City of Cleveland Division of Water (“DOW”)

City of Cleveland Division of Water (“DOW”)

Statement on Standards for Attestation Engagements (“SSAE”) No. 16

Service Organization Controls (“SOC1”) Report

For the Period January 1, 2011 through December 31, 2011

Table of Contents

I. Independent Service Auditor‟s Report .................................................................................................... 3

II. Division of Water‟s Management Assertion ............................................................................................ 6

III. Description of the Division of Water‟s System of Processing Transactions. .......................................... 9

Overview of Operations ........................................................................................................................ 10

Relevant Aspects of the Control Environment, Risk Assessment and Monitoring ............................... 10

General EDP Controls.......................................................................................................................... 11

Financial Application Controls .............................................................................................................. 19

Billing Procedures ................................................................................................................................. 25

New Account Setup .............................................................................................................................. 28

Payments ............................................................................................................................................. 29

Distribution ............................................................................................................................................ 32

User Control Considerations ................................................................................................................ 33

IV. Control Objectives, Related Controls and Tests of Operating Effectiveness ....................................... 34

IT Governance ...................................................................................................................................... 36

IT Logical Access.................................................................................................................................. 37

Operating System Maintenance and Change Control .......................................................................... 39

Application Maintenance and Change Control ..................................................................................... 40

Computer Operations ........................................................................................................................... 42

Backup .................................................................................................................................................. 44

Physical Security .................................................................................................................................. 44

Completeness of Input .......................................................................................................................... 46

Transaction Occurrence ....................................................................................................................... 48

Accuracy of Input .................................................................................................................................. 49

Customer Remittance ........................................................................................................................... 51

V. Other Information Provided by Independent Service Auditor ............................................................... 55

VI. Other Information Provided by the Division of Water ........................................................................... 57

Section I Independent Service Auditor‟s Report Provided by Clark Schaefer Hackett

Independent Service Auditor’s Report

To the Director of Public Utilities, Commissioner of Water

City of Cleveland:

Scope

We have examined Division of Water‟s (“DOW”) description of its processing of transactions for users of

the Customer Care & Billing System (“CC&B”) throughout the period January 1, 2011 to December 31,

2011 and the suitability of the design and operating effectiveness of controls to achieve the related control

objectives stated in the description.

In addition, banks and other entities perform agency functions for the receipt of utility payments. The

description of the system in section III of this report includes only the control objectives and related

controls of DOW and excludes the control objectives and related controls at National City Bank or other

financial agents. Our examination did not extend to controls of National City Bank or the other agents.

Service organization’s responsibilities

On page 6 of this report, DOW has provided an assertion about the fairness of the presentation of the

description and suitability of the design and operating effectiveness of the controls to achieve the related

control objectives stated in the description. DOW is responsible for preparing the description and for the

assertion, including the completeness, accuracy, and method of presentation of the description and the

assertion, providing the services covered by the description, specifying the control objectives and stating

them in the description, identifying the risks that threaten the achievement of the control objectives,

selecting the criteria, and designing, implementing, and documenting controls to achieve the related

control objectives stated in the description.

Service auditor’s responsibilities

Our responsibility is to express an opinion on the fairness of the presentation of the description and on

the suitability of the design and operating effectiveness of the controls to achieve the related control

objectives stated in the description, based on our examination. We conducted our examination in

accordance with attestation standards established by the American Institute of Certified Public

Accountants. Those standards require that we plan and perform our examination to obtain reasonable

assurance about whether, in all material respects, the description is fairly presented and the controls were

suitably designed and operating effectively to achieve the related control objectives stated in the

description throughout the period January 1, 2011 to December 31, 2011.

An examination of a description of a service organization‟s system and the suitability of the design and

operating effectiveness of the service organization‟s controls to achieve the related control objectives

stated in the description involves performing procedures to obtain evidence about the fairness of the

presentation of the description and the suitability of the design and operating effectiveness of those

controls to achieve the related control objectives stated in the description. Our procedures included

assessing the risks that the description is not fairly presented and that the controls were not suitably

designed or operating effectively to achieve the related control objectives stated in the description. Our

procedures also included testing the operating effectiveness of those controls that we consider necessary

to provide reasonable assurance that the related control objectives stated in the description were

achieved. An examination engagement of this type also includes evaluating the overall presentation of the

description and the suitability of the control objectives stated therein, and the suitability of the criteria

specified by the service organization. We believe that the evidence we obtained is sufficient and

appropriate to provide a reasonable basis for our opinion.

Inherent limitations

Because of their nature, controls at a service organization may not prevent, or detect and correct, all

errors or omissions in the processing of transactions for users of the Customer Care & Billing System.

Also, the projection to the future of any evaluation of the fairness of the presentation of the description, or

conclusions about the suitability of the design or operating effectiveness of the controls to achieve the

related control objectives is subject to the risk that controls at a service organization may become

inadequate or fail.

Opinion

In our opinion, in all material respects, based on the criteria described in DOW‟s assertion on page 6,

a. The description fairly presents the processing of transactions for users of the Customer Care & Billing

System that was designed and implemented throughout the period January 1, 2011 to December 31,

2011.

b. The controls related to the control objectives stated in the description were suitably designed to

provide reasonable assurance that the control objectives would be achieved if the controls operated

effectively throughout the period January 1, 2011 to December 31, 2011.

c. The controls tested, which were those necessary to provide reasonable assurance that the control

objectives stated in the description were achieved, operated effectively throughout the period January

1, 2011 to December 31, 2011.

Description of tests of controls

The specific controls tested and the nature, timing, and results of those tests are listed on pages 34-54.

Restricted use

This report, including the description of tests of controls and results thereof on pages 34-54, is intended

solely for the information and use of DOW and its user organizations during some or all of the period

January 1, 2011 to December 31, 2011, and the independent auditors of such user entities, who have a

sufficient understanding to consider it, along with other information including information about controls

implemented by user entities themselves, when assessing the risks of material misstatements of user

entities‟ financial statements. This report is not intended to be and should not be used by anyone other

than these specified parties. We have performed no procedures to evaluate the effectiveness of controls

at the individual member communities.

Other information provided by Division of Water

The information in section VI of management‟s description of the service organization‟s system, “Other

Information Provided by the Division of Water,” that identifies DOW‟s management response is presented

by management of DOW to provide additional information and is not a part of DOW‟s description of its

processing of transactions for users of the Customer Care & Billing System of controls made available to

user entities during the period January 1, 2011 to December 31, 2011. Information about DOW‟s

management responses has not been subjected to the procedures applied in the examination of the

description of the corporate service controls and of the suitability of the design and operating

effectiveness of controls to achieve the related control objectives stated in the description of the

processing of transactions for users of the Customer Care & Billing System controls and, accordingly, we

express no opinion on it.

Cincinnati, Ohio

March 6, 2012

Section II Division of Water‟s

Management Assertion

City of Cleveland Frank G. Jackson, Mayor

Department of Public Utilities

Division of Utilities Fiscal Control

1201 Lakeside Avenue

Cleveland, Ohio 44114-1175

216/664-2444 • Fax: 215/664-4452

www.clevelandwater.com

Division of Water’s Management Assertion

We have prepared the description of the Division of Water‟s processing of transactions for users of the

Customer Care & Billing System (“CC&B”) during some or all of the period January 1, 2011, to December

31, 2011, and their user auditors who have a sufficient understanding to consider it, along with other

information, including information about controls implemented by user entities of the system themselves,

when assessing the risks of material misstatements of user entities‟ financial statements. We confirm, to

the best of our knowledge and belief, that:

a. The description fairly presents the systems made available to user entities of the systems during

some or all of the period January 1, 2011, to December 31, 2011, for processing their transactions.

The criteria we used in making this assertion were that the description:

i. Presents how the systems made available to user entities of the systems were designed and

implemented to process relevant transactions, including, if applicable:

The classes of transactions processed.

The procedures, within both automated and manual systems, by which services are provided,

including, as appropriate, procedures by which transactions are initiated, authorized,

recorded, processed, corrected as necessary, and transferred to reports and other

information prepared for user entities.

The related accounting records, supporting information, and specific accounts that are used

to initiate, authorize, record, process, and report transactions; this includes the correction of

incorrect information and how information is transferred to the reports and other information

prepared for user entities.

How the systems capture significant events and conditions, other than transactions.

The process used to prepare reports and other information for user entities.

Specified control objectives and controls designed to achieve those objectives, including as

applicable, complementary user entity controls contemplated in the design of the service

organization's controls.

Other aspects of our control environment, risk assessment process, information and

communication systems (including related business processes), control activities, and

monitoring controls that are relevant to processing and reporting transactions of user entities

of the system.

ii. Does not omit or distort information relevant to the scope of the tax savings and benefits

continuation systems, while acknowledging that the description is presented to meet the common

needs of a broad range of user entities of the systems and their financial statement auditors, and

may not, therefore, include every aspect of the systems that each individual user entity of the

systems and its auditor may consider important in its own particular environment.

b. The Description includes relevant details of the changes to the processing of transaction controls for

the CC&B system during the period covered by the description.

http://www.clevelandwater.com/

i. The controls related to the control objectives stated in the description were suitably designed

and operating effectively throughout the period January 1, 2011, to December 31, 2011, to

achieve those control objectives. The criteria we used in making this assertion were that:

ii. The risks that threaten the achievement of the control objectives stated in the description have

been identified by management;

iii. The controls identified in the description would, if operating as described, provide reasonable

assurance that those risks would not prevent the control objectives stated in the description

from being achieved; and

iv. The controls were consistently applied as designed, including whether manual controls were

applied by individuals who have the appropriate competence and authority.

Section III Description of the Division of Water‟s System of Processing Transactions

A. OVERVIEW OF OPERATIONS

The Division of Water (“DOW”) services not only the City of Cleveland, but also 69 surrounding

communities, six master meter communities, and eight emergency standby communities. They provide

water to approximately 414,006 city and suburban accounts in the Cleveland metropolitan area. They

also sell water to master meter communities that operate their own distribution systems, and they provide

billing and payment services for the Northeast Ohio Regional Sewer District (“NEORSD”) and other

communities.

During 2011, the DOW provided services to approximately 123,554 accounts located within Cleveland

and approximately 290,452 accounts located in direct service communities. Water provided to each

master meter community is metered at each community‟s boundary. Consumers within the City of

Cleveland accounted for approximately 21 percent of the DOW‟s metered sales revenue, while the direct

service and master meter communities accounted for approximately 69 percent and 10 percent of

metered sales revenue, respectively.

The DOW, along with the Division of Utilities Fiscal Control (“UFC”), provides a complete array of

processing services including billing, payment processing, mailing delinquency notices, terminating water

service on delinquent accounts, and distributing the money collected to the communities. UFC processes

approximately 5,000 bills daily, which include bills for water only, sewer only, water and sewer, final bills,

and delinquent bills.

B. RELEVANT ASPECTS OF THE CONTROL ENVIRONMENT, RISK ASSESSMENT AND

MONITORING

1. Control Environment

The Department of Public Utilities, headed by its director, comprises four divisions: Water, Water

Pollution Control, Cleveland Public Power, and Utilities Fiscal Control, each of which is managed by a

commissioner. The Division of UFC provides accounting and other financial services to the other

three divisions. The following functional areas are headed by assistant commissioners who report

directly to the commissioner of the DOW:

Administration is the support staff of the Division and is responsible for non-technical functions

excluding sales and billings.

Plant Operations is responsible for the pumping and purification of water as well as the

laboratories that analyze raw and potable water.

Engineering is responsible for the design and construction of capital improvement projects

undertaken by the Division.

Distribution System Maintenance is responsible for servicing and maintaining the Division‟s

distribution system, which includes water mains, meters, valves, fire hydrants and connections.

Customer Account Services (“CAS”) is responsible for the Division‟s interactions with its

customers, including meter reading, billing, payments and customer service inquiries.

Information Technology (“IT”) is responsible for monitoring systems processing and running

production jobs and reports requested by the users. This department is also responsible for

managing the Local Area Networks (“LAN”) and the telecommunication needs of the DOW.

Budget is responsible for the operating budget as well as contract procurement and requisition

processing for operational needs.

This functional arrangement, management controls, and the established information processing

policies, standards, guidelines, and procedures help to ensure adequate segregation of duties within

the DOW.

2. Risk Assessment

The Division of Water has a formal risk management function to address the environmental and

safety risks associated with running a public utility. In addition, the DOW has established an IT

Governance Committee to evaluate IT opportunities and oversee their acquisition and

implementation. The committee is comprised of DOW executive staff from all sections and senior IT

management. As part of the formation of this committee, a formal governance model is being

developed and implemented. The committee meets regularly throughout the year to discuss issues

related to the information systems of the DOW.

In addition, the DOW has identified operational risks resulting from the nature of services provided to

the member communities. These risks are primarily associated with computerized information

systems. These risks are monitored as described under “Monitoring” below and in additional detail

throughout the “General EDP Control” section.

3. Monitoring

The General Accounting Department, which is a functional area reporting to the Commissioner for the

Division of UFC, is responsible for the daily accounting function of the Department of Public Utilities.

