, we did not include in the project tracker.

I know that there was a question about that um in April on how those recommendations are going to be monitored.

Uh, those were more what I would say soft recommendations in the sense that they were for the administration and the council to consider while they are considering budget for 2027, which they're actively doing right now.

I can say that a number of the recommendations, I think there were 11 total recommendations, but a number of them are under consideration.

Uh and as we are familiar with the budget implications in the city, I think everything is under consideration right now.

Um, and so we will we will continue to keep an eye on that and report back to the audit committee if through the budget process any of those recommendations have been implemented.

Okay, the parks camera.

If you're looking at the screen, those have all been closed already.

Uh and in fact, I think they were just uh two soft recommendations, low risk as well.

So I don't even think that they uh normally would be tracked.

Uh if you look at the slides in the handout, you can see which specific uh Lucia Maturi um recommendations have either been closed or that verification is in progress.

So that can be compared against what's in the original report.

And as I mentioned, we'll talk a little bit about risk categories.

And so with audit, we typically will have a low, moderate and a high risk.

Traditionally, you've seen a lot of high risks thrown at you, and and I think that's that's fine, but it it kind of gets lost then if there's not a differentiation between them.

Um, so as I mentioned, we've updated risk evaluations for past audit findings.

We're going to be more considerate of impact and likelihood, which when you think about internal control standards, those are the two things that really help identify risk and categorize risk.

And so on the next slide, we do have a table.

This is how we are going to, or what we are going to consider in categorizing risk.

Is it going to pose a significant reputational harm to the department?

Of course, this is a judgment call in this area because everything could pose a significant reputationable reputational harm.

Is it a major safety risk?

In this case, we think could it cause significant uh bodily injury or death?

Is it something that we have brought up multiple times?

So this is where I say if we evaluate something as moderate, if we then audit again and see it, now it has escalated to a higher higher classification.

And then also other links to areas that might cause harm.

So, you know, that could be something like the um, you know, maybe the shot spotter system, which you'll see a report on in August.

Uh, the system itself is is technology, but does it have a link to something that maybe is safety related?

And so that's what we're talking about there.

Um, so that's the matrix we've developed.

This is actually pretty pretty standard in the audit world.

Uh, and then on these slides, you'll see just the ones that we have reduced from high to moderate.

Uh the last thing I want to say is you won't see much on low, and the reason is because we saved low for those verbal audit findings.

Uh we want to make sure that we're sharing with auditees things that we see that uh they could work on that they maybe it's a best practice, maybe it's something that doesn't have actual legal or regulatory criteria tied to it, um, or maybe it's just something that based on our professional uh judgment, we think they should change something.

Um they don't have to.

It's it's not uh something that rises to the level of uh a moderate or a high risk, and so that we've uh kind of maintained as that verbal finding.

Um so what we will bring to the audit committee will typically be moderate and high risk findings.

So as I mentioned for October, and if we need to, with um I think it was Parks Board for February.

Uh I will work with the if this is the desire of the audit committee, I will work with the chair to draft formal letters uh in the voice of the audit committee, going to each of the auditees uh departments or executive leadership, and we'll be asking for them to address these certain items.

Most of these are the same items in our new tracking database that we're looking for updates on.

Um but since we haven't seen progress in some of these areas, or uh maybe we haven't gotten an updated target date, uh, we think it's really important that they speak to the audit committee verbally about the efforts that they've taken to mitigate the risk.

Um that if it's related to budget, what have they done to seek the funding, whether that's speaking with finance, whether that's speaking to executive leadership, whether that's talking to the city council budget committee, um, if it's related to other departments, describing the coordination efforts that have been taken to date, uh, if it's related to policies and procedures, sharing updates and drafts on the work in progress, uh, and if it's related to technology, any roadblocks that they are having, uh, those are the four categories that Jessica spoke about earlier.

Um resources needed.

Again, this is not just money, this is can the Office of City Auditor help?

Can the audit committee help?

Can we get them in connection with council members on the budget committee?

I mean, what can we do to help too?

Because frankly, we point out the findings and the recommendations.

We'd be more than happy to, in whatever capacity that we're able to, to also help move things forward.

Okay.

So I I talked about accepting risk, and I got into it.

Maybe I should have had this slide earlier because I saw your your facial reactions.

But the reality is if the uh city is going to accept any risk, it should only be done at the executive leadership level.

