Post on 24-Feb-2023
City of Cleveland Division of Water (“DOW”)
Statement on Standards for Attestation Engagements (“SSAE”) No. 16
Service Organization Controls (“SOC1”) Report
For the Period January 1, 2011 through December 31, 2011
Table of Contents
I. Independent Service Auditor‟s Report .................................................................................................... 3
II. Division of Water‟s Management Assertion ............................................................................................ 6
III. Description of the Division of Water‟s System of Processing Transactions. .......................................... 9
Overview of Operations ........................................................................................................................ 10
Relevant Aspects of the Control Environment, Risk Assessment and Monitoring ............................... 10
General EDP Controls.......................................................................................................................... 11
Financial Application Controls .............................................................................................................. 19
Billing Procedures ................................................................................................................................. 25
New Account Setup .............................................................................................................................. 28
Payments ............................................................................................................................................. 29
Distribution ............................................................................................................................................ 32
User Control Considerations ................................................................................................................ 33
IV. Control Objectives, Related Controls and Tests of Operating Effectiveness ....................................... 34
IT Governance ...................................................................................................................................... 36
IT Logical Access.................................................................................................................................. 37
Operating System Maintenance and Change Control .......................................................................... 39
Application Maintenance and Change Control ..................................................................................... 40
Computer Operations ........................................................................................................................... 42
Backup .................................................................................................................................................. 44
Physical Security .................................................................................................................................. 44
Completeness of Input .......................................................................................................................... 46
Transaction Occurrence ....................................................................................................................... 48
Accuracy of Input .................................................................................................................................. 49
Customer Remittance ........................................................................................................................... 51
V. Other Information Provided by Independent Service Auditor ............................................................... 55
VI. Other Information Provided by the Division of Water ........................................................................... 57
Page 4
Independent Service Auditor’s Report
To the Director of Public Utilities, Commissioner of Water
City of Cleveland:
Scope
We have examined Division of Water‟s (“DOW”) description of its processing of transactions for users of
the Customer Care & Billing System (“CC&B”) throughout the period January 1, 2011 to December 31,
2011 and the suitability of the design and operating effectiveness of controls to achieve the related control
objectives stated in the description.
In addition, banks and other entities perform agency functions for the receipt of utility payments. The
description of the system in section III of this report includes only the control objectives and related
controls of DOW and excludes the control objectives and related controls at National City Bank or other
financial agents. Our examination did not extend to controls of National City Bank or the other agents.
Service organization’s responsibilities
On page 6 of this report, DOW has provided an assertion about the fairness of the presentation of the
description and suitability of the design and operating effectiveness of the controls to achieve the related
control objectives stated in the description. DOW is responsible for preparing the description and for the
assertion, including the completeness, accuracy, and method of presentation of the description and the
assertion, providing the services covered by the description, specifying the control objectives and stating
them in the description, identifying the risks that threaten the achievement of the control objectives,
selecting the criteria, and designing, implementing, and documenting controls to achieve the related
control objectives stated in the description.
Service auditor’s responsibilities
Our responsibility is to express an opinion on the fairness of the presentation of the description and on
the suitability of the design and operating effectiveness of the controls to achieve the related control
objectives stated in the description, based on our examination. We conducted our examination in
accordance with attestation standards established by the American Institute of Certified Public
Accountants. Those standards require that we plan and perform our examination to obtain reasonable
assurance about whether, in all material respects, the description is fairly presented and the controls were
suitably designed and operating effectively to achieve the related control objectives stated in the
description throughout the period January 1, 2011 to December 31, 2011.
An examination of a description of a service organization‟s system and the suitability of the design and
operating effectiveness of the service organization‟s controls to achieve the related control objectives
stated in the description involves performing procedures to obtain evidence about the fairness of the
presentation of the description and the suitability of the design and operating effectiveness of those
controls to achieve the related control objectives stated in the description. Our procedures included
assessing the risks that the description is not fairly presented and that the controls were not suitably
designed or operating effectively to achieve the related control objectives stated in the description. Our
procedures also included testing the operating effectiveness of those controls that we consider necessary
to provide reasonable assurance that the related control objectives stated in the description were
achieved. An examination engagement of this type also includes evaluating the overall presentation of the
description and the suitability of the control objectives stated therein, and the suitability of the criteria
specified by the service organization. We believe that the evidence we obtained is sufficient and
appropriate to provide a reasonable basis for our opinion.
Page 5
Inherent limitations
Because of their nature, controls at a service organization may not prevent, or detect and correct, all
errors or omissions in the processing of transactions for users of the Customer Care & Billing System.
Also, the projection to the future of any evaluation of the fairness of the presentation of the description, or
conclusions about the suitability of the design or operating effectiveness of the controls to achieve the
related control objectives is subject to the risk that controls at a service organization may become
inadequate or fail.
Opinion
In our opinion, in all material respects, based on the criteria described in DOW‟s assertion on page 6,
a. The description fairly presents the processing of transactions for users of the Customer Care & Billing
System that was designed and implemented throughout the period January 1, 2011 to December 31,
2011.
b. The controls related to the control objectives stated in the description were suitably designed to
provide reasonable assurance that the control objectives would be achieved if the controls operated
effectively throughout the period January 1, 2011 to December 31, 2011.
c. The controls tested, which were those necessary to provide reasonable assurance that the control
objectives stated in the description were achieved, operated effectively throughout the period January
1, 2011 to December 31, 2011.
Description of tests of controls
The specific controls tested and the nature, timing, and results of those tests are listed on pages 34-54.
Restricted use
This report, including the description of tests of controls and results thereof on pages 34-54, is intended
solely for the information and use of DOW and its user organizations during some or all of the period
January 1, 2011 to December 31, 2011, and the independent auditors of such user entities, who have a
sufficient understanding to consider it, along with other information including information about controls
implemented by user entities themselves, when assessing the risks of material misstatements of user
entities‟ financial statements. This report is not intended to be and should not be used by anyone other
than these specified parties. We have performed no procedures to evaluate the effectiveness of controls
at the individual member communities.
Other information provided by Division of Water
The information in section VI of management‟s description of the service organization‟s system, “Other
Information Provided by the Division of Water,” that identifies DOW‟s management response is presented
by management of DOW to provide additional information and is not a part of DOW‟s description of its
processing of transactions for users of the Customer Care & Billing System of controls made available to
user entities during the period January 1, 2011 to December 31, 2011. Information about DOW‟s
management responses has not been subjected to the procedures applied in the examination of the
description of the corporate service controls and of the suitability of the design and operating
effectiveness of controls to achieve the related control objectives stated in the description of the
processing of transactions for users of the Customer Care & Billing System controls and, accordingly, we
express no opinion on it.
Cincinnati, Ohio
March 6, 2012
Page 7
City of Cleveland Frank G. Jackson, Mayor
Department of Public Utilities
Division of Utilities Fiscal Control
1201 Lakeside Avenue
Cleveland, Ohio 44114-1175
216/664-2444 • Fax: 215/664-4452
www.clevelandwater.com
Division of Water’s Management Assertion
We have prepared the description of the Division of Water‟s processing of transactions for users of the
Customer Care & Billing System (“CC&B”) during some or all of the period January 1, 2011, to December
31, 2011, and their user auditors who have a sufficient understanding to consider it, along with other
information, including information about controls implemented by user entities of the system themselves,
when assessing the risks of material misstatements of user entities‟ financial statements. We confirm, to
the best of our knowledge and belief, that:
a. The description fairly presents the systems made available to user entities of the systems during
some or all of the period January 1, 2011, to December 31, 2011, for processing their transactions.
The criteria we used in making this assertion were that the description:
i. Presents how the systems made available to user entities of the systems were designed and
implemented to process relevant transactions, including, if applicable:
The classes of transactions processed.
The procedures, within both automated and manual systems, by which services are provided,
including, as appropriate, procedures by which transactions are initiated, authorized,
recorded, processed, corrected as necessary, and transferred to reports and other
information prepared for user entities.
The related accounting records, supporting information, and specific accounts that are used
to initiate, authorize, record, process, and report transactions; this includes the correction of
incorrect information and how information is transferred to the reports and other information
prepared for user entities.
How the systems capture significant events and conditions, other than transactions.
The process used to prepare reports and other information for user entities.
Specified control objectives and controls designed to achieve those objectives, including as
applicable, complementary user entity controls contemplated in the design of the service
organization's controls.
Other aspects of our control environment, risk assessment process, information and
communication systems (including related business processes), control activities, and
monitoring controls that are relevant to processing and reporting transactions of user entities
of the system.
ii. Does not omit or distort information relevant to the scope of the tax savings and benefits
continuation systems, while acknowledging that the description is presented to meet the common
needs of a broad range of user entities of the systems and their financial statement auditors, and
may not, therefore, include every aspect of the systems that each individual user entity of the
systems and its auditor may consider important in its own particular environment.
b. The Description includes relevant details of the changes to the processing of transaction controls for
the CC&B system during the period covered by the description.
Page 8
i. The controls related to the control objectives stated in the description were suitably designed
and operating effectively throughout the period January 1, 2011, to December 31, 2011, to
achieve those control objectives. The criteria we used in making this assertion were that:
ii. The risks that threaten the achievement of the control objectives stated in the description have
been identified by management;
iii. The controls identified in the description would, if operating as described, provide reasonable
assurance that those risks would not prevent the control objectives stated in the description
from being achieved; and
iv. The controls were consistently applied as designed, including whether manual controls were
applied by individuals who have the appropriate competence and authority.
Page 10
A. OVERVIEW OF OPERATIONS
The Division of Water (“DOW”) services not only the City of Cleveland, but also 69 surrounding
communities, six master meter communities, and eight emergency standby communities. They provide
water to approximately 414,006 city and suburban accounts in the Cleveland metropolitan area. They
also sell water to master meter communities that operate their own distribution systems, and they provide
billing and payment services for the Northeast Ohio Regional Sewer District (“NEORSD”) and other
communities.
During 2011, the DOW provided services to approximately 123,554 accounts located within Cleveland
and approximately 290,452 accounts located in direct service communities. Water provided to each
master meter community is metered at each community‟s boundary. Consumers within the City of
Cleveland accounted for approximately 21 percent of the DOW‟s metered sales revenue, while the direct
service and master meter communities accounted for approximately 69 percent and 10 percent of
metered sales revenue, respectively.
The DOW, along with the Division of Utilities Fiscal Control (“UFC”), provides a complete array of
processing services including billing, payment processing, mailing delinquency notices, terminating water
service on delinquent accounts, and distributing the money collected to the communities. UFC processes
approximately 5,000 bills daily, which include bills for water only, sewer only, water and sewer, final bills,
and delinquent bills.
B. RELEVANT ASPECTS OF THE CONTROL ENVIRONMENT, RISK ASSESSMENT AND
MONITORING
1. Control Environment
The Department of Public Utilities, headed by its director, comprises four divisions: Water, Water
Pollution Control, Cleveland Public Power, and Utilities Fiscal Control, each of which is managed by a
commissioner. The Division of UFC provides accounting and other financial services to the other
three divisions. The following functional areas are headed by assistant commissioners who report
directly to the commissioner of the DOW:
Administration is the support staff of the Division and is responsible for non-technical functions
excluding sales and billings.
Plant Operations is responsible for the pumping and purification of water as well as the
laboratories that analyze raw and potable water.
Engineering is responsible for the design and construction of capital improvement projects
undertaken by the Division.
Distribution System Maintenance is responsible for servicing and maintaining the Division‟s
distribution system, which includes water mains, meters, valves, fire hydrants and connections.
Customer Account Services (“CAS”) is responsible for the Division‟s interactions with its
customers, including meter reading, billing, payments and customer service inquiries.
Information Technology (“IT”) is responsible for monitoring systems processing and running
production jobs and reports requested by the users. This department is also responsible for
managing the Local Area Networks (“LAN”) and the telecommunication needs of the DOW.
Budget is responsible for the operating budget as well as contract procurement and requisition
processing for operational needs.
This functional arrangement, management controls, and the established information processing
policies, standards, guidelines, and procedures help to ensure adequate segregation of duties within
the DOW.
Page 11
2. Risk Assessment
The Division of Water has a formal risk management function to address the environmental and
safety risks associated with running a public utility. In addition, the DOW has established an IT
Governance Committee to evaluate IT opportunities and oversee their acquisition and
implementation. The committee is comprised of DOW executive staff from all sections and senior IT
management. As part of the formation of this committee, a formal governance model is being
developed and implemented. The committee meets regularly throughout the year to discuss issues
related to the information systems of the DOW.
In addition, the DOW has identified operational risks resulting from the nature of services provided to
the member communities. These risks are primarily associated with computerized information
systems. These risks are monitored as described under “Monitoring” below and in additional detail
throughout the “General EDP Control” section.
3. Monitoring
The General Accounting Department, which is a functional area reporting to the Commissioner for the
Division of UFC, is responsible for the daily accounting function of the Department of Public Utilities.
Some of their duties include reconciling the accounts receivable totals to the City of Cleveland‟s
financial management system, tracking refunds made to customers, scanning purchases for unusual
entries, and producing monthly, quarterly, and annual financial statements. DOW personnel monitor
the quality of service to user organizations and system performance as a routine part of their job
duties. To assist them in this monitoring, DOW uses a variety of key indicator reports to monitor the
processes involved in billing and payment.
Computer access is monitored on an ongoing basis by IT staff. Exceptions to normal processing
related to hardware, software, or procedural problems are resolved daily.