Some of their duties include reconciling the accounts receivable totals to the City of Cleveland‟s

financial management system, tracking refunds made to customers, scanning purchases for unusual

entries, and producing monthly, quarterly, and annual financial statements. DOW personnel monitor

the quality of service to user organizations and system performance as a routine part of their job

duties. To assist them in this monitoring, DOW uses a variety of key indicator reports to monitor the

processes involved in billing and payment.

Computer access is monitored on an ongoing basis by IT staff. Exceptions to normal processing

related to hardware, software, or procedural problems are resolved daily.

4. Information and Communication

The aspects of the information and communication component of internal control as they affect the

services provided to user organizations are discussed within the “General EDP” and “Application”

control sections.

C. GENERAL EDP CONTROLS

1. Overall Operation of the IT Function

On November 15, 2011 the Mayor of the City of Cleveland announced that the Department of Public

Utilities, including the Division of Water, will undergo a restructuring plan designed to focus the

organization on customer service delivery. Included as part of the restructuring, was moving the DOW

IT staff into the Department of Public Utilities level. While these changes were announced on Nov. 15,

2011 the overall operation of the former DOW IT section remained largely unchanged through the

remainder of 2011. Thus, the description of general controls presented below is written with regards

to the DOW IT staff and is applicable for the entirety of the 2011 audit period.

The DOW IT staff consists of 55 individuals including the Assistant Commissioner of IT and the IT

Manager. The breakdown of individuals by category is as follows:

Infrastructure and Applications:

Technical director (2)

Telecommunications operations group leader (1)

Telecommunications operations group staff (3)

Operations support group leader (1)

Operations support group staff (5)

Applications group staff (5)

Data center operations group leader (1)

Data center operation support staff (2)

Administration:

IT administration unit leader (1)

IT administration staff (6)

Telephone operators (3)

Project Delivery:

IT project delivery unit manager (1)

IT project delivery staff (8)

Computer operations supervisor (1)

Computer operations (3)

Geographic Information System (“GIS”):

GIS unit manager (1)

GIS systems group leader (1)

GIS systems group staff (2)

GIS applications group leader (1)

GIS applications group staff (5)

The DOW follows the Personnel Policies and Procedures Manual provided by the City of Cleveland.

An organizational chart, a chart of “operational roles and responsibilities”, and job descriptions have

been developed for the IT Department of the DOW. A training strategy has been developed for the IT

section that lists various tracks to be followed by area of work. Numerous outlets are used to obtain

technical training for IT staff. The training strategy is designed to align with on-going IT initiatives and

to keep DOW employees abreast of the latest technology so they can perform in the most efficient

manner.

All hiring for the DOW must be approved by city hall administration prior to the posting of a job

opening. All positions are posted internally first. If sufficient responses are not received, the

positions are then posted on the city's web site and/or in a local newspaper.

The Division of Water follows the performance management processes established by the City of

Cleveland. It is for nonunion employees and focuses on setting and meeting performance goals,

which are established at the end of the prior calendar year. Quarterly progress meetings are

conducted and culminate in an annual appraisal meeting where individuals are scored against a set

of City-wide core competencies and their progress towards their objectives.

The DOW completed development of a three-year information technology (“IT”) plan dated March

2009. A list of proposed projects was developed as part of the IT Master Plan, which were then given

to the IT Governance Committee. Potential initiatives that are part of the IT Master Plan are

continually re-evaluated by the IT Governance Committee utilizing business case evaluations. The IT

plan is updated through the IT Governance process.

The DOW also has a Strategic Business Plan that concerns the DOW as a whole and was completed

in 2007 for the period 2008-2012. The business plan manager and the Strategic Business Plan

(“SBP”) office have responsibility for implementation of the plan. The Strategic Business Plan

Committee meets periodically and a list of action items is prepared and distributed to the committee

members. Executive staff, managers, and select employees participate in a two-day retreat and a

series of committee meetings to identify the goals, objectives, strategies, and projects for the SBP.

2. Development and Implementation of New Applications and Systems

A. Customer Information System/Customer Relations Management (“CIS/CRM”):

The Division of Water implemented Oracle®‟s Customer Care and Billing (“CC&B”) application on

September 27, 2009. PricewaterhouseCoopers (“PwC”) was the implementation consultant for

the project. PwC was responsible for delivering a fully functional CIS/CRM solution. The entire

CIS/CRM project was managed by TMG Consulting, Inc. IBM was selected to provide hosting

and managed services.

The implementation of the new billing system followed a detailed System Development Life Cycle

(“SDLC”) that was developed by PwC. The implementation project utilized a formal project

management structure that included representation from DOW, UFC, PwC, TMG Consulting Inc.,

and IBM. The project was guided by an Executive Steering Committee (“ESC”). Reporting to the

ESC were two DOW project directors and a DOW project manager.

B. Meter Automation and Replacement Program (“MARP”)

The DOW followed the City of Cleveland Division of Information Technology and Services

Software Acquisition Procedure Guidelines for the purchase of the new Meter Automation and

Replacement Program through the submission of a Request for Proposal in September of 2009.

A team of eight DOW individuals representing the departments affected by the project, including

IT, was selected to evaluate the proposals received. Proposals were evaluated based on criteria

outlined in the RFP and cost. During 2010, the meter automation vendor iTron was selected and

the implementation of the metering program began. The installation of AMR-enabled meters is

expected to begin in early 2012.

3. Changes to Existing Applications or Hardware Systems

The DOW has a contract with IBM for hosting and application managed services for their new

Customer Care and Billing (“CC&B”) application. The three year contract was signed in July of 2008

with an option for renewal for two additional one year terms. The contract describes the roles for IBM

and DOW in the application change process. The hosting and application managed services are

defined as follows:

Hosting Services or Application on Demand (“AoD”) – computing and networking infrastructure

(facility, disaster recovery, hardware, software, security and networking) and the service to

support and maintain the infrastructure.

Application Managed Services (“AMS”) – services including application data base support and

maintenance; manage code libraries and code migrations; execute and monitor the batch

processes; help desk services; application development and report writing development.

An IBM Delivery Project Manager coordinates all activities of both the AoD and AMS teams and

serves as the single point of contact for DOW.

Requests for modification to CC&B can originate from an identified defect (i.e. a problem or

shortcoming of the CC&B application) or a user request for new or changed functionality. Both are

logged into the tracking tool, SharePoint, as work items. The work items are reviewed weekly by a

Review Board. This board is composed of members of the technical support team as well as DOW

staff from the following departments or divisions: IT, Fiscal Control, Meter Reading, Meter

Maintenance, Billing, and Customer Account Services. Once approved and prioritized, the work

items are assigned to the appropriate resources to investigate and complete. In some cases, the

work items require changes to the application configuration, custom developed code, or installation of

vendor supplied patches. In all cases, the changes are first made in the development environment

and are then assigned back to the original requestor or a designated functional team member for

testing. Once an application change has passed testing, it is marked as “Ready for Migration”. A

request to migrate the application change is emailed from the technical support team to the DOW

assistant Commissioner of IT and the assistant Commissioner of CAS, one of whom is required to

approve the application change prior to it being placed into production. Code migrations are

performed by the IBM system administrator. All code migrations are tracked in a change log.

Changes to the application hardware environment (such as operating system updates, firmware

updates, application patches, database patches, etc.) are discussed as part of a monthly operations

meeting with the IBM‟s AoD team. Any changes to the hardware environment are requested via an

email from the AoD team lead to the assistant Commissioner of IT, who is responsible for approving

the change. Changes to the application hardware environment are first tested in a testing laboratory

maintained by IBM AoD, then applied to the CC&B development environments and operated for an

extended period of time prior to being applied to the production environments.

In addition to the CC&B production environment, a separate development environment is used for

development and testing. The development environment is housed on separate application and

database servers. Within these development servers, multiple database instances and multiple

application environments are maintained that may be used for different development and testing

purposes.

The DOW uses a vendor provided meter reading system called Datamatic. Software and hardware

support agreements for the meter reading system are maintained by DOW. Change requests for the

meter reading system must first be approved by the assistant administrator of meter reading. All

changes to the Datamatic application are performed by the vendor. The vendor submits a proposal to

DOW for the estimated cost to the assistant Commissioner of CAS. The assistant Commissioner

verifies all requests. Requests for vendor changes to the meter reading system are infrequent.

The DOW uses a vendor provided cashiering system, PCI Revenue Collection Services (RCS). This

software was included with the purchase of the City of Cleveland‟s financial accounting software and

was made available to DOW. Change requests for the PCI Revenue Collection Services (RCS) are

managed by the City of Cleveland Department of Finance.

4. IT Security Overview

CC&B is hosted by IBM in a secure data center located in Phoenix, AZ, with a backup data center

located in Sterling, VA. CC&B is accessed via a dedicated, DS3 network connection between DOW

premises and the IBM data center. Two IBM maintained routers are located at DOW premises; one

at each primary and secondary data centers. Network access is secured at both IBM and DOW

through firewall access rules. The DOW utilizes a private network addressing scheme. Network

address translation is performed at the IBM data center. The passwords for the firewall are enabled

and controlled by the DOW network staff.

A backup to the DS3 network connection is provided by a hardware-based virtual private network

(VPN) connection which is managed by IBM. A second layer of backup is provided by an SSL-based

VPN, also managed by IBM. VPN accounts are password protected and all users who are issued

VPN access are controlled.

CC&B application security is controlled in two levels. Access to the application is controlled via

authentication to the DOW Active Directory (AD) through a Lightweight Directory Access Protocol

(LDAP) hook that is administered in the Weblogic application server tier. CC&B users have unique

usernames set up in AD which differ from their standard network username. Domain level password

policies are applied to the CC&B usernames and include password expiration, account lock-out, and

password strength requirements. The AD accounts are administered by the DOW network operations

team.

Application level security is controlled within CC&B through the use of security groups. This is

administered by a dedicated CC&B security administrator. Rights must be granted in both Active

Directory and the CC&B application for a user to access the system.

5. Security Administration – System Level

System level access is administered by the DOW operations support group leader. All administrative

functions for the network servers, including the creation or modification of user network accounts for

any server, are the responsibility of the operations support group leader.

Authorization from department supervisors is required before an account is established in active

directory. The IT Department adopted a computer security policy and users must sign a form to

acknowledge acceptance of the computer security policy. The policy covers general use, computing

assets, system accounts and passwords, internet use, electronic communication, and user

agreements for employees and contractors/consultants.

When employees leave the Division of Water, the Personnel Department sends a help desk ticket to

the operations support group leader who disables or deletes the accounts.

The DOW uses Windows Active Directory (“AD”) to manage the LAN environment. Security policies

are set at the domain level.

Access to the DOW network is restricted by security policies set at the domain level. These policies

address access to data, programs, and system utilities. System level security requires a unique user

ID and password for sign-on. The following security policies have been implemented to control user

access within Active Directory:

Passwords - User IDs and user passwords are required to authenticate to the DOW network.

Controls such as naming conventions, minimum length requirements, expiration, and history

limitations have been implemented to help strengthen passwords.

Sign-on parameters - Sign-on parameters limit the number of unsuccessful attempts to access a

network account after which the account is disabled for a period of time.

Group policies - Group policies are used to assign user network access rights, network drive

mappings, and other various security parameters.

CWD maintains two data centers located at the Information Technology Center and the Public Utilities

Building. Access to both facilities is controlled by the Department of Public Utilities security unit and

includes such safeguards as security guards, swipe card access into facilities, and camera

surveillance. All visitors to these facilities are required to register with the security guard and receive

a visitors tag for identification. All computer rooms are further secured with keycards. Access to

computer rooms is granted by management based on need and generally is limited to IT staff,

security officers, electricians, and building custodians. The list of individuals with access is reviewed

at least annually.

A security management application, Pro-Watch, is used by the project director in the Access Control

Department to administer the keycard system. Security/access control officers may also assist with

keycard access as needed.

When new employees start with the DOW, personnel notifies the Access Control Department of the

new hire and basic access to the employee‟s department is granted. If an employee‟s access

requirements change, an access card request form must be completed, signed by the employee‟s

supervisor and assistant Commissioner, and submitted to the Access Control Department. An

access card request form is also completed for special situations (i.e. contractor needs access for a

short period of time, etc.). Access card request forms are retained for a minimum of three years.

Network access has been secured through the use of a fiber network and two firewalls. Remote

access is governed by Active Directory via a Lightweight Directory Access Protocol (LDAP) hook,

which links to Microsoft Active Directory as the source of user accounts. Remote access is

accessible through a Cisco secured VPN client. Users request remote access via a standard form

which is approved by their supervisor and the IT manager. Once the access request is approved, a

helpdesk ticket is generated and sent to the DOW network team. The DOW network team sets up

the user with the secure VPN client access through an active directory group based on the remote

access requested.

The DOW utilizes a private network addressing scheme. The firewall, which passes only TCP/IP

traffic and blocks all other traffic, allows a user to exchange the private network addressing scheme

for a real IP address which is recognizable by the Internet; thus allowing the user to access the

Internet. The passwords for the firewalls are enabled and controlled by the network staff.

