Strengthening Oversight of the City’s IT Contracts
2019 La Controller
April 16, 2019
Honorable Eric Garcetti, Mayor Honorable Michael Feuer, City Attorney Honorable Members of the Los Angeles City Council
Re: Strengthening Oversight of the City’s Information Technology Contracts
The Controller’s office is empowered to examine how well City departments are serving Angelenos, and also review the internal processes and procedures in place to prevent financial or contracting fraud and abuse. While bad behavior is not the norm for City employees or contractors, it does happen on occasion, which can hurt the City’s coffers and undermine public trust in government. My latest report discusses ways to prevent such harm by strengthening internal controls relative to the City’s information technology (IT) contracts with outside vendors.
Last year, an investigation spearheaded by the Los Angeles Department of Building and Safety (LADBS) found that a small number of employees in its Technology Services Bureau were creating fake invoices and falsifying the receipt of products and services from IT contractors, an alleged fraud of at least $3.5 million in public funds. Although the bulk has been retrieved, and the City Attorney and District Attorney are in the middle of investigations, my office took a thorough look at the systems in place to prevent this type of fraud from recurring at LADBS. We concluded that, despite the rigors of the City’s IT contracting process, there is a need for additional internal control mechanisms at both LADBS and citywide to make it more difficult for fraud to occur in the future. Stronger internal mechanisms, rules and procedures are necessary to defend against those who may attempt to exploit the system for personal gain.
Enhanced oversight and controls needed
The report outlines specific steps that will help LADBS better manage foreseeable risks and ensure greater accountability:
Expressly state that professional services cannot be procured through existing IT contracts and must be bid on separately in a competitive process;
Mandate the use of work orders and performance metrics to track costs and outcomes;
Require background checks for all employees with access to sensitive information;
Assure that outside business activities by LADBS employees are reported to prevent conflicts of interest.
Additionally, the report identifies several opportunities to strengthen the City’s oversight of IT contracts for all departments:
Annual reporting to the City Council on the amounts spent by departments for IT commodity contracts;
Include language in all City contracts mandating contractors to report City employees who seek bribes or kickbacks to the Controller’s office and Ethics Commission;
Require City departments to notify the Information Technology Oversight Committee of all large-scale IT projects expected to exceed one million dollars.
I urge City leaders and the relevant departments to fully implement these recommendations as they will not only enhance the management of public dollars, but also demonstrate our collective dedication to delivering on the promise of good government.
Every Department and employee of the City of Los Angeles (City) is expected to perform their functions with diligence and dedication on behalf of Angelinos.Public trust is vital to our City’s effectiveness and sustainability.All City Departments and employees are held to the highest of standards of conduct to ensure City decisions are – and are perceived to be – fair, impartial, and made in the best interests of the public.
In November 2017, the City’s Department of Building and Safety (“Building and Safety”) management initiated an investigation after allegations of information technology (“IT”) contracting fraud had been raised by a Building and Safety employee. The alleged fraud, estimated at over $3.5 million, involved the improper use of two City IT commodity contractors by certain employees, assigned to Building and Safety’s Technology Services Bureau (“Technology Services”).
Building and Safety’s management informed the Controller’s Office when their investigation commenced. When the investigation concluded in May 2018, Building and Safety management provided a briefing on the outcome of their investigation.
As a result of Building and Safety’s investigation substantiating allegations of creating fictitious invoices and falsifying the receipt of products and services, both the Office of the City Attorney (“City Attorney”) and Los Angeles County District Attorney are completing their respective investigations into this matter. Notwithstanding, there is no reason to wait for implementing necessary enhancements to business processes and the internal control environment at Building and Safety, as well as the City as a whole. Due to the ongoing investigations by the City Attorney and Los Angeles County District Attorney, certain details regarding the alleged fraud and contracting violations have not been included in this report. It appears that certain issues addressed in this report may have been exacerbated by misconduct, and possible fraud, on the part of certain City IT contractors. However, this report focuses on strengthening the City’s internal processes and procedures rather than the details of alleged misconduct. The report is intended to provide lessons to all City Departments on the importance and need for strong internal controls.
