San Joaquin County Grand Jury
2021-2022
Quick View
Full Details →
Findings & Recommendations
15 findings
F1:
2.1 Board members’ AB1234 Ethics Training Certificates posted are expired or missing, indicating that some Board members may not be in full compliance with AB1234 regulations.
Related Recommendations (1)
R1:
1 By November 1, 2022, the Board of Directors replace Ordinance 1 in its entirety by developing, adopting and implementing policies and procedures that clearly define the authority, and limitations thereon, of the Fire Chief and provide greater Board oversight of the operations of the District.
F2:
1 The Board of Directors was not aware of issues that District employees had with the Chief. Ordinance 1 general conduct rule blocked employee accessibility to the Board. This situation contributed to a hostile work environment.
Related Recommendations (1)
R2:
1 By December 1, 2022, the Board of Directors develop, adopt and implement a formal employee complaint policy with procedures for filing complaints, reporting back to complainants, filing appeals and providing accessibility to the Board while adhering to all laws and rules regarding confidentiality.
F1.1:
Ordinance 1 and District rules and regulations enable the Fire Chief to control most financial operations of the District with limited or no Board oversight, thus providing an opportunity for financial malfeasance.
F1.2:
Ordinance 1 and current policies allow the Fire Chief, as Chief Executive Officer, to alter or disregard District policies without approval by the Board, causing confusion and discord within the District.
F1.3:
The Board of Directors failed to enforce the District’s Credit Card Policy providing an opportunity for financial malfeasance.
F1.4:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act, opening the District to potential liability.
F1.5:
Funds generated for the use of the District through the Cal-JAC program were allocated to purchases, services and events, uses that were not in compliance with District’s purchasing and credit card policies. These expenditures could be construed as misuse of funds.
F1.6:
Beginning in 2019 the District’s fireworks booth was operated by the 501(c)(3) nonprofit Behind the Fire LMFD, overseen by a member of the Chief’s family. This occurred with no oversight by the Board, who held the license for the booth, a situation that could expose the District and its Board to allegations of misconduct and malfeasance.
F2.1:
The Board of Directors was not aware of issues that District employees had with the Chief. Ordinance 1 general conduct rule blocked employee accessibility to the Board. This situation contributed to a hostile work environment.
F2.2:
The District does not have a formal employee satisfaction survey or engagement process to allow employees to share work environment concerns with the Board and Management. The District is unable to implement warranted improvements for issues and concerns if they are not brought to light by employees.
F2.3:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act. This action could expose the District to potential liability including financial penalties.
F2.4:
Allegations were made that merit or step pay increases were withheld pending the signing of a non-disclosure agreement which violates the District’s Memorandum of Understanding for Executive Staff. If proven to be true, and not corrected, the District could be subject to legal action brought by affected employees.
F2.5:
Pending litigation filed against the Fire District by employees for harassment and intimidation could expose the District to expenses for financial settlements and legal fees.
F2.6:
The District does not have a nepotism and cronyism policy that prohibits the direct supervision of family members and/or individuals with whom the supervising manager has a romantic or other close personal, financial, business or political relationship. Not having a clear policy for nepotism and cronyism has created discord within the District.
F1.2.1:
Board members’ AB1234 Ethics Training Certificates posted are expired or missing, indicating that some Board members may not be in full compliance with AB1234 regulations.
Quick View
Full Details →
Findings & Recommendations
68 findings
F1:
2.1 Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
Related Recommendations (1)
R1:
1.1 By January 1, 2023, the Stockton Unified School District Board of Trustees direct the Superintendent to assess the current financial software to be compatible with the San Joaquin County Office of Education software.
F2:
Insufficient Budget Monitoring or Updates • Failure to regularly update budget assumptions • Negative or three consecutive qualified interim report certifications • Downgrade of an interim certification by the county superintendent • “Lack of going concern” designation from the county superintendent • Actual revenues and expenditures inconsistent with the most current budget • Budget revisions not posted in the financial system or communicated to the board regularly 40 • Lack of control or monitoring of total compensation as a percentage of total expenses • Failure to regularly reconcile balance sheet accounts in the general ledger • Incomplete responses to criteria and standards variances or deficiencies identified by the county office of education • Requisitions or purchase orders processed when the budget is insufficient
Related Recommendations (1)
R2:
1 By October 1, 2022, all members of the Stockton Unified School District Board of Trustees complete all five of the California School Board Association Masters in Governance training courses.