4. Information and Communication
The aspects of the information and communication component of internal control as they affect the
services provided to user organizations are discussed within the “General EDP” and “Application”
control sections.
C. GENERAL EDP CONTROLS
1. Overall Operation of the IT Function
On November 15, 2011 the Mayor of the City of Cleveland announced that the Department of Public
Utilities, including the Division of Water, will undergo a restructuring plan designed to focus the
organization on customer service delivery. Included as part of the restructuring, was moving the DOW
IT staff into the Department of Public Utilities level. While these changes were announced on Nov. 15,
2011 the overall operation of the former DOW IT section remained largely unchanged through the
remainder of 2011. Thus, the description of general controls presented below is written with regards
to the DOW IT staff and is applicable for the entirety of the 2011 audit period.
The DOW IT staff consists of 55 individuals including the Assistant Commissioner of IT and the IT
Manager. The breakdown of individuals by category is as follows:
Infrastructure and Applications:
Technical director (2)
Telecommunications operations group leader (1)
Telecommunications operations group staff (3)
Operations support group leader (1)
Operations support group staff (5)
Applications group staff (5)
Data center operations group leader (1)
Page 12
Data center operation support staff (2)
Administration:
IT administration unit leader (1)
IT administration staff (6)
Telephone operators (3)
Project Delivery:
IT project delivery unit manager (1)
IT project delivery staff (8)
Computer operations supervisor (1)
Computer operations (3)
Geographic Information System (“GIS”):
GIS unit manager (1)
GIS systems group leader (1)
GIS systems group staff (2)
GIS applications group leader (1)
GIS applications group staff (5)
The DOW follows the Personnel Policies and Procedures Manual provided by the City of Cleveland.
An organizational chart, a chart of “operational roles and responsibilities”, and job descriptions have
been developed for the IT Department of the DOW. A training strategy has been developed for the IT
section that lists various tracks to be followed by area of work. Numerous outlets are used to obtain
technical training for IT staff. The training strategy is designed to align with on-going IT initiatives and
to keep DOW employees abreast of the latest technology so they can perform in the most efficient
manner.
All hiring for the DOW must be approved by city hall administration prior to the posting of a job
opening. All positions are posted internally first. If sufficient responses are not received, the
positions are then posted on the city's web site and/or in a local newspaper.
The Division of Water follows the performance management processes established by the City of
Cleveland. It is for nonunion employees and focuses on setting and meeting performance goals,
which are established at the end of the prior calendar year. Quarterly progress meetings are
conducted and culminate in an annual appraisal meeting where individuals are scored against a set
of City-wide core competencies and their progress towards their objectives.
The DOW completed development of a three-year information technology (“IT”) plan dated March
2009. A list of proposed projects was developed as part of the IT Master Plan, which were then given
to the IT Governance Committee. Potential initiatives that are part of the IT Master Plan are
continually re-evaluated by the IT Governance Committee utilizing business case evaluations. The IT
plan is updated through the IT Governance process.
The DOW also has a Strategic Business Plan that concerns the DOW as a whole and was completed
in 2007 for the period 2008-2012. The business plan manager and the Strategic Business Plan
(“SBP”) office have responsibility for implementation of the plan. The Strategic Business Plan
Committee meets periodically and a list of action items is prepared and distributed to the committee
members. Executive staff, managers, and select employees participate in a two-day retreat and a
series of committee meetings to identify the goals, objectives, strategies, and projects for the SBP.
2. Development and Implementation of New Applications and Systems
A. Customer Information System/Customer Relations Management (“CIS/CRM”):
Page 13
The Division of Water implemented Oracle®‟s Customer Care and Billing (“CC&B”) application on
September 27, 2009. PricewaterhouseCoopers (“PwC”) was the implementation consultant for
the project. PwC was responsible for delivering a fully functional CIS/CRM solution. The entire
CIS/CRM project was managed by TMG Consulting, Inc. IBM was selected to provide hosting
and managed services.
The implementation of the new billing system followed a detailed System Development Life Cycle
(“SDLC”) that was developed by PwC. The implementation project utilized a formal project
management structure that included representation from DOW, UFC, PwC, TMG Consulting Inc.,
and IBM. The project was guided by an Executive Steering Committee (“ESC”). Reporting to the
ESC were two DOW project directors and a DOW project manager.
B. Meter Automation and Replacement Program (“MARP”)
The DOW followed the City of Cleveland Division of Information Technology and Services
Software Acquisition Procedure Guidelines for the purchase of the new Meter Automation and
Replacement Program through the submission of a Request for Proposal in September of 2009.
A team of eight DOW individuals representing the departments affected by the project, including
IT, was selected to evaluate the proposals received. Proposals were evaluated based on criteria
outlined in the RFP and cost. During 2010, the meter automation vendor iTron was selected and
the implementation of the metering program began. The installation of AMR-enabled meters is
expected to begin in early 2012.
3. Changes to Existing Applications or Hardware Systems
The DOW has a contract with IBM for hosting and application managed services for their new
Customer Care and Billing (“CC&B”) application. The three year contract was signed in July of 2008
with an option for renewal for two additional one year terms. The contract describes the roles for IBM
and DOW in the application change process. The hosting and application managed services are
defined as follows:
Hosting Services or Application on Demand (“AoD”) – computing and networking infrastructure
(facility, disaster recovery, hardware, software, security and networking) and the service to
support and maintain the infrastructure.
Application Managed Services (“AMS”) – services including application data base support and
maintenance; manage code libraries and code migrations; execute and monitor the batch
processes; help desk services; application development and report writing development.
An IBM Delivery Project Manager coordinates all activities of both the AoD and AMS teams and
serves as the single point of contact for DOW.
Requests for modification to CC&B can originate from an identified defect (i.e. a problem or
shortcoming of the CC&B application) or a user request for new or changed functionality. Both are
logged into the tracking tool, SharePoint, as work items. The work items are reviewed weekly by a
Review Board. This board is composed of members of the technical support team as well as DOW
staff from the following departments or divisions: IT, Fiscal Control, Meter Reading, Meter
Maintenance, Billing, and Customer Account Services. Once approved and prioritized, the work
items are assigned to the appropriate resources to investigate and complete. In some cases, the
work items require changes to the application configuration, custom developed code, or installation of
vendor supplied patches. In all cases, the changes are first made in the development environment
and are then assigned back to the original requestor or a designated functional team member for
testing. Once an application change has passed testing, it is marked as “Ready for Migration”. A
request to migrate the application change is emailed from the technical support team to the DOW
assistant Commissioner of IT and the assistant Commissioner of CAS, one of whom is required to
Page 14
approve the application change prior to it being placed into production. Code migrations are
performed by the IBM system administrator. All code migrations are tracked in a change log.
Changes to the application hardware environment (such as operating system updates, firmware
updates, application patches, database patches, etc.) are discussed as part of a monthly operations
meeting with the IBM‟s AoD team. Any changes to the hardware environment are requested via an
email from the AoD team lead to the assistant Commissioner of IT, who is responsible for approving
the change. Changes to the application hardware environment are first tested in a testing laboratory
maintained by IBM AoD, then applied to the CC&B development environments and operated for an
extended period of time prior to being applied to the production environments.
In addition to the CC&B production environment, a separate development environment is used for
development and testing. The development environment is housed on separate application and
database servers. Within these development servers, multiple database instances and multiple
application environments are maintained that may be used for different development and testing
purposes.
The DOW uses a vendor provided meter reading system called Datamatic. Software and hardware
support agreements for the meter reading system are maintained by DOW. Change requests for the
meter reading system must first be approved by the assistant administrator of meter reading. All
changes to the Datamatic application are performed by the vendor. The vendor submits a proposal to
DOW for the estimated cost to the assistant Commissioner of CAS. The assistant Commissioner
verifies all requests. Requests for vendor changes to the meter reading system are infrequent.
The DOW uses a vendor provided cashiering system, PCI Revenue Collection Services (RCS). This
software was included with the purchase of the City of Cleveland‟s financial accounting software and
was made available to DOW. Change requests for the PCI Revenue Collection Services (RCS) are
managed by the City of Cleveland Department of Finance.
4. IT Security Overview
CC&B is hosted by IBM in a secure data center located in Phoenix, AZ, with a backup data center
located in Sterling, VA. CC&B is accessed via a dedicated, DS3 network connection between DOW
premises and the IBM data center. Two IBM maintained routers are located at DOW premises; one
at each primary and secondary data centers. Network access is secured at both IBM and DOW
through firewall access rules. The DOW utilizes a private network addressing scheme. Network
address translation is performed at the IBM data center. The passwords for the firewall are enabled
and controlled by the DOW network staff.
A backup to the DS3 network connection is provided by a hardware-based virtual private network
(VPN) connection which is managed by IBM. A second layer of backup is provided by an SSL-based
VPN, also managed by IBM. VPN accounts are password protected and all users who are issued
VPN access are controlled.
CC&B application security is controlled in two levels. Access to the application is controlled via
authentication to the DOW Active Directory (AD) through a Lightweight Directory Access Protocol
(LDAP) hook that is administered in the Weblogic application server tier. CC&B users have unique
usernames set up in AD which differ from their standard network username. Domain level password
policies are applied to the CC&B usernames and include password expiration, account lock-out, and
password strength requirements. The AD accounts are administered by the DOW network operations
team.
Application level security is controlled within CC&B through the use of security groups. This is
administered by a dedicated CC&B security administrator. Rights must be granted in both Active
Directory and the CC&B application for a user to access the system.
Page 15
5. Security Administration – System Level
System level access is administered by the DOW operations support group leader. All administrative
functions for the network servers, including the creation or modification of user network accounts for
any server, are the responsibility of the operations support group leader.
Authorization from department supervisors is required before an account is established in active
directory. The IT Department adopted a computer security policy and users must sign a form to
acknowledge acceptance of the computer security policy. The policy covers general use, computing
assets, system accounts and passwords, internet use, electronic communication, and user
agreements for employees and contractors/consultants.
When employees leave the Division of Water, the Personnel Department sends a help desk ticket to
the operations support group leader who disables or deletes the accounts.
The DOW uses Windows Active Directory (“AD”) to manage the LAN environment. Security policies
are set at the domain level.
Access to the DOW network is restricted by security policies set at the domain level. These policies
address access to data, programs, and system utilities. System level security requires a unique user
ID and password for sign-on. The following security policies have been implemented to control user
access within Active Directory:
Passwords - User IDs and user passwords are required to authenticate to the DOW network.
Controls such as naming conventions, minimum length requirements, expiration, and history
limitations have been implemented to help strengthen passwords.
Sign-on parameters - Sign-on parameters limit the number of unsuccessful attempts to access a
network account after which the account is disabled for a period of time.
Group policies - Group policies are used to assign user network access rights, network drive
mappings, and other various security parameters.
CWD maintains two data centers located at the Information Technology Center and the Public Utilities
Building. Access to both facilities is controlled by the Department of Public Utilities security unit and
includes such safeguards as security guards, swipe card access into facilities, and camera
surveillance. All visitors to these facilities are required to register with the security guard and receive
a visitors tag for identification. All computer rooms are further secured with keycards. Access to
computer rooms is granted by management based on need and generally is limited to IT staff,
security officers, electricians, and building custodians. The list of individuals with access is reviewed
at least annually.
A security management application, Pro-Watch, is used by the project director in the Access Control
Department to administer the keycard system. Security/access control officers may also assist with
keycard access as needed.
When new employees start with the DOW, personnel notifies the Access Control Department of the
new hire and basic access to the employee‟s department is granted. If an employee‟s access
requirements change, an access card request form must be completed, signed by the employee‟s
supervisor and assistant Commissioner, and submitted to the Access Control Department. An
access card request form is also completed for special situations (i.e. contractor needs access for a
short period of time, etc.). Access card request forms are retained for a minimum of three years.
Network access has been secured through the use of a fiber network and two firewalls. Remote
access is governed by Active Directory via a Lightweight Directory Access Protocol (LDAP) hook,
which links to Microsoft Active Directory as the source of user accounts. Remote access is
accessible through a Cisco secured VPN client. Users request remote access via a standard form
which is approved by their supervisor and the IT manager. Once the access request is approved, a
Page 16
helpdesk ticket is generated and sent to the DOW network team. The DOW network team sets up
the user with the secure VPN client access through an active directory group based on the remote
access requested.
The DOW utilizes a private network addressing scheme. The firewall, which passes only TCP/IP
traffic and blocks all other traffic, allows a user to exchange the private network addressing scheme
for a real IP address which is recognizable by the Internet; thus allowing the user to access the
Internet. The passwords for the firewalls are enabled and controlled by the network staff.
Documentation for the network is maintained by the Network Department. The documentation
identifies all individuals with access to the Internet. Inbound traffic is limited with the use of conduits.
6. Security Administration – Application Level
Customer Care and Billing (“CC&B”)
Access to the CC&B application is controlled at two levels. Access is first controlled via
authentication to the DOW Active Directory (“AD”) through a Lightweight Directory Access
Protocol (“LDAP”) hook that is administered in the WebLogic application server tier. After
authentication to AD, CC&B users have unique user accounts set up in AD that differ from their
standard network account. Domain level password policies are applied to the CC&B accounts
and include 90-day password expiration, account lockout after 3 failed attempts, and password
complexity requirements.
Application level security is controlled within the CC&B application using security groups to
restrict specific functions. The Assistant Commissioner of CAS is responsible for authorizing
access to the CC&B application. Access to the CC&B application is administered by the project
director of the CAS Assistant Commissioner.