Documentation for the network is maintained by the Network Department. The documentation

identifies all individuals with access to the Internet. Inbound traffic is limited with the use of conduits.

6. Security Administration – Application Level

Customer Care and Billing (“CC&B”)

Access to the CC&B application is controlled at two levels. Access is first controlled via

authentication to the DOW Active Directory (“AD”) through a Lightweight Directory Access

Protocol (“LDAP”) hook that is administered in the WebLogic application server tier. After

authentication to AD, CC&B users have unique user accounts set up in AD that differ from their

standard network account. Domain level password policies are applied to the CC&B accounts

and include 90-day password expiration, account lockout after 3 failed attempts, and password

complexity requirements.

Application level security is controlled within the CC&B application using security groups to

restrict specific functions. The Assistant Commissioner of CAS is responsible for authorizing

access to the CC&B application. Access to the CC&B application is administered by the project

director of the CAS Assistant Commissioner.

PCI (Revenue Collection System)

The PCI Revenue Collection System is used by the Cashiering Section of UFC. It uses group

policies to assign user network access rights, network drive mappings, and other various security

parameters. Access to the database and application files for PCI is restricted through Windows

2003 file share access control lists. DOW operations support administers access to this server

through group access. Application level access to the PCI application is administered by a UFC

supervisor.

Application level security for the PCI Revenue Collection System has been established via two

profiles: general cashier and administrator. The general cashier profile is restricted to the

cashiers to process payments and balance. UFC administrators have been assigned the

administrator profile. Due to the limited number of users to the PCI application, changes to

access are infrequent.

The PCI application requires cashiers to enter a user ID and password when opening the

application and again when accessing payment information.

Datamatic (Meter Reading)

Primary logical access is controlled through the application level security provided by the Meter

Reading application, Datamatic. The assistant administrator of meter reading and the unit

supervisor of meter reading are responsible for maintaining security at the application level.

Application level security for the Datamatic application has been established via groups. The

groups established include meter readers, collections, and inspections. Each group has been

assigned privileges based upon job function. Application users have unique IDs and passwords.

Data from the Meter Reading application on the Windows 2003 server is exported and uploaded

to CC&B nightly. The upload is controlled by the Tivoli Workload Scheduler via FTP. The

Windows 2003 server is located in the center of the Meter Reading Department. Several meter

reading staff members work in the area, which minimizes the risk of unauthorized personnel

attempting to gain access to the server.

BancTec System (Payments)

Payments are processed by the Division of UFC through the BancTec Processing System. The

BancTec remittance processors read the account and balance information as the stubs and

checks pass through the machine. The processors are located in an area secured by the keycard

system. Only data conversion operators with an operator ID and password can run the machine

and there are several employees working in the area who would be aware if someone other than

a data conversion clerk attempted to operate this machine. Files are transferred from the

BancTec system into the CC&B application through an FTP process, controlled by the Tivoli

Workload Scheduler. Changes in access are administered by BancTec after contact from DOW.

The following items assist in controlling the computer rooms to protect them from adverse

environmental conditions:

Automatic climate control;

FM 200 fire suppression system;

Raised flooring;

Fire alarm;

Fire extinguisher;

Uninterruptable Power Supplies (“UPS”);

Backup Generators;

Temperature sensors.

The computer equipment at the DOW is self insured by the City of Cleveland.

7. IT Operations

DOW operators are trained and hold the necessary skills to perform their job functions. Operators

are assigned to perform operational duties (resetting user passwords, terminal support, microfiche

processing, etc.). There are two shifts each day, Monday through Friday. Operators are supervised

by the customer systems group leader. Each shift overlaps by one half hour in order for operators to

discuss unresolved problems or operational errors. The second shift operators prepare a record

count of the files included in the nightly batch sent to IBM. After IBM runs the batches, the records

counts are used to verify batch processing was complete.

Operational functions related to the CC&B application are performed largely by IBM as part of the

application managed service contract between IBM and the DOW. The operational functions

performed by IBM are overseen by the DOW computer operations supervisor. The CC&B team

consists primarily of the following roles:

Delivery project executive (“DPE”) (IBM) – Provide on-site management for all IBM managed

services resources.

Managed services manager (IBM) – Supports the IBM DPE and acts as point of contact for

routine operational issues. Supports operations with functional analysis.

DBA/system administration (IBM) – Provides primary system administration, database

administration, and code management functions. This resource is supported by a team of IBM

DBAs and operation system administrators from the IBM global resource pool, from the hosting

group. The hosting DBAs and OS administrators perform all root-level changes to the system.

Operations monitoring and functional analysis (4 staff) (IBM) – These resources monitor batch

processing, manage the batch scheduler, prepare batch status reports, and provide functional

analysis for problem resolution.

Computer operations supervisor (DOW) – This is the first point of contact for batch processing

issues and can authorize actions on behalf of the DOW. In addition, the computer operations

supervisor is responsible for management of batch reports. This position is supported by other

DOW computer operations staff.

An operations run book is maintained to document instructions for work performed by the application

managed services team. The job schedule is contained in the operations run book and includes the

job name, job description, data preparation instructions, set up requirements, schedule information,

description of the processing steps, and expected results. Daily production jobs are submitted by the

batch scheduling program, Tivoli, or by the application managed services team based on

authorization from DOW. A nightly batch report is generated after batch processing is completed and

is reviewed by one of the IBM operations monitoring and functional analysts. Job status is also

available from the CC&B on-line application and in the application logs. The CC&B team maintains

close contact with the business users to troubleshoot any data issues.

Batch processing is performed on a dedicated batch server using Tivoli Workload Manager. A

development batch server is available in the event the primary batch server should fail. The server

can be restored as the primary server.

The production CC&B environment is configured for high availability. There are two physical

application servers, each running two Java Virtual Machines (“JVMs”). Calls to the application

servers are load-balanced in a round-robin manner between the four JVM. Two database servers are

configured in an active-passive configuration using the AIX operating systems native High Availability

Cluster Multi-Processing (“HACPM”) protocol.

The computer operations supervisor can view the DOW batch data files that have been uploaded to

CC&B on the IBM server. These data files are archived daily and have been maintained since DOW

has gone live with the CC&B application.

All reporting for the CC&B application is produced using Business Objects Crystal Reports. Reports

are generated for various departments by accessing the Crystal reports server upon completion of the

nightly batch processing. Nightly reports are run against the CC&B production database. Once

reports have been generated, they are generally available by 8 AM and accessible through Business

Objects. An off-line copy of the CC&B production database, Operational Data Store (“ODS”) is

available for on-demand reporting and data analysis. The ODS is updated in real time using

Streams, a database layer technology from Oracle. Control queries are run on a daily basis to verify

ODS is in synch with the CC&B production database. ODS is maintained by the DOW staff.

Reporting errors or failed reports are forwarded to IBM for resolution via a help desk ticket. If the

errors are not resolved by 8 AM, department managers are notified by the computer operations

supervisor that reports are unavailable. Once the problems are corrected and the reports are

generated, a follow up email is sent to department managers indicating the reports are available.

The DOW has an agreement with IBM for hosting and application managed services, which includes

offsite data backup.

IBM developed a schedule that outlines which servers and databases are backed up, as well as the

frequency and the duration of the backup. Production and non production (development) servers are

incrementally backed up on a daily and yearly basis. IBM also completes a full backup of DOW‟s

production database every Tuesday, Thursday, and Saturday, with an archive log backup performed

on a daily basis.

Production data for the Revenue Collection System resides on the DOW Storage Area Network

(SAN). The DOW has two SAN nodes. The main SAN node is located at the Information Technology

Center and the backup SAN node is located at the Public Utilities Building. The two nodes are

approximately 11 miles apart. The main SAN is replicated to the backup SAN. The DOW is prepared

to switch from the main SAN in the DOW computer room to the backup SAN at the off-site facility.

The SANs are maintained and monitored by a third party vendor, EMC. The SAN replication

monitoring services provided are error based. Monitoring is not performed nor is a report generated

to confirm the backup SAN is in sync with the main SAN unless an error occurs. Should an error

occur, EMC will contact the network analyst to notify DOW of the error and the fix performed by EMC.

Environmental controls at the SAN include a backup power supply (UPS), FM 200 fire suppression

system, and an air conditioning unit.

D. FINANCIAL APPLICATION CONTROLS

1. Customer Care and Billing (“CC&B”) Organizational Chart

2. Background

The DOW implemented the Oracle® Utilities, Customer Care and Billing (“CC&B”) application

(leading package software for utility billing). This system handles all aspects of utility billing including:

customer information/service connections, meter reads, rates, billing, field service, and meter

management.

All reporting for CC&B is produced using Business Objects Crystal Reports. Reports are accessed

by end users via a web-based user interface. Business Objects is secured with an application-level

username and password separate from the CC&B username and password. Report access is

controlled by user groups.

In addition, when events occur that can only be resolved manually, the CC&B application creates an

e-mail like message that describes the event. CC&B refers to these events as To Do entries.

Examples of events that trigger the creation of To Do entries include bill segment errors, payment

errors, and accounts without bill cycles. These To Do entries display in a To Do list, which is

generated nightly during batch processing. Each To Do entry is assigned a specific To Do role. The

role defines the user or users who may view and work on the entry. When viewing a To Do list, the

user sees only the entries associated with roles to which the user belongs. The To Do lists are

distributed to managers and supervisors.

The managers and supervisors associated with the role assign the To Do entries to customer service

representatives for follow-up and resolution. When the customer service representative displays the

transaction associated with the To Do entry, he/she is assigned as the person “working” on the entry.

Once the error is resolved, the user marks the entry as complete. Completed entries no longer

appear on the To Do list; however, they are retained on the database for audit purposes. In addition,

users may need to send To Do entries to other departments (i.e. assign To Do roles) if more than one

business segment is needed to resolve the To Do entry.

A To Do Entry Summary and To Do Events report are generated nightly as a part of the batch

process and can be accessed by all Customer Account Services (CAS) managers and supervisors.

The To Do entry reports can be obtained through Business Objects (located in the Customer Service

Folder).

In CC&B, the To Do Supervisor Summary shows the total unresolved To Do entries by type. The

summary also breaks the unresolved To Do entries into two categories, unassigned and unresolved

entries (“open”) and assigned entries being worked (“being worked on”). To Do entries that have

been resolved are closed and no longer visible to users in CC&B. To help in assigning To Do entries

to staff, managers and supervisors have the ability to query the To Do entries in CC&B by clicking on

the aging graph information as well as the totals. The oldest To Do entries are extracted and

assigned to end users to complete within a specified timeframe. CC&B classifies To Do entries

according to age and by color on the graph according to the following categories:

Less than 50 days old. (green)

Between 50 and 100 days old. (yellow)

Greater than 100 days old. (red)

Upon conversion to the new system, several factors contributed to a rapidly increasing list of To Do

entries. Because policies and procedures had not been developed to address the various types of To

Do entries, how to resolve, and how to monitor, a backlog of To Do entries was experienced by the

end of the audit period. Some of the factors that contributed to the backlog of To Do entries included:

The dissemination of To Do entries to the appropriate departments had not been fully developed.

A high number of accounts were out of the tolerance range for acceptable reads. When not

resolved within seven business days, the account received an estimated bill.

Backlog of data entry of meter exchanges and final meter readings (start/stops at cutover).

A high number of out of order meters, no reads, and vacant premises.

The parameter setting for the maximum number of estimated bills before an actual read must

occur was set to two and near the end of the calendar year, some accounts reached this

threshold.

3. Meter Reading

Individual meter readings are performed on a quarterly basis (every 91 days) for each customer. All

active accounts in a scheduled route are assigned for a meter reading each billing cycle. Inactive

accounts, which are not read, are placed into an „inactive status‟ route which is never scheduled.

Inactive accounts are accounts where the service point has been abolished. This would occur, for

example, when a block of houses are demolished in anticipation of commercial building on that

property. To maintain the history for those accounts, they are marked as inactive.

Hand-held computers, called Road Runners, and laptop computers are used for meter reading. The

Road Runners and laptops interface with a vendor purchased meter reading application from

Datamatic LTD, on a Windows 2003 file server. The Datamatic meter reading application interfaces

with the Customer Care and Billing (CC&B) application that runs on the Oracle® web based IBM

managed platform.

There are four types of meter reads:

Daily meter reads for residential and commercial customers using the Road Runner devices.

Investigation meter reads performed by investigation meter readers at a customer‟s request.

Meter data is entered into laptop computers.

Final meter reads are performed when there is a change of ownership.

Collection meter reads are required for delinquent accounts. The data is entered into laptop

computers by collection meter readers.

The following definitions refer to the “types” of meters:

Inside meter with remote reading device: A base meter is located inside the business and/or

premises which records consumption. A remote device is located on the exterior of the premise

that reflects the consumption from the internal base meter. Meter readers read the remote

reading device.

Vault meter: Normally located in a manhole in the street and/or in residential tree lawn. A vault

meter is required when the size of the meter fitting is 3 inches and greater for commercial

accounts. A meter vault will also be required if the distance between the existing right away and

the domestic service point of entry in to the building/premise is more than 150 feet.

Master meter communities: Industrial meters that record consumption usage for communities that

purchase wholesale water from DOW. These meters are read by DOW twice a month and are

billed monthly.