F3:
Inadequate Cash Management • Failure to reconcile cash accounts monthly • 18-month cash flow not forecast • Lack of short-term plan to address cash flow needs • Noncompliance with Education Code requirements when interfund borrowing is occurring • Failure to set aside repayment funds when external borrowing is occurring • Lack of communication to the board about the district’s cash position (with a clear distinction that cash and fund balance are not the same thing)
Related Recommendations (1)
R3:
1 By September 1, 2022, Stockton Unified School District Board of Trustees agendize and approve Board minutes at the following Board meeting to optimize public information and transparency in accordance with Board Bylaw 9324.
F4:
Mismanaged Collective Bargaining Agreements • Failure to consider long-term impact of collective bargaining agreements • Lack of bargaining agreements with all units for several years with no resources identified to cover potential settlements • Presettlement analysis not conducted thoroughly or timely • Settlements above the funded cost of living adjustment (COLA) • Lack of compliance with public disclosure requirements under Government Code Sections 3540.2, 3543.2 and 3547.5 and Education Code Section 42142 • Board approval of collective bargaining agreement is inconsistent with superintendent’s and CBO’s certification
Related Recommendations (1)
R4:
1 By January 1, 2023, the Lodi City Council, in conjunction with the City’s IT division, develop, adopt and implement a Business Continuity Plan. 5.0 City of Manteca−Discussion The City of Manteca met seven of the nine expectations considered in this investigation. Manteca’s Information Technology department is independent in the City’s organization. The department director reports directly to the City Manager and meets weekly with other City department heads. User level of access is determined by position, background and other departmental factors. Employees are trained on a regular basis. The training is mandatory for all employees. Hard drives are encrypted, and a Mobile Device Management tool is used for tablets, laptops and phones. Manteca’s ISD is currently updating its Information Technology Security Policy. This comprehensive policy has not been updated since 2010. Manteca’s Department of Information Technology and Innovation is collaborating with City administration and the City Attorney to update all policies relating to information technology security. Similarly, the City is in the process of bringing both hardware and software systems up to next-generation standards with new firewall, malware, user access, backup systems and applications in place. Employee training is executed through KnowB4, an industry-standard cybersecurity training program which includes phishing and other email compromise testing. Regarding firewalls and switches, roughly 60% still operate off single rather than dual or redundant power supplies. Over the next five years, the City is phasing out older devices as they reach end-of-life. 68
F5:
Increasing and/or Unplanned Contributions and Transfers • Insufficient control and monitoring of contributions and transfers • Lack of a board approved plan to eliminate, reduce, or control contributions/transfers • Transfers from the unrestricted general fund not made when needed to cover projected negative fund balances in other funds • Contributions/transfers to restricted programs and/or other funds not budgeted
Related Recommendations (1)
R5:
1 By January 1, 2023, the Manteca City Council, in conjunction with the City’s ISD, develop, approve and implement an updated Information Technology Security Policy.
F6:
Continuing Deficit Spending • Deficit spending in the current or two subsequent fiscal years • Not having or implementing a board-approved plan to reduce and/or eliminate deficit spending • Not decreasing deficit spending over the past two fiscal years 41
Related Recommendations (1)
R6:
1 By January 1, 2023, the Ripon City Council develop and make public an updated City Organization chart showing details of the City’s IT functions, including all IT positions.
F7:
Mismanaged Employee Benefits • Actuarial valuation not completed in accordance with Governmental Accounting Standards Board (GASB) requirements to determine the unfunded liability for other post-employment benefits (OPEB) • Lack of a board adopted plan to fund health and welfare retiree benefit liabilities • Nonexistence or noncompliance of a policy or collectively bargained agreement to limit accrued vacation balances • No verification and determination of eligibility for benefits for all active and retired employees and dependents in the last five years • Compensated leave balances not tracked, reconciled and reported
Related Recommendations (1)
R7:
1 By November 1, 2022, the Stockton City Council, in conjunction with the City’s IT department, develop, adopt and implement a formal internal policy and procedure for response to a ransomware attack. 8.0 City of Tracy−Discussion The City of Tracy met all expectations for cybersecurity or was in the process of meeting them when surveyed. The City has an Information Technology Division, which is part of the Finance Department. This division supports all departments and functions of the City except water treatment. Data confidentiality and security are guaranteed with industry-leading, next- generation firewalls and network access controls. Data storage, backup and cybersecurity are monitored continually. The IT Manager meets every two weeks with all other City department heads to address IT issues, including cybersecurity. Tracy does not require encryption of thumb drives used on City devices, a requirement that is considered a “best practice” by an expert witness. Tracy does not have either a formal Business Continuity Plan or Disaster Preparedness Plan in place but is in the process of developing both. The BCP was scheduled to be complete in April 2022. Completion date for the DPP was not specified by the City.
