The URL can be used to link to this page

Agenda - Special General Committee - 20061010gjg SPECIAL GENERAL COMMITTEE - AUDIT COMMITTEE AGENDA N0. 06-17 TUESBAY, OCTOBER 10, 2006 7:00 PAN COUNCIL CNAMBERS AURORA TOWN NALL PUBLIC RELEASE 06/10/06 TOWN OFAURORA SPECIAL GENERAL COMMITTEE MEETING AUDIT COMMITTEE AGENDA NO. 06-17 Tuesday, October 10, 2006 7:00 p.m. Mayor Jones in the Chair. I DECLARATIONS OF PECUNIARY INTEREST lI APPROVAL OF AGENDA RECOMMENDED: THAT the content of the Agenda as circulated by the Corporate Services Department be approved as presented. III DELEGATIONS a) Mr. Allister Byrne, Grant Thornton, Auditors Re: Management Letter Special General Committee Meeting No. 06-17 Page 2 of 2 Tuesday, October 10, 2006 IV CONSIDERATION OF ITEM REQUIRING SEPARATE DISCUSSION 1. FS06-035 — Management Letter pg. 1 RECOMMENDED: THAT the management letter and the Vadim Post -Implementation Review as presented by Grant Thornton LLP be received and referred to the Director of Financial Services for appropriate action; and THAT the 2006 Fiscal Year End audit plan as presented by Grant Thornton LLP be adopted. V ADJOURNMENT SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 6; TOWN OF AURORA GENERAL COMMITTEE REPORT No. FS06-035 SUBJECT: Management Letter FROM: L. John Gutteridge, Director of Finance/Treasurer DATE: October 10, 2006 RECOMMENDATIONS That the management letter and the Vadim Post -Implementation Review as presented by Grant Thornton LLP be received and referred to Director of Financial Service for appropriate action and; That the 2006 Fiscal Year End audit plan as presented by Grant Thornton LLP be adopted. BACKGROUND In accordance with Town of Aurora's procedure General Committee is the Audit Committee for the Municipality. Attached hereto as Appendix "A" is a copy of the Audit Committees roles and responsibilities for your review. Also attached are two reports: the first, Appendix "B" is the standard Management Letter from the Auditors and the second, Appendix "C" resulted from a special review of our new accounting system. This second review is a normal process for an auditing firm to do to satisfy themselves and the ratepayers that the system was converted properly and that proper controls are in place. Appendix "C" does identify a number of issues, most being a result of lack of resources and the need to get the job done. We are confident in the system conversion and the integrity of our new system and are now working to put the proper controls in place for our day to day operation and for future system conversions. Both reports contain the Auditors area for concern, their recommendation for correction and management's comments. Finally attached hereto as Appendix "D" is the Audit Plan and fees for the 2006 audit exclusive of the audit requirement listing as this is a list of documents that staff must prepare. —1— SPECIAL GENERAL COMMITTEE — OCTOBER 10, 2006 October 10 2006 - 2 - Report No. FS06-035 COMMENTS Our goal as a Financial Services Department is to have an audit that is clean with no management issues, you will notice that none of the issues thatwere addressed in our last audit are on the list again this year and it is our goal to eliminate the items on this year's list before our next audit. The comments in the auditor's reports are welcome comments, this department has been working hard to correct a number of the issues that have accumulated in the past and were in actual fact working on a number of the issues prior to them being addressed in these documents. We believe that we are making inroads in making your Financial Services Department one of the best in the Region. We have been doing this by focusing on things that are important to the financial health of the municipality, these include addressing management issues identified by the audit, proper financial reporting, and strong internal control. This change in approach takes time for acceptance by the financial services department staff as well as the various departments in the corporation and we hope that you are seeing the difference as well. Should Council have any issues or concerns other than those identified we would like to know what these are as well so we can work on developing the confidence level required to continue improved service. Departmental Goals for 2007 are to eliminate the issues raised this year and to have the audit complete and reported to Council in May of 2007, in order to accomplish this it will require that we meet our budget objective of having the 2007 budget approved by the end of January 2007. OPTIONS As the management letter is being presented in October and the interim audit will be taking place before the end of the year it won't be long for the auditor to see that action is being taken on the recommendation contained in the letter. If the auditors when doing their interim audit have some concern that appropriate action is not being taken then the auditors can bring this back to another Audit Committee Meeting. Another option would be to hire an appropriate company to design and implement the changes recommended in the management letter. We do not believe that this is necessary but Council may if they wish take this action. FINANCIAL IMPLICATIONS The final audit fees for 2005 Audit were $74,000. for which funds were provided in the 2005 year end accounting. —2— SPECIAL GENERAL COMMITTEE — OCTOBER 10, 2006 October 10. 2006 - 3 - Report No. FS06-035 The audit plan as presented by Grant Thornton for the 2006 audit is estimated to be $59,000. and it is our hope to stay within this figure. CONCLUSIONS As last year was the first audit for myself as Director of Finance/Treasurer I felt that it went quite well, we met our timeline to Council to have the Financial Statements completed by the end of June. There were a couple of matters that delayed this and created a need for some additional work which was not totally unexpected for the first audit. Both parties know now what to expect from each other and I feel confident that the process will be that much better for the 2006 audit. As was pointed out earlier in the report the Financial Service Department is working extremely hard at providing the service that is expected by Council, Internal Departments and the Public. LINK TO STRATEGIC PLAN Goal D, Ensure transparent, accountable and open governance in concert with informed and involved citizens. Objective D1, Continue the commitment of fiscal responsibility and accountability. ATTACHMENTS Appendix "A" Audit Committees Role and Responsibilities Appendix "B" Management Letter for the 2005 Audit Appendix "C" Vadim Post -Implementation Review Executive Summary Appendix "D" 2006 Fiscal Year End Audit Plan PRE -SUBMISSION REVIEW Management Team — October 4, 2006 Prepared by: L. John Gutteridge, ext. 4111 L. Johh Gutteridge ' Director of Finance/Treasurer Jofin. S. Rogers C.A.O. —3— SPECIAL GENERAL COMMITTE OCTOBER M A006 j pplz0DIX A Terms of Reference Town of Aurora Audit Committee SCHEDULE "A" Purpose: -To provide oversight responsibilities for the Town of Aurora's: * financial reporting processes; * overall guidance and direction to the CAO and Management related to the Town's system(s) of internal control; * internal and external audit processes; and, I * processes for monitoring compliance with laws and regulations (applicable law), the Code of Conduct and the Conflict of Interest Policy Statement; Authority: - The Audit Committee is empowered to: * recommend the appointment, dismissal and compensation of the Town's external auditors; * oversee the work of the internal and external auditors of the Town; * resolve any disagreements between management and the auditor(s) regarding financial reporting; * retain independent counsel, accountants or others to advise the Committee or assist in the conduct of an investigation; * seek any information the Committee requires from Management, employees and/or agents of the Municipality; * meet with the Town's management team, external auditors, or outside legal counsel, as required, independently or together; * review and recommend for approval audit fee billings in excess of the approved budget for the completed audit of the period year; and * review the audit plan and audit fee schedule for the ensuing year end. —4— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Compliance * review the effectiveness of the system(s) for monitoring compliance with laws, and regulations and the results of Management's investigation and follow-up ( including disciplinary action ) of any instances of non-compliance; * review the findings of any examinations by regulatory agencies, and any auditor observations; *review the process for the communication of the Code of Conduct and Conflict of Interest Policy Statement to Town personnel, and for monitoring compliance therewith; and *obtain regular updates from Management and the municipality's legal counsel regarding compliance matters, Reporting Responsibilities * report to the Town Council about Audit Committee activities, issues and related recommendations; *provide an open avenue of communication between the external auditors and Town Council; and * review any other reports the Municipality issues that