Compound meter: Have two registers that record high/low flow consumption usage and are

mainly installed at commercial/industrial premises.

Re-registering meter: Installed at premises that record consumption for outside usage. In these

cases, a premise will have two or more meters installed. These meters are typically installed on

premises that have a swimming pool or sprinkler system that is metered separately.

Consumption usage is recorded and the customer account will reflect a discount on sewer

charges.

4. Daily Meter Reads

The Meter Reading Department prepares an annual master schedule of meter reads and bill cycles

per route. The master schedule comprises a 91-day period for each route. On a daily basis, based

on the master schedules for meter reads and bill cycle, the system will automatically send three days

of meter reading routes to the Datamatic meter reading application. The meter read and bill cycle

spans an eight-day period. Day 1 of the meter read cycle is the day meter readers actually read the

meters and the readings are uploaded to CC&B application. This is followed by an edit window of two

days in which To Do entries, generated by validation tests, are worked before moving to the billing

cycle. The billing cycle begins at the close of the third day when bills are generated during the nightly

batch process. Bills from the meter read cycle continue to be generated, on days four through eight

as To Do entries are resolved. Accounts with To Do entries that remain unresolved by day eight

receive an estimated bill.

Using the three-day sequence schedule, the daily routes for each meter reader are downloaded from

the Datamatic meter reading application into the individual handhelds (Road Runners) and laptops.

The meter readers are unable to alter the routes downloaded to the meter reading equipment, and

they cannot add or delete accounts on the scheduled route. The meter readers are able to key in the

reading information, enter a skip code if a reading cannot be obtained, and, if necessary, enter a

special message to explain their entry. Each meter reader receives a daily meter route, which can

vary from cycle to cycle. Therefore, meter readers do not always read the same routes.

Meter readers manually enter the water usage for each meter on their route into the Road Runner. A

tolerance test occurs at the Road Runner level for a range of difference between the current and

previous reads. The Road Runner beeps when a tolerance test fails and the meter reader is required

to re-enter the read. If the same read is entered twice, the Road Runner will accept the read.

Road Runners are first reviewed by the meter readers to ensure an attempt was made to read all

accounts. A field supervisor then checks the Road Runners for blanks, number of locks, and number

of pumps (manhole covers). Locks result from inaccessibility to the meter (i.e. an irate customer, a

fenced in yard, a vicious dog). A second field supervisor checks the Road Runners for blanks before

the upload to the Datamatic meter reading application.

Because the Datamatic meter reading application will not upload a route with blanks, skip codes are

entered for each blank which will result in a To Do entry. The To Do entry will require follow-up as the

account will be investigated in the office by a customer service representative which may result in the

account being rescheduled for a follow-up meter read. Meter readers are encouraged to add a

message to aid in the follow-up process.

5. Investigation Meter Reads

Investigation meter reads are initiated by customer request (i.e. customer calls and requests read, or

has an issue) and are scheduled with the customer through customer service. Investigation meter

reads are performed by investigation meter readers using laptop computers. The accounts are

scheduled for a reading, organized into a route, and downloaded to the Datamatic investigations

application where they are then downloaded to the laptops. The Meter Reading Department assigns

about 60 meter reads to each investigation meter reader daily. The investigation meter readers visit

the premise, record the water usage information from the meter, and add notes to aid the customer

service representative initiate the action to be taken because of the investigation meter read. The

investigation meter reads are uploaded to the Datamatic investigation application at the end of the

business day. These accounts then follow the same process as the daily meter reads. Investigation

meter reads are for informational purposes only and do not produce a bill.

While scheduling the investigation meter read, a customer service representative may see a need to

prevent the customer account from going to collections for nonpayment while the investigation is in

process. In this case, the customer service representative will extend the customer‟s payment plan

based on a CAS pre-established time table. Depending upon the type of investigation, this period is

between 30-90 days. The CC&B application requires an end date be entered when extending the

customer payment plan. The payment plan extension relates to the payment process only (collection

for non-payment) and does not stop bill generation. If a meter read and bill cycle occur during the

investigation period, a bill will be generated and sent to the customer showing the accumulated

account balance.

Customer service follows up on investigation meter reads after upload into CC&B. If the investigation

meter read requires no further action by DOW, a notification letter is sent to the customer to indicate

the results of the investigation. However, this letter does not appear in CC&B.

If further action is necessary, for example, an adjustment to the account, customer service will initiate

the action in CC&B. The request for action is sent to the appropriate DOW department via a To Do

entry.

6. Final Meter Reads

Final meter reads are performed when there is a change of ownership. When a customer calls DOW

to initiate a final meter read, the customer service representative first reviews the customer‟s account

information. If there are no alerts on the account information or the bill has not been previously

estimated, the customer service representative may accept a customer read over the phone which

results in the generation of a final bill. However, if there are alerts on the account (i.e. out-of-order

meter) or the bill has been previously estimated, then an investigation meter read is required. The

final meter read would be scheduled and organized into a route with the investigation meter reads.

After the final meter read is obtained, a final bill is sent to the previous property owner. When a final

meter read is obtained via an investigation meter read, a final meter read fee is charged.

7. Collection Meter Reads

Collection meter reads are required when restoring water services for delinquent accounts and are

performed by collection meter readers using laptop computers. Turn offs are scheduled through the

Datamatic collections application, and follow the daily meter read download and upload process.

The CC&B generates a 15-day notice to the customer indicating the meter will be turned off within 15

days due to failure to pay. After the 15 days, a three-day notice is generated and sent to the

customer. When the meter reader goes to the site, they will leave a final notice (door hanger) at the

premise indicating when the water services are scheduled to be terminated if payment or

arrangements are not made. The water will be turned off at the connection if it is accessible. The

meter reader takes an actual read at turn-off, but the customer is not billed for the consumption at that

time. The consumption accrued between the customer‟s previous meter read and turn-off is included

in the next meter read obtained to generate a bill after the connection has been turned back on. If a

connection has been turned off for more than two weeks, it is scheduled for another meter reading in

order to update the meter status (i.e., unoccupied residence).

During this period of transition from the old system to the new system, when a field activity was

generated to turn off water services because of non-payment, the service agreements were

suspended. The accounts were flagged for review and placed in a “pended” status. The accounts

were no longer billed, although they should have continued to be billed for the customer service fee

and minimum sewer charges. However, there has been a configuration change to the CCB system

that allows accounts to continue to bill for the customer service and the minimum sewer charges

based on their quarterly cycle.

8. Datamatic Meter Reading Upload - All Meter Reads

At the end of each business day, data keyed into the Road Runners and laptops is uploaded to the

Datamatic meter reading application. The data uploaded to the Datamatic meter reading application

is then uploaded into CC&B through the nightly upload batch process by IBM.

After the nightly upload, the Datamatic meter reading application generates the Routes Received

from Road Runners report. This report is sorted by route number and lists the number of meters

scheduled to be read, the number of meters actually read, and the number of meters skipped. The

following day, the unit supervisors in meter reading (residential and commercial) review the meter

read cycle and confirm each route from the Datamatic application has a schedule status of “complete”

in CC&B. On a daily basis, the Batch Execution Status report is received by the assistant to the

assistant administrator of meter reading. Data from the Datamatic meter reading application that did

not post to the CC&B application is included on this report. This occurred when a remark entered by

the meter reader is “non-standard” for computer update. These “non-standard” remarks may occur

frequently, but the volume is low. These exceptions are reviewed and resolved by the assistant to the

assistant administrator of meter reading and are manually input into CC&B.

9. CC&B - Tolerance Tests

Tolerance tests are performed on the meter reading data after it is transferred to CC&B. Tolerance

tests are performed to check for the reasonableness of the consumption amount. Tests are also

performed to ensure consumption only occurred on active accounts.

The tolerance algorithm for high low consumption is defined in the CC&B administrative tables. The

ability to change the tolerance algorithm for high low consumption is restricted to the assistant

administrator of billing and the customer support representative, who acts as the internal

configuration resource for DOW. IBM has access to the tolerance algorithm for high low

consumption, via the Oracle® Developer tool used for querying the database.

When an account fails the tolerance tests, a To Do entry is created. If the tolerance tests are passed,

the account is updated with the meter read and the bill is processed when the bill cycle opens.

10. CC&B - Edit Checks

During the nightly batch routine to update CC&B, two types of edit checks occur:

Validity Checks - Checks for invalid data such as month out of the range of 01 through 12, day

out of range of 01 through 31, non-numeric data in a numeric field, etc.

Logic Checks - Checks for logic errors such as customer sequence not equal to transaction and

master files, sub-meter consumption greater than main meter consumption, read date equal to or

before the last read date, etc.

Edit check failures result in the creation of To Do entries.

11. Meter Reading To Do Entries

The Meter Reading To Do lists are distributed to managers and supervisors. The Meter Reading

Department assistant administrator assigns the To Do entries to the Meter Reading Department

customer service representatives to investigate. The customer service representatives are

responsible for working the assigned To Do entries. To Do entries are worked by reviewing the

account information and various screens related to the meter reading cycle, including the account

information, meter read history, meter information, and skip codes entered by the meter reader. If a

customer service representative determines a re-read is needed, the customer service representative

selects the „Re-Read‟ button on the CC&B meter read screen. This automatically assigns the

account to a route, which will go out the next day to obtain the tolerance meter read. Tolerance meter

reads follow the daily meter read process.

Re-reads result in a field activity, which is a task that takes place at a service point (i.e. install meter,

read meter, disconnect service). The assistant to the assistant administrator of meter reading

periodically requests a listing of all outstanding field activities from IT. The assistant to the assistant

administrator of meter reading reviews the field activities listed on the report to identify the status and

initiate the needed follow-up action for resolution. The Department obtained a listing of outstanding

field activities three times during the period to monitor field activities.

12. Estimated Bills

In most cases if a meter reading cycle To Do entry is not resolved within the eight-day meter read and

bill cycle, an estimated bill is automatically generated. This helps ensure all accounts are billed each

billing cycle.

Bills are estimated using the consumption on the previous term bill. If that is not available, the

previous year‟s consumption for that term is used (the bill from the same quarter of the previous

year). Meter Readings history from the last twelve periods was brought forward from the legacy

system. If neither is available, the area trend consumption is used. Area trend consumption is the

average consumption within the city code. The estimated consumption is then applied to the billing

rates to calculate the bill in the same fashion as an actual consumption read.

CC&B only permits an account to be estimated two times. After two system estimates, the system

will not generate a third estimated bill. When converting to the new system, any account on DOW‟s

legacy system with an estimated status was brought over to the new system as having only one

estimated bill. As such, any account with an estimated bill on the AS/400 billing application would

start with one estimated bill in CC&B. If an actual read could not be obtained after the first CC&B

billing cycle, the second estimated bill would be generated. The following bill cycle, the CC&B

maximum estimated bill parameter of two estimated bills would be met and a bill would not be

generated without an actual read.

DOW‟s process for accounts, maxed out at the time of the first quarter 2011 bills, is to request an

extraction of accounts that are pending bills with a closed bill cycle from IBM. These accounts are

reviewed by the meter reading staff and the accounts will be billed based on an actual read. If no

actual read is available, the account will require a re-read investigation. A field activity is scheduled.

Upon completion of the field activity, the account is billed. If an adjustment is needed, the meter

reading staff will cancel and rebill the account to reflect the actual meter reading. If the account

needs to be adjusted that results back to the legacy system to correct then a “To Do” entry is created

and assigned to the Billing department to complete the adjustment.

13. Out-of-Order Meters

In CC&B, out-of-order meters can be identified through the „Out-of-Order‟ account alert.

Customers can report out-of-order meters to the Meter Reading Department or meter readers can

enter a skip code into their Road Runner handheld meter reading device that signifies an account has

an out-of-order meter. The account remains in the active status to ensure it is still scheduled to be

read along with the meter reader‟s route each billing cycle.

Each evening a computer program processes accounts marked with an out-of-order alert and

generates letters to the customer. The letters are sent to the customers requesting them to contact

DOW to schedule an appointment for meter replacement. There is currently no follow-up by the

DOW with customers who do not call to schedule an appointment for meter replacement.

E. BILLING PROCEDURES

On the third day of the meter read cycle, the bill cycle or bill window opens. The assistant

administrator of billing receives the daily bill file from IT. The daily bill file contains the billing

information sent to SourceLink, the third party vendor who prints the bills. All accounts listed in the

daily bill file have passed the CC&B tolerance and validity tests. The assistant administrator of billing

reviews the daily bill file again for any issues (i.e. high consumption, high homestead) to determine if

the bill print should be held and investigated. If any accounts are held for further review, the assistant

administrator of billing will suppress the bill at SourceLink, via an on-line viewer, which prevents the

bill from printing that day, and DOW investigates the billing issue. The assistant administrator of

billing maintains a spreadsheet of all suppressed bills to ensure all accounts are investigated,

resolved, and a bill is eventually generated. Once resolved, the bills are included in the daily bill file

sent to SourceLink to print. The spreadsheet is submitted weekly to the Assistant Commissioner of

CAS as part of DOW‟s monitoring procedures.