F8:
Inattention to Enrollment and Attendance Reporting • Enrollment decreasing and/or unstable • Enrollment and average daily attendance (ADA) data not monitored and analyzed at least monthly through P2 • Consistently inaccurate data reported through CALPADS and other state reporting • Enrollment projections and assumptions not based on historical data, industry-standard methods, and other reasonable considerations • CALPADS data not reviewed and verified by applicable sites and departments and corrected as needed before the report submission deadlines • Unplanned or unmonitored effects of enrollment losses to charter schools • Board policy to limit outgoing interdistrict transfers is nonexistent, or policy is not followed
Related Recommendations (1)
R8:
1 By November 1, 2022, the Tracy City Council, in conjunction with the IT division, develop, adopt and implement a policy requiring encryption of thumb drives used on City devices.
F9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
Related Recommendations (1)
R9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
F10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored 42 • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
Related Recommendations (1)
R10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored 42 • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
F1.1:
San Joaquin County does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of such an attack.
F11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
Related Recommendations (1)
R11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
F1.2:
San Joaquin County has an exemplary profile regarding cybersecurity and should serve as a model for other government agencies within San Joaquin County.
F12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10)
Related Recommendations (1)
R12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10)
F1.3:
The Board of Directors failed to enforce the District’s Credit Card Policy providing an opportunity for financial malfeasance.
F13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
Related Recommendations (1)
R13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
F1.4:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act, opening the District to potential liability.
F14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment 43 • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
Related Recommendations (1)
R14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment 43 • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
F1.5:
Funds generated for the use of the District through the Cal-JAC program were allocated to purchases, services and events, uses that were not in compliance with District’s purchasing and credit card policies. These expenditures could be construed as misuse of funds.
F15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control findings • Inadequate, undocumented monitoring and oversight of authorized charter schools • Out-of-date long-range facilities master plan • Special education costs not monitored, with contribution rate above the statewide average contribution rate • Special education staffing ratios, class sizes and caseload sizes do not align with statutory requirements and industry standards • District and the county office of education have different financial systems and lack automated interface Revised 8-14-2019 44 Appendix B: ESSER funds The Elementary and Secondary School Emergency Relief Fund (ESSER) was established as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in March 2020. CARES provided direct funding to states and districts to address the impact COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. The ESSER Fund is the leading source of funding for public elementary and secondary education under each law. As each succeeding law was enacted, the U.S. Department of Education (ED) modified the acronym ESSER to distinguish each fund from the other. Collectively known as ESSER funds. The Office of Elementary and Secondary Education (https://oese.ed.gov/offices/education- stabilization-fund/elementary-secondary-school-emergency-relief-fund/) clarifies each ESSER phase as: ESSER I On March 27, 2020, Congress set aside approximately $13.2 billion of the $30.75 billion allotted to the Education Stabilization Fund through the Coronavirus Aid Relief, and Economic Security (CARES) Act for the Elementary and Secondary School Emergency Relief Fund (ESSER) Fund. The Department awarded these grants to State educational agencies (SEAs) for the purpose of providing local educational agencies (LEAs), including charter schools that are LEAs, with emergency relief funds to address the impact that COVID-19 has had, and continues to have, on elementary and secondary schools across the Nation. ESSER Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2019. ESSER II The Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act, 2021, was signed into law on December 27, 2020, and provided an additional $54.3 billion for the Elementary and Secondary School Emergency Relief (ESSER II) Fund. ESSER II Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. American Rescue Plan (ARP) ESSER (III) On Thursday, March 11, 2021, the American Rescue Plan (ARP) Act was signed into law. It was an unprecedented $1.9 trillion package of assistance measures, including $122 billion for the ARP Elementary and Secondary School Emergency Relief (ARP ESSER) Fund. Funds are provided to SEAs and LEAs to help safely reopen and sustain the same operation of schools and address the impact of the coronavirus pandemic on the Nation’s students. ARP ESSER Fund awards to 45 SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. https://oese.ed.gov/offices/education-stabilization-fund/elementary-secondary-school-emergency-relief-fund/ ESSER funds can be used in a variety of ways as long as the use addresses the impact of COVID-
Related Recommendations (1)
R15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control
F1.6:
Beginning in 2019 the District’s fireworks booth was operated by the 501(c)(3) nonprofit Behind the Fire LMFD, overseen by a member of the Chief’s family. This occurred with no oversight by the Board, who held the license for the booth, a situation that could expose the District and its Board to allegations of misconduct and malfeasance.
