Audit of the Southfield Redevelopment Authority

This page, Audit of the Southfield Redevelopment Authority, is offered by
Office of the State Auditor

Organization:	Office of the State Auditor
Date published:	December 20, 2024

Executive Summary

In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor (OSA) has conducted a performance audit of the Southfield Redevelopment Authority (SRA) for the period January 1, 2018 through December 31, 2022.

In this performance audit, we determined whether SRA took appropriate corrective actions based on prior audit findings and recommendations by OSA in the following areas:

improving its board of directors’ (BOD’s) oversight of SRA management through the creation of an internal control plan as required by the Office of the Comptroller of the Commonwealth’s (CTR’s) Internal Control Guide;
publishing and filing its annual financial audit with OSA as required by Section 31 of Chapter 291 of the Acts of 2014; and
creating short- and long-term financial plans to ensure its financial solvency in accordance with the Governmental Accounting Standards Board Statement No. 56 (Codification of Financial and Accounting Reporting) and Section 5B of Chapter 40 of the General Laws.

We also determined whether SRA had an employee Settlements and Judgments Policy based on guidelines provided in CTR’s Settlements and Judgments Policy 1779893.

Below is a summary of our findings, the effects of those findings, and our recommendations, with links to each page listed.


Finding 1	SRA does not have an internal control plan and does not have an updated policies and procedures manual.
Effect	Without a documented internal control plan or an updated policies and procedures manual, SRA may be unable to sufficiently safeguard the organization or efficiently achieve its objectives.
Recommendation	SRA should develop and maintain a documented internal control plan that includes policies and procedures for SRA operations.
Finding 2	SRA’s BOD did not always provide timely signatory reviews of bank reconciliations.
Effect	Without timely reviews of the bank statement reconciliation process, SRA may suffer financial loss in the event of an error in the reconciliation process. With the departure of SRA’s executive director in April 2019, the BOD has taken on some managerial roles and duties that would normally be required of an executive director. If the BOD is overly involved in roles that should be typically performed by management, in this case the timely review of the reconciliations, then the BOD may not be able to provide enough oversight on more important policy matters, and the risk of a conflict of interest may arise.
Recommendation	SRA should perform timely reviews of bank reconciliations, and the BOD should ensure that SRA is staffed with a sufficient number of employees who can fully manage SRA’s daily operations.
Finding 3	SRA’s vendor invoices did not always have preapproval signatures prior to the preparation of an accounts payable warrant.
Effect	We did not find evidence of misappropriation or mismanagement of funds; however, if SRA does not properly segregate managerial duties to ensure that vendor invoices receive preapproval signatures, then there is an increased opportunity for errors or other problems to go unnoticed and for unauthorized transactions to occur.
Recommendations	SRA should ensure that all accounts payable vendor invoices have preapproval signatures by a separate employee before being submitted to the BOD for final approval and payment. SRA should create policies and procedures that detail specific requirements and responsibilities for all employees in the payment of vendor invoices process.
Finding 4	SRA does not have a documented information technology policies and procedures manual and did not provide cybersecurity awareness training to its employees.
Effect	If SRA does not educate all employees on their responsibility to protect its information assets by creating an information technology policies and procedures manual or providing cybersecurity awareness training to all its employees, then SRA may be exposed to a higher-than-acceptable risk of cyberattacks, resulting in potential financial and/or reputational losses.
Recommendations	SRA should develop, disseminate, and periodically review and update a documented information technology policies and procedures manual. The manual should address the purpose, scope, roles, responsibilities, management commitment, and coordination among employees. The manual should also contain an access control policy, a cybersecurity awareness and training policy, an audit and accountability policy, an identification and authentication policy, and an employee security policy. SRA should ensure that it provides annual cybersecurity awareness training to all employees who have access to its computer network system.
Finding 5	SRA does not have a documented employee Settlements and Judgments Policy.
Effect	Without a documented policy approved by the BOD, any settlements or judgments may not adhere to appropriate tax reporting, withholdings, or funding requirements, resulting in an undue financial burden on the Commonwealth and its taxpayers.
Recommendation	SRA should adopt CTR’s Settlements and Judgments Policy 1779893 in its policies and procedures manual or create a new policy to keep current with executive branch policies and case law.

Post-Audit Action

SRA’s BOD formally adopted CTR’s Settlements and Judgments Policy 1779893 on August 21, 2024, and SRA reported to us that it is in the process of creating a documented internal control plan, policies and procedures manual, and an information technology policies and procedures manual, which will include specific requirements for employee cybersecurity awareness training. Also, during our audit engagement, SRA employees successfully completed an online cybersecurity awareness training session.

Downloads

Open PDF file, 904.72 KB, Audit Report - Southfield Redevelopment Authority (English, PDF 904.72 KB)

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please contact the State Auditor. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback. You will NOT get a response.

If you need assistance, please contact the State Auditor.

Please let us know how we can improve this page.