The assistant administrator of billing maintains a spreadsheet to track the total number of bills

produced on a daily basis. After SourceLink prints and mails the bills, they send an invoice for the

postage to the DOW. This invoice includes the total dollar amount for the postage as well as the

number of bills printed and mailed. The assistant administrator of billing compares the “billing counts”

spreadsheet to the number of bills sent by SourceLink to ensure all bills were printed and mailed by

the vendor.

CC&B generates a Detail and Summary Bill Register, which lists all bills generated from the nightly

processing. This report is used by Accounts Receivable to balance the daily accounts receivable.

Billing Related To Do Entries - The assistant administrator of billing receives the To Do entries related

to EZPay, bill segment errors, and bill cycle errors, and assigns the To Do entries to Billing

Department staff to work.

1. Master Meter and Emergency Stand-by Accounts

Master meter accounts exist for communities that buy water from the City of Cleveland, but have their

own distribution systems. Master meter communities include: Bedford, Chagrin Falls, Cleveland

Heights, Lakewood, and Geauga County. Accounts also exist for emergency standby communities

that only purchase water from the City in emergency situations. Those communities include: Berea,

Lake County, Lorain County, North Ridgeville, Medina County, Summit County, Hudson Village, and

Portage County.

Master meters are read every 15 days to ensure they are working correctly. Readings are recorded

in books maintained by the meter reading section. Master meter communities are billed monthly.

Readings are updated into the Master Meter accounts in CC&B. Readings from the books are

entered into a spreadsheet by the assistant administrator of billing, as a backup control procedure.

Master meter bills are generated through CC&B. Master meter communities bill their respective

consumers. Emergency communities are billed for water only when used.

2. Rate Authorization

Rates for water, sewer, and fire lines are authorized by Cleveland City Council, Northeast Ohio

Regional Sewer District (“NEORSD”) or local communities. The assistant administrator of billing

enters new billing rates for water, sewer, and fire lines into the system.

3. Water Rates

Cleveland City Council approves water and fire line rates. Water rates for communities are prorated

based on elevation. The three levels are:

Low and 1st high.

2nd high.

3rd high.

The City of Cleveland has only one water rate for both residential and commercial customers. Since

January 1, 2007, there has been no minimum consumption charge for water.

4. Sewer Rates Only

NEORSD rates are approved by the regional sewer board. Local rates are set and approved by local

city councils. Charges for sewer are based on water consumption times the sewer rate.

5. Fire Lines

Fire line rates are established by Cleveland City Council and billed at a flat rate regardless of usage.

6. Customer Service Charge

DOW assesses a $7.00 quarterly customer service charge to all accounts to recover the costs of

meter reading, billing, remittance and other customer service activities. For accounts with a bill

beginning date after July 16, 2011, they are no longer billed this $7.00 but are now billed a fixed rate

based on meter size.

7. Rate Confirmation

UFC confirms rates for all direct service municipal agencies for which billing procedures are

performed. The objective of the rate confirmation is to verify the accuracy of rate data in the Division

of Water‟s billing system. This confirmation process is performed annually.

The confirmation letters include all current rates being billed for each community. In addition, each

community is asked if the DOW should be billing for any rates other than those indicated on the

confirmation. The community is requested to return the confirmation along with a copy of the

ordinance authorizing the rates. UFC sends the letters by certified mail to ensure each community

receives the confirmation letters. If UFC does not receive a response within a reasonable time, a

second confirmation letter is sent to the community.

Confirmation letters are returned to UFC and filed in the Comptroller‟s office. If an incorrect rate was

ever noted, UFC would prepare a control sheet (Water/Sewer Rate Change Procedure and Control

Sheet) to have the rates in the system corrected. The control sheet along with a copy of the returned

confirmation is forwarded to the DOW Billing Section. The Billing Section is responsible for updating

the rate in the billing system as well as any other corrections indicated on the returned confirmation.

8. Rate Change Procedure

Rate ordinances are received and forwarded to the Commissioner of UFC. The UFC manager

prepares the control sheet (Water/Sewer Rate Change Procedure and Control Sheet), and signs and

dates an acknowledgement statement. The following information is included on the control sheet:

Entity requesting the change.

Effective date of the rate increase.

Ordinance number.

Old rate.

Date of ordinance.

New rate.

9. Date received by the Commissioner of UFC.

The rate ordinance and any other supporting documentation is attached to the control sheet. The

control sheet and ordinance are forwarded to the Billing Department to update the rate schedule in

CC&B. The Assistant Administrator of Billing is the only individual authorized to enter new billing

rates for water, sewer and fire lines into CC&B. The Assistant Administrator of Billing performs

testing to ensure the rates were entered correctly and billed amounts are accurately calculated using

the new rates. The Assistant Administrator of Billing then signs and dates an acknowledgement

statement on the control sheet and forwards the control sheet and ordinance to the Assistant

Commissioner of CAS for final verification. The Assistant Commissioner of CAS signs and dates an

acknowledgement statement on the control sheet and forwards the completed control sheet and

ordinance back to UFC to be filed in the entity‟s file.

10. Adjustments

Requests for adjustment are initiated by customer calls to either Customer Account Services (CAS) or

the Meter Reading Department. The CAS representative will review the account to determine if an

adjustment is warranted. If so, the representative will initiate a To Do entry in CC&B and forward it to

the Billing Department for processing. Requests originating from CAS are reviewed and approved by

the Assistant Commissioner of CAS. If the request originates in the Meter Reading Department, the

requests are reviewed by the unit supervisor for accuracy. All approved requests are sent to the

Billing Department for processing.

The Collections Department staff handles requests for adjustments due to bankruptcy and

foreclosures. The requests are initiated and the adjustments are processed in CC&B by the skip

trace staff in the Collections Department for accounts that do not exceed $2,500. Accounts that

exceed the dollar threshold are reviewed and the adjustments are processed by the manager and/or

assistant manager of collections. The write-off process has three levels of approval including the

immediate supervisor, the collections manager, and the Assistant Commissioner of CAS before the

requests are submitted to UFC for auditing. After UFC completes the auditing process, the write-off

requests are forwarded back to the Collections Department to remove the monies from the service

agreements. Each account has a service agreement for each type of service received (i.e. water,

sewer, local).

When a customer calls to request an adjustment due to underground/undetectable leaks, the

Customer Service representative will mail the customer the DOW plumber statement form to

complete and return to the attention of the Billing Section. Upon receipt, a Billing Section

representative reviews the plumber statement form to determine if an adjustment is warranted. If an

adjustment is warranted, the Billing Department will initiate and process the adjustment in CC&B with

the appropriate adjustment type. An underground/undetectable leak adjustment is a 50% discount on

the excess usage. Excess usage is determined by reviewing the customer‟s historical consumption

information. DOW processes approximately 300-400 underground/undetectable leak adjustments

annually and customers are only eligible once.

All monetary and non-monetary adjustments to water and sewer bills are made in the Billing Section

and an adjusted bill is mailed the next day. For example, if an account is located in Olmsted

Township, but was billed as Olmsted Falls, the bill factor would need to be corrected. This is

considered a “non-monetary” adjustment.

Cancel/re-bill adjustments are solely the responsibility of the Billing Section staff to execute on a daily

basis. A To Do entry is created in CC&B describing the required adjustment from one of the following

departments: Customer Service, Collections, Meter Reading, or Customer Account Service

Administration. Adjustments due to underground/undetectable leaks are processed in the Billing

Department and documented in the CC&B with the appropriate adjustment type. The Billing staff

member prints the To Do entry and any supporting documentation to substantiate the adjustment.

The following day, the supervisor reviews the account(s) for the consumption and billed amount via

history screen printouts to validate the correctness of the revised bills. There is no evidence of this

review if no errors are found in the adjustment. If there is an error the supervisor will most likely note

it on the adjustment support and return the adjustment to the Billing staff member for correction and

reprocessing. After supervisory approval, the completed adjustments are prepared for mail

distribution and the To Do entry and any supporting documentation is filed in the Billing Section.

Adjustments, which affect the payment side of processing, are considered “monetary” adjustments.

Adjustments exceeding $1,000 must be accompanied by supporting documentation and have the

Assistant Commissioner of CAS‟s approval before being forwarded to UFC. Once an adjustment is

received by UFC from CAS, it is audited and signed by the accounts receivable supervisor.

Adjustments under $1,000 are not audited by UFC. If the transaction is a refund over $1,000, the

Comptroller will also review and sign the transaction. Prior to the actual approval for a check to be

issued, all refund transactions are audited by UFC for completeness and accuracy.

When an adjustment is received, it is date stamped and entered into a control log that documents the

account number, amount of the transaction and the date received. UFC maintains a copy of all

transactions audited.

F. NEW ACCOUNT SET UP

CC&B application security is controlled in two levels: domain level security and application level

security. Domain level security is controlled via authentication to the DOW Active Directory (“AD”)

through a Lightweight Directory Access Protocol (“LDAP”) hook that is administered in the Weblogic

application server tier. CC&B users have unique usernames set up in AD which differ from their

standard network username. CC&B domain accounts are established by the DOW IT network team.

Application level security is controlled within CC&B through the use of security groups. This is

administered by a dedicated CC&B security administrator. Rights must be granted in both Active

Directory and the CC&B application for a user to access the system.

CC&B domain accounts are established by the DOW network team after an approved IT system

request form is submitted to IT via established helpdesk processes.

The Customer Account Services (“CAS”) security administrator is responsible for providing security

permissions and ensuring all employees have the appropriate access levels to perform their daily job

functions. The requirements for granting a user application level security in Customer Care and Billing

(CCB) system requires proper authorization from the section manager and the Assistant

Commissioner of Customer Account Services prior to access being provided to a new user.

Prior to application level authority being granted, a Customer Care and Billing access form is

required to be filled out by each end user with the appropriate sign-off approval from the section

manager and the Assistant Commissioner of Customer Account Services prior to any application level

security access rights being updated in the billing system.

Upon receipt of the approved security access forms the security administrator will update the

application level security rights accordingly in the billing system. There is an annual renewal process

that is currently in place, which requires all end users to resubmit updated Customer Care and Billing

(“CC&B”) access forms on an annual basis. The renewal access forms are checked against the

system security access for accuracy. In the event the security administrator does not receive an

updated access form during the renewal period the end user(s) system access will be revoked until

such forms with the authorization approval is submitted. There are also periodic security level checks

in addition to the renewal process that are performed by the administrator to ensure the users have

the appropriate access rights.

G. PAYMENTS

DOW customers can make utility payments through a number of different channels. Payments can

be made in cash or by credit card at the Public Utilities Building on Lakeside Avenue; however, less

than 10 percent of total payments are made by this method. Customers can mail their payments to

the DOW, pay through an on-line agent like Kubra, or pay at banks and other payment locations such

as drugstores or third party vendors. In addition, customers can make arrangements with the DOW

for automatic debit of their bank account. The DOW has also contracted with PNC Bank for lockbox

services for its larger clients and master meter accounts. UFC is responsible for the payment and

accounting functions for the DOW.

1. UFC Cashiers Department

The UFC Cashiers Department uses the Professional Consultancy International (PCI) Revenue

Collection System (“RCS”) as their cashiering system.

Cashiers receive water and sewer payments from walk-in customers at the 1201 Lakeside Building.

The cashiers are the only individuals throughout the payment process who are authorized to receive

cash. Cashiers are responsible for balancing their daily receipt totals individually. At the end of the

business day, each cashier balances the tender (cash, checks and credit card payments) to the

transactions recorded in the PCI system. The cashier also balances by service type (i.e. Water and

Sewer payments or Permits and Sales payments). The cashier prints and signs the cashier activity

reports. The Principal Cashier reviews the cashier activity reports for accuracy. A PCI Daily Bank

Totals Report is generated listing all cashier transaction information by tender and account for

deposit. Each cashier balances to this report. All cashiers sign the Cashier Deposit Sheet which

signifies deposits were verified. Each cashiers deposit is placed in a sealed bag and placed in a

locked pouch. All of the cashiers‟ deposits are then placed in a large locked bag. The deposit and

Daily Bank Totals Report are taken by a security guard to the Department of Treasury at Cleveland

City Hall. At the Department of Treasury, the cash and checks are recounted, the deposit slip is

prepared and the deposit is sent to the bank. At the end of each day, a payment file is generated by

PCI and uploaded to CC&B through the nightly batch process to update customer accounts with the

appropriate payment information.

Security cameras have been placed throughout the cashier area. The cameras capture all activity

digitally. The information is stored on a server for a minimum of 30 days for review if necessary. In

addition, UFC and Public Utilities security are able to view the activity in the cashier area with real

time cameras through a PC. Access to the cashier‟s area is restricted by keycard and is limited to

cashiers, UFC management, and security personnel who pick up the deposit.

2. UFC Cash Receipts Section

Mail Receipts - The UFC Cash Receipts Section processes water and sewer payments received by

mail. Mail is first sorted into two categories, agency and postal delivery. The agency mail is sorted

into three categories: banks, payment locations, and pay-by-phone (Huntington Bank).