relate to Audit Committee responsibilities. Other Responsibilities * perform other activities related to these Terms of Reference as requested by Town Council; * institute and oversee special investigations as required; and * review and asses the adequacy of the Audit Committee Terms of Reference annually, requesting Council approval for proposed changes and ensure appropriate disclosure as may be required by law or regulation, —5— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Internal Control * consider the effectiveness of. the Town's internal control system(s), including information technology security and control; * understand the scope of internal and external auditor's review of internal control and obtain reports on significant findings and recommendations, together with Management's responses and the timing of the disposition of significant findings; and * review the external auditor's Management Letter (if any) together with Management's responses. External Audit * review the external auditor's proposed audit scope and approach; * subject to Sec,296 of the Municipal Act,2001 to review the performance of the external auditors, and recommend to Town Council the appointment or discharge of the auditors; * review and confirm the independence of the external auditors by obtaining statements from the auditors on relationships between the auditors and the Town of Aurora, including non -audit services, and discussing the relationship with the auditors; and . * review the audit plan and audit fees for the ensuing year end. Internal Audit * review the Town's control processes and systems to ensure compliance with Town's policies, laws and regulations which impact operations and reports; * Sreview policies used to safeguard corporate assets and verify the existence of these assets; and * review the efficiency and effectiveness of the utilization of the Town's resources on programs and projects. .SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Composition: * The Audit Committee is comprised of all Members of Council ( General Committee) and reports directly to the Council of the Town of Aurora. Meetings: * the Audit Committee will shall meet at minimum two times per year with authority to convene additional meetings, as circumstances require; * meetings of the Audit Committee will be open to the public subject to exceptions pursuant to Sec.239 (2) of the Municipal Act,2001; * the Committee will invite members of management, auditors and/or others to attend meetings and provide pertinent information, as necessary, * meeting agendas will be prepared and provided in advance to members, along with appropriate briefing materials; and * minutes will be prepared. Financial Statements * review significant accounting and reporting issues, including complex or unusual transactions and highly judgemental areas, recent professional and regulatory pronouncements, and understand their impact on financial statements; * review with management and the external auditors the results of the audit, including any difficulties encountered; * review and receive the annual financial statements with management, and consider whether they are complete, consistent with information known to Committee members, and reflect appropriate accounting principles; * recommend to Town Council the approval of the annual financial statements; and * review with management and external auditors all matters required to be communicated to the Committee under Generally Accepted Auditing Standards. —7— SPECIAL GENERAL COMM]TTEn-pog�MR 1% 1006 Grant Thornton V Grant Thornton LLP Chartered Accountants Management Consultants August 17, 2006 Members of the Audit Committee The Town of Aurora 100 John West Way Aurora, Ontario L4G 6J1 Dear Committee Members: Re: Internal control findings from the 2005 audit Receiving observations and findings on your financial reporting processes and controls is one of the benefits of an annual financial statement audit. Grant Thornton LLP began implementing new processes and technology to address the changing standards of conducting a financial statement audit. This approach includes an increased emphasis on internal control. Our procedures identified a number of items that we need to bring to your attention. Our audit is planned and conducted to enable us to express an audit opinion on the annual financial statements. The matters dealt with in this letter came to our attention during the conduct of our normal examination, and as a result, this letter does not necessarily include all matters that may be identified through a more extensive or special engagement. The standards of the public accounting profession require us to report annual to you our findings on certain weaknesses in your internal controls. Our findings are as follows: Overall observations Notwithstanding the specific comments and recommendations contained in this letter, we are pleased to report to the Audit Committee that the overall change in the Finance group is a positive one. The change at the CFO level has begun to have a strong impact on processes, reporting and controls within the Town's operations. We expect to see even further improvements when we conduct the 2006 audit. Inadequate segregation of duties Observation: The backbone of any strong system of internal control is the proper segregation of duties among the various staff. A lack of proper segregation increases the risk of a possible error going undetected. The Town's Finance group operates with a limited number of staff and the proper segregation of dudes among the staff should be addressed. A review and reallocation of certain roles and responsibilities of staff in the Department will improve the segregation of duties and strengthening the overall system of internal control within the Town. 15 Allstate Parkway Suite 200 Markham, Ontario L3R 5B4 T (416)366-0100 F (905)475-6906 E Markham@GrantThornton.ca W www.GrantThornton.ca Canadian Member of Grant Thornton International SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Grant Thornton T Recommendation: The Town should review staff duties and responsibilities in the financial services department with a view to strengthening the internal control aspects of the Town's operations. Management Comments: Agree with the Auditors on the importance of internal controls and segregation of duties and now that the Department has increased its staff complement we are working toward the controls addressed in the Auditors comments. This problem was created as a result of lack of consistent leadership over the past years and the staffs need to do what they had to do to get the job done. In order to properly address this issue it will require a review of the office organizational structure. Capital Funds Observation: 1) The following capital projects were found to have over -expenditure which does not yet appear to have been approved by council: • St John Side Road — a York Region project with the Region billing the Town for its share of the cost. The Town's budgeted amount for this project was based on the original tender, which was subsequently increased significantly. As per Council Report No. PW04-033, revision of the budget was recommended but has not yet been approved resulting in an over -expenditure of $852,218. • Bayview Avenue W atermain — another York Region project with the Region billing the town for its share of the cost. The overspent amount of $61,410 has been carried forward since 2002 and has yet to be approved. 2) We also noted incorrect allocation of expenses between projects; eg expenses related to Yonge Street repairs project were incorrectly coded/allocated to the Henderson project. Recommendation: 1) We recommend that the Council's approval should be obtained in a timely manner for the additional financing / over -expenditure for the completed projects. 