The City’s contracting process for IT services can be burdensome and the circumvention of controls that led to the alleged contracting violations in which professional services had been purchased through IT commodity contractors may have originated from an attempt to speed up IT projects needed by Building and Safety. But, while efforts to streamline the City’s contracting process for professional services may be desirable, appropriate controls are needed to promote public accountability and assure responsible stewardship of City resources.
In this Review, we offer a number of recommendations designed to make it more difficult for potential fraud, abuse, and contracting violations to occur or remain undetected in the future. These recommendations broadly relate to:
Enhancing management oversight and control;
Strengthening Citywide policies and controls; and,
Increasing Building and Safety budget and fee transparency.
Enhancing Management Oversight and Control
Internal control is broadly defined as any action taken to manage risk and increase the likelihood that established objectives and goals will be achieved. Even while encouraging flexibility and responsiveness in providing services to customers, internal controls are a necessary defense against the few individuals who may seek to abuse or profit from such flexibility. Department management is primarily responsible for designing, implementing, and maintaining a system of internal controls.
Based upon our Review, we recommended a number of control enhancements for Building and Safety to implement including:
Adding explicit language in its newly developed policies and procedures highlighting that professional services (i.e., general consulting, application development, and programing services) are not permitted to be procured through the City’s IT commodity contracts. Best practices dictate that professional services be separately scoped out and competitively bid;
Requiring work orders and formalperformance metrics to track costs and monitor outcomes for specifically defined IT projects;
Assure that outside business activities by Building and Safety employees is reported, and vetted to ensure that such activities do not represent a potential conflict of interest; and
Requiring background checks for all individuals with access to sensitive or confidential information.
Strengthening Citywide Policies and Controls
We also identified opportunities to strengthen the City’s oversight of IT commodity contract usage, such as General Services Department:
Submitting anannual information report to policy makers (including both the Information Technology and General Services Sub-Committee and Budget and Finance Sub-Committee of City Council) delineating the amounts spent by departments through the City’s IT commodity contracts;
Requiring City departments toupload receiving documents into the City’s Financial Management System (FMS) prior to payment on any IT commodity contract;
Working with the City Attorney to ensure all IT commodity contracts consistently contain clauses to emphasize professional services (e.g., general consulting and IT application development) are not allowed to be procured by the commodity contracts and the City maintains its right to complete audits on the contract; and
Requiring all City departments to notify the City’s IT Oversight Committee of all large-scale IT projects that are expected to exceed a certain dollar threshold (e.g., $1 million) to periodically monitor these projects to ensure City resources are effectively used in completing these IT projects. The IT Oversight Committee meets once a month and includes representatives from the Office of the City Administrative Officer (CAO), the Office of the Chief Legislative Analyst, and the Mayor’s Office.
Increasing Building and Safety Budget and Fee Transparency
The Building Permit Enterprise Fund derives its revenue by assessing fees for its services. It is a best practice to conduct a detailed “Fee Study” periodically to assure that the set fees recover the full cost of delivering services – no more or no less. A fee study has not been conducted in more than ten years. We recommend that a fee study be conducted as soon as practicable, and every three years thereafter.
Lastly, the total Building Permit Enterprise Fund Budget for FY2018 is $328 million. The budget includes $138 (42%) in reserves. The large budget reserve must be broken into greater detail to enable City leaders to determine if the reserve is necessary and properly supported.
Review of Report and Action Plans
A draft of this report was provided to Building and Safety, the CAO, and General Services’ management on February 8, 2019 and we received each of their action plans to implement the recommendations contained in this report (see Appendix I).
In June 2018, the Controller’s Office initiated this Special Review to identify:
Possible reasons why IT contracting problems arose and were either undetected or unreported; and,
Necessary internal control enhancements to prevent the potential for fraud, abuse, and IT contracting violations from occurring or remain undetected in the future.
We interviewed multiple Building and Safety employees and representatives of other City Departments including the Information Technology Agency, the CAO, the City Attorney, General Services Department, Public Works – Bureau of Contract Administration, the Office of the Mayor, and the Controller’s Office.In addition, we conducted a limited inquiry of Los Angeles County’s (“County”) Public Works and Internal Services Departments to identify possible practices for City management’s consideration.We also reviewed: 1) hundreds of documents from the use of two IT Commodity Contractors, including certain information collected during Building and Safety’s investigation; 2) documentation on IT contracted staff Technology Services’ used to supplement existing resources; 3) City payroll (PaySR) information regarding use of Technology Services’ overtime; 4) Building and Safety’s Systems Development Budget and the Building Permit Enterprise Fund Budget; 5) General Services Department recently obtained contractor utilization reports for one IT Commodity Contractor; 6) various City ordinances, rules, and standards; and 7) other pertinent documents.