PCI (Revenue Collection System)
The PCI Revenue Collection System is used by the Cashiering Section of UFC. It uses group
policies to assign user network access rights, network drive mappings, and other various security
parameters. Access to the database and application files for PCI is restricted through Windows
2003 file share access control lists. DOW operations support administers access to this server
through group access. Application level access to the PCI application is administered by a UFC
supervisor.
Application level security for the PCI Revenue Collection System has been established via two
profiles: general cashier and administrator. The general cashier profile is restricted to the
cashiers to process payments and balance. UFC administrators have been assigned the
administrator profile. Due to the limited number of users to the PCI application, changes to
access are infrequent.
The PCI application requires cashiers to enter a user ID and password when opening the
application and again when accessing payment information.
Datamatic (Meter Reading)
Primary logical access is controlled through the application level security provided by the Meter
Reading application, Datamatic. The assistant administrator of meter reading and the unit
supervisor of meter reading are responsible for maintaining security at the application level.
Page 17
Application level security for the Datamatic application has been established via groups. The
groups established include meter readers, collections, and inspections. Each group has been
assigned privileges based upon job function. Application users have unique IDs and passwords.
Data from the Meter Reading application on the Windows 2003 server is exported and uploaded
to CC&B nightly. The upload is controlled by the Tivoli Workload Scheduler via FTP. The
Windows 2003 server is located in the center of the Meter Reading Department. Several meter
reading staff members work in the area, which minimizes the risk of unauthorized personnel
attempting to gain access to the server.
BancTec System (Payments)
Payments are processed by the Division of UFC through the BancTec Processing System. The
BancTec remittance processors read the account and balance information as the stubs and
checks pass through the machine. The processors are located in an area secured by the keycard
system. Only data conversion operators with an operator ID and password can run the machine
and there are several employees working in the area who would be aware if someone other than
a data conversion clerk attempted to operate this machine. Files are transferred from the
BancTec system into the CC&B application through an FTP process, controlled by the Tivoli
Workload Scheduler. Changes in access are administered by BancTec after contact from DOW.
The following items assist in controlling the computer rooms to protect them from adverse
environmental conditions:
Automatic climate control;
FM 200 fire suppression system;
Raised flooring;
Fire alarm;
Fire extinguisher;
Uninterruptable Power Supplies (“UPS”);
Backup Generators;
Temperature sensors.
The computer equipment at the DOW is self insured by the City of Cleveland.
7. IT Operations
DOW operators are trained and hold the necessary skills to perform their job functions. Operators
are assigned to perform operational duties (resetting user passwords, terminal support, microfiche
processing, etc.). There are two shifts each day, Monday through Friday. Operators are supervised
by the customer systems group leader. Each shift overlaps by one half hour in order for operators to
discuss unresolved problems or operational errors. The second shift operators prepare a record
count of the files included in the nightly batch sent to IBM. After IBM runs the batches, the records
counts are used to verify batch processing was complete.
Operational functions related to the CC&B application are performed largely by IBM as part of the
application managed service contract between IBM and the DOW. The operational functions
performed by IBM are overseen by the DOW computer operations supervisor. The CC&B team
consists primarily of the following roles:
Delivery project executive (“DPE”) (IBM) – Provide on-site management for all IBM managed
services resources.
Managed services manager (IBM) – Supports the IBM DPE and acts as point of contact for
routine operational issues. Supports operations with functional analysis.
Page 18
DBA/system administration (IBM) – Provides primary system administration, database
administration, and code management functions. This resource is supported by a team of IBM
DBAs and operation system administrators from the IBM global resource pool, from the hosting
group. The hosting DBAs and OS administrators perform all root-level changes to the system.
Operations monitoring and functional analysis (4 staff) (IBM) – These resources monitor batch
processing, manage the batch scheduler, prepare batch status reports, and provide functional
analysis for problem resolution.
Computer operations supervisor (DOW) – This is the first point of contact for batch processing
issues and can authorize actions on behalf of the DOW. In addition, the computer operations
supervisor is responsible for management of batch reports. This position is supported by other
DOW computer operations staff.
An operations run book is maintained to document instructions for work performed by the application
managed services team. The job schedule is contained in the operations run book and includes the
job name, job description, data preparation instructions, set up requirements, schedule information,
description of the processing steps, and expected results. Daily production jobs are submitted by the
batch scheduling program, Tivoli, or by the application managed services team based on
authorization from DOW. A nightly batch report is generated after batch processing is completed and
is reviewed by one of the IBM operations monitoring and functional analysts. Job status is also
available from the CC&B on-line application and in the application logs. The CC&B team maintains
close contact with the business users to troubleshoot any data issues.
Batch processing is performed on a dedicated batch server using Tivoli Workload Manager. A
development batch server is available in the event the primary batch server should fail. The server
can be restored as the primary server.
The production CC&B environment is configured for high availability. There are two physical
application servers, each running two Java Virtual Machines (“JVMs”). Calls to the application
servers are load-balanced in a round-robin manner between the four JVM. Two database servers are
configured in an active-passive configuration using the AIX operating systems native High Availability
Cluster Multi-Processing (“HACPM”) protocol.
The computer operations supervisor can view the DOW batch data files that have been uploaded to
CC&B on the IBM server. These data files are archived daily and have been maintained since DOW
has gone live with the CC&B application.
All reporting for the CC&B application is produced using Business Objects Crystal Reports. Reports
are generated for various departments by accessing the Crystal reports server upon completion of the
nightly batch processing. Nightly reports are run against the CC&B production database. Once
reports have been generated, they are generally available by 8 AM and accessible through Business
Objects. An off-line copy of the CC&B production database, Operational Data Store (“ODS”) is
available for on-demand reporting and data analysis. The ODS is updated in real time using
Streams, a database layer technology from Oracle. Control queries are run on a daily basis to verify
ODS is in synch with the CC&B production database. ODS is maintained by the DOW staff.
Reporting errors or failed reports are forwarded to IBM for resolution via a help desk ticket. If the
errors are not resolved by 8 AM, department managers are notified by the computer operations
supervisor that reports are unavailable. Once the problems are corrected and the reports are
generated, a follow up email is sent to department managers indicating the reports are available.
The DOW has an agreement with IBM for hosting and application managed services, which includes
offsite data backup.
Page 19
IBM developed a schedule that outlines which servers and databases are backed up, as well as the
frequency and the duration of the backup. Production and non production (development) servers are
incrementally backed up on a daily and yearly basis. IBM also completes a full backup of DOW‟s
production database every Tuesday, Thursday, and Saturday, with an archive log backup performed
on a daily basis.
Production data for the Revenue Collection System resides on the DOW Storage Area Network
(SAN). The DOW has two SAN nodes. The main SAN node is located at the Information Technology
Center and the backup SAN node is located at the Public Utilities Building. The two nodes are
approximately 11 miles apart. The main SAN is replicated to the backup SAN. The DOW is prepared
to switch from the main SAN in the DOW computer room to the backup SAN at the off-site facility.
The SANs are maintained and monitored by a third party vendor, EMC. The SAN replication
monitoring services provided are error based. Monitoring is not performed nor is a report generated
to confirm the backup SAN is in sync with the main SAN unless an error occurs. Should an error
occur, EMC will contact the network analyst to notify DOW of the error and the fix performed by EMC.
Environmental controls at the SAN include a backup power supply (UPS), FM 200 fire suppression
system, and an air conditioning unit.
D. FINANCIAL APPLICATION CONTROLS
1. Customer Care and Billing (“CC&B”) Organizational Chart
2. Background
The DOW implemented the Oracle® Utilities, Customer Care and Billing (“CC&B”) application
(leading package software for utility billing). This system handles all aspects of utility billing including:
customer information/service connections, meter reads, rates, billing, field service, and meter
management.
All reporting for CC&B is produced using Business Objects Crystal Reports. Reports are accessed
by end users via a web-based user interface. Business Objects is secured with an application-level
username and password separate from the CC&B username and password. Report access is
controlled by user groups.
Page 20
In addition, when events occur that can only be resolved manually, the CC&B application creates an
e-mail like message that describes the event. CC&B refers to these events as To Do entries.
Examples of events that trigger the creation of To Do entries include bill segment errors, payment
errors, and accounts without bill cycles. These To Do entries display in a To Do list, which is
generated nightly during batch processing. Each To Do entry is assigned a specific To Do role. The
role defines the user or users who may view and work on the entry. When viewing a To Do list, the
user sees only the entries associated with roles to which the user belongs. The To Do lists are
distributed to managers and supervisors.
The managers and supervisors associated with the role assign the To Do entries to customer service
representatives for follow-up and resolution. When the customer service representative displays the
transaction associated with the To Do entry, he/she is assigned as the person “working” on the entry.
Once the error is resolved, the user marks the entry as complete. Completed entries no longer
appear on the To Do list; however, they are retained on the database for audit purposes. In addition,
users may need to send To Do entries to other departments (i.e. assign To Do roles) if more than one
business segment is needed to resolve the To Do entry.
A To Do Entry Summary and To Do Events report are generated nightly as a part of the batch
process and can be accessed by all Customer Account Services (CAS) managers and supervisors.
The To Do entry reports can be obtained through Business Objects (located in the Customer Service
Folder).
In CC&B, the To Do Supervisor Summary shows the total unresolved To Do entries by type. The
summary also breaks the unresolved To Do entries into two categories, unassigned and unresolved
entries (“open”) and assigned entries being worked (“being worked on”). To Do entries that have
been resolved are closed and no longer visible to users in CC&B. To help in assigning To Do entries
to staff, managers and supervisors have the ability to query the To Do entries in CC&B by clicking on
the aging graph information as well as the totals. The oldest To Do entries are extracted and
assigned to end users to complete within a specified timeframe. CC&B classifies To Do entries
according to age and by color on the graph according to the following categories:
Less than 50 days old. (green)
Between 50 and 100 days old. (yellow)
Greater than 100 days old. (red)
Upon conversion to the new system, several factors contributed to a rapidly increasing list of To Do
entries. Because policies and procedures had not been developed to address the various types of To
Do entries, how to resolve, and how to monitor, a backlog of To Do entries was experienced by the
end of the audit period. Some of the factors that contributed to the backlog of To Do entries included:
The dissemination of To Do entries to the appropriate departments had not been fully developed.
A high number of accounts were out of the tolerance range for acceptable reads. When not
resolved within seven business days, the account received an estimated bill.
Backlog of data entry of meter exchanges and final meter readings (start/stops at cutover).
A high number of out of order meters, no reads, and vacant premises.
The parameter setting for the maximum number of estimated bills before an actual read must
occur was set to two and near the end of the calendar year, some accounts reached this
threshold.
3. Meter Reading
Individual meter readings are performed on a quarterly basis (every 91 days) for each customer. All
active accounts in a scheduled route are assigned for a meter reading each billing cycle. Inactive
accounts, which are not read, are placed into an „inactive status‟ route which is never scheduled.
Inactive accounts are accounts where the service point has been abolished. This would occur, for
Page 21
example, when a block of houses are demolished in anticipation of commercial building on that
property. To maintain the history for those accounts, they are marked as inactive.
Hand-held computers, called Road Runners, and laptop computers are used for meter reading. The
Road Runners and laptops interface with a vendor purchased meter reading application from
Datamatic LTD, on a Windows 2003 file server. The Datamatic meter reading application interfaces
with the Customer Care and Billing (CC&B) application that runs on the Oracle® web based IBM
managed platform.
There are four types of meter reads:
Daily meter reads for residential and commercial customers using the Road Runner devices.
Investigation meter reads performed by investigation meter readers at a customer‟s request.
Meter data is entered into laptop computers.
Final meter reads are performed when there is a change of ownership.
Collection meter reads are required for delinquent accounts. The data is entered into laptop
computers by collection meter readers.
The following definitions refer to the “types” of meters:
Inside meter with remote reading device: A base meter is located inside the business and/or
premises which records consumption. A remote device is located on the exterior of the premise
that reflects the consumption from the internal base meter. Meter readers read the remote
reading device.
Vault meter: Normally located in a manhole in the street and/or in residential tree lawn. A vault
meter is required when the size of the meter fitting is 3 inches and greater for commercial
accounts. A meter vault will also be required if the distance between the existing right away and
the domestic service point of entry in to the building/premise is more than 150 feet.
Master meter communities: Industrial meters that record consumption usage for communities that
purchase wholesale water from DOW. These meters are read by DOW twice a month and are
billed monthly.
Compound meter: Have two registers that record high/low flow consumption usage and are
mainly installed at commercial/industrial premises.
Re-registering meter: Installed at premises that record consumption for outside usage. In these
cases, a premise will have two or more meters installed. These meters are typically installed on
premises that have a swimming pool or sprinkler system that is metered separately.
Consumption usage is recorded and the customer account will reflect a discount on sewer
charges.
4. Daily Meter Reads
The Meter Reading Department prepares an annual master schedule of meter reads and bill cycles
per route. The master schedule comprises a 91-day period for each route. On a daily basis, based
on the master schedules for meter reads and bill cycle, the system will automatically send three days
of meter reading routes to the Datamatic meter reading application. The meter read and bill cycle
spans an eight-day period. Day 1 of the meter read cycle is the day meter readers actually read the
meters and the readings are uploaded to CC&B application. This is followed by an edit window of two
days in which To Do entries, generated by validation tests, are worked before moving to the billing
cycle. The billing cycle begins at the close of the third day when bills are generated during the nightly
batch process. Bills from the meter read cycle continue to be generated, on days four through eight
as To Do entries are resolved. Accounts with To Do entries that remain unresolved by day eight
receive an estimated bill.