2) Coding of expenses should be reviewed for proper allocation before entry into the accounting system. Moreover, at the year-end, account balances for each project should be reviewed for reasonableness to prevent misallocation of expense between projects. Management Comment: The entire process of capital budgeting, accounting and regular reporting is the main reason for the problems, the issues identified by the auditors will have been addressed and hopefully corrected before you receive this report. To rectify this problem in future years we are adopting a new Capital Budget process that will require carry over projects to be identified in the current years budget and quarterly reports will be included with the regular reporting to Council. This will identify problems before they get to the situation as identified by the Auditors. As for the coding of expenses we hope with the implementation of the Purchase Order System it will help eliminate errors in the coding of expenses to the proper project. The new system will require that the SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Grant Thornton S proper account is on the purchase order before the order is issued and the system will report on any outstanding Purchase Order balance. In addition to this the new system will encumber the General Ledger Account when the purchase order is issued which will once again make errors jump out and need to be corrected. Old outstanding amounts savable Observation: During the audit, we noted a number a number of deposits and refund of taxes payable which have remained unpaid, some of them dating back to 1987. Recommendation: We recommend that a policy should be adopted as to the period of time a payable amount should remain on the books before it is written off. Management Comment: We are developing a policy to address this issue and others like it. Commoditv taxes Observation: The Town files its GST returns on a quarterly basis Recommendation: The Town usually receives large refunds when it files its return. We suggest that the Town elect to file its GST returns on a monthly basis, thereby obtaining the refund earlier. Management Comments: One of the main reason for this recommendation is to improve cash flow this will require a review of the work involved in preparing and filing the GST returns on a monthly basis. We may find that the effort does not justify the return however, if we find that there is benefit to file monthly we will make appropriate changes to our process. IT controls During the year, the Town implemented certain modules of Vadim. We have carried out a review of the data conversion procedures and the internal controls in operation in these modules. The separate report on the findings and our recommendations is appended. It is not unusual when there is such a major systems conversion that matters such as those highlighted in our report are identified. We understand that most of these issues are being addressed. -10- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 11 It is management's responsibility to weigh the costs of implementing controls controls will achieve. The purpose of this letter is to provide you with the identified risks so that you can make the necessary decisions. Grant Thornton r against the benefits that the information related to the Often there are practical ways for organizations such as The Town of Aurora to improve their financial reporting process. As your auditor and advisor, it would be a pleasure to discuss our findings with you and provide you with appropriate guidance to improve your controls. This communication is prepared solely for the information of management and is not intended for any other purposes; we accept no responsibility to a third party who uses this communication. We would be pleased to work with the Council to assess these matters and assist with appropriate changes. Thank you for the opportunity to contribute to the present and future success of the Town of Aurora. Yours truly, GRANT THORNTON LLP zip Allister Byrne, F.C.A. Partner cc Mr. John S. Rogers, Chief Administrative Officer John Gutteridge, Director of Finance/Treasurer J:1Data\Continuing FiteAnTown of Aurora\Caaespondence\Fiscal 20051MLP Aurora 2005 - October 05-06.doc -11- SPECIAL GENERAL COMMITTEE - OCTOBER-10Yvo lx e,,,20,Q6 /� PPE Grant Thornton IS Aun,o A VADIM Post -Implementation Review Executive Summary October 5, 2006 SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 PRIVATE AND CONFIDENTIAL Mr. John Gutteridge Director of Financial Services/Treasurer Town of Aurora 1 Municipal Drive, Box 1000 Aurora, Ontario L4G 6J1 Dear Mr. Gutteridge Re: VADIM Post -Implementation Review — Executive Summary This letter summarizes the key findings arising from our review of the VADIM data conversion procedures internal controls over select modules of the VADIM ERP implementation. The scope of our work is restricted to those modules as defined within our engagement letter dated April 13th, 2006. This communication is prepared solely for the information of management and is not intended for any other purpose. We accept no responsibility to a third party who uses this communication. We would like to take this opportunity to thank the Finance and IT staffs for the co- operation and support extended to us during our review. If you have questions in relation to this report please do not hesitate to contact me. Yours very truly, GRANT THORNTON LLP Allister Byrne —13— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 1.0 Objectives and Approach The objective of this assignment was to determine the following: Whether sufficient and appropriate controls and oversight existed to ensure an accurate conversion of the master -file, security, and financial transaction data associated to the following VADIM modules: o Accounts payable o Cash o Bank reconciliations o Payroll o Accounts Receivable o Property Tax and Water Billing Our procedures included the review of the available conversion reports associated with the master file, security and financial data and supporting documentation to ensure the accuracy of the conversion. This review was supplemented with discussions of those involved in the conversion process. Whether the SQL database and Windows 2003 Server security configurations supporting the VADIM system have been implemented according to the Town of Aurora security policy and that deviations have been appropriately approved by management. Our procedures involved discussions with the Town's technology staff along with observation of the current settings at both the Operating System and Database levels. D Evaluation of the effectiveness of the design of internal controls over significant financial statement risks associated with the above VADIM modules. Work in this area will include review of available documentation and walkthrough of internal controls over transaction processing within the relevant system modules. Findings The observations and recommendations have been summarized by module. 2.0 Overall Finding Segregation of Duties Obsetvatdon Our review noted numerous IDs within each VADIM module have been configured with "ALL PROGRAMS" access. This had lead to a number of segregation of duties issues and —14— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 situations where a particular user may have rights in excess of those required to complete their job function. For example, the Accounting Supervisor has "ALL PROGRAM" access to all the VADIM modules (e.g. GL, AP, Payroll, Property Tax, Utility Billing, and Cash Receipts). Recommendation The Town should adopt the concept of granting access on a least privileged basis; that access review should specifically focus on those users who currently have "ALL PROGRAMS" access to all/select VADIM modules. Management Comment This matter was addressed in the Management Letter to the Corporation and we agree with this issues identified and we are taking necessary steps to correct this problem. 3.0 ACCOUNTS PAYABLE 3.1 Security Access Observation Our application control review procedures identified that 5 IDs have "AP ALL PROGRAMS" access "AP ALL PROGRAMS" gives the users update access to all AP functions and transactions in the AP module. Recommendation The Town should manage access on a least privileged basis and consider whether "AP ALL PROGRAMS" access is required by those individuals. Management Comment This issue has been addressed, we also have the Auditor that we share with the Region and the other northern municipalities working on this matter to further tighten up our Accounts Payable processes. 3.2 Cut-off Policies and Procedures Observation The cut-off/year-end policies and procedures are not formally documented. For example, the process carried out by the AP clerk (examination of each invoice during year-end period to determine which period each invoice belong and record the invoice accordingly) is not documented; our walkthrough procedures were unable to obtain evidence, other than inquiry verification with the Accounting Supervisor, that the AP clerk has in fact examined each invoice at the year end. —15— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Recommendation Year-end/cut-off procedures should be formally documented and approved by management. That documented review process should require the signature or other evidence of such procedures being executed. Management Comment We are working on this to be in place for 2006 year end. 3.3 SeereQation of Duties Observation The Accounting Supervisor has access to the AP auto signature configuration file within the application, blank check stocks (i.e. blank checks are not locked up), and VADIM "AP ALL PROGRAMS" access which allows for the printing of cheques. Recommendation Evaluate and remove incompatible and unnecessary VADIM access that has been assigned to the Accounting Supervisor. Management Comment Access to the AP auto signature configuration file has been taken away from Accounting Supervisor and unsigned cheques are now being stored in our locked vault area. We are establishing a control mechanism for cheque utilization.3.4 Process Weaknesses Observation Our review of the Accounts Payable process noted the absence of controls to ensure that updates to the supplier master file were accurate, complete and made on a timely basis. We also did not identify any management oversight of such changes. Recommendation The Town should implement independent review procedures to ensure updates to the supplier master file are made accurately and in a timely manner. The review procedures should include some evidence (i.e. weekly or monthly report of all master file changes) that the process has taken place as defined within the policy statement. Management Comment We have established a new process for setting up and making changes to the Vendor Master File and have assigned this responsibility to a senior manager and taken the privilege away from the Accounts Payable Clerk. All changes will be made by the Accounting Supervisor and verified by the Deputy Treasurer or Treasurer. This will also require the audit trail program to be modified to clearly identify who has made the change on the system. -16- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 4.0 PAYROLL 4.1 Security Access Observation Our application security review procedures identified 4 user IDs that have "PA ALL PROGRAMS" access; "PA ALL PROGRAMS" gives the users update access to all Payroll functions and transactions in the Payroll module. Recommendation The Town should manage access on a least privileged basis and consider whether "PA ALL PROGRAMS" access is required by those individuals. Management Comment We have changed this privilege and have segregated duties to ensure proper controls. 