So we uh my argument is that if the administration wants to accept a risk, say, for example, uh we point out that a particular policy needs to be updated, and their reaction to that is that you know that will create trickle effects that affect something else.

Okay, well, that's a risk that you might be willing to accept.

But who tells us that?

It should be the department head, it should be signed off by a deputy city uh operations officer or uh the commissioner of community safety, and it must be documented.

I mean, I would say documented coming to talk to us, that's now in the public record, that's documented, or there is some letter sent to the audit committees, some letter sent to the Office of City Auditor, an email from one of them saying, you know, we as the administration have chosen to accept this risk.

And if I get that, I will bring that back to you for your awareness as well.

But that is the level uh that risk should be accepted at.

Okay.

I think we're getting near the end of my section, and Nikita's gonna close it out because we cannot leave a presentation like this without continuing to push for uh enterprise risk management within the administration.

Uh the beating of the drum has been that the city council make an investment or the administration find money to uh bring on an executive-level enterprise risk management officer uh to build out a team we've suggested of two to three people to start with.

We also are um aware that the group that we coordinated with on the workforce optimization report provides some enterprise risk management consulting.

I as I told the administration I'm not it's not a sales pitch or uh I'm not advocating for them, but um I do know that they have a meeting set up with the COO in the near future.

I think that's good to see.

The administration is really talking about enterprise risk management.

We have individual council members who are talking about funding enterprise risk management, finding that in the budget for 2027, uh, and that's really promising.

So, like I say, we can't end a report without continuing uh that conversation, continuing that argument.

So I'm gonna hand it back over to Nikita just for another quick five minutes uh because she is the ERM pro on our team.

Uh thank you, Auditor Timmerman, and thank you all again uh for your attention.

Um, so uh we wanted to improve the audit committee process, and so um we wanted to improve the audit committee process.

The charter was updated on December 8th, 2025.

Auditor Timmerman worked with this body to establish a formal communication process for complex findings when disruption occurred in a remediation process.

The charter was updated to include the scope and responsibility section, which laid foundation for this body to formally request an auditese attendance at the next schedule committee meeting, which auditor Timmerman just spoke about.140 enhances the audit committee's oversight capabilities by prescribing a set of duties which indicates that the audit committee shall review the reports directed to it and may make recommendations on any such audit reports to the city council for consideration on the appropriate course of action for findings requiring council action, the mayor for consideration of the appropriate course of action for reports concerning city operations and the park and recreation board for consideration on the appropriate course of action for reports concerning park board activities.

So following the actions prescribed in ordinance will strengthen the receive and file process by enhancing committee action to follow up with the relevant stakeholders to initiate action on matters concerning the organization when warranted, changing the current process from receive and file to receive, file, and follow-up.

This moves us into uh ERM and how critical this function is to the vitality of the city.

The adoption of an enterprise risk management program will enhance our organization's ability to break down silos, help drive forward a formal risk-based framework capable of building stronger city workforce.

It will communicate risk more consistently, and it will improve city functions so that they are more aligned with government focused solutions.

Audit is the last line of the fence, and the Office of City Auditor must remain separate from the day-to-day duties of managing operational risk.

And in closing, again, thank you all.

We wanted to highlight the efforts our office has made spanning nearly six years to highlight the need for a formal enterprise risk management program for the second time this year.

We again recommend that the city build an enterprise risk management program to help facilitate risk mitigation strategies, a dedicated risk management program will establish a strong risk culture that will help the city identify and report issues early and help reduce the city's financial and reputational harm.

Thank you all.

And I will turn it back over to Auditor Timmerman for any questions.

Thank you for this very thorough report and for all the work that I know has gone on in the background to make um everything possible that you've just presented to us.

Um committee members, do we have any questions or comments?

Committee member husband.

Thank you, Vice Chair.

Um, I mean, I'm very excited about this, which is probably obvious.

Um, and I just want to that last slide.

I mean, Auditor Lane, like you've since I've been on this committee, like you've been that voice, and I know you said that at the top.

So just thank you so much.

Of um, all the continued push for this high-level umbrella um change that's been needed.

So I just really appreciate your work, and I know I always look at you and like, this is getting closer, we know it's happening.

So thank you.

Um, yeah, and page six, I feel like is um on the chart is like the closest I've been to like knowing exactly what to expect in a long time.

So thank you so much.

Um, I have a couple of questions on the tracker.