F19:
While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. Appendix C: Consultant Forms E 3600 BOARD POLICY Adopted: 06/12/07 Business and Noninstructional Operations Consultants CONSULTANT UTILIZATION FORM The following form is to be utilized by all non-instructional Consultants. The form is divided into two sections. Section #1 is to be utilized by the Consultant, and Section #2 by the District designees. Section #1 To provide consultant services to the Stockton Unified School District, all potential noninstructional Consultants must first provide the District’s ____________________Office with the following information. The information may be provided below or attached hereto.
Related Recommendations (1)
R19:
While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. 46
F2.1:
The Stockton Unified School District Board of Trustees has shown disregard for Board Bylaw 9270, Conflict of Interest, contributing to an appearance of impropriety that may diminish the integrity of the District.
F2.2:
Not all Stockton Unified School District Board of Trustee members have completed the California School Board Association Masters in Governance training program, leaving them inadequately trained in Board duties and responsibilities.
F2.3:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act. This action could expose the District to potential liability including financial penalties.
F2.4:
Allegations were made that merit or step pay increases were withheld pending the signing of a non-disclosure agreement which violates the District’s Memorandum of Understanding for Executive Staff. If proven to be true, and not corrected, the District could be subject to legal action brought by affected employees.
F2.5:
Pending litigation filed against the Fire District by employees for harassment and intimidation could expose the District to expenses for financial settlements and legal fees.
F2.6:
The District does not have a nepotism and cronyism policy that prohibits the direct supervision of family members and/or individuals with whom the supervising manager has a romantic or other close personal, financial, business or political relationship. Not having a clear policy for nepotism and cronyism has created discord within the District.
F3.1:
Lack of Stockton Unified School District Board of Trustee meeting minutes posted publicly and/or timely per Board Bylaw 9324, Minutes and Recordings, and Ed Code §35145a creates diminished public awareness of the actions of the Board of Trustees.
F3.2:
The absence of general discussion in Board minutes diminishes Board accountability and public transparency, leaving District constituents ill-informed of District issues that could have adverse effects on the students.
F3.3:
Board agenda packets are often missing important information, a violation of Board Bylaw 9324, Agenda/Meeting Materials, contributing to ill-informed decision making which could adversely impact students and constituents.
F3.4:
Lack of public discussion on Board agenda items creates an appearance of business being conducted “behind closed doors” and fosters mistrust among District staff and constituents.
F3.5:
Lack of certified translators for Board meetings causes inaccurate and nontransparent translations of public meetings. 37
F4.1:
The City of Lodi does not have an approved Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F4.2:
The City of Lodi has implemented an excellent cyber awareness training program for all employees minimizing risk to damage from cyberattack.
F5.1:
The City of Manteca has an Information Technology Security Policy which has not been updated since 2010, leaving the City relatively unprepared for a cyber event.
F5.2:
The City of Manteca lacks a policy and procedure for ransomware attacks. This absence of policy could cause confusion, delay, and greater loss of security in the event of such an attack.
F5.3:
The City of Manteca has a significant number of security devices with single power supplies. This lack of redundant power presents vulnerability in major or prolonged power outages.
F6.1:
It is unclear in the City of Ripon’s Organization Chart where responsibilities for IT and IT security lie, creating confusion over who is responsible to act in a disruptive event. 69
F6.2:
The City of Ripon has a rudimentary network diagram outlining the City’s router and firewall relationship with networks used, but the diagram lacks detail, leaving uncertainty about data security.