4.2 Segregation of Duties Observation The payroll clerk has been assigned two incompatible functions. The payroll clerk has been assigned the incompatible responsibilities of processing the EFT transactions and reconciling the EFT File Processing report (sent by TD Bank) against the VADIM Employee Bank Deposit Summary (PA4110(S)); effectively the clerk is responsible for checking their own work. Recommendation Someone independent of the Payroll Clerk (preparer) should perform a secondary review of the EFT report against the VADIM Bank Deposit Summary. Both the Payroll Clerk and the independent reviewer should initial and date the reports/other documentation as evidence of review. Management Comment We have split this function and have implemented a process of having the Accounting Supervisor and the Payroll Clerk sign verifying they have done the appropriate review. 4.3 Pavroll Reuort Review Process Observation No evidence exists to corroborate whether the Accounting Supervisor has reviewed the payroll reports. We understand through discussion that the Accounting Supervisor reviews the reports in PDF format `on screen' against supporting documentation to ensure accuracy of amounts calculated. However, as the Supervisor does not initial any of the payroll reports (i.e. transaction register, benefit calculation report and exception report), there is no evidence of her review. —17— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Recommendation Accounting Supervisor should initial the payroll reports as evidence of her review and approval. Management Comment We agree with the comments, however, there is a significant amount of paper produced to have the Accounting Supervisor sign and file. We are looking at an alternative that will satisfy this concern and avoid printing excess paper that will only be filed. 4.4 Tax Withholdings Observation We were unable to obtain evidence to support whether tax withholdings were being withheld according to statutory requirements. Recommendation When Canada Revenue Agency (CPA) communicates changes to tax withholding amounts, the process should be changed to require an individual (i.e. Accounting Supervisor) to verify, sign -off and retain as evidence a subsequent payroll report to ensure accuracy of the change made. The process should also include a requirement for periodic review of the tax withholding tables against legislative requirements (i.e. annual basis). Management Comment We are in the process of implementing a procedure that will document the necessary changes with appropriate sign off. 4.5 Periodic Access Reviews Observation No process exists to regularly review the active employee list against the payroll master files to verify that all employees in the payroll system are valid, i.e. currently employed. Recommendation Management should review the active employee list against the payroll master files to verify that all employees in the payroll system are valid, i.e. currently employed. This process should be performed on an annual basis and require the development of review evidence. Management Comment We will establish a process and incorporate this in our year end review. am SPECIAL GENERAL COMMITTEE — OCTOBER 10, 2006 5.0 PROPERTY TAX 5.1 Security Access Observation Our application security review procedures identified 5 IDs that have "PT ALL PROGRAMS" access. "PT ALL PROGRAMS" gives the users update access to all Property Tax functions and transactions in the PT module. Additionally, users with "PT ALL PROGRAMS" access can turn off audit trail function in the PT module. Recommendation The Town should manage access on a least privileged basis and consider whether those 5 individuals require "PT ALL PROGRAMS" access. Management Comment We agree that program accessibility should be restricted based upon function and proper segregation of duties and are taking steps to correct this as soon as possible. 5.2 Property Tax (PT) Adjustments Observation There is no additional review, independent of the PT adjustment individual, to ensure that property tax adjustments are accurately calculated, recorded on a timely basis and approved. Recommendation Implement independent review procedures to ensure PT adjustments are accurately calculated, recorded, recorded on a timely basis and approved. The review procedures should include the reviewer initials the supporting documents and/or reports as evidence of review and approval. Management Comment Agree with the recommendation and have taken necessary action. —19— SPECIAL GENERAL COMMITTEE - OCTOBER 10; 2006 6.0 UTILITY BILLING 6.1 Security Access Observation Our application security review procedures identified 7 IDs that have "UB ALL PROGRAMS" access. "UB ALL PROGRAMS" gives the users update access to all Utility Billing functions and transactions (i.e. these powerful IDs give the users the ability to make modification to rates, these individuals can change meter reading data without controls) in the UB module. Additionally, users with "UB ALL PROGRAMS" access can turn off audit trail function in the UB module. Recommendation The Town should manage access on a least privileged basis and consider whether those 7 individuals require "UB ALL PROGRAMS" access. Management Comment This is same comment as Tax Billing and we ate taken necessary steps to insure segregated access to the appropriate staff and programs. 6.2 Property Management Observation A process does not exist to ensure new or existing properties (changes) are added or accurately updated in VADIM, Additionally, there is no additional review by someone who does not have the UB customer file update responsibilities to ensure all valid changes to the UB customer master file are input and processed. Recommendation Implement independent verification procedures to ensure all new properties have been captured for completeness and existing properties have been updated accurately after the new or existing properties are added or updated in VADIM. Management Comment We have implemented a system where all changes are verified by someone else in the Department and both parties sign off. 6.3 Reporting Observation During our discussions it was noted that the "Meter Reading Edit List" is not used to monitor for abnormal customer usage. -20- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Recommendation The Town should use the "Meter Reading Edit List" transaction in the UB module to identify abnormal water usages. Management Comment We have no idea why this was not implemented when the program was first set up on the system but we have now implemented this program and are reviewing and signing off on every billing. 6.4 Poliev and Procedures Observation The current process does not require an independent review (i.e. someone who does not have utility customer master file update responsibilities) to ensure billing changes, calculations, and meter reading exceptions to both the utility customer master/transaction file are performed correctly. Recommendation The Town should implement independent review procedures to ensure changes to the utility customer master/transaction file are accurately performed in a timely manner. The review procedures should include the reviewer initials the supporting documents and/or reports as evidence of review and approval Management Comment We agree and are taking necessary steps to ensure that this is being done. As with the tax system all changes will be entered by a tax clerk after which an audit list will be produced and verified by another individual with both signing off on list and filing with background documentation. 