Our observations relate to three areas, and thus are presented in the following sections of the detailed report:
Enhancing Management Oversight and Control
Strengthening Citywide Policies and Control
Increasing Building and Safety Budget and Fee Transparency
To address opportunities noted in these areas, we offer a series of recommendations to City Officials, especially those at Building and Safety, General Services Department, and the CAO.
Building and Safety has a budget of $178 million, with 1,000 people organized into seven primary Bureaus. The Resource Management Bureau (Resource Management) is responsible for the procuring products and services for the Department as a whole. For example, if the Permit, Inspection, or Code Enforcement Bureaus needed services, Resource Management procured it. About seven years ago, Building and Safety instituted a different process for Technology Services purchase requisitions (also referred to as S1Bs), limiting the role of Resource Management in the procurement of Technology purchases to verifying the availability of funds. Beginning in 2012, Technology Services, for the most part, obtained quotes and purchased good and services independently of Resource Management.
We evaluated Technology Services’ approved S1Bs from August 2013 through October 2016, and found that a Building and Safety Executive Advisor had vetted at least 354 S1Bs from Technology Services for $38 million in purchases, yet many of the S1Bs did not contain written justification for the purchases. While some of the high-dollar S1Bs (greater than $100,000) contained the approval of Building and Safety’s executive management, the majority did not. In fact, two of the S1Bs without executive management approval were for Building and Safety’s expanded data center ($1.1 million and $2.0 million) where monies appear to have been paid to several unauthorized subcontractors. Another payment totaling $2.4 million was made for the data center, but the S1B could not be located.
In May 2018, Building and Safety’s General Manager implemented revised procurement policies and procedures that now require all of Technology Services’ requests of more than $10,000 to be reviewed and approved by both Resource Management’s Assistant General Manager, and executive management with supporting documentation to accompany the S1B. We applaud this additional oversight.
Lack of Clarity
On the other hand, the revised procurement policies and procedures remain unclear with regard to the purchase of services. We noted that the new policy and procedures could be further strengthened by including language to remind employees that professional services, such as general consulting, application development, and programming services are not permitted to be paid through an IT commodity contract. See Recommendation 1a.
Lack of Formal Budgets and Work Orders for IT Projects
Building and Safety’s executive management neither required Technology Services to establish formal budgets for all defined IT projects, nor did they require consistent work orders to track all costs, including internal labor costs, product costs, and other professional service costs associated with those IT projects. As stated above, nearly all Technology Services’ S1Bs did not include a written justification for the operational need for procured IT related products and services, and many did not include the associated IT project or the person requesting the products or services. As a result, Building and Safety cannot provide an accurate or reliable accounting for how much it spent on various IT projects. See Recommendation 1b. A further problem for accounting is that there were informal transfers between line items in the budget for Technology Services’ approved systems development, but no established dollar threshold requiring the approval from Building and Safety’s General Manager with written justification for the transfers. See Recommendation 1c.
Lack of Formal Metrics to Monitor IT Projects
Building and Safety did not establish formal metrics to monitor IT projects, and when City contractors developed and managed IT applications, the Department did not always define milestones or deliverables. For example, we found that for years the City had professional service contracts with a business but this same business was also paid by Building and Safety for professional services through the two IT commodity contractors and subcontractors. This business was used for an unusual number of projects through the commodity contract that were not competitively bid, and the commodity contractors retained commissions for making these payments. During interviews, we learned that some of the projects from this business had either: 1) experienced significant unexplained delays in completion; 2) required Technology Services’ employees to substantially assist the business’ staff to complete the projects; or, 3) had not been completed.See Recommendation 1d.