Using the three-day sequence schedule, the daily routes for each meter reader are downloaded from
the Datamatic meter reading application into the individual handhelds (Road Runners) and laptops.
Page 22
The meter readers are unable to alter the routes downloaded to the meter reading equipment, and
they cannot add or delete accounts on the scheduled route. The meter readers are able to key in the
reading information, enter a skip code if a reading cannot be obtained, and, if necessary, enter a
special message to explain their entry. Each meter reader receives a daily meter route, which can
vary from cycle to cycle. Therefore, meter readers do not always read the same routes.
Meter readers manually enter the water usage for each meter on their route into the Road Runner. A
tolerance test occurs at the Road Runner level for a range of difference between the current and
previous reads. The Road Runner beeps when a tolerance test fails and the meter reader is required
to re-enter the read. If the same read is entered twice, the Road Runner will accept the read.
Road Runners are first reviewed by the meter readers to ensure an attempt was made to read all
accounts. A field supervisor then checks the Road Runners for blanks, number of locks, and number
of pumps (manhole covers). Locks result from inaccessibility to the meter (i.e. an irate customer, a
fenced in yard, a vicious dog). A second field supervisor checks the Road Runners for blanks before
the upload to the Datamatic meter reading application.
Because the Datamatic meter reading application will not upload a route with blanks, skip codes are
entered for each blank which will result in a To Do entry. The To Do entry will require follow-up as the
account will be investigated in the office by a customer service representative which may result in the
account being rescheduled for a follow-up meter read. Meter readers are encouraged to add a
message to aid in the follow-up process.
5. Investigation Meter Reads
Investigation meter reads are initiated by customer request (i.e. customer calls and requests read, or
has an issue) and are scheduled with the customer through customer service. Investigation meter
reads are performed by investigation meter readers using laptop computers. The accounts are
scheduled for a reading, organized into a route, and downloaded to the Datamatic investigations
application where they are then downloaded to the laptops. The Meter Reading Department assigns
about 60 meter reads to each investigation meter reader daily. The investigation meter readers visit
the premise, record the water usage information from the meter, and add notes to aid the customer
service representative initiate the action to be taken because of the investigation meter read. The
investigation meter reads are uploaded to the Datamatic investigation application at the end of the
business day. These accounts then follow the same process as the daily meter reads. Investigation
meter reads are for informational purposes only and do not produce a bill.
While scheduling the investigation meter read, a customer service representative may see a need to
prevent the customer account from going to collections for nonpayment while the investigation is in
process. In this case, the customer service representative will extend the customer‟s payment plan
based on a CAS pre-established time table. Depending upon the type of investigation, this period is
between 30-90 days. The CC&B application requires an end date be entered when extending the
customer payment plan. The payment plan extension relates to the payment process only (collection
for non-payment) and does not stop bill generation. If a meter read and bill cycle occur during the
investigation period, a bill will be generated and sent to the customer showing the accumulated
account balance.
Customer service follows up on investigation meter reads after upload into CC&B. If the investigation
meter read requires no further action by DOW, a notification letter is sent to the customer to indicate
the results of the investigation. However, this letter does not appear in CC&B.
If further action is necessary, for example, an adjustment to the account, customer service will initiate
the action in CC&B. The request for action is sent to the appropriate DOW department via a To Do
entry.
Page 23
6. Final Meter Reads
Final meter reads are performed when there is a change of ownership. When a customer calls DOW
to initiate a final meter read, the customer service representative first reviews the customer‟s account
information. If there are no alerts on the account information or the bill has not been previously
estimated, the customer service representative may accept a customer read over the phone which
results in the generation of a final bill. However, if there are alerts on the account (i.e. out-of-order
meter) or the bill has been previously estimated, then an investigation meter read is required. The
final meter read would be scheduled and organized into a route with the investigation meter reads.
After the final meter read is obtained, a final bill is sent to the previous property owner. When a final
meter read is obtained via an investigation meter read, a final meter read fee is charged.
7. Collection Meter Reads
Collection meter reads are required when restoring water services for delinquent accounts and are
performed by collection meter readers using laptop computers. Turn offs are scheduled through the
Datamatic collections application, and follow the daily meter read download and upload process.
The CC&B generates a 15-day notice to the customer indicating the meter will be turned off within 15
days due to failure to pay. After the 15 days, a three-day notice is generated and sent to the
customer. When the meter reader goes to the site, they will leave a final notice (door hanger) at the
premise indicating when the water services are scheduled to be terminated if payment or
arrangements are not made. The water will be turned off at the connection if it is accessible. The
meter reader takes an actual read at turn-off, but the customer is not billed for the consumption at that
time. The consumption accrued between the customer‟s previous meter read and turn-off is included
in the next meter read obtained to generate a bill after the connection has been turned back on. If a
connection has been turned off for more than two weeks, it is scheduled for another meter reading in
order to update the meter status (i.e., unoccupied residence).
During this period of transition from the old system to the new system, when a field activity was
generated to turn off water services because of non-payment, the service agreements were
suspended. The accounts were flagged for review and placed in a “pended” status. The accounts
were no longer billed, although they should have continued to be billed for the customer service fee
and minimum sewer charges. However, there has been a configuration change to the CCB system
that allows accounts to continue to bill for the customer service and the minimum sewer charges
based on their quarterly cycle.
8. Datamatic Meter Reading Upload - All Meter Reads
At the end of each business day, data keyed into the Road Runners and laptops is uploaded to the
Datamatic meter reading application. The data uploaded to the Datamatic meter reading application
is then uploaded into CC&B through the nightly upload batch process by IBM.
After the nightly upload, the Datamatic meter reading application generates the Routes Received
from Road Runners report. This report is sorted by route number and lists the number of meters
scheduled to be read, the number of meters actually read, and the number of meters skipped. The
following day, the unit supervisors in meter reading (residential and commercial) review the meter
read cycle and confirm each route from the Datamatic application has a schedule status of “complete”
in CC&B. On a daily basis, the Batch Execution Status report is received by the assistant to the
assistant administrator of meter reading. Data from the Datamatic meter reading application that did
not post to the CC&B application is included on this report. This occurred when a remark entered by
the meter reader is “non-standard” for computer update. These “non-standard” remarks may occur
frequently, but the volume is low. These exceptions are reviewed and resolved by the assistant to the
assistant administrator of meter reading and are manually input into CC&B.
Page 24
9. CC&B - Tolerance Tests
Tolerance tests are performed on the meter reading data after it is transferred to CC&B. Tolerance
tests are performed to check for the reasonableness of the consumption amount. Tests are also
performed to ensure consumption only occurred on active accounts.
The tolerance algorithm for high low consumption is defined in the CC&B administrative tables. The
ability to change the tolerance algorithm for high low consumption is restricted to the assistant
administrator of billing and the customer support representative, who acts as the internal
configuration resource for DOW. IBM has access to the tolerance algorithm for high low
consumption, via the Oracle® Developer tool used for querying the database.
When an account fails the tolerance tests, a To Do entry is created. If the tolerance tests are passed,
the account is updated with the meter read and the bill is processed when the bill cycle opens.
10. CC&B - Edit Checks
During the nightly batch routine to update CC&B, two types of edit checks occur:
Validity Checks - Checks for invalid data such as month out of the range of 01 through 12, day
out of range of 01 through 31, non-numeric data in a numeric field, etc.
Logic Checks - Checks for logic errors such as customer sequence not equal to transaction and
master files, sub-meter consumption greater than main meter consumption, read date equal to or
before the last read date, etc.
Edit check failures result in the creation of To Do entries.
11. Meter Reading To Do Entries
The Meter Reading To Do lists are distributed to managers and supervisors. The Meter Reading
Department assistant administrator assigns the To Do entries to the Meter Reading Department
customer service representatives to investigate. The customer service representatives are
responsible for working the assigned To Do entries. To Do entries are worked by reviewing the
account information and various screens related to the meter reading cycle, including the account
information, meter read history, meter information, and skip codes entered by the meter reader. If a
customer service representative determines a re-read is needed, the customer service representative
selects the „Re-Read‟ button on the CC&B meter read screen. This automatically assigns the
account to a route, which will go out the next day to obtain the tolerance meter read. Tolerance meter
reads follow the daily meter read process.
Re-reads result in a field activity, which is a task that takes place at a service point (i.e. install meter,
read meter, disconnect service). The assistant to the assistant administrator of meter reading
periodically requests a listing of all outstanding field activities from IT. The assistant to the assistant
administrator of meter reading reviews the field activities listed on the report to identify the status and
initiate the needed follow-up action for resolution. The Department obtained a listing of outstanding
field activities three times during the period to monitor field activities.
12. Estimated Bills
In most cases if a meter reading cycle To Do entry is not resolved within the eight-day meter read and
bill cycle, an estimated bill is automatically generated. This helps ensure all accounts are billed each
billing cycle.
Bills are estimated using the consumption on the previous term bill. If that is not available, the
previous year‟s consumption for that term is used (the bill from the same quarter of the previous
year). Meter Readings history from the last twelve periods was brought forward from the legacy
system. If neither is available, the area trend consumption is used. Area trend consumption is the
average consumption within the city code. The estimated consumption is then applied to the billing
rates to calculate the bill in the same fashion as an actual consumption read.
Page 25
CC&B only permits an account to be estimated two times. After two system estimates, the system
will not generate a third estimated bill. When converting to the new system, any account on DOW‟s
legacy system with an estimated status was brought over to the new system as having only one
estimated bill. As such, any account with an estimated bill on the AS/400 billing application would
start with one estimated bill in CC&B. If an actual read could not be obtained after the first CC&B
billing cycle, the second estimated bill would be generated. The following bill cycle, the CC&B
maximum estimated bill parameter of two estimated bills would be met and a bill would not be
generated without an actual read.
DOW‟s process for accounts, maxed out at the time of the first quarter 2011 bills, is to request an
extraction of accounts that are pending bills with a closed bill cycle from IBM. These accounts are
reviewed by the meter reading staff and the accounts will be billed based on an actual read. If no
actual read is available, the account will require a re-read investigation. A field activity is scheduled.
Upon completion of the field activity, the account is billed. If an adjustment is needed, the meter
reading staff will cancel and rebill the account to reflect the actual meter reading. If the account
needs to be adjusted that results back to the legacy system to correct then a “To Do” entry is created
and assigned to the Billing department to complete the adjustment.
13. Out-of-Order Meters
In CC&B, out-of-order meters can be identified through the „Out-of-Order‟ account alert.
Customers can report out-of-order meters to the Meter Reading Department or meter readers can
enter a skip code into their Road Runner handheld meter reading device that signifies an account has
an out-of-order meter. The account remains in the active status to ensure it is still scheduled to be
read along with the meter reader‟s route each billing cycle.
Each evening a computer program processes accounts marked with an out-of-order alert and
generates letters to the customer. The letters are sent to the customers requesting them to contact
DOW to schedule an appointment for meter replacement. There is currently no follow-up by the
DOW with customers who do not call to schedule an appointment for meter replacement.
E. BILLING PROCEDURES
On the third day of the meter read cycle, the bill cycle or bill window opens. The assistant
administrator of billing receives the daily bill file from IT. The daily bill file contains the billing
information sent to SourceLink, the third party vendor who prints the bills. All accounts listed in the
daily bill file have passed the CC&B tolerance and validity tests. The assistant administrator of billing
reviews the daily bill file again for any issues (i.e. high consumption, high homestead) to determine if
the bill print should be held and investigated. If any accounts are held for further review, the assistant
administrator of billing will suppress the bill at SourceLink, via an on-line viewer, which prevents the
bill from printing that day, and DOW investigates the billing issue. The assistant administrator of
billing maintains a spreadsheet of all suppressed bills to ensure all accounts are investigated,
resolved, and a bill is eventually generated. Once resolved, the bills are included in the daily bill file
sent to SourceLink to print. The spreadsheet is submitted weekly to the Assistant Commissioner of
CAS as part of DOW‟s monitoring procedures.
The assistant administrator of billing maintains a spreadsheet to track the total number of bills
produced on a daily basis. After SourceLink prints and mails the bills, they send an invoice for the
postage to the DOW. This invoice includes the total dollar amount for the postage as well as the
number of bills printed and mailed. The assistant administrator of billing compares the “billing counts”
spreadsheet to the number of bills sent by SourceLink to ensure all bills were printed and mailed by
the vendor.
CC&B generates a Detail and Summary Bill Register, which lists all bills generated from the nightly
processing. This report is used by Accounts Receivable to balance the daily accounts receivable.
Page 26
Billing Related To Do Entries - The assistant administrator of billing receives the To Do entries related
to EZPay, bill segment errors, and bill cycle errors, and assigns the To Do entries to Billing
Department staff to work.
1. Master Meter and Emergency Stand-by Accounts
Master meter accounts exist for communities that buy water from the City of Cleveland, but have their
own distribution systems. Master meter communities include: Bedford, Chagrin Falls, Cleveland
Heights, Lakewood, and Geauga County. Accounts also exist for emergency standby communities
that only purchase water from the City in emergency situations. Those communities include: Berea,
Lake County, Lorain County, North Ridgeville, Medina County, Summit County, Hudson Village, and
Portage County.
Master meters are read every 15 days to ensure they are working correctly. Readings are recorded
in books maintained by the meter reading section. Master meter communities are billed monthly.
