City’s Development System A Major Fraud Risk, Says Auditor
Tuesday, July 3, 2012
Imagine you’re a developer with a pal who handles permits for the city of San Diego. And say you thought the permitting fees were a little too high. Not to worry, your pal says, and he knocks down the price for you.
The city is at risk for this simple bit of municipal corruption, according to a new report from City Auditor Eduardo Luna. He examined the city’s Development Services Department, which handles permitting, and found serious problems. In short, weaknesses in the department’s computer system could allow employees to commit fraud without being detected.
“It creates an environment where someone lone or rogue could do it,” Luna said in an interview.
The finding is one of the most substantial in Luna’s 80-page review of development services’ computer system, which helped the department process $1.16 billion in city permits in 2011. Luna calls the computer system development services’ “central nervous system” because it manages all permitting and development functions.
Standard industry and city practices require employees to have no more access to alter the overall computer system than what they need to do their limited jobs, such as reviewing plans or charging fees, the audit says.
In this case, the audit contends that too many employees have too much access to various functions of the computer system, and its cumbersome process makes it impossible to figure out if employees are committing fraud. The audit outlined a possible situation where a development services employee could charge a customer a discounted fee through making a project seem smaller than it is. They then could sign off on the building inspection so the discrepancy would never be discovered.
To reduce risk, the employee that deals with fees shouldn't be able to touch the building inspection, which is a separate service.
Auditors also said it’s unclear if the department is charging accurate fees and deposits: Projects have been overcharged by as much as $345,000 and undercharged by $37,000.
To be sure, the audit didn’t uncover any examples of fraud and the $345,000 overcharge was discovered and refunded within days. But that doesn’t make the situation any less significant, Luna said.
“The risk is there,” he said.
Luna recommends 13 changes to the Development Services Department including restructuring its management to create greater internal controls, separating employees’ responsibilities so they can’t access as much of the computer system and documenting more changes to individual permits. He attributed much of the failures to inefficient staffing, high workloads, limited supervision and deficiencies with the computer system itself.
Department head Kelly Broughton disputed almost all of Luna’s findings, contending that his auditors didn’t understand how the computer system worked and that its internal controls were strong.
The department, Broughton said in its official response, “follows appropriate access protocols; and documents and records changes in the system appropriately. We believe the authorities currently granted to employees are appropriate and proper.”
Broughton emphasized that the audit did not document any examples of fraud.
Two other points are worth noting for now. Last year, the city merged its planning department with development services, giving Broughton’s department authority over neighborhood growth issues. Luna said his audit didn’t examine that restructuring.
You might also be familiar with the city’s new multi-million dollar computer system, One SD, which was created with much fanfare and cost overruns. Development services uses a separate system, which was developed in-house, that links to OneSD, Luna said.
I’ve emailed Broughton and the Mayor’s Office and will update this post if they respond today.
Liam Dillon is a news reporter for KPBS media partner Voice of San Diego. Please contact him directly at firstname.lastname@example.org or 619.550.5663.
To view PDF documents, Download Acrobat Reader.
Please stay on topic and be as concise as possible. Leaving a comment means you agree to our Community Discussion Rules. We like civilized discourse. We don't like spam, lying, profanity, harassment or personal attacks.