Is that okay to um I'm very excited to have that kind of overview, and it was just so much easier to follow.

In terms of data analytics, are there options for like I know that there's classifications around status?

Is there also classifications around findings?

So if I wanted to go in or ask someone to go in and say, can you pull any finding that was procurement related or policy related?

Would that be a possibility in the data at this point so that we can have that kind of overarching trending?

Um, we're gonna write that down.

So, the the next step with the database is building out the reporting functionality.

And a part of that is is identifying what do we need to move from text fields into to like drop-down fields where we can really identify those things.

And so we'll we'll grab those two items, um procurement or policy, and and we'll add more categories.

So at our next audit committee meeting, I'm gonna provide an update on all of the administrative work that we've been doing in the office to prepare for our peer review for inviting Elga Association of Local Government Auditor auditors to come in and review our work to ensure that we're meeting professional standards.

And so in October, I'd like to share with you all of the work that we've done in preparation for that.

Part of that is building out our audit manual, redeveloping our audit process program, updating all of our audit templates, reports, things of that nature.

And a part of that is building out how we will manage this system within-house.

And a big piece of that is going to be that because there is some automation to it, sending out automated emails for auditees to respond at that, you know, I can't remember what we put in the report, but like four week, six-week, 12-week mark.

In addition to that, there will be director level monitoring and oversight of the system itself.

And so the directors, which are our Mac and said will regularly be monitoring that following up.

And so that should really help with that.

So I would say we can build in our reporting the things we think we're gonna want to see, but as we're working through it, as we're monitoring, um, and as you're playing in it, we can certainly add things as well.

Perfect.

That'll be a huge impact.

Especially if there's already a management plan under a contracting or procurement title that then can be over just kind of expanded, maybe to reach another audit.

Um and then on the closed, just maybe a suggestion.

Um, and this is I really appreciate slides 30 and 31 walking us through what closed with acceptance of risk looks like.

Um, I just wonder if there's a closed classification of this was closed due to it being complete versus was closed due to a risk acceptance.

Um, in my mind, those feel like very different things.

Um, and this is more like the report out on the other side down the road, if that's a possibility.

Definitely.

We we are distinguishing between closed because they've mitigated the risk and um we are the the communication process to auditees going forward um likely to start with audits that uh the report is completed in October.

Um we are going to build as a part of our exit conference with the auditee a description of this system of what they need to do, and a part of that direction is if you close something because you've accepted the risk, you need a department head and the DCO to sign off on this.

Um, and so I think that is certainly something that we will be pushing for, and yes, we will track that.

Amazing.

And then um, sorry, so this is outside the tracker more just the recommendations and the um auditi updates.

So page eight.

So this is um the police off duty work finding one that you're moving to closed.

Um I think this is just back to that what accepting risk means because I'm not reading in their response that they would come to the podium and say, I'm accepting this risk.

So I think that just very much I appreciate your the city auditor response that this needs to be closed.

I think I don't see that documentation in their response.

Um, so that would need kind of back to what you outlined on 30 pages, slide 30.

Oh 32, sorry.

32, I feel like would just be needed for that to really talk about that being closed.

Um, just that true documentation of yes, we are accepting this risk by this.

Um, yeah, I think I think you're right.

I think that um that's an easy enough um tweak.

We haven't actually closed any of these yet, and so we certainly can leave that one open.

Um, and as a part of our invitation for them to come in October, we can include that one.

Perfect.

Yeah, and I absolutely understand your reading into that saying, oh, this is an obvious acceptance, but I want them to say that.

I like that.

I like that.

Um, okay, then sorry, back to my notes.

Um for the um, these are redacted items, so it's the um, sorry, page 12 and 14.

So sexual association examination kit, um, really both finding one and two, and then also um the evidence, property and evidence audit finding one.

Um, not to go into the details in open session, but my experience being in the closed session with the individuals that are here to report to those, is they care so much and they have been fighting so hard um to make these changes.

So I would just ask when they come to audit committee, it needs to be whoever can actually make the decision because the people that are in that room, like I just don't want to like their their lives are protecting this evidence, and the fact that we're talking about six million dollars in an earlier audit, and then we can't find 300,000.

Like, I want to know who answers to that, so that's who should be coming.

Agreed.

Um, and that's kind of here in the bullets three and four-ish.