F6.3:
Although the City of Ripon met expectations in the areas of data confidentiality and security, lack of IT staff and leadership leaves these areas vulnerable to cyberattack.
F6.4:
The City of Ripon lacks a Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F6.5:
The City of Ripon does not have a Disaster Preparedness Plan, leaving the City at risk for significant delay and cost to restore IT systems in the event of a disaster.
F6.6:
The City of Ripon does not have a formal policy or procedure to address ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.1:
The City of Stockton does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.2:
The City of Stockton has a large IT Department which places cybersecurity and disaster preparedness at a high priority, minimizing risk to the City’s information and service systems.
F8.1:
Lacking a requirement for encryption of thumb drives used on City devices exposes the City of Tracy to potential data theft and contamination.
F8.2:
The City of Tracy lacks a completed Business Continuity Plan, rendering Tracy relatively unprepared to restore essential services in a disruptive event. 71
F8.3:
The City of Tracy lacks a completed Disaster Preparedness Plan, leaving Tracy at risk for delay and cost to restore IT systems in the event of a disaster.
F1.1.1:
Stockton Unified School District does not utilize financial software that aligns with the San Joaquin County Office of Education software, making analysis and review by the San Joaquin County Office of Education difficult.
F1.1.2:
Stockton Unified School District Business Services staff lacks necessary training and guidance to execute complex District business needs, resulting in the need to hire outside consultants at an increased cost to the District.
F1.1.3:
The current Chief Business Officer was hired without following Board Policy 4211.2, creating an appearance of partiality and creating diminished internal and external confidence.
F1.2.1:
Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
F1.3.1:
The elimination of the Stockton Unified School District Grant Development Office in a February 2021 District reorganization resulted in grants no longer being monitored by a specific department or individual, risking additional and unnecessary spending from the General Fund.
F1.3.2:
Stockton Unified School District does not identify and pursue all grant opportunities due to a lack of coordinated leadership, potentially resulting in unnecessary spending from the General Fund, contributing to a budget shortfall and missing opportunities for additional funding for the benefit of the students.
F1.4.1:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, allowing for deviation from California Association of School Business Officers best practices by the Business Services Department.
F1.4.2:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, causing inaccurate evaluations of actual cost and delivery of products and services.
F1.4.3:
Stockton Unified School District is inconsistent in use of Invitation for Bid, Request for Qualifications and Request for Proposal, resulting in providers not being strategically vetted and thereby allowing opportunity for misuse of funds and/or malfeasance. 30
F1.4.4:
Stockton Unified School District inconsistently uses a Request for Proposal for legal services as required by Board Bylaw 9124, potentially resulting in greater costs for legal services.
F1.4.5:
The Board of Trustees routinely disregards Stockton Unified School District staff
F1.5.1:
Lack of detailed billing and incomplete invoices for Board review creates risks of paying for services not received.
F1.6.1:
Consultant forms are accepted and forwarded to the Board without all sections completed and/or answered appropriately, impairing the Board’s ability to make informed decisions.
F1.6.2:
Stockton Unified School District paid at least one consultant for services not delivered, resulting in a misuse of public funds.
F1.7.1:
Stockton Unified School District current budget projections indicate there will be a budget deficit of more than $30 million in fiscal year 2024-2025, a deficit which could cause layoffs and elimination or reduction of student programs. 33
F1.7.2:
Stockton Unified School District has no plan in place to deal with deficit spending, putting Stockton Unified School District at risk of fiscal insolvency.
F1.7.3:
Stockton Unified School District Departments do not have clear operational budgets, decreasing the effectiveness of planning and implementation of student-focused decision making.
F1.7.4:
Stockton Unified School District has no defined and documented plan to pay for essential and on-going costs once one-time funds are depleted or unavailable, increasing the risk of General Fund depletion.
F1.7.5:
Stockton Unified School District has no Multi-Year Financial Projection to monitor the one-time fund expenditures as Stockton Unified School District moves into 2022-2023, potentially causing the projected deficit to occur earlier.
Findings & Recommendations
68 findings
F1:
2.1 Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
Related Recommendations (1)
R1:
1.1 By January 1, 2023, the Stockton Unified School District Board of Trustees direct the Superintendent to assess the current financial software to be compatible with the San Joaquin County Office of Education software.