Mail is opened using an electronic mail opener. A Cash Receipts Department staff member extracts

the contents of each envelope, checking for payment and stubs and then sorts the payments into

various payment groups. The payment groups are:

Full / partial payments

Check only

Multi payments

Large multi

Check and skirts

Check and list

Check only non-posting

Stub only

Full payments are processed by the 9500 BancTec Remittance Processing System. Stubs and

checks are scanned through the remittance processor machines. The machine stops if a stub of

$250 or more is scanned and asks the operator to “accept” or “skip” the payment. Most payments of

$250 or more are not automatically run through the BancTec system, but are hand keyed. The only

large payments run through the BancTec Remittance Processing System are those received from

agencies. The 9500 BancTec Remittance Processing System also performs the following edit

checks:

Batch type must be a valid menu option.

Form number must be numeric.

Account number must be 10 digits, numeric, and may not contain all zeros on stub.

Account number check digit must be numeric. Check digit on positions 2 - 11. One digit required

for validation as check for documents of type 1 (water/sewer) on check.

Amount due must be nine digits, numeric, and may not contain all zeros on stub.

Payment code must equal 0, 1, 4, 5, 7, 8, or 9 on stub.

Customer sequence number must be numeric on stub.

Any unscannable stub payments and check-only payments are processed through the PCI cashiering

system.

3. Agency payments

Agency payments consist of payments from banks and payment locations that act as agents for the

DOW and accept utility payments from customers. These agents, in turn, remit the payments to UFC

by issuing their own checks for the total daily receipts. Customer payment stubs are also sent to UFC

to support the total amounts. The stubs are run through the BancTec remittance processors. Batch

totals calculated by the BancTec system are compared against the checks received from the agents.

Discrepancies are investigated and reviewed immediately.

The Cash Receipts Section retrieves daily account statements from the appropriate Bank websites for

EZ Pay, lockbox, and direct deposit transactions.

4. EZ Pay Method

Customers can make arrangements to pay water and sewer bills by allowing the DOW to

automatically deduct quarterly payments from their bank accounts. On a daily basis, the DOW

generates a file of EZ pay customers with payments due and the date for extraction. This file is sent

to PNC Bank, who will debit the accounts of the listed customers and deposit the stated payments to

the DOW‟s account for the day listed on the register. The appropriate bank statement is accessed

each day by the Cash Receipts Section and the EZ Pay deposit is verified to it.

The DOW sends payment stubs to EZ Pay customers to inform them of the total amount due and the

date when the payment will be deducted from their account. Consumers generally receive payment

stubs about 10-15 days before the due date, to allow them to dispute the payment due amount, or to

ensure that sufficient funds will be in their bank accounts by the withdraw date. In the event the

customers do not have sufficient funds in their bank accounts, PNC Bank will deposit the amount to

the DOW and then issue a separate debit/returned item, which will adjust the DOW‟s account

accordingly. UFC will reverse the payment from the customer‟s account.

5. Lockbox Method

The UFC uses the lockbox services of PNC Bank for payment of large commercial accounts. UFC

receives a daily report from the bank showing the control totals of the daily receipts and deposits

made to the DOW‟s bank account. UFC also receives payment stubs for lockbox payments, which

are run through the BancTec system.

6. Direct Deposit Method

In the direct deposit method, customers use an agent to pay their utility bill. The agents provide an

electronic payment file which is uploaded to CC&B through the nightly batch process and the

payments are direct deposited to the DOW‟s bank account. Payments made through Checkfree,

Metavante and Kubra fall in this category. UFC receives a fax from Smartel/Huntington Bank

detailing customer account information and payment amounts. This information is manually keyed

into the BancTec Remittance Processing system. UFC receives a daily report from the agents

showing the control totals of the daily receipts and deposits made to the DOW‟s bank account. The

agent totals are balanced to the bank deposit totals.

7. Cash Receipts Balancing

The Cash Receipts Section reconciles all of the mail, agency, EZ pay, direct deposit and lockbox

totals to the total deposit each day. The reconciliation detail is summarized on a report of water and

sewer cash receipts for the day.

8. Cash Receipts Deposit

All checks received by the Cash Receipts Section are sealed in a deposit bag. A security guard picks

up the deposit bags and delivers them to the Department of Treasury in Cleveland City Hall where a

deposit slip is prepared. The deposit is then picked up by a security guard and taken to the bank.

Access to the Cash Receipts area is restricted by keycard and is limited to the Cash Receipts Section

staff, UFC management, and security personnel who pick up the deposit.

9. CC&B Upload and Payment Balancing

DOW‟s IT Department sends files with the PCI and BancTec payment processing information to IBM.

Other agents send the payment information in electronic files directly to IBM. Payments are uploaded

into CC&B through the nightly batch process which updates customer accounts. Validity and logic

tests are performed on the payment data in CC&B. Payments which fail the tests are applied to a

suspense distribution code for investigation by the UFC Accounts Receivable Section the following

day.

The next morning, Accounts Receivable compares the tender totals on the Daily Payment Listing

(R006) from CC&B to payment reports for each tender type on the manually updated payment

balancing reconciliation spreadsheet. Differences such as payment exceptions are explained on the

spreadsheet. However, if a difference is identified, UFC will work with IT to investigate it. Controls

are in place to perform a daily reconciliation of all payment types.

10. UFC General Accounting Section

The Cash Receipts Section sends calculator tapes (mail receipts and agency payments) and direct

deposit reports (lockbox and direct deposits) to the UFC General Accounting Section. The Cashiers

Section also sends calculator tapes for cashier totals to the General Accounting Section. The

General Accounting Section prepares Cash Receipt documents (“CR”) in the City‟s financial

accounting system based on this information from the Cash Receipts and Cashiers Sections. The

CR is a receiving document that updates the General Ledger with the amount of the payments. The

CR‟s are approved electronically in the City‟s financial accounting system.

11. City of Cleveland Department of Treasury

The Department of Treasury at Cleveland City Hall receives deposit bags with cash and checks from

the Cashiers Section and deposit bags with checks only from the Cash Receipts Section. The

Department of Treasury approves the CR‟s and also receives the Daily Bank Totals Report and CR

Transmittal Form. The Daily Bank Totals Report identifies the cash, checks, and credit card totals by

individual cashier. The CR Transmittal Form identifies each CR including the document number and

deposit amount. Cash is recounted and agreed to the amount recorded on the Daily Bank Totals

Report. The deposit is picked-up from the Department of Treasury by an armored truck service.

Deposits are made on the date received.

12. UFC Accounts Receivable Section

The Accounts Receivable Section performs balancing procedures daily. The previous day‟s accounts

receivable balance, plus the current days net bills processed, minus the net payments applied, and

plus or minus the net adjustments is reconciled to the new accounts receivable balance. The

accounts receivable balance is reconciled to the balance control total in CC&B. The following CC&B

reports, available from Business Objects, are used in calculating the total amount processed:

Payment Report.

Payment Cancellation Report.

Billing Report.

Billing Cancellation Report.

Adjustment Report.

Adjustment Cancellation Report.

H. DISTRIBUTION

The UFC remits sewer collections to the NEORSD, and collections of local charges, sewer

assessments, refuse charges, and administrative charges to the City of Cleveland Division of Water

Pollution Control (WPC) and various other communities on a monthly basis. The Accounts

Receivable section prepares the Assessment and Local Charge Remittance Schedule on a monthly

basis. The Schedule is prepared on a spreadsheet, using the Agency, Assessments and Local

Charge Remittances report from CC&B. The Schedule details, per community, the number of

accounts billed, total payments, total canceled payments, total refunds, total transfers, total

carryovers from the previous month, total billing fee charges and the net remittance to be made for

the month. The General Accounting Section begins preparing the monthly remittance schedule on

the first business day of the following month, with completion anticipated by the fourth business day

of the same month. The communities are to have deposits made by the 15th of each month. The

Utilities Comptroller reviews the Schedule for completeness and accuracy.

After the Schedule is reviewed and approved by the Utilities Comptroller, it is forwarded to the

General Accounting Section for preparation of the General Accounting Expenditures (GAX‟s). The

GAX‟s are approved by the Commissioner of UFC, the Director of Public Utilities and the Division of

Accounts where the disbursement of funds to NEORSD and other communities will be made.

The total monthly remittance per community is net of billing fees charged by the DOW. The total

monthly remittance to NEORSD and WPC is gross. Billing fees are invoiced separately.

A few days before sending the actual remittance, UFC sends remittance letters, which detail the net

remittance to NEORSD, WPC, and other communities to notify them of their monthly remittance

amounts.

I. USER CONTROL CONSIDERATIONS

The DOW Billing and Payment system was designed with the assumption that certain controls would

be implemented by user organizations. This section describes additional controls that should be in

operation at the user organizations to complement the controls at the DOW. User auditors should

consider whether the following controls have been placed in operation at user organizations:

User organizations should confirm the sewer payments per the statement sent by the DOW are

equal to the amount distributed to their organization.

User organizations should respond to rate confirmation requests sent to them by the DOW.

The user organization control considerations presented above do not represent a comprehensive set

of all the controls that should be employed by user organizations. Other controls may be required at

user organizations.

Section IV Control Objectives, Related Controls, and

Tests of Operating Effectiveness

Management has specified certain control objectives that it believes are relevant to its clients and their

auditors and has identified its control activities in place to achieve those objectives. Clark Schaefer

Hackett has determined the nature, timing, and extent of testing to be performed in order to determine if

control activities specified by management are operating effectively. Results of operating effectiveness

are detailed in Section IV of this report.

Tests performed of the operational effectiveness of the controls detailed in the following matrices are

described below:

Type Description

Inquiry

Inquired of appropriate personnel. Inquiries seeking relevant information or

representation from DOW personnel were performed to obtain, among other

things:

Knowledge and additional information regarding the control.

Corroborating evidence of the control.

As inquiries were performed for substantially all controls, the test was not listed

individually for every control shown in the accompanying matrices.

Observation Observed the application or existence of specific controls as represented.

Inspection

Inspected documents and records indicating performance of the controls. This

includes, among other things:

Review of source documentation and authorizations to verify propriety of

transactions processed.

Review of documents or records for evidence of performance, such as

existence of initials or signatures.

Inspection of reconciliations and management reports that age or quantify

reconciling items to assess whether balances and reconciling items are

properly monitored, controlled and resolved on a timely basis.

Inspection of DOW documentation, such as department operational guidelines,

policies and procedures.

Reperformance

Reperformed the control or processing application to ensure the accuracy of its

operation. This includes, among other things:

Obtaining evidence of the arithmetical accuracy and correct processing of

transactions by performing independent calculations and reconciliations.

Running "live" transactions through the processing environment to validate

anticipated outcomes.

Control Objective 1: IT Governance

Controls provide reasonable assurance that the IT department structure, knowledge, and training are

appropriate for the complexity of the IT environment and are consistent with the overall strategy of the

organization.

Control

Activity Description of Controls Testing Performed Test Results

1A Organizational charts, job

descriptions and a "chart of

operational roles and

responsibilities" are used to

communicate the roles and

segregation of duties for the IT

Department.

Inspected the IT organizational chart

and job descriptions. Reviewed for

significant changes in staffing compared

to prior year and for adequate

segregation of duties between roles.

No exceptions

noted.

1B Formal policies and procedures

are used to govern the controls of

the IT operations and the assets

managed by IT.

Reviewed the contract with IBM and

CC&B Operations Manual to validate

that clear responsibilities were defined

between the parties.

Also, see test in 1E regarding the IT

Use Policy.

No exceptions

noted.

1C An IT training strategy aligns

continuing education with on-going

IT initiatives and allows DOW IT

employees to keep abreast of the

latest technology.

Reviewed the DOW 2009-2011 IT

Master Plan, the DOW 2008-2012

Strategic Business Plan, and the IT

Training strategy.

Through inquiry, validated how

management achieved alignment of

training to the Master Plan and

Strategic Plan.

No exceptions

noted.

1D The IT Governance Committee,

comprised of individuals from the

IT staff and each section within the

Division of Water, meets monthly

to monitor information systems.

Meeting minutes are used to

document topics discussed and

actions performed.

Inspected a sample of IT Governance

Committee meeting minutes to validate

that meetings were attended by the

members and that decisions made by

the Governance Committee had been

appropriately documented in the

minutes.

No exceptions

noted.

Control Objective 1: IT Governance

Controls provide reasonable assurance that the IT department structure, knowledge, and training are

appropriate for the complexity of the IT environment and are consistent with the overall strategy of the

organization.

Control


1E Acknowledgment forms are signed

to document user acceptance of

the DOW Information Technology

Use policy.

Reviewed the IT Use Policy for

completeness. Through inquiry,

ensured that the policy was current and

reflected any revised policies

implemented by IT management.

Inspected a sample of new employees

from the listing provided by Personnel

and validated that a signed

acknowledgement was on file.

No exceptions

noted.

Control Objective 2: IT Logical Access

Controls provide reasonable assurance that logical access to production systems, applications, databases, and

network is restricted to properly authorized individuals.

Control


2A Policies and procedures exist and

have been communicated to

govern logical access within the

organization including operating

system standards, password

management, user accountability,

and granting of administrative

system privileges.

