Transmittal - 12/22/2023
ERIN MENDENHALL MARY BETH THOMPSON
Mayor Chief Financial Officer
INFORMATION MANAGEMENT SYSTEM
349 SOUTH 200 EAST
SALT LAKE CITY, UTAH 84114
TEL 801-535-7272
CITY COUNCIL TRANSMITTAL
________________________ Date Received: ___________________
Rachel Otto, Chief of Staff Date sent to Council: ______________
_____________________________________________________________________________
TO: Salt Lake City Council DATE: December 20, 2023
Darin Mano, Chair
FROM: Mary Beth Thompson, Chief Financial Officer
___________________________________
SUBJECT: Fraud Risk Assessment as required by the State
STAFF CONTACT: Mary Beth Thompson and Russ Sundquist
DOCUMENT TYPE: Informative Item
RECOMMENDATION: Review this assessment as part of the City’s financial audit presentation.
BUDGET IMPACT: N/A
BACKGROUND/DISCUSSION: As part of the State Compliance portion of the yearly financial audit,
the State Auditors’ Office requires that the City complete, sign and present to the Council the
Fraud Risk Assessment document. This document is included with the transmittal to be presented
in conjunction with the City Financial audit presentation.
PUBLIC PROCESS: N/A
EXHIBITS: Fraud Risk Assessment Questionnaire packet
rachel otto (Dec 22, 2023 11:48 MST)
12/22/2023
12/22/2023
Revised December 2020
OFFICE OF THE
STATE AUDITOR
Utah State Capitol Complex, East Office Building, Suite E310 • Salt Lake City, Utah 84114-2310 • Tel: (801) 538-1025 • auditor.utah.gov
Questionnaire
Fraud Risk Assessment
INSTRUCTIONS:
Reference the Fraud Risk Assessment Implementation Guide to
determine which of the following recommended measures have been
implemented.
Indicate successful implementation by marking “Yes” on each of the
questions in the table. Partial points may not be earned on any individual
question.
Total the points of the questions marked “Yes” and enter the total on the
“Total Points Earned” line.
Based on the points earned, circle/highlight the risk level on the “Risk
Level” line.
Enter on the lines indicated the entity name, fiscal year for which the
Fraud Risk Assessment was completed, and date the Fraud Risk
Assessment was completed.
Print CAO and CFO names on the lines indicated, then have the CAO
and CFO provide required signatures on the lines indicated.
Utah State Capitol Complex, East Office Building, Suite E310 • Salt Lake City, Utah 84114-2310 • Tel: (801) 538-1025 • auditor.utah.gov
Fraud Risk Assessment
Continued
*Total Points Earned: ____/395 *Risk Level:
Yes Pts
1. Does the entity have adequate basic separation of duties or mitigating controls as
outlined in the attached Basic Separation of Duties Questionnaire?
200
2. Does the entity have governing body adopted written policies in the following areas:
a. Conflict of interest? 5
b. Procurement? 5
c. Ethical behavior? 5
d. Reporting fraud and abuse? 5
e. Travel? 5
f. Credit/Purchasing cards (where applicable)? 5
g. Personal use of entity assets? 5
h. IT and computer security? 5
i. Cash receipting and deposits? 5
3. Does the entity have a licensed or certified (CPA, CGFM, CMA, CIA, CFE, CGAP,
CPFO) expert as part of its management team?
20
a. Do any members of the management team have at least a bachelor's degree in
accounting?
10
4. Are employees and elected officials required to annually commit in writing to abide by a
statement of ethical behavior?
20
5. Have all governing body members completed entity specific (District Board Member
Training for local/special service districts & interlocal entities, Introductory Training for
Municipal Officials for cities & towns, etc.) online training (training.auditor.utah.gov)
within four years of term appointment/election date?
20
6. Regardless of license or formal education, does at least one member of the
management team receive at least 40 hours of formal training related to accounting,
budgeting, or other financial areas each year?
20
7. Does the entity have or promote a fraud hotline? 20
8. Does the entity have a formal internal audit function? 20
9. Does the entity have a formal audit committee? 20
*Entity Name:_________________________________________________________________
*Completed for Fiscal Year Ending: _____________ *Completion Date: ________________
*CAO Name: __________________________ *CFO Name: ____________________________
*CAO Signature: _______________________ *CFO Signature: _________________________
*Required
Very Low Low Moderate High Very High
> 355 316-355 276-315 200-275 < 200
June 30, 2 2 12//202
Mary Beth Thompson
Salt Lake City Corporation
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Utah State Capitol Complex, East Office Building, Suite E310 • Salt Lake City, Utah 84114-2310 • Tel: (801) 538-1025 • auditor.utah.gov
Basic Separation of Duties
See the following page for instructions and definitions.
