June 15, 2009 - District of Mission
June 15, 2009 - District of Mission
June 15, 2009 - District of Mission
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
188<br />
<strong>District</strong> <strong>of</strong> <strong>Mission</strong> — 2008 Audit Results and Communication<br />
Page 9<br />
We recommend that a formal policy be implemented where the IT department reviews user privileges<br />
for systems and MAIS every 6 months.<br />
<strong>District</strong>'s Response: Finance is more conversant than IT in terms <strong>of</strong> MA'S access, therefore has<br />
historically taken on the role <strong>of</strong> MA'S access administration. All MAIS access is periodically<br />
reviewed when setting up new employees, changing passwords or performing other administration.<br />
There has not been a lot <strong>of</strong> employee movement to warrant a more formal approach for reviewing<br />
MAIS access.<br />
IT handles access privileges for our other systems. Access rights are generally established by group<br />
and when a person enters or transfers from a group access rights change. Not a lot <strong>of</strong> employee<br />
movement has occurred at the higher level access areas. We do not see the need for a more formal<br />
approach within MA'S or our other systems at this time.<br />
3. Generic IT user access<br />
Currently a generic username and password is used for printing cheques. Although the username and<br />
password are only known to three Finance staff, there is the issue that cheques printed cannot be<br />
traced back to the individual person who printed the cheques. If unauthorized cheques are printed,<br />
the <strong>District</strong> would not be able to trace the occurrence to a particular staff member and this reduces<br />
accountability.<br />
We recommend that individual usemames and passwords to be setup for each staff member that will<br />
be doing cash disbursements. Therefore, each user will have their own username and password to<br />
print cheques.<br />
<strong>District</strong>'s Response: The accounts payable final cheque register shows the individual person's name<br />
who produced the cheques, as each person signs on to MAIS (from one terminal) with a distinct user<br />
name and password when producing accounts payable cheques. The individual who prints the<br />
cheques also signs <strong>of</strong>f on a manual cheque voucher reconciliation form immediately after printing<br />
cheques. This form, together with the final cheque register, are both signed <strong>of</strong>f by the Director <strong>of</strong><br />
Finance or his designee.<br />
There is currently a programming issue related to the formatting <strong>of</strong> accounts payable cheques,<br />
therefore, the cheques are run on one terminal that has one common user name and password;<br />
however, as noted above individual user names and passwords are required to access MAIS to<br />
actually run accounts payable cheques. The Information Services department will be looking into this<br />
formatting issue.<br />
4. GST<br />
In early 2004 GST legislation was changed to allow municipalities to claim a 100% rebate. Because<br />
<strong>of</strong> this change many supplies made by municipalities became subject to GST, such as licenses for real<br />
property. GST has not been collected on some licenses for real property from the time the legislation<br />
was changed until 2008.<br />
During the audit in 2008, it was found there was approximately $3,505 in amounts owing to CRA for<br />
GST that should have been collected in previous years and in 2008. Although from a financial<br />
statement audit standpoint the amount is not significant, under a CRA audit the <strong>District</strong> could be<br />
assessed interest for the period from when the tax should have been remitted up to the point in time it<br />
is included in a subsequent return.