Readings are updated into the Master Meter accounts in CC&B. Readings from the books are
entered into a spreadsheet by the assistant administrator of billing, as a backup control procedure.
Master meter bills are generated through CC&B. Master meter communities bill their respective
consumers. Emergency communities are billed for water only when used.
2. Rate Authorization
Rates for water, sewer, and fire lines are authorized by Cleveland City Council, Northeast Ohio
Regional Sewer District (“NEORSD”) or local communities. The assistant administrator of billing
enters new billing rates for water, sewer, and fire lines into the system.
3. Water Rates
Cleveland City Council approves water and fire line rates. Water rates for communities are prorated
based on elevation. The three levels are:
Low and 1st high.
2nd high.
3rd high.
The City of Cleveland has only one water rate for both residential and commercial customers. Since
January 1, 2007, there has been no minimum consumption charge for water.
4. Sewer Rates Only
NEORSD rates are approved by the regional sewer board. Local rates are set and approved by local
city councils. Charges for sewer are based on water consumption times the sewer rate.
5. Fire Lines
Fire line rates are established by Cleveland City Council and billed at a flat rate regardless of usage.
6. Customer Service Charge
DOW assesses a $7.00 quarterly customer service charge to all accounts to recover the costs of
meter reading, billing, remittance and other customer service activities. For accounts with a bill
beginning date after July 16, 2011, they are no longer billed this $7.00 but are now billed a fixed rate
based on meter size.
7. Rate Confirmation
UFC confirms rates for all direct service municipal agencies for which billing procedures are
performed. The objective of the rate confirmation is to verify the accuracy of rate data in the Division
of Water‟s billing system. This confirmation process is performed annually.
The confirmation letters include all current rates being billed for each community. In addition, each
community is asked if the DOW should be billing for any rates other than those indicated on the
confirmation. The community is requested to return the confirmation along with a copy of the
Page 27
ordinance authorizing the rates. UFC sends the letters by certified mail to ensure each community
receives the confirmation letters. If UFC does not receive a response within a reasonable time, a
second confirmation letter is sent to the community.
Confirmation letters are returned to UFC and filed in the Comptroller‟s office. If an incorrect rate was
ever noted, UFC would prepare a control sheet (Water/Sewer Rate Change Procedure and Control
Sheet) to have the rates in the system corrected. The control sheet along with a copy of the returned
confirmation is forwarded to the DOW Billing Section. The Billing Section is responsible for updating
the rate in the billing system as well as any other corrections indicated on the returned confirmation.
8. Rate Change Procedure
Rate ordinances are received and forwarded to the Commissioner of UFC. The UFC manager
prepares the control sheet (Water/Sewer Rate Change Procedure and Control Sheet), and signs and
dates an acknowledgement statement. The following information is included on the control sheet:
Entity requesting the change.
Effective date of the rate increase.
Ordinance number.
Old rate.
Date of ordinance.
New rate.
9. Date received by the Commissioner of UFC.
The rate ordinance and any other supporting documentation is attached to the control sheet. The
control sheet and ordinance are forwarded to the Billing Department to update the rate schedule in
CC&B. The Assistant Administrator of Billing is the only individual authorized to enter new billing
rates for water, sewer and fire lines into CC&B. The Assistant Administrator of Billing performs
testing to ensure the rates were entered correctly and billed amounts are accurately calculated using
the new rates. The Assistant Administrator of Billing then signs and dates an acknowledgement
statement on the control sheet and forwards the control sheet and ordinance to the Assistant
Commissioner of CAS for final verification. The Assistant Commissioner of CAS signs and dates an
acknowledgement statement on the control sheet and forwards the completed control sheet and
ordinance back to UFC to be filed in the entity‟s file.
10. Adjustments
Requests for adjustment are initiated by customer calls to either Customer Account Services (CAS) or
the Meter Reading Department. The CAS representative will review the account to determine if an
adjustment is warranted. If so, the representative will initiate a To Do entry in CC&B and forward it to
the Billing Department for processing. Requests originating from CAS are reviewed and approved by
the Assistant Commissioner of CAS. If the request originates in the Meter Reading Department, the
requests are reviewed by the unit supervisor for accuracy. All approved requests are sent to the
Billing Department for processing.
The Collections Department staff handles requests for adjustments due to bankruptcy and
foreclosures. The requests are initiated and the adjustments are processed in CC&B by the skip
trace staff in the Collections Department for accounts that do not exceed $2,500. Accounts that
exceed the dollar threshold are reviewed and the adjustments are processed by the manager and/or
assistant manager of collections. The write-off process has three levels of approval including the
immediate supervisor, the collections manager, and the Assistant Commissioner of CAS before the
requests are submitted to UFC for auditing. After UFC completes the auditing process, the write-off
requests are forwarded back to the Collections Department to remove the monies from the service
agreements. Each account has a service agreement for each type of service received (i.e. water,
sewer, local).
Page 28
When a customer calls to request an adjustment due to underground/undetectable leaks, the
Customer Service representative will mail the customer the DOW plumber statement form to
complete and return to the attention of the Billing Section. Upon receipt, a Billing Section
representative reviews the plumber statement form to determine if an adjustment is warranted. If an
adjustment is warranted, the Billing Department will initiate and process the adjustment in CC&B with
the appropriate adjustment type. An underground/undetectable leak adjustment is a 50% discount on
the excess usage. Excess usage is determined by reviewing the customer‟s historical consumption
information. DOW processes approximately 300-400 underground/undetectable leak adjustments
annually and customers are only eligible once.
All monetary and non-monetary adjustments to water and sewer bills are made in the Billing Section
and an adjusted bill is mailed the next day. For example, if an account is located in Olmsted
Township, but was billed as Olmsted Falls, the bill factor would need to be corrected. This is
considered a “non-monetary” adjustment.
Cancel/re-bill adjustments are solely the responsibility of the Billing Section staff to execute on a daily
basis. A To Do entry is created in CC&B describing the required adjustment from one of the following
departments: Customer Service, Collections, Meter Reading, or Customer Account Service
Administration. Adjustments due to underground/undetectable leaks are processed in the Billing
Department and documented in the CC&B with the appropriate adjustment type. The Billing staff
member prints the To Do entry and any supporting documentation to substantiate the adjustment.
The following day, the supervisor reviews the account(s) for the consumption and billed amount via
history screen printouts to validate the correctness of the revised bills. There is no evidence of this
review if no errors are found in the adjustment. If there is an error the supervisor will most likely note
it on the adjustment support and return the adjustment to the Billing staff member for correction and
reprocessing. After supervisory approval, the completed adjustments are prepared for mail
distribution and the To Do entry and any supporting documentation is filed in the Billing Section.
Adjustments, which affect the payment side of processing, are considered “monetary” adjustments.
Adjustments exceeding $1,000 must be accompanied by supporting documentation and have the
Assistant Commissioner of CAS‟s approval before being forwarded to UFC. Once an adjustment is
received by UFC from CAS, it is audited and signed by the accounts receivable supervisor.
Adjustments under $1,000 are not audited by UFC. If the transaction is a refund over $1,000, the
Comptroller will also review and sign the transaction. Prior to the actual approval for a check to be
issued, all refund transactions are audited by UFC for completeness and accuracy.
When an adjustment is received, it is date stamped and entered into a control log that documents the
account number, amount of the transaction and the date received. UFC maintains a copy of all
transactions audited.
F. NEW ACCOUNT SET UP
CC&B application security is controlled in two levels: domain level security and application level
security. Domain level security is controlled via authentication to the DOW Active Directory (“AD”)
through a Lightweight Directory Access Protocol (“LDAP”) hook that is administered in the Weblogic
application server tier. CC&B users have unique usernames set up in AD which differ from their
standard network username. CC&B domain accounts are established by the DOW IT network team.
Application level security is controlled within CC&B through the use of security groups. This is
administered by a dedicated CC&B security administrator. Rights must be granted in both Active
Directory and the CC&B application for a user to access the system.
CC&B domain accounts are established by the DOW network team after an approved IT system
request form is submitted to IT via established helpdesk processes.
Page 29
The Customer Account Services (“CAS”) security administrator is responsible for providing security
permissions and ensuring all employees have the appropriate access levels to perform their daily job
functions. The requirements for granting a user application level security in Customer Care and Billing
(CCB) system requires proper authorization from the section manager and the Assistant
Commissioner of Customer Account Services prior to access being provided to a new user.
Prior to application level authority being granted, a Customer Care and Billing access form is
required to be filled out by each end user with the appropriate sign-off approval from the section
manager and the Assistant Commissioner of Customer Account Services prior to any application level
security access rights being updated in the billing system.
Upon receipt of the approved security access forms the security administrator will update the
application level security rights accordingly in the billing system. There is an annual renewal process
that is currently in place, which requires all end users to resubmit updated Customer Care and Billing
(“CC&B”) access forms on an annual basis. The renewal access forms are checked against the
system security access for accuracy. In the event the security administrator does not receive an
updated access form during the renewal period the end user(s) system access will be revoked until
such forms with the authorization approval is submitted. There are also periodic security level checks
in addition to the renewal process that are performed by the administrator to ensure the users have
the appropriate access rights.
G. PAYMENTS
DOW customers can make utility payments through a number of different channels. Payments can
be made in cash or by credit card at the Public Utilities Building on Lakeside Avenue; however, less
than 10 percent of total payments are made by this method. Customers can mail their payments to
the DOW, pay through an on-line agent like Kubra, or pay at banks and other payment locations such
as drugstores or third party vendors. In addition, customers can make arrangements with the DOW
for automatic debit of their bank account. The DOW has also contracted with PNC Bank for lockbox
services for its larger clients and master meter accounts. UFC is responsible for the payment and
accounting functions for the DOW.
1. UFC Cashiers Department
The UFC Cashiers Department uses the Professional Consultancy International (PCI) Revenue
Collection System (“RCS”) as their cashiering system.
Cashiers receive water and sewer payments from walk-in customers at the 1201 Lakeside Building.
The cashiers are the only individuals throughout the payment process who are authorized to receive
cash. Cashiers are responsible for balancing their daily receipt totals individually. At the end of the
business day, each cashier balances the tender (cash, checks and credit card payments) to the
transactions recorded in the PCI system. The cashier also balances by service type (i.e. Water and
Sewer payments or Permits and Sales payments). The cashier prints and signs the cashier activity
reports. The Principal Cashier reviews the cashier activity reports for accuracy. A PCI Daily Bank
Totals Report is generated listing all cashier transaction information by tender and account for
deposit. Each cashier balances to this report. All cashiers sign the Cashier Deposit Sheet which
signifies deposits were verified. Each cashiers deposit is placed in a sealed bag and placed in a
locked pouch. All of the cashiers‟ deposits are then placed in a large locked bag. The deposit and
Daily Bank Totals Report are taken by a security guard to the Department of Treasury at Cleveland
City Hall. At the Department of Treasury, the cash and checks are recounted, the deposit slip is
prepared and the deposit is sent to the bank. At the end of each day, a payment file is generated by
PCI and uploaded to CC&B through the nightly batch process to update customer accounts with the
appropriate payment information.
Page 30
Security cameras have been placed throughout the cashier area. The cameras capture all activity
digitally. The information is stored on a server for a minimum of 30 days for review if necessary. In
addition, UFC and Public Utilities security are able to view the activity in the cashier area with real
time cameras through a PC. Access to the cashier‟s area is restricted by keycard and is limited to
cashiers, UFC management, and security personnel who pick up the deposit.
2. UFC Cash Receipts Section
Mail Receipts - The UFC Cash Receipts Section processes water and sewer payments received by
mail. Mail is first sorted into two categories, agency and postal delivery. The agency mail is sorted
into three categories: banks, payment locations, and pay-by-phone (Huntington Bank).
Mail is opened using an electronic mail opener. A Cash Receipts Department staff member extracts
the contents of each envelope, checking for payment and stubs and then sorts the payments into
various payment groups. The payment groups are:
Full / partial payments
Check only
Multi payments
Large multi
Check and skirts
Check and list
Check only non-posting
Stub only
Full payments are processed by the 9500 BancTec Remittance Processing System. Stubs and
checks are scanned through the remittance processor machines. The machine stops if a stub of
$250 or more is scanned and asks the operator to “accept” or “skip” the payment. Most payments of
$250 or more are not automatically run through the BancTec system, but are hand keyed. The only
large payments run through the BancTec Remittance Processing System are those received from
agencies. The 9500 BancTec Remittance Processing System also performs the following edit
checks:
Batch type must be a valid menu option.
Form number must be numeric.
Account number must be 10 digits, numeric, and may not contain all zeros on stub.
Account number check digit must be numeric. Check digit on positions 2 - 11. One digit required
for validation as check for documents of type 1 (water/sewer) on check.
Amount due must be nine digits, numeric, and may not contain all zeros on stub.
Payment code must equal 0, 1, 4, 5, 7, 8, or 9 on stub.
Customer sequence number must be numeric on stub.
Any unscannable stub payments and check-only payments are processed through the PCI cashiering
system.
3. Agency payments
Agency payments consist of payments from banks and payment locations that act as agents for the
DOW and accept utility payments from customers. These agents, in turn, remit the payments to UFC
by issuing their own checks for the total daily receipts. Customer payment stubs are also sent to UFC
to support the total amounts. The stubs are run through the BancTec remittance processors. Batch
totals calculated by the BancTec system are compared against the checks received from the agents.
Discrepancies are investigated and reviewed immediately.
