Citizen Portal
Sign In

Audit committee urges fixes to tax-payment system, separation-of-duties controls after failed fraud-risk assessment

3248069 ยท May 5, 2025

Loading...

AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

At its March 5 meeting the Davis County Audit Committee discussed long-running problems with the county's tax payment software and cash-handling controls, noting a failed fraud-risk assessment, unresolved year-end close issues and recommendations to tighten procedures or add interim staffing while systems are fixed.

Davis County's internal audit committee on March 5 pressed county finance and information-technology officials to fix longstanding problems in the tax-payment system and stronger separation-of-duties controls after the county failed a state fraud-risk assessment.

The committee, chaired by Neil Gabbis, said software limitations and process gaps have prevented the county from closing fiscal years, creating recurring reconciling differences and leaving large 'parked' or escrowed prepayments that obscure whether funds belong to the current year or prior years. Gabbis said the treasurer answered the risk-assessment questions candidly and the committee must now follow up to close the gaps.

Why it matters: the committee said an inability to close a fiscal year prevents accurate reconciliation, leaves errors rolling forward and raises the risk that misstatements or misuse of funds could go undetected. Members urged either a prompt software fix or temporary manual processes/staffing to ensure daily reconciliation and to reduce risk to taxpayer funds.

Committee members and staff described three intertwined problems: software that reflects outdated processes, complex prepayment and ACH workflows that the system does not fully account for, and internal-control weaknesses that allow super-user access in the treasurer's system. Jeff Hassett, director of information systems, told the committee that "if the system goes down, people are still making payments," arguing the county must have either a functioning automated system or reliable manual procedures in place. Treasurer Matt Brady described the county's ACH schedule and said the automated program affects a small fraction of taxpayers: "We have just under 900 scheduled for the fifth of every month. So it's a fraction of our taxpayers."

The controller and internal auditor said the county has historically accepted prepayments and installment payments to help taxpayers, but the practice has produced long-lived parked balances in some cases. The committee discussed whether the county should continue offering that convenience, and if so how to manage interest allocation and data-privacy risks tied to storing payor banking information. The treasurer said he wants taxpayers to retain ownership of their payment instructions and is working with IT to reduce retained banking data.

The committee also reviewed the county's annual fraud-risk assessment, which is filed with the external auditor and the state auditor. The assessment included a separation-of-duties questionnaire; the county failed the key item that asks whether people who collect payments are different from people who can adjust customer accounts. Gabbis said the question was answered honestly under the new treasurer and that the committee must now address super-user access and implement mitigating controls: either system restrictions that prevent conflicting duties, or formal audit routines to detect and deter inappropriate activity. As the internal auditor summarized, "I know how you can steal money from our system right now, if you're a super user." (internal auditor Blake)

Follow-ups identified in the meeting included: - Continue the review of the payment software (referred to as Cortex/Quartax in packet materials) with an August milestone for substantive feedback. - Schedule a work session to address small-balance discrepancies and the policy for parked/prepayment accounts. - Evaluate whether additional staffing or interim manual reconciliation processes are needed until system controls are in place. - Review and tighten countywide financial procedures and consider centralizing accounts receivable/accounts payable to reduce variation across departments.

No new ordinance or formal policy was adopted by the committee at the meeting. The only formal action recorded was approval of the minutes from the Feb. 24, 2025 meeting.

Committee members repeatedly stressed that internal audit should be a cooperative function that helps departments improve controls rather than merely call out errors; several members said departments have pushed back in past audits. The controller and internal auditor said follow-up and enforcement must improve so corrective actions do not languish between quarterly meetings.

The committee requested that the internal auditor and controller convene the relevant department heads and the treasurer to translate risk-assessment findings into concrete remediation steps, with interim reporting back to the audit committee ahead of the August meeting.

Ending: Committee members said they were hopeful the combination of a candid risk assessment, the new treasurer's leadership and ongoing IT work will yield meaningful improvements before the next quarterly meeting.