6.5 Billing Adjustments Observation The billing process does not have an associated review procedure, by someone other than the person performing the adjustment, to identify unauthorized adjustments. Recommendation The Town should implement independent review procedures to periodically review UB adjustments. The review procedures should include the reviewer initials the supporting documents and/or reports as evidence of review and approval. Management Comment All utility bill adjustment will not be done until authorized by a supervisor, changes will be done by a Treasury Clerk then given to an independent body for verification to the audit list and sign off. 10 —21— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 6.6 Billing Completeness Observation The billing process does not include evidence of and independent verification of the control totals between the meter reading and billing processes (ensure all meter readings were invoiced). Currently we understand the Billing clerk reconciles this control total to the meter reading checklist. However, a control total is not captured in a report that would subsequently allow for an independent review and reconciliation. Recommendadon The Town should implement independent review procedures to ensure the reconciliation of control total vs. meter reading checklist is properly performed. This review should be evidenced by a comparison between a report with the control total and the meter reading checklist. Management Comment Agree and have taken necessary action to put this in place. 11 -22- SPECIAL GENERAL COMMITTEE — OCTOBER 10, 2006 7.0 BANK RECONCILIATION 7.1 Bank Reconciliations Observation Our discussions with staff and management identified that bank reconciliations are not performed on a timely basis. In addition, we understand un-reconcilable items are not always promptly investigated and followed up within a reasonable timeframe. Recommendation The Town should implement procedures to ensure that bank reconciliation is performed on a timely basis. Best practice is to complete bank reconciliations no later than 30 days after the end of each period (include the review and investigation of any un-reconcilable differences). Management Comment This is one that we don't totally agree with, we do attend to the bank reconciliation process in a timely fashion, all cheques are cancelled within 30 days of the bank statement. We do agree however that the entire reconciliation process may not be completed within 30 days. The main issue for the department on this subject is staff resources, with this audit review we will have to look at the roles and responsibilities of all staff in the department. 7.2 Review Procedures Observation We understand that although daily reviews are being performed by the Payroll and Accounts Payable clerk; however, there is no evidence of their reviews. Recommendation The Town should implement procedures that require the Payroll/Accounts Payable clerk to initial the Balancing Report as evidence of their review. Management Comment We agree and will put process in place. 12 —23— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 8.0 GENERAL LEDGER 8.1 Security Access Observation Our application security review procedures identified 6 IDs that have "GL ALL PROGRAMS" access. "GL ALL PROGRAMS" gives the users update access to all GL functions and transactions in the GL module. Specifically, the Accounting Supervisor can enter, approve, and post the same transactions (either directly via the GL module or via other sub -ledger systems) to the GL module. Recommendation The Town should manage access on a least privileged basis and consider whether that 6 ID's require "GL ALL PROGRAMS" access. Management Comment This is the same issue as with all of our program functional areas and we are making necessary changes to ensure proper segregation of duties. 8.2 Audit Trail Observation The transaction Account Audit trail file, which records the additions, changes and deletions to the GL account master file, is not currently being reviewed and compared to source documents to verify accuracy and completeness of data entry. Recommendation The Town should implement procedures that require the Transaction Account Audit Trail file be reviewed to ensure accuracy and completeness of data entry. Sign off on the report should be documented as evidence of the review. Management Comment General Ledger changes will be performed by the Accounting Supervisor then the audit list will be verified by the Deputy Treasurer or Treasurer. 8.3 Tournal Entry (TE) Source Documents Observation We understand that standard paper copy forms are not used for all journal entries QE's). In addition, the current process for Leisure Deposits does not require Accounting Supervisor's approval of the entry. Recommendation The Town should implement procedures to ensure that standard paper forms are used for all JE's and require the approval of all entries within the system. 13 -24- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Management Comment This process has evolved as a result of the separation of offices and the desire to eliminate the movement of paper through out the building. We are working toward a system that will meet the audit requirement but will not unduly burden the process. We agree that all JE's require approval and will ensure that this occurs. 8.4 Month -end Close Process Observation We understand the Town does not have documented month -end close procedures to provide guidance to all responsible individuals. Documented month -end close procedures would ensure individuals understand what activities need to be performed when to successfully close the Town's financial records. Recommendation The Town should document and distribute month -end close procedures to provide guidance and ensure all responsible individuals are aware of the various activities they need to perform and the timeftame in which they must be completed. Management Comment We will document and distribute the month -end close procedure. 14 -25- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 9.0 CASH RECEIPTS 9.1 Security Access Observation Our application security review procedures identified 5 IDs that have "CR ALL PROGRAMS" access. "CR ALL PROGRAMS" gives the users update access to all Cash Receipts functions and transactions in the CR module. Additionally, there are 4 generic cashier IDs (i.e. IDs do not associate with an employee to provide accountability) created for the various departments. Recommendation The Town should manage access on a least privileged basis and consider whether those 5 ID's require "CR ALL PROGRAMS" access. The Town should also remove generic IDs as they prevent the ability to assign accountability to specific transactions. Management Comment This is the same issue as with all our program functional areas and we are making necessary changes to ensure proper segregation of duties. 9.2 Review Process Observation We understand that the AP cleric reviews and initials the Batch Balance report after he or she reviews the results of the reconciliation performed by the cashier for cash payments. However, we were unable to obtain evidence (i.e. initial the report by the reviewer) to show that such review of the reconciliation results is performed for non -cash payments (i.e. . Interac, cheques, PAP, etc) received. Recommendation The Town should implement independent review procedures to ensure reconciliation performed by the cashier for non -cash payments (i.e. Interac, cheques, PAP, etc) is properly performed. The review procedures should include the reviewer initials the supporting documents and/or reports as evidence of review and approval. Management Comment We agree and are in the process of putting procedures in place. 15 —26— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 10.0 PROJECT MANAGEMENT DATA CONVERSION 10.1 Conversion Procedures Observation We understand that there is no signoff by management as evidence of VADIM go -live approval. Additionally; there is no evidence that employee payroll information was verified for completeness and accuracy after the information was manually keyed into the VADIM payroll system. Recommendation The Town should implement procedures to ensure all future system conversions include management signoff as evidence of go -live approval and data verification for completeness and accuracy. Management Comment As we implement new process all conversions will include management signoff, this is currently being done with the conversion of our Purchasing System and our Accounts Receivable System. 10.2 User Acceutance Observation We understand that no user acceptance signoff for the PT and UB transactions and master file data converted exists. Additionally, we could not obtain any evidence of user involvement in the testing of the aforementioned data converted. Recommendation The Town should implement procedures to ensure all future system conversions include user involvement in testing and formal acceptance signoff before go -live. The testing and acceptance signoff procedures should include the users initial the supporting documents and/or test results as evidence of testing and signoff. Management Comment We are satisfied that there was proper testing and balancing of the Property Taxation and Utility Billing System and for that matter all systems converted, unfortunately there was no formal sign off. We have provided the information to the auditors but as indicated there was no formal signoff. We have implemented a process for all future conversions and will build this into our procedure manuals as they get developed. 