F2:
Insufficient Budget Monitoring or Updates • Failure to regularly update budget assumptions • Negative or three consecutive qualified interim report certifications • Downgrade of an interim certification by the county superintendent • “Lack of going concern” designation from the county superintendent • Actual revenues and expenditures inconsistent with the most current budget • Budget revisions not posted in the financial system or communicated to the board regularly 40 • Lack of control or monitoring of total compensation as a percentage of total expenses • Failure to regularly reconcile balance sheet accounts in the general ledger • Incomplete responses to criteria and standards variances or deficiencies identified by the county office of education • Requisitions or purchase orders processed when the budget is insufficient
Related Recommendations (1)
R2:
1 By October 1, 2022, all members of the Stockton Unified School District Board of Trustees complete all five of the California School Board Association Masters in Governance training courses.
F3:
Inadequate Cash Management • Failure to reconcile cash accounts monthly • 18-month cash flow not forecast • Lack of short-term plan to address cash flow needs • Noncompliance with Education Code requirements when interfund borrowing is occurring • Failure to set aside repayment funds when external borrowing is occurring • Lack of communication to the board about the district’s cash position (with a clear distinction that cash and fund balance are not the same thing)
Related Recommendations (1)
R3:
1 By September 1, 2022, Stockton Unified School District Board of Trustees agendize and approve Board minutes at the following Board meeting to optimize public information and transparency in accordance with Board Bylaw 9324.
F4:
Mismanaged Collective Bargaining Agreements • Failure to consider long-term impact of collective bargaining agreements • Lack of bargaining agreements with all units for several years with no resources identified to cover potential settlements • Presettlement analysis not conducted thoroughly or timely • Settlements above the funded cost of living adjustment (COLA) • Lack of compliance with public disclosure requirements under Government Code Sections 3540.2, 3543.2 and 3547.5 and Education Code Section 42142 • Board approval of collective bargaining agreement is inconsistent with superintendent’s and CBO’s certification
Related Recommendations (1)
R4:
1 By January 1, 2023, the Lodi City Council, in conjunction with the City’s IT division, develop, adopt and implement a Business Continuity Plan. 5.0 City of Manteca−Discussion The City of Manteca met seven of the nine expectations considered in this investigation. Manteca’s Information Technology department is independent in the City’s organization. The department director reports directly to the City Manager and meets weekly with other City department heads. User level of access is determined by position, background and other departmental factors. Employees are trained on a regular basis. The training is mandatory for all employees. Hard drives are encrypted, and a Mobile Device Management tool is used for tablets, laptops and phones. Manteca’s ISD is currently updating its Information Technology Security Policy. This comprehensive policy has not been updated since 2010. Manteca’s Department of Information Technology and Innovation is collaborating with City administration and the City Attorney to update all policies relating to information technology security. Similarly, the City is in the process of bringing both hardware and software systems up to next-generation standards with new firewall, malware, user access, backup systems and applications in place. Employee training is executed through KnowB4, an industry-standard cybersecurity training program which includes phishing and other email compromise testing. Regarding firewalls and switches, roughly 60% still operate off single rather than dual or redundant power supplies. Over the next five years, the City is phasing out older devices as they reach end-of-life. 68
F5:
Increasing and/or Unplanned Contributions and Transfers • Insufficient control and monitoring of contributions and transfers • Lack of a board approved plan to eliminate, reduce, or control contributions/transfers • Transfers from the unrestricted general fund not made when needed to cover projected negative fund balances in other funds • Contributions/transfers to restricted programs and/or other funds not budgeted
Related Recommendations (1)
R5:
1 By January 1, 2023, the Manteca City Council, in conjunction with the City’s ISD, develop, approve and implement an updated Information Technology Security Policy.
F6:
Continuing Deficit Spending • Deficit spending in the current or two subsequent fiscal years • Not having or implementing a board-approved plan to reduce and/or eliminate deficit spending • Not decreasing deficit spending over the past two fiscal years 41
Related Recommendations (1)
R6:
1 By January 1, 2023, the Ripon City Council develop and make public an updated City Organization chart showing details of the City’s IT functions, including all IT positions.