I would also say, can you say who you've spoken to, and the bright person needs to be here to answer those questions.

Um, yes, absolutely.

Um, I put MPD leadership in, so that could mean many things, but we're on the same page.

Okay, perfect.

Um because I would love to talk to people that came back again because they're just so amazing, but they're not the ones that are gonna make this budget thing happen.

Okay.

Um, and then I think my last one.

Thank you for um page 18.

So this is the um fleet management finding um number one.

Yes, this is about the delays in investigation.

Um, so my one, and I can watch the video back of the audit committee where they came to give their update.

I believe during that update that was in person, they said that any incident that involved a community member's property vehicle persons was prioritized and those were not being delayed.

I would argue that if that is not the case, there is still harm happening to the community.

So I would maybe just ask for that to be documented that yes, they have gone through and they're no longer delaying anything that would be insurance, financial, um, medical for anybody, because I would consider that considered uh still a high risk versus moderate if they can't kind of speak to that, and I didn't see it in their um update here, but like I said, I believe they spoke to it live, um, but I can't honestly remember.

So that would just be a recommendation in terms of not moving it to moderate if there still are delays in the community getting resolution on damages.

Uh very good.

So when we get them in October and and we'll try to in our meeting this week prompt them and see if we can get some evidence that that's still the case.

I remember that as well.

Um and if it is, then we'll maintain it as moderate.

If it is not, we'll maintain it or move it to moderate.

If it is not, I agree with you, then it's still we'll stay as high.

Perfect.

Yeah, and I know from the risk, um, I need to like print this risk grid out bigger for myself.

Um, yeah, I would just consider like causing further harm risk or um safety to the community is financial safety, and if someone's waiting on an insurance claim, that's harm.

That's it.

Thank you so much.

Thank you.

This is all really exciting.

Glad you like it, because we love it.

Committee member Almofa.

Thank you, Chair, and thank you, auditor.

Uh I just second what uh my colleague member just mentioned about the tracking, and I would like also to see in the reporting and filtering capabilities when that is created that we can, for example, filter or report based on the risk-based, and also the aging of the reports.

If the report is 180 days, for example, 60 days.

Uh in addition or to the validation status, for example, is that open, which is there, but if we can't just make that filters or reporting on that, uh also to what also mentioned by my colleague is the root cause analysis, is what what the root cause of this, for example, findings, and the rebated findings.

That is very important to see, for example, if this finding has it is the first time just to be uh uh added, or for example, that is in NICS audit that found it again.

Uh, and also the responsible leadership visibility.

Who is responsible for the for example to follow up about this findings?

Uh and other things really related to the tracking.

Uh, I'm not sure if that is also possible that if there is uh place that the the committee can put some notes and also some follow-up requests.

I like that idea, and I believe that's something we can do.

So let's let's explore that and uh I will let you know if we're able to do that.

Okay, thank you.

You're welcome.

Committee members, any other questions.

I'll add um one request for the backlog of feature requests um for the structured data fields.

I think this may have already been touched on, but having one um by just department, um I think would be a great way to see what like the entirety of what's on the plate of um any particular department, including if it's like cross-departmental.

Um otherwise, I'll just echo um other comments that this is going to be an incredible tool um for our committee members and the public and increasing transparency and accountability.

And so again, I really appreciate just all of the effort um of the entire audit department and pushing this uh project forward.

Um, and I think would be a great tool for um enterprise risk management as well.

Um seeing no further questions or comments, I'll direct the clerk to receive and file this report.

Um, and I'll now direct the staff to publish the report.

Members may I have a motion for that.

So moved.

Great.

Um the clerk will now call the roll.

Member Al Muafak, hi.

Committee member Chugtai is absent.

Enkelhurt.

Aye.

Aye.

Hosbean.

Aye.

Peterson.

Aye.

Vice Chair Singleton.

Aye.

Chair Payne is absent.

There are five ayes.

Thank you.

That motion carries.

Uh, our final item is the uh report of the city auditor.

And I will invite um uh Siddhartha Pudyal and Robert Timmerman to give that update.

Be very brief here.

I know you probably all want to get back to your lives and maybe even lunch.

So um, because we provided such a lengthy report and reading material between the presentation and the uh the report there, uh we're not gonna go into that like we typically do in our uh auditor updates.

So we will just talk about the completed and in progress work, completed work you saw today, NSD and Meet Minneapolis reports.

In progress.