Excess Overtime Usage
Building and Safety executive management should enhance its monitoring of overtime usage and require additional information in overtime reports to justify operational need for the overtime. Specifically, between FYs 2012 and 2018, Technology Services’ employees were paid $2.9 million in overtime. Strikingly, five of approximately 40 employees received 52% of that amount, or $1.5 million for 21,097 hours in premium overtime compensation. A review of a few of these overtime reports found that the reports lacked information to justify that the overtime was worked to meet operational needs. While Technology Services’ paid overtime has significantly declined since the investigation, this concern highlights the need to better monitor overtime and ensure it is justified by actual operational needs.See Recommendation 1e.
Potential for Conflicts of Interest
Building and Safety did not periodically remind employees to report any outside business activities. As this is an area where conflicts of interest could exist, Building and Safety’s management should send an annual reminder to its employees to report outside business activities for management review, approval, and acknowledgement.See Recommendation 1f.
Further, we found that several Building and Safety supervisors and managers who had the responsibility of approving Technology Services S1Bs, also had family members working as IT contracted staff for Technology Services. When we requested interview evaluation and selection sheets for a sample of the contracted staff who were identified as family members of Building and Safety management and supervisors, Building and Safety was unable to locate the requested documentation; they indicated that the responsible employee had resigned and any documentation she may have had on this matter was “lost.”
These practices raise numerous concerns. Namely: 1) were these contractors needed; 2) were the most qualified contractors selected; and, 3) was the selection process completed in a fair and objective manner?
To address these concerns, Building and Safety should establish an IT contracted staff selection committee comprised of the new Assistant General Managers for Technology Services and Resource Management, as well as Building and Safety’s Personnel Director (or their designees). This committee should ensure that requests for Technology Services’ contracted staff are justified, and that resume reviews, interviews, and selections are conducted in a fair and objective manner, with the most qualified individuals being selected. Moreover, many of the IT contracted staff used by Technology Services had been paid for their professional services through the IT commodity contract. Going forward, Building and Safety should ensure all contracted staff are paid through properly established professional service contracts
maintained by either Building and Safety or the City’s Information Technology Agency (ITA). See Recommendation 1g.
Failure to Conduct Background Checks
We also noted that the Building and Safety IT contracted staff had not received background checks. The City’s ITA requires its IT contracted staff working with sensitive or confidential information to undergo a background check. Similarly, the Los Angeles County Internal Services Department requires its IT contractors to undergo a background check if placed within a County building. When Building and Safety’s IT contracted staff are working on projects that involve sensitive or confidential information, a background check is warranted and in line with best practice. See Recommendation 1h.
Non-Reporting of Internal Control Weaknesses
Adherence to strong fiscal controls helps deter and detect fraud, procurement violations, and other problems. To help achieve this, the Controller’s Office periodically requires Department General Managers to certify adherence to certain fiscal-related internal controls. The Controller’s Internal Control Certification Program (ICCP) provides an opportunity for department management to review, evaluate, and attest to the adequacy of internal controls in key areas of the department’s fiscal operations.
However, we found that Building and Safety’s FY 2015 ICCP attestation by the prior General Manager did not report certain required internal control weaknesses. Had these problems been reported, it may have prompted further questions and faster solutions. Specifically, Building and Safety should have identified and reported the following weaknesses in expenditure coding, inventory controls, and product receiving.
Expenditures Improperly Coded
Building and Safety did not review IT expenditures to ensure they were coded to the correct account. For years, Technology Services’ IT expenditures had been improperly coded to Building and Safety’s Office & Administrative Expense Account. For example, in FY 2015, one IT commodity contractor was paid $12.5 million, but because those expenditures were improperly coded to the Office & Administrative Expense Account, it would have been difficult for City management to identify the anomaly.
Resource Management’s new Chief Accountant identified this problem in late FY 2017. After research, she found that the employees did not understand the reason for or importance of FMS “object codes” and had likely not been trained on coding the transactions to the proper expenditure account. Thereafter, she updated Building and Safety’s accounting procedures and instructed these employees to code expenditures properly. As a result, the expenditures coded as Office & Administrative Expense dropped significantly, from an average of $9.4 million between FYs 2012 and 2017, to $563,000 in FY 2018.