The Cash Receipts Section retrieves daily account statements from the appropriate Bank websites for
EZ Pay, lockbox, and direct deposit transactions.
Page 31
4. EZ Pay Method
Customers can make arrangements to pay water and sewer bills by allowing the DOW to
automatically deduct quarterly payments from their bank accounts. On a daily basis, the DOW
generates a file of EZ pay customers with payments due and the date for extraction. This file is sent
to PNC Bank, who will debit the accounts of the listed customers and deposit the stated payments to
the DOW‟s account for the day listed on the register. The appropriate bank statement is accessed
each day by the Cash Receipts Section and the EZ Pay deposit is verified to it.
The DOW sends payment stubs to EZ Pay customers to inform them of the total amount due and the
date when the payment will be deducted from their account. Consumers generally receive payment
stubs about 10-15 days before the due date, to allow them to dispute the payment due amount, or to
ensure that sufficient funds will be in their bank accounts by the withdraw date. In the event the
customers do not have sufficient funds in their bank accounts, PNC Bank will deposit the amount to
the DOW and then issue a separate debit/returned item, which will adjust the DOW‟s account
accordingly. UFC will reverse the payment from the customer‟s account.
5. Lockbox Method
The UFC uses the lockbox services of PNC Bank for payment of large commercial accounts. UFC
receives a daily report from the bank showing the control totals of the daily receipts and deposits
made to the DOW‟s bank account. UFC also receives payment stubs for lockbox payments, which
are run through the BancTec system.
6. Direct Deposit Method
In the direct deposit method, customers use an agent to pay their utility bill. The agents provide an
electronic payment file which is uploaded to CC&B through the nightly batch process and the
payments are direct deposited to the DOW‟s bank account. Payments made through Checkfree,
Metavante and Kubra fall in this category. UFC receives a fax from Smartel/Huntington Bank
detailing customer account information and payment amounts. This information is manually keyed
into the BancTec Remittance Processing system. UFC receives a daily report from the agents
showing the control totals of the daily receipts and deposits made to the DOW‟s bank account. The
agent totals are balanced to the bank deposit totals.
7. Cash Receipts Balancing
The Cash Receipts Section reconciles all of the mail, agency, EZ pay, direct deposit and lockbox
totals to the total deposit each day. The reconciliation detail is summarized on a report of water and
sewer cash receipts for the day.
8. Cash Receipts Deposit
All checks received by the Cash Receipts Section are sealed in a deposit bag. A security guard picks
up the deposit bags and delivers them to the Department of Treasury in Cleveland City Hall where a
deposit slip is prepared. The deposit is then picked up by a security guard and taken to the bank.
Access to the Cash Receipts area is restricted by keycard and is limited to the Cash Receipts Section
staff, UFC management, and security personnel who pick up the deposit.
9. CC&B Upload and Payment Balancing
DOW‟s IT Department sends files with the PCI and BancTec payment processing information to IBM.
Other agents send the payment information in electronic files directly to IBM. Payments are uploaded
into CC&B through the nightly batch process which updates customer accounts. Validity and logic
tests are performed on the payment data in CC&B. Payments which fail the tests are applied to a
suspense distribution code for investigation by the UFC Accounts Receivable Section the following
day.
Page 32
The next morning, Accounts Receivable compares the tender totals on the Daily Payment Listing
(R006) from CC&B to payment reports for each tender type on the manually updated payment
balancing reconciliation spreadsheet. Differences such as payment exceptions are explained on the
spreadsheet. However, if a difference is identified, UFC will work with IT to investigate it. Controls
are in place to perform a daily reconciliation of all payment types.
10. UFC General Accounting Section
The Cash Receipts Section sends calculator tapes (mail receipts and agency payments) and direct
deposit reports (lockbox and direct deposits) to the UFC General Accounting Section. The Cashiers
Section also sends calculator tapes for cashier totals to the General Accounting Section. The
General Accounting Section prepares Cash Receipt documents (“CR”) in the City‟s financial
accounting system based on this information from the Cash Receipts and Cashiers Sections. The
CR is a receiving document that updates the General Ledger with the amount of the payments. The
CR‟s are approved electronically in the City‟s financial accounting system.
11. City of Cleveland Department of Treasury
The Department of Treasury at Cleveland City Hall receives deposit bags with cash and checks from
the Cashiers Section and deposit bags with checks only from the Cash Receipts Section. The
Department of Treasury approves the CR‟s and also receives the Daily Bank Totals Report and CR
Transmittal Form. The Daily Bank Totals Report identifies the cash, checks, and credit card totals by
individual cashier. The CR Transmittal Form identifies each CR including the document number and
deposit amount. Cash is recounted and agreed to the amount recorded on the Daily Bank Totals
Report. The deposit is picked-up from the Department of Treasury by an armored truck service.
Deposits are made on the date received.
12. UFC Accounts Receivable Section
The Accounts Receivable Section performs balancing procedures daily. The previous day‟s accounts
receivable balance, plus the current days net bills processed, minus the net payments applied, and
plus or minus the net adjustments is reconciled to the new accounts receivable balance. The
accounts receivable balance is reconciled to the balance control total in CC&B. The following CC&B
reports, available from Business Objects, are used in calculating the total amount processed:
Payment Report.
Payment Cancellation Report.
Billing Report.
Billing Cancellation Report.
Adjustment Report.
Adjustment Cancellation Report.
H. DISTRIBUTION
The UFC remits sewer collections to the NEORSD, and collections of local charges, sewer
assessments, refuse charges, and administrative charges to the City of Cleveland Division of Water
Pollution Control (WPC) and various other communities on a monthly basis. The Accounts
Receivable section prepares the Assessment and Local Charge Remittance Schedule on a monthly
basis. The Schedule is prepared on a spreadsheet, using the Agency, Assessments and Local
Charge Remittances report from CC&B. The Schedule details, per community, the number of
accounts billed, total payments, total canceled payments, total refunds, total transfers, total
carryovers from the previous month, total billing fee charges and the net remittance to be made for
the month. The General Accounting Section begins preparing the monthly remittance schedule on
the first business day of the following month, with completion anticipated by the fourth business day
of the same month. The communities are to have deposits made by the 15th of each month. The
Utilities Comptroller reviews the Schedule for completeness and accuracy.
Page 33
After the Schedule is reviewed and approved by the Utilities Comptroller, it is forwarded to the
General Accounting Section for preparation of the General Accounting Expenditures (GAX‟s). The
GAX‟s are approved by the Commissioner of UFC, the Director of Public Utilities and the Division of
Accounts where the disbursement of funds to NEORSD and other communities will be made.
The total monthly remittance per community is net of billing fees charged by the DOW. The total
monthly remittance to NEORSD and WPC is gross. Billing fees are invoiced separately.
A few days before sending the actual remittance, UFC sends remittance letters, which detail the net
remittance to NEORSD, WPC, and other communities to notify them of their monthly remittance
amounts.
I. USER CONTROL CONSIDERATIONS
The DOW Billing and Payment system was designed with the assumption that certain controls would
be implemented by user organizations. This section describes additional controls that should be in
operation at the user organizations to complement the controls at the DOW. User auditors should
consider whether the following controls have been placed in operation at user organizations:
User organizations should confirm the sewer payments per the statement sent by the DOW are
equal to the amount distributed to their organization.
User organizations should respond to rate confirmation requests sent to them by the DOW.
The user organization control considerations presented above do not represent a comprehensive set
of all the controls that should be employed by user organizations. Other controls may be required at
user organizations.
Page 35
Management has specified certain control objectives that it believes are relevant to its clients and their
auditors and has identified its control activities in place to achieve those objectives. Clark Schaefer
Hackett has determined the nature, timing, and extent of testing to be performed in order to determine if
control activities specified by management are operating effectively. Results of operating effectiveness
are detailed in Section IV of this report.
Tests performed of the operational effectiveness of the controls detailed in the following matrices are
described below:
Type Description
Inquiry
Inquired of appropriate personnel. Inquiries seeking relevant information or
representation from DOW personnel were performed to obtain, among other
things:
Knowledge and additional information regarding the control.
Corroborating evidence of the control.
As inquiries were performed for substantially all controls, the test was not listed
individually for every control shown in the accompanying matrices.
Observation Observed the application or existence of specific controls as represented.
Inspection
Inspected documents and records indicating performance of the controls. This
includes, among other things:
Review of source documentation and authorizations to verify propriety of
transactions processed.
Review of documents or records for evidence of performance, such as
existence of initials or signatures.
Inspection of reconciliations and management reports that age or quantify
reconciling items to assess whether balances and reconciling items are
properly monitored, controlled and resolved on a timely basis.
Inspection of DOW documentation, such as department operational guidelines,
policies and procedures.
Reperformance
Reperformed the control or processing application to ensure the accuracy of its
operation. This includes, among other things:
Obtaining evidence of the arithmetical accuracy and correct processing of
transactions by performing independent calculations and reconciliations.
Running "live" transactions through the processing environment to validate
anticipated outcomes.
Page 36
Control Objective 1: IT Governance
Controls provide reasonable assurance that the IT department structure, knowledge, and training are
appropriate for the complexity of the IT environment and are consistent with the overall strategy of the
organization.
Control
Activity Description of Controls Testing Performed Test Results
1A Organizational charts, job
descriptions and a "chart of
operational roles and
responsibilities" are used to
communicate the roles and
segregation of duties for the IT
Department.
Inspected the IT organizational chart
and job descriptions. Reviewed for
significant changes in staffing compared
to prior year and for adequate
segregation of duties between roles.
No exceptions
noted.
1B Formal policies and procedures
are used to govern the controls of
the IT operations and the assets
managed by IT.
Reviewed the contract with IBM and
CC&B Operations Manual to validate
that clear responsibilities were defined
between the parties.
Also, see test in 1E regarding the IT
Use Policy.
No exceptions
noted.
1C An IT training strategy aligns
continuing education with on-going
IT initiatives and allows DOW IT
employees to keep abreast of the
latest technology.
Reviewed the DOW 2009-2011 IT
Master Plan, the DOW 2008-2012
Strategic Business Plan, and the IT
Training strategy.
Through inquiry, validated how
management achieved alignment of
training to the Master Plan and
Strategic Plan.
No exceptions
noted.
1D The IT Governance Committee,
comprised of individuals from the
IT staff and each section within the
Division of Water, meets monthly
to monitor information systems.
Meeting minutes are used to
document topics discussed and
actions performed.
Inspected a sample of IT Governance
Committee meeting minutes to validate
that meetings were attended by the
members and that decisions made by
the Governance Committee had been
appropriately documented in the
minutes.
No exceptions
noted.
Page 37
Control Objective 1: IT Governance
Controls provide reasonable assurance that the IT department structure, knowledge, and training are
appropriate for the complexity of the IT environment and are consistent with the overall strategy of the
organization.
Control
Activity Description of Controls Testing Performed Test Results
1E Acknowledgment forms are signed
to document user acceptance of
the DOW Information Technology
Use policy.
Reviewed the IT Use Policy for
completeness. Through inquiry,
ensured that the policy was current and
reflected any revised policies
implemented by IT management.
Inspected a sample of new employees
from the listing provided by Personnel
and validated that a signed
acknowledgement was on file.
No exceptions
noted.
Control Objective 2: IT Logical Access
Controls provide reasonable assurance that logical access to production systems, applications, databases, and
network is restricted to properly authorized individuals.
Control
Activity Description of Controls Testing Performed Test Results
2A Policies and procedures exist and
have been communicated to
govern logical access within the
organization including operating
system standards, password
management, user accountability,
and granting of administrative
system privileges.
Reviewed the logical access policies
and procedures for completeness.
Through inquiry, ensured that the
policies were current and reflected any
revised policies implemented by IT
management.
Inspected a sample of new employees
from the listing provided by Personnel
and validated that a signed
acknowledgement was on file.
No exceptions
noted.
2B Proper authorization is required
prior to access being provided to a
new user via an access request
form.
Inspected a sample of new employees
and validated that the user access
change request form was properly
approved in a timely manner.
No exceptions
noted.
Page 38
Control Objective 2: IT Logical Access
Controls provide reasonable assurance that logical access to production systems, applications, databases, and
network is restricted to properly authorized individuals.
Control
Activity Description of Controls Testing Performed Test Results
2C The Personnel Department sends
notification of termination to the
Help Desk. A help desk ticket is
created and sent to the operations
support group leader who removes
accounts for users who are no
longer employed or contracted by
the DOW.
Inquired on the process for granting and
removing access for contractors.
Inspected a sample of terminated
employees and validated that access
was appropriately disabled in a timely
manner.
Inspected a sample of e-mail or help
desk ticket notifications sent to IT
Operations Support Group requesting
termination of access.
No exceptions
noted.
2D User IDs and passwords are
required for proper sign-on and
Active Directory is used to restrict
access to system resources.
Inspected the password and lockout
policies in the Default Domain Security
Settings under the Account Policies
group to validate that system policies
are not overridden.
No exceptions
noted.
2E Remote access to the network is
restricted by user ID and
password.
Inspected the remote access policy,
VPN-IT Training guide and Microsoft
Active Directory default domain
password policy to validate that
passwords are required.
No exceptions
noted.
2F Administrative access to
production systems, applications,
databases, and network is
restricted to authorized personnel
based on job responsibilities.
Through inquiry confirmed with
management which active directory
groups have administrative functions.
Inspected user listings for the specified
groups and validated with management
that they are IT personnel whose role
requires administrative rights.
No exceptions
noted.