16 —27— SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 10.3 Securitv Approval Observation We were unable to obtain evidence of management's review and approval of VADIM security roles or profiles assigned to each user. Recommendation The Town should implement procedures to ensure all future system conversions include pre go -live management review and approval of security roles of profiles assignments based on the least privilege principle. Management Comment This is now part of our process. 10.4 IT Policies and Procedures Observation We understand that documented policies and procedures do not exist for user security administration and program changes. Recommendation The Town should implement procedures to ensure all future system conversions include either creation of new or update of existing policies and procedures to reflect the new system. Management Comment This is underway and scheduled to be completed by December 31. 17 090 SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 11.0 TECHNICAL REVIEW VADIMRELATIONAL DATABASE MANAGEMENT SYSTEM (VERSION 7.0) 11.1 Administration Observation Domain administrators do not have a separate ID for non -administrative functions (e.g. if administers use a separate account to check email and another account for administrative purposes). Domain Administrators each have a single user account that they use to perform all IT functions, along with day-to-day functions. Recommendation The Town should create separate ID for each domain administrator for use in performing non -administrative functions to allow for the segmenting of administration and operational functions; segmentation allows fox subsequent review procedures of administration functions that are being performed. Management Comment Completed and implemented. 11.2 Database Default Settine Observation Database default configurations currently allow network level domain administrators access to database administrator privileges. As a result, all domain administrators at the network level have administrator rights to the database server (i.e. full access to production financial data). Recommendation The Town should identify and remove any privileges that are not required by individuals to perform their daily activities. To facilitate emergency access, one-time use passwords should be considered. Management Comment Currently being revised for implementation by the end of October. 11.3 Auditine Observation Our review noted that audit logging has not been enabled to monitor the activities of users and critical transactions at the SQL Server level. Recommendation It -29- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 The Town should create audit log review procedures, enable the audit feature at the DB level and provide guidance on such transactions and events that are deemed critical to the operations (i.e. administrator activity). Management Comment Completed and implemented. 19 -30- SPECIAL GENERAL COMM ITTEAej)ggg4 R $16" 2006 Report to Council Audit Plan for The Town of Aurora For the Year Ended December 31, 2006 Grant ThorntonSo -31- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Grant Thornton T Grant Thornton LLP Chartered Accountants Management Consultants October 4, 2006 To the Mayor and the Members of Council of the Town of Aurora We are pleased to enclose a copy of our Audit Planning Memorandum for our audit which will be carried out on the Town's financial statements for the year ending December 31, 2006, together with our Independence Letter to Council. These will assist in your understanding of the services to be provided to the Town of Aurora, the level of responsibility assumed by Grant Thornton under Canadian generally accepted auditing standards, and a summary of our audit Changes in the overall business environment dictate that this is best practice and that we communicate these matters. This is also an opportunity to determine whether Council has any further expectations of us that may not be specifically covered in this communication. We look forward to meeting with you to discuss these matters. If you have any particular concerns or additional expectations that may require us to undertake additional work over and above that currently contemplated, please don't hesitate to advise US. Yours very truly, GRANT THORNTON LLP Allister Byrne, F.C.A. Partner 15 Allstate Parkway Suite 200 Markham, Ontario Lan 5B4 T (416) 366-0100 F (905) 475-8906 E Markham@GrantThornton.ca W www.GrantThornton.ca Canadian Member of Grant Thornton International -32- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 Contents Responsibilities of Management, Audit Committees and Auditors The Audit Audit, Accounting and Other Matters Audit Fee Client Service Team Appendix A — Independence Letter Appendix B — Audit Approach for 2006 Appendix C — Recent, Future and Proposed Accounting Pronouncements Appendix D — Audit Requirements List -33- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 Responsibilities of Management, Audit Committee and Auditors The ability to deliver high quality financial reporting is dependent upon the commitment of management, the audit committee and the auditors. To be effective, it is imperative that these roles are fulfilled with diligence and commitment to good corporate governance processes. Management is responsible for preparation of the financial statements. This includes responsibilities related to internal control, such as designing and maintaining accounting records, selecting and applying accounting policies, safeguarding assets, preventing and detecting error and fraud, and being aware of circumstances that could result in fraudulent financial reporting. Depending upon the circumstances surrounding errors in financial statements, the errors may be considered to be fraudulent financial reporting. The role of the audit committee is central to ensuring the integrity of financial information. Audit committees are expected to be actively involved in overseeing financial reporting and satisfying themselves that the organization's financial reports are comprehensive, reliable, understandable and responsive to the needs of the readers. Audit committees must consider how to reinvent themselves, as a business and risk management necessity, to ensure they are well prepared as effective watchdogs to appropriately focus on the matters critical to quality financial reporting. Audit committees should ensure that they understand the organization's industry environment, the basic structure of transactions, their business purpose, and the significant implications. In overseeing financial reporting, it is not only important to rely on the information provided but also to challenge, analyze, interpret and evaluate the information. Our responsibility is to express an opinion on the consolidated financial statements based on the audit. The audit is performed to obtain reasonable, but not absolute, assurance as to whether the consolidated financial statements are free of material misstatement. Due to the inherent limitations of an audit, there is an unavoidable risk that some misstatements of the consolidated financial statements will not be detected (particularly intentional misstatements concealed through collusion) even though the audit is properly planned and performed. Our audit will include: (a) assessing the risk that the consolidated financial statements may contain misstatements that, individually or in the aggregate, are material to the financial statements taken as a whole; (b) examining, on a test basis, evidence supporting the amounts and disclosures in the consolidated financial statements; (c) assessing the accounting principles used and their application; and (d) assessing the significant estimates made by management. A sufficient understanding of internal control will be obtained to plan the audit. Sufficient appropriate audit evidence will be obtained through tests of controls to support our assessment where we intend to place reliance on controls. However, this review is insufficient to express an opinion on the effectiveness or efficiency of The Town of Aurora's controls. -34- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 We will express our opinion as to whether the consolidated financial statements present fairly, in all material respects, the financial position, statement of financial activities and changes in financial position of The Town of Aurora in accordance with Canadian generally accepted accounting principles. Our audit will also be carried out in accordance with Canadian generally accepted auditing standards. The Audit Audit Approach The concepts of materiality and audit risk are implicit in the wording of the standard Auditors' Report. It is intended to communicate, amongst other things, that the amounts included in the consolidated financial statements are not necessarily precise and that the audit does not provide absolute assurance that the consolidated financial statements are not materially misstated. We will, however, seek reasonable assurance that the consolidated financial statements as a whole are not materially misstated. Our audit planning process is carried out with a complete understanding of the operations of the Town of Aurora and its accounting systems. In order to