Exhibit 1 – Building and Safety’s Expenditures per FMS
Failure to Conduct Independent Inventories
A physical and independent inventory count – separate from Technology Services’ supply, procurement, and inventory functions – did not take place for many years prior to 2016. Despite this lapse, Building and Safety certified that there was no internal control weakness related to this area. Prior to Building and Safety’s investigation, Technology Services had been allowed to manage its own inventory, warehouse, transfers, and salvaging of Building and Safety’s IT assets. The internal investigation found that asset transfers and salvaging by Technology Services were not formally approved or documented.
With over 5000 IT assets, Building and Safety must keep accurate records of where its assets are located, to whom they have been assigned, and what happens to the asset when assigned employees transfer or leave the Department. To ensure Building and Safety’s inventory records are accurate, the Department should require an independent, physical inventory be completed once a year.
Lack of Supporting Documentation for Receipt of IT Products and Services
The Building and Safety investigation and this Review confirmed that for many years, a Resource Management supply clerk relied, many times, on Technology Services employees to verbally acknowledge or email acknowledgement of receiving IT products and services without providing any supporting documentation (e.g., a packing slip or deliverable terms for services). This weakness in internal control should also have been identified through Building and Safety’s 2015 ICCP, but it was not.
II. Strengthening Citywide Policies and Controls
The General Services Department and the City’s financial system require that three key procurement documents match (purchase order, invoice and receiving information) before payment is authorized. However, they rely on City departments to ensure that commodity purchases are justified, received, and comply with the contract. General Services Department has recently instituted additional procedures that require supervisor and management level approval for payments over a certain dollar threshold. The Controller’s Office is also expected to review payments over $100,000, and has recently enhanced its review process to include analytical procedures.
In addition to these enhanced procedures, General Services Department management indicated, and we agree, that City staff responsible for procuring, receiving, or processing payments need periodic reminders on what is allowed and not allowed to be purchased through the City’s IT commodity contracts.See Recommendation 2a.
The City’s IT commodity contracts do not allow for the professional services, such as general consulting, IT application development, and IT programming to be procured; however, some commodity contracts include installation and maintenance services related to the IT equipment being purchased. Representatives from ITA management and Los Angeles County indicated that implementing a percentage limit on any authorized installation and maintenance services (up to 30 percent of total) that can be associated with IT equipment purchases can help to prevent improper procurement for professional services through these types of commodity contracts. See Recommendation 2b.
While commodity contracts do not require approval by City Council [City Administrative Code – Section 10.5 (Limitation and Power to Make Contracts)], periodic reports should be submitted to policymakers on the use of these contracts by City departments. Currently, General Services Department submits a summary of commodity contract activity to the Mayor’s Office, the CAO, and the Information, Technology, and General Services Sub-Committee of City Council. However, these reports do not include a breakdown by department. For example, between FYs 2012 and 2018, Building and Safety’s expended $23.8 million for products and services through an IT Commodity Contractor, representing 71% ($33.4 million) of all City expenditures to this commodity contractor during the period. Had this information been provided, it may have prompted questions regarding Building and Safety’s significant use of this IT Commodity Contractor. Further, this detailed report should also be provided to City Council’s Budget and Finance Sub-Committee to monitor IT commodity expenditures by City departments. See Recommendation 2c.
In July 2017, the City began utilizing the fully integrated procurement module within FMS. This allows for documentation supporting the receipt of products, installation services, or software and hardware maintenance to be uploaded into FMS prior to payments processing, but this is not a requirement. Having this type of additional information could help to identify and detect some of the irregularities and problems identified in this Review. See Recommendation 2d.
During this Review, we also learned that departments are not currently required to report all large-scale IT projects to the City’s IT Oversight Committee. The IT Oversight Committee meets once a month and includes representatives from the CAO, Mayor’s Office, and the Office of the Chief Legislative Analyst. Given the complexity and risk of these projects, City departments should report these types of projects to the City’s IT Oversight Committee whenever they are expected to exceed a certain dollar threshold (e.g., $1 million). The IT Oversight Committee should periodically monitor these projects’ status to ensure that departments are using compatible platforms and allowing for system integration amongst departments. See Recommendation 3a.