Reviewed the logical access policies

and procedures for completeness.

Through inquiry, ensured that the

policies were current and reflected any

revised policies implemented by IT

management.


from the listing provided by Personnel

and validated that a signed

acknowledgement was on file.

No exceptions

noted.

2B Proper authorization is required

prior to access being provided to a

new user via an access request

form.


and validated that the user access

change request form was properly

approved in a timely manner.

No exceptions

noted.

Control Objective 2: IT Logical Access

Controls provide reasonable assurance that logical access to production systems, applications, databases, and

network is restricted to properly authorized individuals.

Control


2C The Personnel Department sends

notification of termination to the

Help Desk. A help desk ticket is

created and sent to the operations

support group leader who removes

accounts for users who are no

longer employed or contracted by

the DOW.

Inquired on the process for granting and

removing access for contractors.

Inspected a sample of terminated

employees and validated that access

was appropriately disabled in a timely

manner.

Inspected a sample of e-mail or help

desk ticket notifications sent to IT

Operations Support Group requesting

termination of access.

No exceptions

noted.

2D User IDs and passwords are

required for proper sign-on and

Active Directory is used to restrict

access to system resources.

Inspected the password and lockout

policies in the Default Domain Security

Settings under the Account Policies

group to validate that system policies

are not overridden.

No exceptions

noted.

2E Remote access to the network is

restricted by user ID and

password.

Inspected the remote access policy,

VPN-IT Training guide and Microsoft

Active Directory default domain

password policy to validate that

passwords are required.

No exceptions

noted.

2F Administrative access to

production systems, applications,

databases, and network is

restricted to authorized personnel

based on job responsibilities.

Through inquiry confirmed with

management which active directory

groups have administrative functions.

Inspected user listings for the specified

groups and validated with management

that they are IT personnel whose role

requires administrative rights.

No exceptions

noted.

Control Objective 3: Operating System Maintenance and Change Control

Controls provide reasonable assurance that changes to the existing system software and implementation of

new system software are authorized, tested, approved, properly implemented, and documented.

Control


3A Policies and procedures exist to

manage and monitor changes to

existing system software and

implementation of new system

software.

Through inquiry obtained an

understanding of the tools and systems

used to manage change requests, how

changes are classified and prioritized,

and how unresolved change requests

are escalated/closed.

Inspected the IT policies and

procedures that govern the change

control process for completeness.

No exceptions

noted.

3B Roles and responsibilities

throughout the program change

process have been appropriately

restricted and segregated.

Inspected the segregation of duties for

the program change process and

reviewed for reasonableness.

No exceptions

noted.

3C Request for operating system

changes are captured and

prioritized.

Through inquiry determined how

management captures and classifies

incidents and defect requests and how

they are prioritized and tracked to

closure.

Inspected a list of open change

requests, and evaluated the

effectiveness of the list as a tool to

manage and prioritize changes.

No exceptions

noted.

3D Separate environments are

maintained for development,

testing and production and are

appropriately secured.

Refer to 2F regarding test of users with

access to production environment.

Inspected a listing of the servers

documenting the separate

environments.

No exceptions

noted.

3E System maintenance changes are

properly tested and approved by

appropriate personnel prior to

migration to production.

Inspected a sample of changes to the

operating system, and validated that the

change request form documentation

related to testing and proper approval /

user signoff of the change occurred

prior to implementation.

No exceptions

noted.

Control Objective 4: Application Maintenance and Change Control

Controls provide reasonable assurance that changes to existing applications are authorized, tested, approved,

properly implemented, and documented.

Control


4A Policies and procedures exist to

manage and monitor changes to

existing application software and

implementation of new system

software.









control process for completeness.

No exceptions

noted.

4B Roles and responsibilities

throughout the application program

change process are appropriately

restricted and segregated.









control process to validate appropriate

segregation of duties.

No exceptions

noted.

4C Requests for application changes

are captured and prioritized.


management captures and classifies

incidents and defect requests and how

they are prioritized and tracked to

closure.

Inspected a list of open change

requests and evaluated the

effectiveness of the list as a tool to

manage and prioritize changes.

No exceptions

noted.

4D Separate environments are

maintained for development,

testing and production and are

appropriately secured.

Refer to 2F regarding test of users with

access to production environment.

Inspected a listing of the servers

documenting the separate

environments.

No exceptions

noted.




Control


4E Program implementation controls

exist to ensure that changes are

implemented in the production

environment only after adequate

testing is performed and proper

business user management

approvals are obtained and

change is authorized by IT.

Inspected a sample of CC&B

application changes and validated that

proper documentation exists, including

evidence of testing, user signoff, and

approval of the change prior to

implementation.

Exception noted.

Configuration

changes made to

CC&B did not go

through a formal

approval process

from January 1,

2011 through

March 31, 2011.

Control was tested

without exception

from April 1, 2011

through December

31, 2011.

4F Program defects and requests are

tracked and managed to ensure

timely support.


management classified incidents and

defect requests and how they were

prioritized and tracked to closure.

Inspected a sample of open change

requests, and validated the timeliness

and management of open requests.

No exceptions

noted.

4G The vendor for the meter reading

system, Datamatic, provides 24-

hour support on both the hardware

and software, which is

documented by a formal support

agreement.

Inquired whether there are ongoing

disagreements with the vendor and how

support levels are measured and

monitored.

Inspected the contract with Datamatic

and validated inclusion of provisions on

24 hour support.

No exceptions

noted.




Control


4H IBM is responsible for support and

maintenance of the Customer Care

and Billing (CC&B) application as

documented with a contract for

Application Managed Services.

Inquired whether there were any

ongoing disagreements with the vendor,

and how support levels are measured

and monitored.

Inspected the IBM contract for the

CC&B application and validated that the

contract was current and that it included

specific provisions regarding

maintenance and support of the CC&B

application.

No exceptions

noted.

4I A Change Review Board meets

weekly to review program defects

and change requests for approval.

Inspected a sample of Change Review

Board meeting minutes to validate that

the meetings were occurring and that

approved changes were properly

documented and approved.

No exceptions

noted.

Control Objective 5: Computer Operations

Controls provide reasonable assurance that processing is authorized and scheduled and deviations from

scheduled processing are identified and resolved.

Control


5A Scheduling software is used to

ensure a consistent and accurate

processing sequence for

production jobs.

Inquired on how scheduling software is

used and how schedules are managed.

Inspected the master job scheduler to

validate that they were authorized and

accurately scheduled.

No exceptions

noted.

5B Management has documented and

maintains an Active Directory

network diagram to define trust

relationships.

Inspected the Active Directory Network

Diagram and the Active Directory

Domain and Trusts Listing and

validated that trust relationships have

been defined.

No exceptions

noted.

Control Objective 5: Computer Operations

Controls provide reasonable assurance that processing is authorized and scheduled and deviations from

scheduled processing are identified and resolved.

Control


5C Network level audit policies exist to

log Account logon/logoff and

privileged account logon.

Inspected the audit policies for the

network level audit policies, including

the cwd.com domain controller, and

validated that review of the security logs

occurs.

No exceptions

noted.

5D The IT Manager reviews open

ports on the firewall on a periodic

basis.

Inspected the daily security report e-

mails sent from McAfee to the IT

Manager showing open ports on the

network.

No exceptions

noted.

5E Access from the Internet is

controlled with the use of a firewall.

Statements have been entered into

the configuration to control the

outgoing IP traffic and restrict

traffic entering the network.

Inspected the network diagram to

validate that the components of the

network which control internet access

and firewall configuration online

manage IP traffic flow through the

firewall.

No exceptions

noted.

5F The firewall configuration is

password protected.

Observed IT personnel obtaining

access to the firewall to ensure user ID

and password is required.

Inspected the firewall system

configuration and validated that

passwords are appropriately configured.

No exceptions

noted.

5G The internal network uses an

addressing scheme unable to be

used over the Internet.

Inspected the firewall configuration to

confirm that the internal network was

using an addressing scheme that could

not be used over the internet.

No exceptions

noted.

Control Objective 6: Backup

Controls provide reasonable assurance that backups are created and rotated off-site for critical applications

and data.

Control


6A DOW has an agreement with IBM

for hosting and application

managed services, which includes

back up of the DOW CC&B

application servers and databases.

Inspected the IBM contract/SSAE16

and validated that backup services are

included.

No exceptions

noted.

6B The local storage area network

(“SAN”) is replicated and mirrored

to a backup SAN maintained by

the DOW at a backup facility.

Observed the data center location of the

SAN and the 3rd party vendor service

agreement to validate SAN replication

and mirrored backup.

No exceptions

noted.

6C The location for the backup SAN is

secured by keycard and the

following environmental controls

are in place:

Backup power supply (UPS).

FM200 waterless fire

protection system.

Air conditioning unit.

Observed the existence of backup

power supply, fire protection and AC

units for SAN storage location.

No exceptions

noted.

Control Objective 7: Physical Security

Controls provide reasonable assurance that physical access to the data center is restricted and environmental

controls are in place.

Control


7A Physical access to the computer

data center is controlled by a

keycard system and restricted to

individuals who have appropriate

job related responsibilities.

Observed the process to control

physical access to the data center

through the use of IDs of card reader

pads at data centers.

Inspected the user list from keycard

system to validate that data center

access is appropriately limited to IT

personnel with appropriate job related

responsibilities.

No exceptions

noted.




Control


7B Access to the data center is

granted through authorized

approval, and access is removed

upon termination and is updated

upon transfer based on job

responsibilities.

Inspected a sample of users with

access and validated documentation of

access approval.

Exception noted.

For seven of the

twenty-five users

sampled with data

center access

tested, the access

request form to

support authorized

access was not

documented. It

was determined

that the seven

exceptions were

security personnel

who were not

required to

complete the forms

needed to obtain

access to the data

center.

7C During business hours, security

personnel monitor the entrances to

the DOW building. Other

entrances are restricted to DOW

personnel.

Toured data center and observed

presence of security personnel, security

access card readers, security cameras,

and computer monitoring system.

No exceptions

noted.




Control


7D The Data center is equipped with

environmental controls to protect

against or detect fire, water,

humidity or electrical surge

damage.

Environmental controls within the

computer room include the

following:

Dedicated air conditioning

units.

Waterless fire protection

system.

Raised flooring.

Fire alarm.

Fire extinguishers.

Backup power supply.

Inspected the data center and observed

presence of listed environmental and

safety controls.

No exceptions

noted.

Control Objective 8: Completeness of Input

Meters are accurately read and uploaded to Datamatic system.

Control


8A Handheld computers are reviewed

for meters not read ("blanks"),

before being uploaded to the

Datamatic application. A

supervisor approves the route

sheet for evidence that blanks are

not included within the handheld

computer.

Inspected a sample of Route Sheets to

validate that they were approved by the

Field Supervisor and that the device

contained no blanks in the meter read

data.

No exceptions

noted.

Control Objective 8: Completeness of Input

Meters are accurately read and uploaded to Datamatic system.

Control


8B Skip codes are entered for each

blank, resulting in the account

being investigated and

rescheduled for another meter

reading.

Observed the meter reader review

process for one Road Runner, and

documented the number of skip codes

for that reader.

Inspected the Daily Production Report

from Datamatic that results from the

batch processing, and validated the

number of skip code items from the

selected Road Runner appear on the

report.

No exceptions

noted.

8C Unit supervisors review the meter

read cycle and confirm each route

has a schedule status of

'complete'.

Inspected a sample of daily meter read

cycles and validated that routes had a

status of "Complete" in the CC&B

system at the time of processing.

No exceptions

noted.

8D The Batch Execution Status email

notification is received and

reviewed daily, including a list of

batch run exceptions. All

Datamatic meter readings which

did not post are listed as batch run

exceptions being investigated and

errors resolved.

Inquired on how batch run exceptions

are tracked and resolved.

Inspected a sample of days and validated that there was evidence of review to the Batch Exception Report and that batch errors were investigated and resolved.

No exceptions

noted.

8E Customer accounts are properly

updated with meter read

information via the Datamatic

application upload process.

Inspected a sample of customer meter

readings from the handheld Road

Runner devices, and traced the meter

reading data to customer accounts in

CC&B after the upload process was

completed to validate that they were

properly updated.

No exceptions

noted.

8F Outstanding field activities (i.e.

accounts that require a re-read)

are monitored and worked until

resolved.

Inquired on the process used to monitor

accounts that requires re-reads.

Inspected the current listing of the

outstanding field activities and validated

age of items was reasonable.

No exceptions

noted.

Control Objective 9: Transaction Occurrence

Master meter accounts are billed timely and correctly.

Control


9A Tolerance and validity test failures,

as a result of the nightly batch

update process, generates "To Do"

entries. A summary of unresolved

To Do entries provides aging

information for assigning reviews

based on the age of each

unresolved entry which are worked

or investigated until resolved.

Inspected a To Do report from the

system to validate the tolerance and

validity test failures were working.

Inspected a summary reporting of To

Do entries maintained by management

to validate timeliness of unresolved

entries.

No exceptions

noted.

9B Master meter accounts' monthly

bills are calculated by CC&B and

manually verified for accuracy and

completeness.

