Every Department and employee of the City of Los Angeles (City) is expected to perform their functions with diligence and dedication on behalf of Angelinos. Public trust is vital to our City’s effectiveness and sustainability. All City Departments and employees are held to the highest of standards of conduct to ensure City decisions are – and are perceived to be – fair, impartial, and made in the best interests of the public.
In November 2017, the City’s Department of Building and Safety (“Building and Safety”) management initiated an investigation after allegations of information technology (“IT”) contracting fraud had been raised by a Building and Safety employee. The alleged fraud, estimated at over $3.5 million, involved the improper use of two City IT commodity contractors by certain employees, assigned to Building and Safety’s Technology Services Bureau (“Technology Services”).
Building and Safety’s management informed the Controller’s Office when their investigation commenced. When the investigation concluded in May 2018, Building and Safety management provided a briefing on the outcome of their investigation.
As a result of Building and Safety’s investigation substantiating allegations of creating fictitious invoices and falsifying the receipt of products and services, both the Office of the City Attorney (“City Attorney”) and Los Angeles County District Attorney are completing their respective investigations into this matter. Notwithstanding, there is no reason to wait for implementing necessary enhancements to business processes and the internal control environment at Building and Safety, as well as the City as a whole. Due to the ongoing investigations by the City Attorney and Los Angeles County District Attorney, certain details regarding the alleged fraud and contracting violations have not been included in this report. It appears that certain issues addressed in this report may have been exacerbated by misconduct, and possible fraud, on the part of certain City IT contractors. However, this report focuses on strengthening the City’s internal processes and procedures rather than the details of alleged misconduct. The report is intended to provide lessons to all City Departments on the importance and need for strong internal controls.
The City’s contracting process for IT services can be burdensome and the circumvention of controls that led to the alleged contracting violations in which professional services had been purchased through IT commodity contractors may have originated from an attempt to speed up IT projects needed by Building and Safety. But, while efforts to streamline the City’s contracting process for professional services may be desirable, appropriate controls are needed to promote public accountability and assure responsible stewardship of City resources.
In this Review, we offer a number of recommendations designed to make it more difficult for potential fraud, abuse, and contracting violations to occur or remain undetected in the future. These recommendations broadly relate to:
- Enhancing management oversight and control;
- Strengthening Citywide policies and controls; and,
- Increasing Building and Safety budget and fee transparency.
Enhancing Management Oversight and Control
Internal control is broadly defined as any action taken to manage risk and increase the likelihood that established objectives and goals will be achieved. Even while encouraging flexibility and responsiveness in providing services to customers, internal controls are a necessary defense against the few individuals who may seek to abuse or profit from such flexibility. Department management is primarily responsible for designing, implementing, and maintaining a system of internal controls.
Based upon our Review, we recommended a number of control enhancements for Building and Safety to implement including:
- Adding explicit language in its newly developed policies and procedures highlighting that professional services (i.e., general consulting, application development, and programing services) are not permitted to be procured through the City’s IT commodity contracts. Best practices dictate that professional services be separately scoped out and competitively bid;
- Requiring work orders and formal performance metrics to track costs and monitor outcomes for specifically defined IT projects;
- Assure that outside business activities by Building and Safety employees is reported, and vetted to ensure that such activities do not represent a potential conflict of interest; and
- Requiring background checks for all individuals with access to sensitive or confidential information.
Strengthening Citywide Policies and Controls
We also identified opportunities to strengthen the City’s oversight of IT commodity contract usage, such as General Services Department:
- Submitting an annual information report to policy makers (including both the Information Technology and General Services Sub-Committee and Budget and Finance Sub-Committee of City Council) delineating the amounts spent by departments through the City’s IT commodity contracts;
- Requiring City departments to upload receiving documents into the City’s Financial Management System (FMS) prior to payment on any IT commodity contract;
- Working with the City Attorney to ensure all IT commodity contracts consistently contain clauses to emphasize professional services (e.g., general consulting and IT application development) are not allowed to be procured by the commodity contracts and the City maintains its right to complete audits on the contract; and
- Requiring all City departments to notify the City’s IT Oversight Committee of all large-scale IT projects that are expected to exceed a certain dollar threshold (e.g., $1 million) to periodically monitor these projects to ensure City resources are effectively used in completing these IT projects. The IT Oversight Committee meets once a month and includes representatives from the Office of the City Administrative Officer (CAO), the Office of the Chief Legislative Analyst, and the Mayor’s Office.
Increasing Building and Safety Budget and Fee Transparency
The Building Permit Enterprise Fund derives its revenue by assessing fees for its services. It is a best practice to conduct a detailed “Fee Study” periodically to assure that the set fees recover the full cost of delivering services – no more or no less. A fee study has not been conducted in more than ten years. We recommend that a fee study be conducted as soon as practicable, and every three years thereafter.
Lastly, the total Building Permit Enterprise Fund Budget for FY2018 is $328 million. The budget includes $138 (42%) in reserves. The large budget reserve must be broken into greater detail to enable City leaders to determine if the reserve is necessary and properly supported.
Review of Report and Action Plans
A draft of this report was provided to Building and Safety, the CAO, and General Services’ management on February 8, 2019 and we received each of their action plans to implement the recommendations contained in this report (see Appendix I).