Square one

Share this:
March 14, 2011
By: Gregory J. Scott
Gregory J. Scott
// Magdy Mossaad ushers in a new era for the city’s internal audit process //

For the first time in decades, the city’s internal auditor has a posse.

When he hired two employees last fall, Magdy Mossaad, brand new director of the city of Minneapolis’ brand new Internal Audit Department, made history. He wasn’t just beefing up his staff. He was creating a staff. He even brought an intern on to help out.  

At least since the 1980s, the city’s self-auditing had been done by one man. We had one guy keeping an eye on the city, one watchdog to guard against fraud and wasteful spending, to insulate the city from financial abuse, to ensure compliance with all rules and regulations.

You plugged a parking meter? He made sure your quarter made it safely into the city’s coffer. Paid to get your car out of the impound lot? He made sure the clerk didn’t pocket your cash. Your elected official is claiming mileage and parking fees? He made sure it was legit.

But he was just one guy. Other cities of a comparable size — places like Portland, Atlanta and Seattle — have as many as 15 professionals in their internal audit departments.

Now, in March 2011, Minneapolis has three. And if Mossaad’s team can prove its value, it’s possible that the mayor and City Council could free up resources for even more auditors, even with the city’s budget troubles.

Some attention, it seems, is finally returning to a function that for a long time was lost in the bureaucratic shuffle.

“It simply got to be a forgotten job,” says Mark Oyaas. “I like to say it got parked in a funny spot: on the M floor behind a big, gray desk.”

Oyass is one of three private-sector representatives on the new Audit Committee, which Mossaad’s staff now reports to. The Audit Committee was created in late 2009, in direct response to the problem of Minneapolis’ short-staffed audit crew. In addition to the three private-sector members, the committee includes three city council members.

“It wasn’t forgotten,” clarified Carol Becker, a current member on the Board of Estimate, which used to oversee internal auditing.  Becker has long fought for a more robust audit process. “It was just under-resourced. What could be done was really limited.”

The Mossaad era

At any rate, times have changed. Bob Bjorklund, the former director of internal audit, retired in late 2009 after more than 20 years on the job. After a stormy transition period — one that left an eight-month auditor vacancy and almost resulted in the elimination of the Board of Estimate altogether — the slate is cleared. We’re in a new era: the Mossaad era.

“Pretty much square one,” said Oyaas. “We are starting from scratch. City Hall’s getting three really well-trained eyes on the thing.”

Oyaas got the Audit Committee gig thanks to the Minneapolis Parks and Recreation Board, which was allowed one appointment to the committee. He is a managing partner with the public affairs consulting group Neerland & Oyaas.

The other two private-sector appointments come from the mayor and the city council, respectively.

Mossaad, an Egyptian native, took the job in June 2010, after a 10-year run as a senior auditor at Rochester’s Mayo Clinic. By November, he needed to present two things to the Audit Committee: a comprehensive “risk profile” — essentially identifying and ranking every conceivable threat factor for the city — and a three-year plan to address those factors. The plan would go into effect immediately, in December 2010.

It was a sensationally complex task.

And Mossaad, meanwhile, had yet to find a place to live locally. He was commuting back and forth from his home in Rochester, occasionally crashing at the apartment of his son, a third-year music student at the University of Minnesota. Six months later, he still is.

The heat map  

So what has Mossaad been up to since last summer? Mostly bringing in experts.

A 10-year veteran at the Mayo Clinic — where 32 auditing professionals keep tabs on a staff of 60,000 employees — Mossaad had never worked in city government before.

“Internal audit as a profession is the same wherever you work — in government, in not-for-profit, in business,” Mossaad says. “The principles are the same. However, every industry has its own special challenges. So you need to beef-up your experience.”

In July, he contracted the firm KPMG — one of the world’s largest audit and consulting firms, which boasts a specialty in government to get a head start on the initial risk assessment. Then in October, he hired his two senior internal auditors: Jacob L. Claeys, a former lead auditor for the city of Denver (which employs more than two dozen people on its auditing staff), and Ginger Bigbie, who comes from Florida-based Shands Health Care.

Within a few months, the team had its “Heat Map,” a color-coded chart prioritizing threats to the city.

The biggest risk, in the red zone both for “major impact” and “almost certain likelihood” is in the city’s information systems: the city’s computer network, its databases and all of the private information that flows through each. IT, Mossaad, says is “always the top priority in any industry.”

Another red risk is cash handling — the huge amounts of actual currency generated from parking meters and parking lots. Mossaad is pleased with the city’s new “smart meters,” which allow motorists to pay with credit cards, as they will reduce the amount of cash requiring hand delivery to the city.

On the low end of the heat map, in a mild green zone (“moderate impact,” “possible likelihood”) is expense reimbursement.

The middle orange and yellow zones are the most cluttered, home to threat categories such as the impound lot, grant administration, pension fund accounting and utility billing.

The 2011 audit plan calls for a number of protective measures: 800 hours to assess the controls in place for purchasing and accounts payable, 700 hours to review vendor and contract management, 300 hours to “determine whether controls over cash collection, accounting and deposit of funds are appropriate.”

For his efforts, Mossaad will be paid $97,201 annually.

As for IT concerns, Mossaad says the Audit Committee has approved a project to hire “professional hackers” this year to come in and test information systems.

“We expected the first two or three projects to go slow,” Mossaad says. “It’s something new to the city. It’s also new to us, as a team. We’re trying to build the process and prototype it. I think it’s going to be a little slow, but it’s not surprising to be slow.”

The pace has raised a few eyebrows.

“We’re not seeing any production out of his hiring yet,” said Becker. “I don’t know what he’s been doing for a year, but he hasn’t been doing any auditing.”

But Becker is pleased that things are changing for the better.

“In an era of cut, cut, cut, this is one of the few places that actually added resources,” she said. “It’s not cool, it’s not sexy. But they’re the people that keep you out of trouble, that keep you off the front page.”