We noted that City contracts, includingthe IT commodity contracts, do not include language that specifically requires contractors to report solicitations for gratuities or known fraud by City employees. Los Angeles County includes this type of clause in County contracts, requiring contractors to report the allegations to the Auditor-Controller’s Office of County-wide Investigations. Similarly, City contractors should be required to report these matters to the Controller’s Office and the Ethics Commission for review and investigation. See Recommendation 3b.
Further, although general consulting, IT application development and programing services are not authorized line items or permitted to be purchased through IT commodity contracts, we noted only one of the two IT commodity contractors’ contracts (based on a State contract with this contractor) expressly included language to serve as an additional reminder to both contractors and City employees that professional services are not allowed. Including this type of additional language consistently within all IT commodity contracts appears warranted. Further, we noted that this particular IT Commodity Contract, which was based upon a contract between the State of California and this contractor, did not have a standard audits clause when it was renewed in 2015. During this Review, this IT commodity contractor did not comply with requests to provide information on the City’s use of this contract nor its use of any subcontractors since 2009. General Services Department should work with the City Attorney to ensure these clauses are consistently included in all of the City’s IT Commodity Contracts. Recommendation 2e.
Finally, as a result of this Review and the high risk nature of IT commodity contracts and IT professional service contacts, our Office’s Audit Services Division will enhance its monitoring of these contacts to determine if they are being administered by City departments (including proprietary departments) in accordance with the related contracts, laws, regulations and City policy.
III. Increasing Building and Safety’s Budget and Fee Transparency
Technology Services’ System Development Budget has significantly increased since FY 2012, commensurate with similar increases in the cash balance for the Building Permit Enterprise Fund – the primary source of funding for Building and Safety’s departmental budget. Large fund balances are caused when revenues exceed expenditures over time, and they can result in less scrutiny; it can also indicate that the fees charged by Building and Safety exceed the associated cost of providing those services.
The Building Permit Enterprise Fund budget requires added transparency to identify significant changes in Departmental spending, especially for IT-related professional services and products.
Building and Safety’s Systems Development Budget
Building and Safety’s systems development budget has grown significantly, from a low of $11 million in FY 2012, to a high of $27 million in FY 2018.
Exhibit 2 – Building and Safety’s Systems Development Budget
Although costs designated for IT labor and contingency increased steadily, the increase for IT equipment, expenses, and contractual services grew 172% from $6.8 million in FY 2012 to $18.5 million in FY 2018. About two-thirds of the total systems development budget was devoted to equipment and contractual services expense in FY 2018.
Exhibit 3 – Building and Safety’s Systems Development Budget (Labor & Contingency Costs versus Equipment & Contractual Service Costs – in millions)
The majority of budgeted funding for Building and Safety’s Systems Development Budget comes from the Building Permit Enterprise Fund through other revenues, such as plan check, permit, and inspection fees or systems development revenues.
Exhibit 4 – Funding for Building and Safety’s Systems Development Budget 
Given the IT contract problems that occurred, Building and Safety should re-evaluate all line items within its Systems Development Budget to ensure planned expenditures are justified and based upon operational needs. See Recommendation 4a.
Building and Safety Fees
The revenue credited to the Building Permit Enterprise Fund grew significantly, from $107 million in 2012 to $211 million in 2018. In addition, for ten of the last 13 years, revenues exceeded expenses.
Exhibit 5 – Building Permit Enterprise Fund (48R) Revenues versus Expenses
The cash balance of the Building Permit Enterprise Fund has also increased, going from $35 million in FY 2012 to $283 million in FY 2018. This occurred because revenues continued to outpace expenditures during these years. The Building Permit Enterprise Fund’s unappropriated (i.e., available) cash balance has similarly increased, from $17 million in FY 2012 to $228 million in FY 2018.
Exhibit 6 – Building Permit Enterprise Fund Cash Balance (including Unappropriated Amounts)
A 2006 audit, entitled “Financial and Compliance Audit of the Department of Building and Safety”, recommended that Building and Safety complete a detailed fee study and re-evaluate its methodology for setting certain fees. In this audit, we were unable to determine to what extent Building and Safety followed the 2006 recommendation; in part because Building and Safety’s management indicated they could not locate the detailed documentation to support the individual fee development. They did provide information comparing the fee amounts to those of other jurisdictions.