Inspected a sample of monthly

spreadsheets, maintained by the

Assistant Administrator of Billing, and

validated to the system generated

billings for the master accounts.

No exceptions

noted.

9C On a daily basis, the billing file is

reviewed for suppressed bills by

SourceLink. A spreadsheet of all

suppressed bills is then used to

ensure all accounts are

investigated and resolved with a

bill generated if appropriate.

Inspected a sample of daily billing files

and validated that suppressed entries

were complete.

Traced items entered on suppression

worksheet to system generated

customer billings.

Exception noted.

Five of the twenty-

five suppressed

bills sampled were

not resolved in a

timely manner

ranging from 138

days to 315 days

before final billing.

9D A comparison of the total bills

generated on the postage receipt

from SourceLink with the total bills

authorized for printing by DOW is

performed to ensure all bills are

printed and mailed.

Inspected a sample of daily bills and

validated that the SourceLink postage

receipt balanced to the tracking,

spreadsheet maintained by the

Assistant Administrator. In addition,

validated that the Daily Bill Review file

received from IBM was authorized,

printed and mailed.

No exceptions noted.

9E Vouchers are prepared, approved

and sent to the City of Cleveland

for remittance to the individual

communities listed on the

remittance schedule.

Inspected a sample of vouchers and

validated that there was proper

approval and evidence of

payment/remittance to the municipality.

No exceptions

noted.

Control Objective 9: Transaction Occurrence

Master meter accounts are billed timely and correctly.

Control


9F A remittance schedule is prepared

monthly with letters indicating the

amount of remittance being sent to

each client who should receive a

payment authorizing the

distribution of sewer and local

charges.

Inspected a sample of vouchers and

validated that there was proper

approval and evidence of

payment/remittance to the municipality.

No exceptions

noted.

9G Adjustments to customer accounts

are researched and reviewed for

accuracy. Adjustments over

$1,000 require authorization and

review with all refunds being

audited by UFC.

Through inquiry determined the

frequency and number of adjustments

processed in the system.

Inspected a sample of adjustments

>$1,000 and validated documentation of

proper approval.

No exceptions

noted.

Control Objective 10: Accuracy of Input

Customer rates are properly maintained and changes are controlled and made within compliance requirements.

Control


10A Rates for water, sewer, fire lines,

and emergency lines are properly

authorized with these rates

maintained within the system.

Inspected a sample of rates from the

system and validated that ordinance

and authorization documentation

supported the proper approval of the

rate.

No exceptions

noted.



Control


10B Positive confirmations for rates are

performed annually. Communities

receiving other services (i.e. sewer

charges, local charges, etc.) are

asked to confirm these rates.

Confirmation letters are sent via

certified mail with a follow-up

confirmation being sent after the

first confirmation to any community

that has not responded. A

spreadsheet is maintained by UFC

to document the date the

confirmation was sent, the date the

certified mail receipt was received,

and any changes noted by the

community on their confirmation

response.

Obtained documentation supporting the

most recent confirmation and confirmed

that the occurrence was during the

recent 12 months. Validated

completeness of the control and that

confirmation was received from all

municipalities required.

Inspected a sample of confirmations

with changes and validated that follow

up letters were sent.

No exceptions

noted.

10C When UFC receives an ordinance

for a rate change, a control sheet

is prepared and attached to the

ordinance. The control sheet is

then signed acknowledging

completion, approval, and filing of

the rate change ordinance at each

completion point of the rate

change process.

Inspected a sample of rates maintained

in the system and validated the

supporting municipal ordinance and rate

control sheet. Validated for agreement

of the rates and proper approval.

No exceptions

noted.

10D Only authorized users can initiate

rate changes.

Through inquiry determined which user

roles / IDs can update rates in the

system.

Inspected user access listings to

validate assigned roles to initiate rate

changes were authorized.

No exceptions

noted.

10E Only authorized users can set-up

new accounts.

Through inspection determined which

user roles / IDs can set-up new

accounts in the system.

Inspected user access listings to

validate assigned roles to set-up new

accounts were authorized.

No exceptions

noted.

Control Objective 11: Customer Remittance

Customer payments are properly recorded and accounted for with appropriate safeguards.

Control


11A Two key reconciliations are

performed in the Accounts

Receivable (“AR”) Department: 1)

Reconciliation by transaction type

is performed daily, to reconcile the

beginning AR to the ending AR for

the day. Six financial transaction

reports, supplemented by a SQL

query, are used to support the

reconciliation. 2) A reconciliation

by payment type is performed

daily, to balance payments

received by tender source per

CC&B, plus the manual payments

processed in AR, to the payments

distributed in the AR system.

Inspected a sample of reconciliations

and validated the review for proper

form, completeness and manager

review and approval.

No exceptions

noted.

11B Cash is physically secured in the

Cashiers area with restricted

access while on DOW premises

prior to deposit.

Observed the cash process in the

Cashiers area and that cash is

physically secured either in cashier

drawers, in the locked deposit bag or in

the safe.

Inspected reports from the badge

reader system to validate that access to

cashiers area is restricted to

appropriate personnel.

No exceptions

noted.

11C At the end of the day, each cashier

runs a tape on their cash, check

and credit card totals. The

individual tape totals are validated

against the Daily Bank Totals

Report from the cashiering system.

Inspected a sample of days to validate

that there was a daily reconciliation of

cashier tape to the Daily Bank Totals

Report.

No exceptions

noted.



Control


11D Checks and payment listings are

run through the BancTec machine

for batch processing. After an

electronic image is captured, DOW

personnel retrieve the batch via

BancTec‟s software application to

further process the payment.

Payments must go through a stage

called "Item Keying," where the

check details are confirmed and

submitted for balancing. Upon

submission, the batches are run

through a stage "Transaction

Balancing" to ensure the totals of

the batch are in agreement with

the accumulated checks, which

should correspond with the amount

the customer was billed.

Observed payments processed by the

BancTec machine and validated that

the batch was captured within the

system and properly handled.

No exceptions

noted.



Control


11E DOW records an OCR on check

stubs for each payment in order to

create an unique identifier. As the

check stub is processed for

imaging and assigned a batch, the

BancTec machine and software

performs the following edit checks:

Batch type must be a valid

menu option.

Form number must be

numeric.

Account number must be 10

digits, numeric, may not

contain all zeros on stub.

Account number check digit

must be numeric. Check digit

on positions 2 - 11. One digit

required for validation as

check for documents of type 1

(water/sewer) on check.

Amount due must be 9 digits,

numeric.

May not contain all zeros on

stub.

Payment code must equal 0,

1, 4, 5, 7, 8, or 9 on stub.

Customer sequence number

must be numeric on stub

Inspected the BancTec Operations

Manual to validate the configuration

settings.

Inspected pay stubs with intentional

errors processed through the BancTec

system to validate that the system

catches the improper coding /

formatting.

No exceptions

noted.

11F Physical access to the cashiers‟

area and BancTec area is

restricted to authorized personnel

only via a keycard system.

Inspected roles and responsibilities of

personnel with access to the cashier‟s

area to validate access is appropriate.

No exceptions

noted.

11G The total cash received for the

day, as reflected on the Daily Cash

Report, is reconciled to the daily

bank deposit.

Inspected a sample of days and

validated that the daily cash report and

reconciliation prepared by Accounts

Receivable that compares the amount

to the bank deposit on the bank

statement and tested for proper form,

manager review and approval.

No exceptions

noted.



Control


11H The CC&B payment processing

program performs edit checks for

valid account number. Payments

which fail these edit checks are

then applied to a suspense

account and distribution code and

are listed on a Suspense report.

Investigation of payments listed on

the Suspense report is performed

on the following day.

See test 11E regarding configuration

testing.

Inspected the CC&B suspense report

and validated the aging of unapplied

payments to ensure that payments with

Suspense code were timely addressed.

No exceptions

noted.

11I The Accounts Receivable

Department receives a report

identifying remittance activity for all

applicable cities. The Remittance

Report is broken out by distribution

code and city code. This report is

then used to generate a final

remittance schedule identifying the

payment activity for all

municipalities for which the DOW

is the billing agent. A

reconciliation between the final

remittance schedule and the

system generated remittance

schedule is performed to ensure

they are in balance.

Inspected a sample of reconciliations

and validated reconciliation of system

generated cash receipts report to the

manually prepared remittance schedule.

No exceptions

noted.

Section V Other Information Provided

by Independent Service Auditor

Other Information Provided by Independent Service Auditor

Purpose and Objectives of the Report:

This report is intended to provide users of the Division of Water (“DOW”) with information about the

systems at DOW that may affect the processing of transactions. This report, when combined with an

understanding and assessment of the internal controls at user organizations, is intended to assist the

user auditor in (1) planning the audit of the user‟s financial statements, and (2) assessing control risk for

assertions in the user‟s financial statements that may be affected by controls at Pomeroy.

Our examination of DOW‟s system was restricted to the control objectives and the related controls

specified in section IV by DOW‟s management and were not extended to procedures described

elsewhere in this report but not listed, or to procedures that may be in effect at the user organization. It is

each user auditor‟s responsibility to evaluate this information in relation to the controls in place at each

user organization. If certain complementary controls are not in place at the user organization, DOW‟s

controls may not compensate for such weaknesses.

Our examination included inquiries with key personnel, review of available documentation and

observation of certain control procedures surrounding and provided by DOW.

The description of controls is the responsibility of DOW‟s management. It has been prepared taking into

consideration the guidance contained in the AICPA Statement on Standards for Attestation Engagements

(“SSAE”) No. 16, Reporting on Controls at a Service Organization (SOC1).

This report was designed to cover the majority of DOW‟s users. Therefore, it focuses on those processes

and controls applicable to the common processes supported by DOW. Any unique client situations or

processes not described in the report are outside the scope of this report.

Section VI Other Information Provided

by the Division of Water

In response to the December 31, 2011 audit findings, DOW provides the following detailed responses to

the items noted during the review.

DOW

Control Procedures Findings Management Response

(4E) Program

implementation

controls exist to

ensure that changes

are implemented in

the production

environment only

after adequate

testing is performed

and proper business

user management

approvals are

obtained and change

is authorized by IT.

Configuration changes

made to CC&B did not go

through an approval

process from January 1,

2011 through March 31,

2011.

Control was tested without

exception from April 1,

2011 through December

31, 2011.

On April 1, 2011, configuration changes

began going through the same properly

documented approval process that is in place

for code changes. Prior to that date, an

informal process was used to communicate

the changes.

(7B) Access to the data

center is granted

through authorized

approval, and

access is removed

upon termination

and is updated upon

transfer based on

job responsibilities.

For seven of the twenty-

five users sampled with

data center access tested,

the access request form to

support authorized access

was not documented. It

was determined that the

seven exceptions were

security personnel who

were not required to

complete the forms

needed to obtain access to

the data center.

The Department of Public Utility IT Manager

and Security Chief will be required to,

monthly, reconcile the IT authorization forms

with the security badges issued by the

Security Chief.

(9C) On a daily basis, the

billing file is

reviewed for

suppressed bills by

SourceLink. A

spreadsheet of all

suppressed bills is

then used to ensure

all accounts are

investigated and

resolved with a bill

generated if

appropriate.

Five of the twenty-five

suppressed bills sampled

were not resolved in a

timely manner ranging

from 138 days to 315 days

before final billing.

From the time when the SSAE16 audit period

ended, the suppressed bills backlog has been

eliminated. To help ensure this backlog does

not re-occur, training has been provided to

reinforce the policy that suppressed bills are

to be processed prior to the next quarterly

billing cycle (within 90 days). Exceptions to

this policy will be documented and tracked to

ensure that billing is performed in a timely

manner.

In addition, the following measures have

either been implemented or are in progress to

implement to resolve the To Do backlog and

DOW

Control Procedures Findings Management Response

to control the daily inflow so that it reaches a

manageable level.

A backlog team began working the pended

bills backlog in January 2012 and

completing the To Dos for each bill

segment. This effort is addressing over

35,000 To Dos with a completion goal of

June 30, 2012. At the same time as

resolving the backlog, the effort is

monitoring inflow of new exceptions and

enforcing process adherence to eliminate

inappropriately caused pended bills.

A data cleanup process is being developed

to clean up approximately 6,000 custom

Billing To Dos (Adjustments and High Bill

Cases) where it appears that the work has

already been done based on established

criteria. This is scheduled for March, 2012.

Meter Read tolerance ranges were

adjusted to more appropriate levels in Q3

2011 to eliminate unreasonable exceptions,

resulting in a significant decrease in Hi/Lo

To Dos created daily.

AMR deployment is scheduled to begin the

in April. The deployment plan is targeting

out of order meters and meters that have

reached the maximum number of estimated

reads allowed by the system early in the

deployment schedule.

A backlog team began working the Meter

Exchange backlog which is down to

approximately 300 meter exchanges. Meter

exchanges will be completed ahead of the

AMR deployment schedule.

A business process is currently being

deployed to properly identify vacant lots,

based on both field observation and

returned mail, and then to follow through

with the appropriate procedure to stop

billing them.

City of Cleveland Division of Water (“DOW”)

Documents

Transcript of City of Cleveland Division of Water (“DOW”)