Page 39
Control Objective 3: Operating System Maintenance and Change Control
Controls provide reasonable assurance that changes to the existing system software and implementation of
new system software are authorized, tested, approved, properly implemented, and documented.
Control
Activity Description of Controls Testing Performed Test Results
3A Policies and procedures exist to
manage and monitor changes to
existing system software and
implementation of new system
software.
Through inquiry obtained an
understanding of the tools and systems
used to manage change requests, how
changes are classified and prioritized,
and how unresolved change requests
are escalated/closed.
Inspected the IT policies and
procedures that govern the change
control process for completeness.
No exceptions
noted.
3B Roles and responsibilities
throughout the program change
process have been appropriately
restricted and segregated.
Inspected the segregation of duties for
the program change process and
reviewed for reasonableness.
No exceptions
noted.
3C Request for operating system
changes are captured and
prioritized.
Through inquiry determined how
management captures and classifies
incidents and defect requests and how
they are prioritized and tracked to
closure.
Inspected a list of open change
requests, and evaluated the
effectiveness of the list as a tool to
manage and prioritize changes.
No exceptions
noted.
3D Separate environments are
maintained for development,
testing and production and are
appropriately secured.
Refer to 2F regarding test of users with
access to production environment.
Inspected a listing of the servers
documenting the separate
environments.
No exceptions
noted.
3E System maintenance changes are
properly tested and approved by
appropriate personnel prior to
migration to production.
Inspected a sample of changes to the
operating system, and validated that the
change request form documentation
related to testing and proper approval /
user signoff of the change occurred
prior to implementation.
No exceptions
noted.
Page 40
Control Objective 4: Application Maintenance and Change Control
Controls provide reasonable assurance that changes to existing applications are authorized, tested, approved,
properly implemented, and documented.
Control
Activity Description of Controls Testing Performed Test Results
4A Policies and procedures exist to
manage and monitor changes to
existing application software and
implementation of new system
software.
Through inquiry obtained an
understanding of the tools and systems
used to manage change requests, how
changes are classified and prioritized,
and how unresolved change requests
are escalated/closed.
Inspected the IT policies and
procedures that govern the change
control process for completeness.
No exceptions
noted.
4B Roles and responsibilities
throughout the application program
change process are appropriately
restricted and segregated.
Through inquiry obtained an
understanding of the tools and systems
used to manage change requests, how
changes are classified and prioritized,
and how unresolved change requests
are escalated/closed.
Inspected the IT policies and
procedures that govern the change
control process to validate appropriate
segregation of duties.
No exceptions
noted.
4C Requests for application changes
are captured and prioritized.
Through inquiry determined how
management captures and classifies
incidents and defect requests and how
they are prioritized and tracked to
closure.
Inspected a list of open change
requests and evaluated the
effectiveness of the list as a tool to
manage and prioritize changes.
No exceptions
noted.
4D Separate environments are
maintained for development,
testing and production and are
appropriately secured.
Refer to 2F regarding test of users with
access to production environment.
Inspected a listing of the servers
documenting the separate
environments.
No exceptions
noted.
Page 41
Control Objective 4: Application Maintenance and Change Control
Controls provide reasonable assurance that changes to existing applications are authorized, tested, approved,
properly implemented, and documented.
Control
Activity Description of Controls Testing Performed Test Results
4E Program implementation controls
exist to ensure that changes are
implemented in the production
environment only after adequate
testing is performed and proper
business user management
approvals are obtained and
change is authorized by IT.
Inspected a sample of CC&B
application changes and validated that
proper documentation exists, including
evidence of testing, user signoff, and
approval of the change prior to
implementation.
Exception noted.
Configuration
changes made to
CC&B did not go
through a formal
approval process
from January 1,
2011 through
March 31, 2011.
Control was tested
without exception
from April 1, 2011
through December
31, 2011.
4F Program defects and requests are
tracked and managed to ensure
timely support.
Through inquiry determined how
management classified incidents and
defect requests and how they were
prioritized and tracked to closure.
Inspected a sample of open change
requests, and validated the timeliness
and management of open requests.
No exceptions
noted.
4G The vendor for the meter reading
system, Datamatic, provides 24-
hour support on both the hardware
and software, which is
documented by a formal support
agreement.
Inquired whether there are ongoing
disagreements with the vendor and how
support levels are measured and
monitored.
Inspected the contract with Datamatic
and validated inclusion of provisions on
24 hour support.
No exceptions
noted.
Page 42
Control Objective 4: Application Maintenance and Change Control
Controls provide reasonable assurance that changes to existing applications are authorized, tested, approved,
properly implemented, and documented.
Control
Activity Description of Controls Testing Performed Test Results
4H IBM is responsible for support and
maintenance of the Customer Care
and Billing (CC&B) application as
documented with a contract for
Application Managed Services.
Inquired whether there were any
ongoing disagreements with the vendor,
and how support levels are measured
and monitored.
Inspected the IBM contract for the
CC&B application and validated that the
contract was current and that it included
specific provisions regarding
maintenance and support of the CC&B
application.
No exceptions
noted.
4I A Change Review Board meets
weekly to review program defects
and change requests for approval.
Inspected a sample of Change Review
Board meeting minutes to validate that
the meetings were occurring and that
approved changes were properly
documented and approved.
No exceptions
noted.
Control Objective 5: Computer Operations
Controls provide reasonable assurance that processing is authorized and scheduled and deviations from
scheduled processing are identified and resolved.
Control
Activity Description of Controls Testing Performed Test Results
5A Scheduling software is used to
ensure a consistent and accurate
processing sequence for
production jobs.
Inquired on how scheduling software is
used and how schedules are managed.
Inspected the master job scheduler to
validate that they were authorized and
accurately scheduled.
No exceptions
noted.
5B Management has documented and
maintains an Active Directory
network diagram to define trust
relationships.
Inspected the Active Directory Network
Diagram and the Active Directory
Domain and Trusts Listing and
validated that trust relationships have
been defined.
No exceptions
noted.
Page 43
Control Objective 5: Computer Operations
Controls provide reasonable assurance that processing is authorized and scheduled and deviations from
scheduled processing are identified and resolved.
Control
Activity Description of Controls Testing Performed Test Results
5C Network level audit policies exist to
log Account logon/logoff and
privileged account logon.
Inspected the audit policies for the
network level audit policies, including
the cwd.com domain controller, and
validated that review of the security logs
occurs.
No exceptions
noted.
5D The IT Manager reviews open
ports on the firewall on a periodic
basis.
Inspected the daily security report e-
mails sent from McAfee to the IT
Manager showing open ports on the
network.
No exceptions
noted.
5E Access from the Internet is
controlled with the use of a firewall.
Statements have been entered into
the configuration to control the
outgoing IP traffic and restrict
traffic entering the network.
Inspected the network diagram to
validate that the components of the
network which control internet access
and firewall configuration online
manage IP traffic flow through the
firewall.
No exceptions
noted.
5F The firewall configuration is
password protected.
Observed IT personnel obtaining
access to the firewall to ensure user ID
and password is required.
Inspected the firewall system
configuration and validated that
passwords are appropriately configured.
No exceptions
noted.
5G The internal network uses an
addressing scheme unable to be
used over the Internet.
Inspected the firewall configuration to
confirm that the internal network was
using an addressing scheme that could
not be used over the internet.
No exceptions
noted.
Page 44
Control Objective 6: Backup
Controls provide reasonable assurance that backups are created and rotated off-site for critical applications
and data.
Control
Activity Description of Controls Testing Performed Test Results
6A DOW has an agreement with IBM
for hosting and application
managed services, which includes
back up of the DOW CC&B
application servers and databases.
Inspected the IBM contract/SSAE16
and validated that backup services are
included.
No exceptions
noted.
6B The local storage area network
(“SAN”) is replicated and mirrored
to a backup SAN maintained by
the DOW at a backup facility.
Observed the data center location of the
SAN and the 3rd party vendor service
agreement to validate SAN replication
and mirrored backup.
No exceptions
noted.
6C The location for the backup SAN is
secured by keycard and the
following environmental controls
are in place:
Backup power supply (UPS).
FM200 waterless fire
protection system.
Air conditioning unit.
Observed the existence of backup
power supply, fire protection and AC
units for SAN storage location.
No exceptions
noted.
Control Objective 7: Physical Security
Controls provide reasonable assurance that physical access to the data center is restricted and environmental
controls are in place.
Control
Activity Description of Controls Testing Performed Test Results
7A Physical access to the computer
data center is controlled by a
keycard system and restricted to
individuals who have appropriate
job related responsibilities.
Observed the process to control
physical access to the data center
through the use of IDs of card reader
pads at data centers.
Inspected the user list from keycard
system to validate that data center
access is appropriately limited to IT
personnel with appropriate job related
responsibilities.
No exceptions
noted.
Page 45
Control Objective 7: Physical Security
Controls provide reasonable assurance that physical access to the data center is restricted and environmental
controls are in place.
Control
Activity Description of Controls Testing Performed Test Results
7B Access to the data center is
granted through authorized
approval, and access is removed
upon termination and is updated
upon transfer based on job
responsibilities.
Inspected a sample of users with
access and validated documentation of
access approval.
Exception noted.
For seven of the
twenty-five users
sampled with data
center access
tested, the access
request form to
support authorized
access was not
documented. It
was determined
that the seven
exceptions were
security personnel
who were not
required to
complete the forms
needed to obtain
access to the data
center.
7C During business hours, security
personnel monitor the entrances to
the DOW building. Other
entrances are restricted to DOW
personnel.
Toured data center and observed
presence of security personnel, security
access card readers, security cameras,
and computer monitoring system.
No exceptions
noted.
Page 46
Control Objective 7: Physical Security
Controls provide reasonable assurance that physical access to the data center is restricted and environmental
controls are in place.
Control
Activity Description of Controls Testing Performed Test Results
7D The Data center is equipped with
environmental controls to protect
against or detect fire, water,
humidity or electrical surge
damage.
Environmental controls within the
computer room include the
following:
Dedicated air conditioning
units.
Waterless fire protection
system.
Raised flooring.
Fire alarm.
Fire extinguishers.
Backup power supply.
Inspected the data center and observed
presence of listed environmental and
safety controls.
No exceptions
noted.
Control Objective 8: Completeness of Input
Meters are accurately read and uploaded to Datamatic system.
Control
Activity Description of Controls Testing Performed Test Results
8A Handheld computers are reviewed
for meters not read ("blanks"),
before being uploaded to the
Datamatic application. A
supervisor approves the route
sheet for evidence that blanks are
not included within the handheld
computer.
Inspected a sample of Route Sheets to
validate that they were approved by the
Field Supervisor and that the device
contained no blanks in the meter read
data.
No exceptions
noted.
Page 47
Control Objective 8: Completeness of Input
Meters are accurately read and uploaded to Datamatic system.
Control
Activity Description of Controls Testing Performed Test Results
8B Skip codes are entered for each
blank, resulting in the account
being investigated and
rescheduled for another meter
reading.
Observed the meter reader review
process for one Road Runner, and
documented the number of skip codes
for that reader.
Inspected the Daily Production Report
from Datamatic that results from the
batch processing, and validated the
number of skip code items from the
selected Road Runner appear on the
report.
No exceptions
noted.
8C Unit supervisors review the meter
read cycle and confirm each route
has a schedule status of
'complete'.
Inspected a sample of daily meter read
cycles and validated that routes had a
status of "Complete" in the CC&B
system at the time of processing.
No exceptions
noted.
8D The Batch Execution Status email
notification is received and
reviewed daily, including a list of
batch run exceptions. All
Datamatic meter readings which
did not post are listed as batch run
exceptions being investigated and
errors resolved.
Inquired on how batch run exceptions
are tracked and resolved.
Inspected a sample of days and validated that there was evidence of review to the Batch Exception Report and that batch errors were investigated and resolved.
No exceptions
noted.
8E Customer accounts are properly
updated with meter read
information via the Datamatic
application upload process.
Inspected a sample of customer meter
readings from the handheld Road
Runner devices, and traced the meter
reading data to customer accounts in
CC&B after the upload process was
completed to validate that they were
properly updated.
No exceptions
noted.
8F Outstanding field activities (i.e.
accounts that require a re-read)
are monitored and worked until
resolved.
Inquired on the process used to monitor
accounts that requires re-reads.
Inspected the current listing of the
outstanding field activities and validated
age of items was reasonable.
No exceptions
noted.
Page 48
Control Objective 9: Transaction Occurrence
Master meter accounts are billed timely and correctly.
Control
Activity Description of Controls Testing Performed Test Results
9A Tolerance and validity test failures,
as a result of the nightly batch
update process, generates "To Do"
entries. A summary of unresolved
To Do entries provides aging
information for assigning reviews
based on the age of each
unresolved entry which are worked
or investigated until resolved.
Inspected a To Do report from the
system to validate the tolerance and
validity test failures were working.
Inspected a summary reporting of To
Do entries maintained by management
to validate timeliness of unresolved
entries.
No exceptions
noted.
9B Master meter accounts' monthly
bills are calculated by CC&B and
manually verified for accuracy and
completeness.
Inspected a sample of monthly
spreadsheets, maintained by the
Assistant Administrator of Billing, and
validated to the system generated
billings for the master accounts.
No exceptions
noted.
9C On a daily basis, the billing file is
reviewed for suppressed bills by
SourceLink. A spreadsheet of all
suppressed bills is then used to
ensure all accounts are
investigated and resolved with a
bill generated if appropriate.
