AUDIT COMMITTEE SUMMARY
January 29, 2019
Audit of Parks & Recreation Online Reservation Payment System
Report Issued January 9, 2019
Audit Objective
Determine if controls and processes within the Active Net reservation and payment system are adequate and properly managed.
Background
The Parks & Recreation (Parks) Department’s mission is to provide exceptional parks, facilities, programs, and services to improve the quality of life for all. Parks offers a wide variety of facilities for citizens to reserve such as community centers, sports fields, gazebos, and pavilions. Reservations can be made in person at the Parks and Recreation Headquarters or online. Parks utilizes the ActiveNet system, an online reservation system to streamline the reservation and payment process, enhance customer service, and improve reporting capabilities.
Below is a chart summarizing the reservations and payments made for City facilities for March 1, 2017 through March 31, 2018.
Audit Scope & Methodology
The audit scope period was March 1, 2017 to March 31, 2018. To establish our test criteria, we reviewed City Administrative Directives, Parks policies and procedures, and the City’s contract with ActiveNet. We also interviewed City staff to gain an understanding of the processes for reserving and paying for City parks and facilities, accounting for payments received, and the management of the ActiveNet system.
As part of our testing procedures we examined controls for ensuring the ActiveNet system accurately and securely records reservations and payments for City parks and facilities. We also reviewed the abilities of the user access roles assigned to City staff within the ActiveNet system. Furthermore, we tested the controls around the payment process for adequate segregation of duties, the accuracy and access to edit reservation rates, and the calculation of vendor fees paid to ActiveNet by the City. Finally, we reviewed ActiveNet’s compliance with Payment Card Industry Data Security Standards (PCI DSS) and controls over financial reporting.
Audit Conclusion
The ActiveNet system is working as intended by providing a more efficient and effective way for citizens to access City programs, reserve City facilities, and pay for those services in a secure manner. We determined that the reservation fees charged by the ActiveNet system are accurate and that reservations made online has exceeded reservations made in person. We also determined that the vendor fees being paid by the City to ActiveNet are calculated correctly.
However, there are opportunities to strengthen the controls associated with ActiveNet user access, cash refunds, and modifying or waiving reservation fees.
ActiveNet system user access is excessive and there is a lack of periodic user access reviews. Additionally, there is a lack of documented management approvals for cash refunds processed by Parks cashiers. Finally, Parks does not have a documented policy or procedure for Parks personnel to waive or modify reservation fees within the ActiveNet system.
Parks & Recreation Management agreed with the audit findings and has developed positive action plans to address them.