F7:
Mismanaged Employee Benefits • Actuarial valuation not completed in accordance with Governmental Accounting Standards Board (GASB) requirements to determine the unfunded liability for other post-employment benefits (OPEB) • Lack of a board adopted plan to fund health and welfare retiree benefit liabilities • Nonexistence or noncompliance of a policy or collectively bargained agreement to limit accrued vacation balances • No verification and determination of eligibility for benefits for all active and retired employees and dependents in the last five years • Compensated leave balances not tracked, reconciled and reported
Related Recommendations (1)
R7:
1 By November 1, 2022, the Stockton City Council, in conjunction with the City’s IT department, develop, adopt and implement a formal internal policy and procedure for response to a ransomware attack. 8.0 City of Tracy−Discussion The City of Tracy met all expectations for cybersecurity or was in the process of meeting them when surveyed. The City has an Information Technology Division, which is part of the Finance Department. This division supports all departments and functions of the City except water treatment. Data confidentiality and security are guaranteed with industry-leading, next- generation firewalls and network access controls. Data storage, backup and cybersecurity are monitored continually. The IT Manager meets every two weeks with all other City department heads to address IT issues, including cybersecurity. Tracy does not require encryption of thumb drives used on City devices, a requirement that is considered a “best practice” by an expert witness. Tracy does not have either a formal Business Continuity Plan or Disaster Preparedness Plan in place but is in the process of developing both. The BCP was scheduled to be complete in April 2022. Completion date for the DPP was not specified by the City.
F8:
Inattention to Enrollment and Attendance Reporting • Enrollment decreasing and/or unstable • Enrollment and average daily attendance (ADA) data not monitored and analyzed at least monthly through P2 • Consistently inaccurate data reported through CALPADS and other state reporting • Enrollment projections and assumptions not based on historical data, industry-standard methods, and other reasonable considerations • CALPADS data not reviewed and verified by applicable sites and departments and corrected as needed before the report submission deadlines • Unplanned or unmonitored effects of enrollment losses to charter schools • Board policy to limit outgoing interdistrict transfers is nonexistent, or policy is not followed
Related Recommendations (1)
R8:
1 By November 1, 2022, the Tracy City Council, in conjunction with the IT division, develop, adopt and implement a policy requiring encryption of thumb drives used on City devices.
F9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
Related Recommendations (1)
R9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
F10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored 42 • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
Related Recommendations (1)
R10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored 42 • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
F1.1:
San Joaquin County does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of such an attack.
F11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
Related Recommendations (1)
R11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
F1.2:
San Joaquin County has an exemplary profile regarding cybersecurity and should serve as a model for other government agencies within San Joaquin County.
F12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10)
Related Recommendations (1)
R12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10)
F1.3:
The Board of Directors failed to enforce the District’s Credit Card Policy providing an opportunity for financial malfeasance.
F13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
Related Recommendations (1)
R13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
F1.4:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act, opening the District to potential liability.
F14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment 43 • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
Related Recommendations (1)
R14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment 43 • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
F1.5:
Funds generated for the use of the District through the Cal-JAC program were allocated to purchases, services and events, uses that were not in compliance with District’s purchasing and credit card policies. These expenditures could be construed as misuse of funds.