Yes No MC* N/A
1. Does the entity have a board chair, clerk, and treasurer who are three
separate people?
2. Are all the people who are able to receive cash or check payments different
from all of the people who are able to make general ledger entries?
3. Are all the people who are able to collect cash or check payments different
from all the people who are able to adjust customer accounts? If no customer
accounts, check “N/A”.
4. Are all the people who have access to blank checks different from those who
are authorized signers?
5. Does someone other than the clerk and treasurer reconcile all bank accounts
OR are original bank statements reviewed by a person other than the clerk to
detect unauthorized disbursements?
6. Does someone other than the clerk review periodic reports of all general
ledger accounts to identify unauthorized payments recorded in those
accounts?
7. Are original credit/purchase card statements received directly from the card
company by someone other than the card holder? If no credit/purchase cards,
check “N/A”.
8. Does someone other than the credit/purchase card holder ensure that all card
purchases are supported with receipts or other supporting documentation? If
no credit/purchase cards, check “N/A”.
9. Does someone who is not a subordinate of the credit/purchase card holder
review all card purchases for appropriateness (including the chief
administrative officer and board members if they have a card)? If no
credit/purchase cards, check “N/A”.
10. Does the person who authorizes payment for goods or services, who is not
the clerk, verify the receipt of goods or services?
11. Does someone authorize payroll payments who is separate from the person
who prepares payroll payments? If no W-2 employees, check “N/A”.
12. Does someone review all payroll payments who is separate from the person
who prepares payroll payments? If no W-2 employees, check “N/A”.
* MC = Mitigating Control
Utah State Capitol Complex, East Office Building, Suite E310 • Salt Lake City, Utah 84114-2310 • Tel: (801) 538-1025 • auditor.utah.gov
Basic Separation of Duties
Continued
Instructions: Answer questions 1-12 on the Basic Separation of Duties Questionnaire using the
definitions provided below.
If all of the questions were answered “Yes” or “No” with mitigating controls (“MC”) in place, or “N/A,” the
entity has achieved adequate basic separation of duties. Question 1 of the Fraud Risk Assessment
Questionnaire will be answered “Yes.” 200 points will be awarded for question 1 of the Fraud Risk
Assessment Questionnaire.
If any of the questions were answered “No,” and mitigating controls are not in place, the entity has not
achieved adequate basic separation of duties. Question 1 of the Fraud Risk Assessment Questionnaire will
remain blank. 0 points will be awarded for question 1 of the Fraud Risk Assessment Questionnaire.
Definitions:
Board Chair is the elected or appointed chairperson of an entity’s governing body, e.g. Mayor, Commissioner,
Councilmember or Trustee. The official title will vary depending on the entity type and form of government.
Clerk is the bookkeeper for the entity, e.g. Controller, Accountant, Auditor or Finance Director. Though the
title for this position may vary, they validate payment requests, ensure compliance with policy and budgetary
restrictions, prepare checks, and record all financial transactions.
Chief Administrative Officer (CAO) is the person who directs the day-to-day operations of the entity. The
CAO of most cities and towns is the mayor, except where the city has a city manager. The CAO of most local
and special districts is the board chair, except where the district has an appointed director. In school districts,
the CAO is the superintendent. In counties, the CAO is the commission or council chair, except where there is
an elected or appointed manager or executive.
General Ledger is a general term for accounting books. A general ledger contains all financial transactions of
an organization and may include sub-ledgers that are more detailed. A general ledger may be electronic or
paper based. Financial records such as invoices, purchase orders, or depreciation schedules are not part of the
general ledger, but rather support the transaction in the general ledger.
Mitigating Controls are systems or procedures that effectively mitigate a risk in lieu of separation of duties.
Original Bank Statement means a document that has been received directly from the bank. Direct receipt of
the document could mean having the statement 1) mailed to an address or PO Box separate from the entity’s
place of business, 2) remain in an unopened envelope at the entity offices, or 3) electronically downloaded
from the bank website by the intended recipient. The key risk is that a treasurer or clerk who is intending to
conceal an unauthorized transaction may be able to physically or electronically alter the statement before the
independent reviewer sees it.
Treasurer is the custodian of all cash accounts and is responsible for overseeing the receipt of all payments
made to the entity. A treasurer is always an authorized signer of all entity checks and is responsible for
ensuring cash balances are adequate to cover all payments issued by the entity.