We've got the uh the technology or camera or surveillance.

Uh it it's kind of a a breakout of different technology.

This uh is somewhat similar uh to ShotSpotter, somewhat similar to Body Warn Camera, the the ask from uh the city council was for a review of what the city currently uses and best practice recommendations.

So this is an advisory report that will come out in August.

Uh ShotSpotter is one I believe everybody's familiar with.

That is another report that will come out in August, and I know that uh the council and the administration are both looking forward to that one to make some decisions on funding ShotSpotter uh and whether they will going forward.

Uh other in progress work, and this is not a an this is that does not include all of the work in progress, but these are kind of the next uh larger reports that will be targeted for October.

Uh the software inventory and access audit.

We have been trying to determine uh 100% knowledge and understanding of what software or or various systems that the city is using to build a uh database for that or a tracking mechanism for that, because we will then use that to build out um our selection for further audits of access security uh and things of that nature.

Uh, and then the other is the BCR contract audit.

This is looking uh specifically at the fire department's monitoring and uh contracting with our BCR vendor.

Um, with this particular one, we uh have been moving into the the field work stage as I mentioned last meeting, and uh we're working on scheduling some some physical um observation ride-alongs and things of that nature.

So that one uh will be picking up quickly.

Uh fraud waste and abuse investigations.

We currently have three uh that are open and under review, and just a couple other administrative updates.

Welcome, of course, to our new audit committee members.

We're so glad that you've joined us.

Um that being said, I'd also like to acknowledge Halley Williams who uh had his last meeting on uh April 22nd.

Uh he stepped up for a few months uh beyond the end of his term, and so I I appreciate his partnership and cooperation uh on the audit committee over the years.

Uh personnel updates.

I wasn't able to share at our last meeting, but Matt K.

Waters um has been promoted to our director of special review and advisory services.

Uh, he's hit the ground running there, and I'm very pleased with that.

Um, we're backfilling his uh senior auditor position, which we've made an offer, and that individual should start in July.

Uh, and then we're we've created an auditor three, which is an auditor principal uh position, which will act as a lead worker within the office, uh, and that human resources and the Office of City Auditor are working on uh getting that all wrapped up now.

Um I mentioned this uh at each of the last two meetings.

I think I messaged it as well.

Um we've been advised by the clerk's office, who I think was advised by the attorney's office that we should really be careful to just send information to uh your Minneapolis email addresses.

Um, so you will get set up with one if you haven't already.

If you ever have issues, concerns of access, please let me know.

We can um help work with the clerk.

Otherwise, Paul is a fantastic troubleshooter when it comes to that.

All right, the very last item I wanted to bring to your attention, and this discussion can be as long or as short as you desire.

Um, but council president um Payne had written a letter to the audit committee and uh should I say um committee chair pain?

And uh first and foremost, he really wanted to be here today.

He he expressed um a real desire to be here to hear these reports today, but couldn't be here.

Uh he wanted to uh share with you some thoughts that he had as we were talking about the NSD audit and the fact that some of that was a bit more of a cultural assessment of what was going on.

Of course, we looked at legal and regulatory criteria as we're able to, but we also made assessment based on observation.

Um he wanted to have the audit committee consider for inclusion in the 2027 um work plan that the Office of City Auditor do some more of that department level department head level assessment of uh just kind of what what's happening culturally within the the individual office.

Uh I'm open to that, keeping in mind that there are 25 or more departments in his uh letter.

Uh I actually I don't remember if it's in the letter or if it was in the conversation we had, he had suggested maybe looking at departments every three years.

Um that would be a big undertaking, but I do think we can come up with a plan where we have some sort of continuous process to do this.

Um maybe we prioritize based on risk.

If it's a department that has a new department head, that maybe is a higher elevated risk.

Um, and not necessarily risk, it's just a good time to do it.

Um, so I I like this.

I think we just need to think about how can we make this happen given the resources within the office.

So I will be quiet for a moment to see if you guys have any discussion on this.

Otherwise, I will save this and we will incorporate it into some conversation about our 2027 um audit plan.

Thank you, Auditor Timmerman.

Uh, any any questions, comments on um what was presented and/or on the the letter from Chair Payne.

Is this something that would require action from the audit committee itself to move forward or um is it just more of a discussion?

It does not require action.

Um, the fancy dance that we play is is that the audit committee, like the city council, cannot direct the office of city auditor to perform an audit.