keep our knowledge of operations and systems up to date we will conduct interviews with management personnel and accounting staff and review internal financial statements. We will also review and evaluate the internal control systems of the Town, including both manual and computerized aspects. Based upon our in-depth knowledge of the Town and audit experience from previous years, we have established a general audit strategy that utilizes reliance on internal controls and substantive verification procedures that include analytical review, overall verification and tests of details, In support of our reliance on internal controls we will perform the appropriate tests of those particular controls upon which we intend to rely. We also obtain audit assurance from analytical review procedures and from other substantive procedures such as direct confirmation, re -computation and analysis, which are employed primarily on all significant accounts recognized on the statement of financial position. Overall our audit strategy is designed to ensure a very effective and efficient approach to your audit Materiality Materiality refers to the magnitude or nature of a misstatement, including an omission of financial information, either individually or in aggregate that, in the light of surrounding circumstances, makes it probable that the judgment and/or decision of a reasonable person relying on the information would have been influenced as a result of the misstatement. We use planning materiality to determine the extent of our substantive samples. We will, however, use a lower working materiality in considering whether any misstatements detected by us, either individually or in the aggregate, are significant. Auditing Guideline No. 31, Applying Materiality and Audit Risk Concepts in Conducting an Audit, was issued as guidance. The guideline provides clarification of the factors to be considered in applying materiality and emphasizes the greater use of professional judgment to assess errors versus reliance focused on quantitative assessments. There is also more guidance on assessing qualitative factors that affect materiality and on assessing the effect of misstatements on financial statements. -35- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 These changes arose in large part due to concerns over earnings management. As previously stated, there is now less tolerance for unadjusted identified misstatements, regardless of amount. Management is responsible for maintaining accurate books and records, and the expectation is that non -trivial errors will generally be corrected. Our planning materiality has been assessed at $430,000 for our audit for the year ended December 31, 2006. Please keep in mind that this is a guidance amount used for sampling purposes only. It is not indicative of the magnitude of the transaction sizes evaluated nor the thresholds used, along with qualitative factors, for error evaluation purposes. Materiality is based on a preliminary estimate of total revenues of the Town, in accordance with generally accepted auditing standards. Andit Risk Audit risk is defined as "the risk that the auditor will fail to express a reservation in his or her opinion on financial statements that are materially misstated." Audit risk includes the following components: (a) inherent risk, which is the risk of a material misstatement occurring in the first place; (b) control risk, which is the risk that the Town's system of internal control will not prevent or detect a material misstatement; and (c) detection risk, which is the risk that a material misstatement that has not been corrected by the Town's system of internal control will not be detected by us. Inherent risk and control risk differ from detection risk in that they exist independently of the audit, and are functions of an entity and its economic and control environments, regardless of whether an audit is conducted. Detection risk relates to the nature, extent and timing of our audit procedures. We will assess inherent and control risks to enable us to design sufficient substantive procedures to reduce detection risk to a level that, in our judgment, results in an appropriate level of audit risk. Detection risk will always be present even if we examine an account balance or a class of transactions one hundred percent because of the inherent limitations of auditing procedures, and the fact that all relevant information may not be made available to us. In the current business environment, there is a heightened level of sensitivity towards financial reporting and corporate governance issues and a greater expectation is placed on internal controls and related checks and balances within organizations working appropriately. There is an increased expectation of both the auditors and the audit committee to challenge the financial information presented by management. -36- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 Audit, Accounting and Other Matters Significant Audit Areas As part of the planning phase of our audit we identify areas that represent above average audit risk and consequently require special audit attention. Based upon our prior audit experience, knowledge of the Town and discussions with Town management, we have identified the following areas that will require special audit attention this year. Tax Revenue Revenues and receivables represent a critical audit area as a result of the large dollar values involved and the volume of transactions processed. We will be performing focused analytical tests of revenue as compared to expectations developed through reconciliations to the assessment roll provided by MPAC and through allocation analysis. Water and Sewer Revenue Revenues and receivables represent a critical audit area as a result of the large dollar values involved and the volume of transactions processed. We will be performing focused analytical tests of revenue as compared to expectations developed through invoices received from the Region of York and through usage analysis. Expenditures Expenditures (including employee compensation) represent a crifical audit area due to the large dollar value, volume of transactions processed and management estimates involved in determining the amounts to be accrued at year end. We will be performing focused substantive tests of expenditures by conducting extractions and analysis of invoices and transaction records residing in the Town's accounting records and information systems. We will also be performing analytical tests by comparing the expenditures for the year as compared to expectations developed through examination of the budget and the prior period expenses. Preliminary Assessment of Internal Control Our preliminary assessment of internal control, the planned extent of audit work related to internal control, the effect of any control reliance on year end procedures, and our risk assessments determine the nature, extent and timing of our procedures. Our interim work includes a review of the internal control environment in further detail to support our risk assessments. Client Assistance A list of schedules and information required to facilitate our audit work has been included in Appendix D. -37- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 Timing Our interim audit work will be performed in November 2006, and our final audit work is tentatively scheduled to commence on April 9, 2007. Recent, Future and Proposed Accounting Pronouncements Appendix B outlines accounting pronouncements that may have some effect on the Town. Other Matters Annual report In accordance with auditing standards, we will review the annual report and other designated public documents prepared by management to determine that the financial statements have been accurately reproduced and that other financial information is consistent with the financial statements and our knowledge of the Town overall. Reuortin¢ on accounting procedures and internal controls The objective of our audit is to obtain reasonable assurance that the financial statements are free of material misstatement and it is not designed for the purpose of identifying matters to communicate. If during the course of our audit we identify the following matters, they will be communicated to an appropriate level of management: (a) misstatements, other than trivial errors; (b) fraud; (c) misstatements that may cause future financial statements to be materially misstated; (d) illegal or possibly illegal acts; and (e) significant weaknesses in internal control. The matters communicated will be those that we identify during our audit. Accordingly our audit would not usually identify all matters that may be of interest to the audit committee or management in the discharge of their responsibilities. The type and significance of the matter to be communicated will determine the level of management to which the communication will be directed. It will be our practice to maintain personal contact with senior management to ensure that we are in a position to respond to the Town's needs. We will also ensure that management and the audit committee are kept fully advised of our activities and findings and will present our reports to them in person on a timely