Building and Safety also implemented an increase to the building permit valuation table, which affects many different fees. Building and Safety’s Engineering Bureau determined in 2015 that this increase was warranted; however, the supporting documents for the increase (and a similar increase in 2008) also could not be located. Also, Building and Safety did not submit these increases for review or approval by City Council, because Building and Safety does not consider building permit valuation table increases the same as fee increases. However, the valuation table ultimately determines the cost of certain permits, plan checks and inspections.
According to the Building and Safety Executive Officer, the Building Permit Enterprise Fund cash balance may have increased because there is a backlog of services provided by the Department, so there has been an increase in the expedited premium revenues paid by customers.
However, a detailed study of all fees is still recommended. The fee study should include the Building Valuation Table. See Recommendation 4b. Building and Safety should submit any changes to these fees and the Building Valuation Table to City Council for review and approval. See Recommendation 4c.
During this Review we noted that the Los Angeles County Department of Public Works adjusts their permit, inspection, and plan check fee schedules by the consumer price index annually, but every three years they also go through a Building Code Cycle and adopt a new code. All fees and any amendments thereto are submitted to the Board of Supervisors for approval. This is a leading practice that should be explored by the City to ensure the City Council supports and approves Building and Safety’s fees. See Recommendation 5a.
Detail in the Budget for Building Permit Enterprise Fund
The Building Permit Enterprise Fund covered 91% of Building and Safety’s budgeted expenditures for FY 2018, but its budget lacks detail. While departmental budgets provide more information regarding planned spending by major expense category, the budgets prepared for special purpose funds do not.
Specifically, for FY 2018 the Building Permit Enterprise Fund projected total revenue of $145 million, including $8.2 million in projected system development surcharges. While it notes direct appropriations for Building and Safety salaries, the broad categories “Building and Safety Expense and Equipment” and “System Development Project Costs” are not further defined. However the expenses charged there include significant IT products and professional services. Further, no detail regarding the contracts, services or equipment, is presented.
Exhibit 7 – Building Permit Enterprise Fund Budget – FY 2018
To provide the necessary transparency and accountability regarding Building and Safety’s operations and its IT investments, the full amount anticipated to be spent by the Department–for salaries and other expenses (e.g., contractual services, equipment, etc.)–should be fully appropriated from the Building and Permit Enterprise Fund to the Department’s official budget. This would align more closely to practices for other operating departments, and would require Building and Safety to disclose their actual Departmental expense categories, such as Office & Administrative Supplies, Operating Supplies, Equipment, Contractual Services, and Travel Expenses. See Recommendation 4d.
Also, in the Detail of Contractual Services Account section of its annual proposed budget, Building and Safety should identify all the professional service contracts the Department utilizes, and the planned expenditures for each. Currently, Building and Safety only includes the contracts funded by the General Fund in this section; as a result, most of Building and Safety’s expenses for contractual services are not reflected or disclosed. Doing so would increase transparency on an annual basis.See Recommendation 5b.
Finally, the reserves and contingency (totaling $138 million) reflected within the Building Permit Enterprise Fund budget should be questioned. While some funds must be held for contingencies and uncertain future costs, actively budgeting such a high level of reserves – 42% of the total ($328 million) appropriations was for a contingency and reserves for FY 2018, indicates the need to revisit the fee and funding structure of Building and Safety’s operations. Building and Safety should consult with the CAO to review the reserve line items within the Building Permit Enterprise Fund budget. This should determine if the line items are properly supported, reported and required. See Recommendation 5c.
 According to the Executive Advisor, vetting meant reviewing the related quote, S1B, and adherence to the related contract.
 Building and Safety’s new procurement procedures also require all requests for IT products and services to: 1) clearly describe the products and services being requested; 2) justification establishing the need for the requested products and services; and, 3) information on how the requested product or service will fulfill that need. If needed, Technology Services will generate an S1B, and the S1B, with all supporting documentation will be submitted to Resource Management for review and approval, with requests over $10,000 requiring Building and Safety executive management review and approval.
 Two Technology Services supervisors indicated that the former Technology Services Assistant General Manager outsourced application development projects to this business when Technology Services had many full-time employees capable to complete these projects. Between FYs 2012 and 2018, Technology Services had over 40 full-time employees.
