Parking data limited in third-party audit
March 12, 2015
A fractured relationship between the city of Aspen, its parking-meter vendor and inefficient city record-keeping meant large data gaps for the independent auditor recently hired to review Aspen's financial systems.
Those were among the details the Aspen City Council discussed with Colorado Independent Consultants Network founder John Olenberger, who led the $48,000 audit, and Finance Department officials Tuesday. Olenberger explained that Global Payments, the company that processed Aspen's parking transactions, only provided data from September 2013 to November 2014. The firm estimates the scam occurred between early 2012 and October 2014.
"Usually people are willing to work with you," Olenberger said of the Toronto-based vendor Precise Parklink. "In this case, the city had for the most part terminated its relationship with Precise Parklink. From Precise's point of view, they probably thought, we don't want to deal with this."
Instead, the firm relied mostly on city data, including compound-growth rates, projections based on parking-rate increases, projections based on hotel occupancy rates and projections based on traffic counts. It wasn't until Tuesday that the city delivered to the firm its service contract with the vendor, which according to Olenberger had inadequate data.
When Councilman Adam Frisch asked if the contract had been lost in a city filing cabinet, Finance Director Don Taylor responded. He said officials looked for the contract in Finance, Parking and the City Manager's Office.
"We couldn't find it," Taylor said.
Recommended Stories For You
On Tuesday, a Finance representative went to the Truscott affordable-housing complex, where the city archives transactional data. That person found a Precise Parklink file that included the contract. Taylor claimed Finance should not have been the holder of the contract, but rather the Parking Department should have. Olenberger said having an electronic depository would have been the best practice.
Based on its findings, Colorado Independent Consultants Network estimates the actual loss from the parking scam was about $230,000, including $50,000 in processing fees. That amount was culled from four data models, which had estimates that ranged between $0 and about $348,000. Councilwoman Ann Mullins expressed skepticism about the estimations, asking Olenberger why an estimation of $0 was factored in.
Olenberger said the firm ran the research methods by city officials, the resident advisory board and the firm's own independent auditor, which all signed off.
While discussing the service contract, Olenberger said he has seen documents with other clients that don't go into the detail required for proper auditing. Ambiguities and invoices that don't align with the contracts are not uncommon.
Howie Mallory, who was part of the three-resident financial advisory committee that helped choose the city's auditor, said it's clear there were gaps in the data available, which made Olenberger's job challenging. Determining trends with those gaps, he said, would be difficult.
Based on the service contract, Olenberger said his firm is unaware whether Precise was charging administrative fees on top of Global Payments processing fees.
During the scam, parkers were able to exploit the system with maxed-out or expired debit cards. The parking meters, which were installed in 2007, were susceptible because they processed payments in batches, meaning cards weren't accepted or declined until the end of the day, even though parking was granted.
In 2010 and 2011, declined transactions accounted for about 2 percent of all transactions, according to Finance numbers. At the peak of the scam in 2014, declined transactions accounted for around 30 percent of the total.
The audit report shows Taylor asked Global Payments to stop resubmitting failed payments in October 2013, which put an end to unnecessary processing fees. On Tuesday, Councilman Dwayne Romero asked why the escalating amount of declined transactions didn't serve as a red flag earlier.
"Was that the first piece of tell-tale evidence for you?" Romero asked of Taylor's decision to end the processing fees. "Or were you just blissfully unaware at that time?"
Taylor said he was unaware that declined debit cards were being used in a fraudulent manner.
According to the report and internal emails, officials were aware of the system's susceptibility and a potential fix as early as 2009. In July 2011, a meeting between the Parking Department and City Manager's Office determined that the $360,000 upgrade was not worth eliminating approximately $30,000 a year in declined transactions.
Both Taylor and Olenberger explained to officials that "hindsight is 20/20." Taylor said the declined-transaction data wasn't posted to the general ledger, though it existed on a spreadsheet accounting staff prepared as part of the posting process that did go to the general ledger.
"That did not get reported out," Taylor said.
"I think this was an unfortunate incident," Olenberger said. "It's something the city was hoping people wouldn't take advantage of, and to a certain degree that was the case up until 2012, when word got out and it got out of control."
Included in the audit report are 12 recommendations for improving cash-handling procedures associated with the Finance, Parking, Golf and Parks departments and the city clerk. Taylor noted that some of the recommendations could be costly to implement and might require the hiring of additional staff. The council gave its support for implementing all 12.
"I think we need more robust systems," Frisch said. "The community, the organization, got duped at the end of the day via a fairly simple scam that I think if we had more robust systems in place, we would've been in better shape."