basis. While our normal audit procedures include an overview of the accounting systems and controls to the extent they are relevant to the preparation of the financial statements, we do not necessarily perform detailed review and testing of all or any of these controls While it is sufficient for audit purposes, the level of procedures may not give the audit committee or management the comfort level it would like to have in today's environment. SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 Audit Fee Generally accepted auditing standards require the auditor to perform additional audit procedures as a result of the many changes in 2005, including the IT systems conversion that took place in the year. In order to meet our commitment to complete our audit by established deadlines, we will require the co- operation and assistance of the Town's staff in preparing detailed working papers supporting all asset, liability and fund balance accounts. As mentioned, we have provided management with a detailed listing of schedules to be provided to us at the commencement of the audit. Our audit fee for the year ended December 31, 2006 has been estimated to be $59,000. Our billings for these services will be rendered on a periodic basis as the audit progresses. Additional time that may be required in dealing with the resolution of unanticipated audit and accounting issues or resulting from the Town's staff not providing agreed upon assistance will be billed separately. Any such additional work required will be discussed with management and agreed upon prior to carrying out any additional work. The work performed to verify the conversion of your computer software systems will also be billed separately. Client Service Team The senior personnel assigned to the Town's audit are as follows: Allister Byrne I Lead Audit Partner Regina Baezner I Municipal Audit Resource Kirk VanBlarcom I Concurring Partner Irfan Ahmad I Manager Brandy>;Iliot I Audit Senior abvrne @ grantthornton.ca rbaezner @ grantthornton.ca kvanblarcom@ grantthornton. c a iahmad @ grantthornton.ca belliot@ grantthonton.ca We realize the importance of staff continuity in the services we provide. Through continuity, our people gain the knowledge of previously addressed accounting and reporting practices so that efficiencies are achieved and maintained. Most of the senior personnel noted above represent continuity from the 2005 audit, many of whom were also involved in previous audit. -39- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora. December 31, 2006 Appendix A — Independence Letter -40- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Grant Thornton 18 Grant Thornton LLP Chartered Accountants Management Consultants October 4, 2006 Mayor and Members of the Town Council The Town of Aurora 100 John West Way, Box No. 1000 Aurora, Ontario L4G 6J1 Dear Sirs: We have been engaged to audit the consolidated financial statements of the Town of Aurora, which includes the Aurora Public Library Board, as at December 31, 2006; these include the statement of financial position and the related statements of financial activities and changes in financial position for the year then ended. The Canadian generally accepted auditing standards (GAAS), require that we communicate at least annually with you regarding all relationships between the Town of Aurora and our firm that, in our professional judgment, may reasonably be thought to bear on our independence. In determining which relationships to report, the Guideline requires us to consider relevant rules and related interpretations prescribed by the appropriate provincial institute and applicable legislation, covering such matters as: a) holding a financial interest, either directly or indirectly, in a client; b) holding a position, either directly or indirectly, that gives the right or responsibility to exert significant influence over the financial or accounting policies of a client; c) personal or business relationships of immediate family, close relatives, partners or retired partners, either directly or indirectly, with a client; d) economic dependence on a client; and e) provision of services in addition to the audit engagement. We are not aware of any relationships between the Town and our firm that, in our professional judgment, may reasonably be thought to bear on our independence, which have occurred from May 5, 2006 to the date of this letter. In addition to our audit services in 2005, our firm was engaged by Council to carry out a review of the IT systems conversion. 15 Allstate Parkway Suite 200 Markham, Ontario L3n 5B4 T (416) 366-0100 F (905) 475-8906 E Markham@GrantThornton.ca W www.GrantThornlon.ca Canadian Member of Grant Thornton International -41- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Grant Thornton T GAAS requires that we confirm our independence to the Audit Committee. However, since the Rules of Professional Conduct of the Institute of Chartered Accountants of Ontario deal with the concept of independence in terms of objectivity, our confirmation is to be made in that context. Accordingly, we hereby confirm that we are objective with respect to the Town within the meaning of the rules of Professional Conduct of the Institute of Chartered Accountants of Ontario as of the date of this letter. This report is intended solely for the use of the Town Council, management, and others within the Town and should not be used for any other purposes. We look forward to discussing with you the matters addressed in this letter as well as other matters that may be of interest to you at the next Council meeting. We will be prepared to answer any questions you may have regarding our independence as well as other matters. Yours very truly, GRANT THORNTON LLP Allister Byrne, FCA Partner -42- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan — The Town of Aurora December 31, 2006 Appendix B — Audit Approach for 2006 -43- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan — The Town of Aurora December 31, 2006 Audit Approach for 2006 Financial Component Audit Strategy Cash and cash equivalents Confirmation of bank accounts with financial institutions; test cut-off and reconciling items. Short-term investments / investment income Receivables / revenue (taxation; water and sewer; grants; leisure services) Prepaid expenses and other assets Capital and reserve funds Commodity taxes Payables and Accruals Long-term debt Deferred revenue Other revenue sources Expenses and payroll Confirmation of balances with financial institutions; review activity during the year; testing the completeness of investment income; analytical review procedures. Verification of completeness of revenue and receivables; analytical review procedures; subsequent receipt testing; testing of cut-off; vouch on a test basis to supporting documentation. Recalculate; vouch on a test basis to supporting documentation. Review continuity schedule; test significant variances from budgets; vouch on a test basis to supporting documentation: Perform GST reasonability. Search for unrecorded liabilities; analytical review procedures; test cut-off; recalculation on a test basis of significant accruals Review continuity schedules; vouch to supporting documentation for significant changes Test cut-off; analytical review procedures. Analytical review procedures. Analytical review procedures; vouch on a test basis to supporting documentation. -44- SPECIAL GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan — The Town of Aurora December 31, 2006 Appendix C — Recent, Future and Proposed Accounting Pronouncements -45- SPECIAL.GENERAL COMMITTEE - OCTOBER 10, 2006 Report to the Audit Committee Audit Plan —The Town of Aurora December 31, 2006 Recent, Future and Proposed Accounting The following recent accounting pronouncement may have some effect on The Town of Aurora: Financial Instruments — Recognition and Measurement The CICA has issued Section 3855, Financial Instruments — Recognition and Measurement which requires that: • financial assets be classified as held for trading, held to maturity, loans and receivables, or available for sale; • all derivatives, including embedded derivatives that are not closely related to the host contract, be classified as held for trading; • financial assets and financial liabilities held for trading be measured at fair value with gains and losses recognized in net income in the periods in which they arise, unless they are part of a hedging relationship; • financial assets held to maturity, loans and receivables, and financial liabilities other than those held for trading, be measured at amortized cost; • financial assets available for sale be measured at fair value with gains and losses recognized in other comprehensive income until the financial asset is derecognized or becomes impaired; • investments in equity instruments that do not have a quoted market price in an active market, other than those held for trading, be measured at cost; and • an entity may elect on initial recognition to measure any financial instrument at fair value with gains or losses recognized in income in the periods in which they arise. This is effective for fiscal years beginning on or after October 1, 2006. -46-