Inspected a sample of daily billing files
and validated that suppressed entries
were complete.
Traced items entered on suppression
worksheet to system generated
customer billings.
Exception noted.
Five of the twenty-
five suppressed
bills sampled were
not resolved in a
timely manner
ranging from 138
days to 315 days
before final billing.
9D A comparison of the total bills
generated on the postage receipt
from SourceLink with the total bills
authorized for printing by DOW is
performed to ensure all bills are
printed and mailed.
Inspected a sample of daily bills and
validated that the SourceLink postage
receipt balanced to the tracking,
spreadsheet maintained by the
Assistant Administrator. In addition,
validated that the Daily Bill Review file
received from IBM was authorized,
printed and mailed.
No exceptions noted.
9E Vouchers are prepared, approved
and sent to the City of Cleveland
for remittance to the individual
communities listed on the
remittance schedule.
Inspected a sample of vouchers and
validated that there was proper
approval and evidence of
payment/remittance to the municipality.
No exceptions
noted.
Page 49
Control Objective 9: Transaction Occurrence
Master meter accounts are billed timely and correctly.
Control
Activity Description of Controls Testing Performed Test Results
9F A remittance schedule is prepared
monthly with letters indicating the
amount of remittance being sent to
each client who should receive a
payment authorizing the
distribution of sewer and local
charges.
Inspected a sample of vouchers and
validated that there was proper
approval and evidence of
payment/remittance to the municipality.
No exceptions
noted.
9G Adjustments to customer accounts
are researched and reviewed for
accuracy. Adjustments over
$1,000 require authorization and
review with all refunds being
audited by UFC.
Through inquiry determined the
frequency and number of adjustments
processed in the system.
Inspected a sample of adjustments
>$1,000 and validated documentation of
proper approval.
No exceptions
noted.
Control Objective 10: Accuracy of Input
Customer rates are properly maintained and changes are controlled and made within compliance requirements.
Control
Activity Description of Controls Testing Performed Test Results
10A Rates for water, sewer, fire lines,
and emergency lines are properly
authorized with these rates
maintained within the system.
Inspected a sample of rates from the
system and validated that ordinance
and authorization documentation
supported the proper approval of the
rate.
No exceptions
noted.
Page 50
Control Objective 10: Accuracy of Input
Customer rates are properly maintained and changes are controlled and made within compliance requirements.
Control
Activity Description of Controls Testing Performed Test Results
10B Positive confirmations for rates are
performed annually. Communities
receiving other services (i.e. sewer
charges, local charges, etc.) are
asked to confirm these rates.
Confirmation letters are sent via
certified mail with a follow-up
confirmation being sent after the
first confirmation to any community
that has not responded. A
spreadsheet is maintained by UFC
to document the date the
confirmation was sent, the date the
certified mail receipt was received,
and any changes noted by the
community on their confirmation
response.
Obtained documentation supporting the
most recent confirmation and confirmed
that the occurrence was during the
recent 12 months. Validated
completeness of the control and that
confirmation was received from all
municipalities required.
Inspected a sample of confirmations
with changes and validated that follow
up letters were sent.
No exceptions
noted.
10C When UFC receives an ordinance
for a rate change, a control sheet
is prepared and attached to the
ordinance. The control sheet is
then signed acknowledging
completion, approval, and filing of
the rate change ordinance at each
completion point of the rate
change process.
Inspected a sample of rates maintained
in the system and validated the
supporting municipal ordinance and rate
control sheet. Validated for agreement
of the rates and proper approval.
No exceptions
noted.
10D Only authorized users can initiate
rate changes.
Through inquiry determined which user
roles / IDs can update rates in the
system.
Inspected user access listings to
validate assigned roles to initiate rate
changes were authorized.
No exceptions
noted.
10E Only authorized users can set-up
new accounts.
Through inspection determined which
user roles / IDs can set-up new
accounts in the system.
Inspected user access listings to
validate assigned roles to set-up new
accounts were authorized.
No exceptions
noted.
Page 51
Control Objective 11: Customer Remittance
Customer payments are properly recorded and accounted for with appropriate safeguards.
Control
Activity Description of Controls Testing Performed Test Results
11A Two key reconciliations are
performed in the Accounts
Receivable (“AR”) Department: 1)
Reconciliation by transaction type
is performed daily, to reconcile the
beginning AR to the ending AR for
the day. Six financial transaction
reports, supplemented by a SQL
query, are used to support the
reconciliation. 2) A reconciliation
by payment type is performed
daily, to balance payments
received by tender source per
CC&B, plus the manual payments
processed in AR, to the payments
distributed in the AR system.
Inspected a sample of reconciliations
and validated the review for proper
form, completeness and manager
review and approval.
No exceptions
noted.
11B Cash is physically secured in the
Cashiers area with restricted
access while on DOW premises
prior to deposit.
Observed the cash process in the
Cashiers area and that cash is
physically secured either in cashier
drawers, in the locked deposit bag or in
the safe.
Inspected reports from the badge
reader system to validate that access to
cashiers area is restricted to
appropriate personnel.
No exceptions
noted.
11C At the end of the day, each cashier
runs a tape on their cash, check
and credit card totals. The
individual tape totals are validated
against the Daily Bank Totals
Report from the cashiering system.
Inspected a sample of days to validate
that there was a daily reconciliation of
cashier tape to the Daily Bank Totals
Report.
No exceptions
noted.
Page 52
Control Objective 10: Accuracy of Input
Customer rates are properly maintained and changes are controlled and made within compliance requirements.
Control
Activity Description of Controls Testing Performed Test Results
11D Checks and payment listings are
run through the BancTec machine
for batch processing. After an
electronic image is captured, DOW
personnel retrieve the batch via
BancTec‟s software application to
further process the payment.
Payments must go through a stage
called "Item Keying," where the
check details are confirmed and
submitted for balancing. Upon
submission, the batches are run
through a stage "Transaction
Balancing" to ensure the totals of
the batch are in agreement with
the accumulated checks, which
should correspond with the amount
the customer was billed.
Observed payments processed by the
BancTec machine and validated that
the batch was captured within the
system and properly handled.
No exceptions
noted.
Page 53
Control Objective 10: Accuracy of Input
Customer rates are properly maintained and changes are controlled and made within compliance requirements.
Control
Activity Description of Controls Testing Performed Test Results
11E DOW records an OCR on check
stubs for each payment in order to
create an unique identifier. As the
check stub is processed for
imaging and assigned a batch, the
BancTec machine and software
performs the following edit checks:
Batch type must be a valid
menu option.
Form number must be
numeric.
Account number must be 10
digits, numeric, may not
contain all zeros on stub.
Account number check digit
must be numeric. Check digit
on positions 2 - 11. One digit
required for validation as
check for documents of type 1
(water/sewer) on check.
Amount due must be 9 digits,
numeric.
May not contain all zeros on
stub.
Payment code must equal 0,
1, 4, 5, 7, 8, or 9 on stub.
Customer sequence number
must be numeric on stub
Inspected the BancTec Operations
Manual to validate the configuration
settings.
Inspected pay stubs with intentional
errors processed through the BancTec
system to validate that the system
catches the improper coding /
formatting.
No exceptions
noted.
11F Physical access to the cashiers‟
area and BancTec area is
restricted to authorized personnel
only via a keycard system.
Inspected roles and responsibilities of
personnel with access to the cashier‟s
area to validate access is appropriate.
No exceptions
noted.
11G The total cash received for the
day, as reflected on the Daily Cash
Report, is reconciled to the daily
bank deposit.
Inspected a sample of days and
validated that the daily cash report and
reconciliation prepared by Accounts
Receivable that compares the amount
to the bank deposit on the bank
statement and tested for proper form,
manager review and approval.
No exceptions
noted.
Page 54
Control Objective 10: Accuracy of Input
Customer rates are properly maintained and changes are controlled and made within compliance requirements.
Control
Activity Description of Controls Testing Performed Test Results
11H The CC&B payment processing
program performs edit checks for
valid account number. Payments
which fail these edit checks are
then applied to a suspense
account and distribution code and
are listed on a Suspense report.
Investigation of payments listed on
the Suspense report is performed
on the following day.
See test 11E regarding configuration
testing.
Inspected the CC&B suspense report
and validated the aging of unapplied
payments to ensure that payments with
Suspense code were timely addressed.
No exceptions
noted.
11I The Accounts Receivable
Department receives a report
identifying remittance activity for all
applicable cities. The Remittance
Report is broken out by distribution
code and city code. This report is
then used to generate a final
remittance schedule identifying the
payment activity for all
municipalities for which the DOW
is the billing agent. A
reconciliation between the final
remittance schedule and the
system generated remittance
schedule is performed to ensure
they are in balance.
Inspected a sample of reconciliations
and validated reconciliation of system
generated cash receipts report to the
manually prepared remittance schedule.
No exceptions
noted.
Page 56
Other Information Provided by Independent Service Auditor
Purpose and Objectives of the Report:
This report is intended to provide users of the Division of Water (“DOW”) with information about the
systems at DOW that may affect the processing of transactions. This report, when combined with an
understanding and assessment of the internal controls at user organizations, is intended to assist the
user auditor in (1) planning the audit of the user‟s financial statements, and (2) assessing control risk for
assertions in the user‟s financial statements that may be affected by controls at Pomeroy.
Our examination of DOW‟s system was restricted to the control objectives and the related controls
specified in section IV by DOW‟s management and were not extended to procedures described
elsewhere in this report but not listed, or to procedures that may be in effect at the user organization. It is
each user auditor‟s responsibility to evaluate this information in relation to the controls in place at each
user organization. If certain complementary controls are not in place at the user organization, DOW‟s
controls may not compensate for such weaknesses.
Our examination included inquiries with key personnel, review of available documentation and
observation of certain control procedures surrounding and provided by DOW.
The description of controls is the responsibility of DOW‟s management. It has been prepared taking into
consideration the guidance contained in the AICPA Statement on Standards for Attestation Engagements
(“SSAE”) No. 16, Reporting on Controls at a Service Organization (SOC1).
This report was designed to cover the majority of DOW‟s users. Therefore, it focuses on those processes
and controls applicable to the common processes supported by DOW. Any unique client situations or
processes not described in the report are outside the scope of this report.
Page 58
In response to the December 31, 2011 audit findings, DOW provides the following detailed responses to
the items noted during the review.
DOW
Control Procedures Findings Management Response
(4E) Program
implementation
controls exist to
ensure that changes
are implemented in
the production
environment only
after adequate
testing is performed
and proper business
user management
approvals are
obtained and change
is authorized by IT.
Configuration changes
made to CC&B did not go
through an approval
process from January 1,
2011 through March 31,
2011.
Control was tested without
exception from April 1,
2011 through December
31, 2011.
On April 1, 2011, configuration changes
began going through the same properly
documented approval process that is in place
for code changes. Prior to that date, an
informal process was used to communicate
the changes.
(7B) Access to the data
center is granted
through authorized
approval, and
access is removed
upon termination
and is updated upon
transfer based on
job responsibilities.
For seven of the twenty-
five users sampled with
data center access tested,
the access request form to
support authorized access
was not documented. It
was determined that the
seven exceptions were
security personnel who
were not required to
complete the forms
needed to obtain access to
the data center.
The Department of Public Utility IT Manager
and Security Chief will be required to,
monthly, reconcile the IT authorization forms
with the security badges issued by the
Security Chief.
(9C) On a daily basis, the
billing file is
reviewed for
suppressed bills by
SourceLink. A
spreadsheet of all
suppressed bills is
then used to ensure
all accounts are
investigated and
resolved with a bill
generated if
appropriate.
Five of the twenty-five
suppressed bills sampled
were not resolved in a
timely manner ranging
from 138 days to 315 days
before final billing.
From the time when the SSAE16 audit period
ended, the suppressed bills backlog has been
eliminated. To help ensure this backlog does
not re-occur, training has been provided to
reinforce the policy that suppressed bills are
to be processed prior to the next quarterly
billing cycle (within 90 days). Exceptions to
this policy will be documented and tracked to
ensure that billing is performed in a timely
manner.
In addition, the following measures have
either been implemented or are in progress to
implement to resolve the To Do backlog and
Page 59
DOW
Control Procedures Findings Management Response
to control the daily inflow so that it reaches a
manageable level.
A backlog team began working the pended
bills backlog in January 2012 and
completing the To Dos for each bill
segment. This effort is addressing over
35,000 To Dos with a completion goal of
June 30, 2012. At the same time as
resolving the backlog, the effort is
monitoring inflow of new exceptions and
enforcing process adherence to eliminate
inappropriately caused pended bills.
A data cleanup process is being developed
to clean up approximately 6,000 custom
Billing To Dos (Adjustments and High Bill
Cases) where it appears that the work has
already been done based on established
criteria. This is scheduled for March, 2012.
Meter Read tolerance ranges were
adjusted to more appropriate levels in Q3
2011 to eliminate unreasonable exceptions,
resulting in a significant decrease in Hi/Lo
To Dos created daily.
AMR deployment is scheduled to begin the
in April. The deployment plan is targeting
out of order meters and meters that have
reached the maximum number of estimated
reads allowed by the system early in the
deployment schedule.
A backlog team began working the Meter
Exchange backlog which is down to
approximately 300 meter exchanges. Meter
exchanges will be completed ahead of the
AMR deployment schedule.
A business process is currently being
deployed to properly identify vacant lots,
based on both field observation and
returned mail, and then to follow through
with the appropriate procedure to stop
billing them.