That's you know, that independence.

Um that said, if you guys want us to do something, we're likely gonna do it.

And so I like this idea.

I think that this is worth building into our plan.

So no formal action is needed.

I think we just continue the conversation.

Okay.

Well, for the record, I I like it and I'm supportive.

I definitely understand the additional work and um just recently getting you know staffed up and some new hires, but um, I think it would be a good good to implement in an ongoing way.

So thank you.

Committee member Al Mowafa.

Uh I would like just to ask if you have the sufficient resources to perform, for example, this extra work.

Uh and if you need, for example, additional resources, how how much would be that additional resources?

Uh, Chair Singleton and Audit Committee.

Uh currently I feel like our resources are at capacity.

We built this office over the last 12 months to be at 14 FTEs.

I feel that if we start getting MPD um oversight work that is a trickle-down from the settlement agreement or the consent decree work, uh, that will require more resources.

I do feel like if we took this on in the frequency that is suggested, we would need more resources.

Um I have for the fiscal year 2027 requested for one more FTE.

So last year we had requested to build the office up to 15, which would include a deputy city auditor.

Uh we did not get the funding last year for the deputy, but we were able to secure the funding for um six positions after having lost many positions to the city clerk's office.

Um so we do have one position in the works.

Hopefully, there will be funding for that.

Budget is is really gray right now.

Um I would say that uh in the mid-term or in the in the three to five year outlook.

Uh I would say that if we get some of that oversight work for the consent decree, if we take this on, I'd like to be at about 20 total positions.

So yes, let's talk resourcing for this alone.

We could we could build this into our audit plan to do one or two of these in 2027.

So we certainly can scratch the surface.

Thank you.

Yeah.

Committee member husband.

Vice Chair, thank you.

Absolutely agree with the resources and if this is something that then needs to come, you know, to the larger budget conversations.

From a kind of objectivity and accountability framework, I think I support the idea.

I think it needs to be very clear of when and how a department gets raised because I don't want there to be potential influence of who's raising to the top.

And I think you know, something like yes, a new department head makes a lot of sense.

I think a report from your new cool tracker would be really cool to use for some of that.

But I would just be really interested in seeing what that kind of almost chart looks like of let's say you can do three departments a year.

I don't even know if that's reasonable, but like which three departments would would reach the level of priority and how that kind of works.

So I would just I would say like yes, very much in support, but how does that in action get implemented in a very objective way?

Um I would say that you know all departments and all groups need to be covered, it's not just um, you know, certain groups that are getting appointed a certain year.

Um, those are my things, thank you.

Um I think I agree also that this could be a useful useful mechanism.

The other thing that I'm thinking about is what other um systems are already in place or should be in place within the city enterprise to capture some of this information that could be leveraged both to have some of that, like just kind of pulse monitoring, uh, and then also could be used to have that more objective way to determine which departments um should be included.

Um so I think it does get fuzzy in terms of like how do you um distinguish things that should be managed up through the chain of command within the city, um, and then how do you then overlay the the um potential audit for that?

And so I think it would be helpful to know what already exists in terms of just um citywide performance management, both of individuals and departments to understand then how the audit can interplay with that.

I agree.

I I know that wasn't a question chair, but um I agree.

I've been talking with the team a lot about that, that the more that we can encourage that level of oversight within the administration within their risk management function, within their governance function, um, the greater ability we have then to audit that oversight, that function, that is in an organization this size more traditional.

Um, and then we would sample into the areas to ensure that the work that they've done and the oversight they've provided is is accurate.

So I I think we are definitely trying to move in that direction.

Great, thank you.

Any final questions, comments?

Yeah, just on that comment.

Um, one, and I'm not sure this is happening already, but a self-assessment, there could be a requirement that departments move into a self-assessment model, um, that also helps folks be able to flag things that they're seeing internally for audit consideration.

Um, and maybe that's already happening through other performance and kind of KPI.

Um, but maybe it's the time is spent doing some sort of here are the eight categories that you as audit would look at, do a self-assessment, and then that's a way to kind of open up those.

Could be a way to kind of mitigate that as well.

Yeah.

Thank you.

Thank you.

Any other questions, comments?

Great.

With that, I will thank you for your presentation and ask the clerk to file the report.

And seeing no further business before us and without objection, I'll declare this meeting adjourned.

Thank you, everyone.