 Further, according to the new Technology Services Assistant General Manager, the department had outsourced some of its IT projects using an hourly based cost structure, which can be especially costly when there are delays. As a result, she indicated that going forward Technology Services will be using delivery based cost structures for outsourced IT projects, when applicable.
 Building and Safety paid more than $47.6 million in overtime to its employees over the seven years ending FY 2018.
 The second IT Commodity Contractor did not comply with General Services Department requests (made behalf of the Office of Controller’s) to provide information on subcontractor usage since 2009.
 The approximate $3.5 million returned to the City from a commodity contractor’s fulfillment subcontractor was used to reverse expenditures, resulting in negative expenditure balances in FY 2018.
 The Resource Management Chief Accountant indicated that in FY 2014, Building and Safety had coded $33+ million as additional operating transfers to the general fund (995) instead of operating transfers to the general fund (911).
 Building and Safety’s new procurement procedures (issued May 2018) requires all requests to salvage any inventory items to be submitted to Resource Management for record keeping, processing, and coordination with other City Departments. All salvage requests must include a Bureau Assistant General Manager’s signature.
 After the Building and Safety investigation, the Resource Management Chief Accountant initiated a physical inventory of Technology Services’ items. While it was not complete as of this Review, it had already identified over 260 items that could not be located, and that some items were located in other City departments and offices. Building and Safety indicated that independent physical inventories would be completed annually going forward.
 Building and Safety’s new procurement procedures (issued May 2018) requires, for tangible product deliveries, that receiver for Technology Services have a Department purchasing expert or a designated Resource Management employee present to verify receipt. The receiver for Technology Services must also sign and include the receipt or packing slip with the completed receiving report, with shipments of computers and other IT equipment including serial numbers on the packing slip. The receiver Technology Services must then obtain approval from the Technology Services Assistant General Manager and submit the receiving report to the Department purchasing expert with notification to Resource Management to ensure new products received are entered into the inventory database. For non-tangible products (e.g., software delivered electronically) and professional services, the receiver for Technology Services must include necessary receipts, deliverables, timesheets, and other documents that show the products or services had been rendered consistent with the original approved request. For example, requests for professional services that note the payment terms as “Hourly” shall include timesheets with the receiving report and requests for professional services that note payment terms as “By Deliverable” shall include documentation for the completed deliverable(s) for the associated receiving report. These deliverables shall be consistent with one or more of the deliverables listed on the original request forms. The receiving report must be signed by the receiver for Technology Services, approved by the Technology Services Assistant General Manager, and submitted with all required attachments to the Resource Management supply clerk. The new procedures also requires all original receiving reports and associated attachments to be maintained by Resource Management to ensure proper record keeping.
 The Los Angeles City Administrative Code, Division 9, Chapter 1, Article 1, Section 9.1 specifies: “All purchases of materials, supplies, equipment and equipment rental or repair and maintenance services therefor, required for any officer, board, or employee of the City, shall be made by the Purchasing Agent of the City…upon requisition delivered to him or her and signed by the department, officer, or employee for whom the purchase is to be made or upon his or her own requisition for this purpose. The requisition signed by the department, officer or employee for whom the purchase is to be made shall constitute authority for expenditures of funds allocated for said purchase.”
According to the General Services Department, none of their IT commodity contracts allow for the purchase of professional services such as general consulting, IT application development, or IT programing. But some include installation and maintenance of the purchased equipment. General Services Department clarified that IT maintenance is designed to keep the equipment in proper operating condition.
 Includes Technology Services employee salaries, related costs, and overtime.
 Includes software & licenses, software maintenance, data maintenance, hardware maintenance, hardware upgrades, data communications products & service, infrastructure upgrades, Technology Services employee training, consulting services, etc.
 Building and Safety applies and collects a Council-approved 6 percent system development surcharge (Systems Development Account) on all permit, inspection, plan check, non-compliance, and code violation inspection fees.
 The General Fund funded an average of $17,000 each fiscal year. The City’s One Stop Fund only
As part of our protocol, we requested the CAO, General Services, and Building and Safety to provide an action plan to recommendations contained in this Review. Their respective action plans are presented in this Appendix. We thank City staff and management for their time and cooperation during this Review.