F15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control findings • Inadequate, undocumented monitoring and oversight of authorized charter schools • Out-of-date long-range facilities master plan • Special education costs not monitored, with contribution rate above the statewide average contribution rate • Special education staffing ratios, class sizes and caseload sizes do not align with statutory requirements and industry standards • District and the county office of education have different financial systems and lack automated interface Revised 8-14-2019 44 Appendix B: ESSER funds The Elementary and Secondary School Emergency Relief Fund (ESSER) was established as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in March 2020. CARES provided direct funding to states and districts to address the impact COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. The ESSER Fund is the leading source of funding for public elementary and secondary education under each law. As each succeeding law was enacted, the U.S. Department of Education (ED) modified the acronym ESSER to distinguish each fund from the other. Collectively known as ESSER funds. The Office of Elementary and Secondary Education (https://oese.ed.gov/offices/education- stabilization-fund/elementary-secondary-school-emergency-relief-fund/) clarifies each ESSER phase as: ESSER I On March 27, 2020, Congress set aside approximately $13.2 billion of the $30.75 billion allotted to the Education Stabilization Fund through the Coronavirus Aid Relief, and Economic Security (CARES) Act for the Elementary and Secondary School Emergency Relief Fund (ESSER) Fund. The Department awarded these grants to State educational agencies (SEAs) for the purpose of providing local educational agencies (LEAs), including charter schools that are LEAs, with emergency relief funds to address the impact that COVID-19 has had, and continues to have, on elementary and secondary schools across the Nation. ESSER Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2019. ESSER II The Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act, 2021, was signed into law on December 27, 2020, and provided an additional $54.3 billion for the Elementary and Secondary School Emergency Relief (ESSER II) Fund. ESSER II Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. American Rescue Plan (ARP) ESSER (III) On Thursday, March 11, 2021, the American Rescue Plan (ARP) Act was signed into law. It was an unprecedented $1.9 trillion package of assistance measures, including $122 billion for the ARP Elementary and Secondary School Emergency Relief (ARP ESSER) Fund. Funds are provided to SEAs and LEAs to help safely reopen and sustain the same operation of schools and address the impact of the coronavirus pandemic on the Nation’s students. ARP ESSER Fund awards to 45 SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. https://oese.ed.gov/offices/education-stabilization-fund/elementary-secondary-school-emergency-relief-fund/ ESSER funds can be used in a variety of ways as long as the use addresses the impact of COVID-
Related Recommendations (1)
R15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control
F1.6:
Beginning in 2019 the District’s fireworks booth was operated by the 501(c)(3) nonprofit Behind the Fire LMFD, overseen by a member of the Chief’s family. This occurred with no oversight by the Board, who held the license for the booth, a situation that could expose the District and its Board to allegations of misconduct and malfeasance.
F19:
While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. Appendix C: Consultant Forms E 3600 BOARD POLICY Adopted: 06/12/07 Business and Noninstructional Operations Consultants CONSULTANT UTILIZATION FORM The following form is to be utilized by all non-instructional Consultants. The form is divided into two sections. Section #1 is to be utilized by the Consultant, and Section #2 by the District designees. Section #1 To provide consultant services to the Stockton Unified School District, all potential noninstructional Consultants must first provide the District’s ____________________Office with the following information. The information may be provided below or attached hereto.
Related Recommendations (1)
R19:
While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. 46
F2.1:
The Stockton Unified School District Board of Trustees has shown disregard for Board Bylaw 9270, Conflict of Interest, contributing to an appearance of impropriety that may diminish the integrity of the District.
F2.2:
Not all Stockton Unified School District Board of Trustee members have completed the California School Board Association Masters in Governance training program, leaving them inadequately trained in Board duties and responsibilities.
F2.3:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act. This action could expose the District to potential liability including financial penalties.
F2.4:
Allegations were made that merit or step pay increases were withheld pending the signing of a non-disclosure agreement which violates the District’s Memorandum of Understanding for Executive Staff. If proven to be true, and not corrected, the District could be subject to legal action brought by affected employees.
F2.5:
Pending litigation filed against the Fire District by employees for harassment and intimidation could expose the District to expenses for financial settlements and legal fees.
F2.6:
The District does not have a nepotism and cronyism policy that prohibits the direct supervision of family members and/or individuals with whom the supervising manager has a romantic or other close personal, financial, business or political relationship. Not having a clear policy for nepotism and cronyism has created discord within the District.
F3.1:
Lack of Stockton Unified School District Board of Trustee meeting minutes posted publicly and/or timely per Board Bylaw 9324, Minutes and Recordings, and Ed Code §35145a creates diminished public awareness of the actions of the Board of Trustees.
F3.2:
The absence of general discussion in Board minutes diminishes Board accountability and public transparency, leaving District constituents ill-informed of District issues that could have adverse effects on the students.
F3.3:
Board agenda packets are often missing important information, a violation of Board Bylaw 9324, Agenda/Meeting Materials, contributing to ill-informed decision making which could adversely impact students and constituents.
F3.4:
Lack of public discussion on Board agenda items creates an appearance of business being conducted “behind closed doors” and fosters mistrust among District staff and constituents.
F3.5:
Lack of certified translators for Board meetings causes inaccurate and nontransparent translations of public meetings. 37
F4.1:
The City of Lodi does not have an approved Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F4.2:
The City of Lodi has implemented an excellent cyber awareness training program for all employees minimizing risk to damage from cyberattack.
F5.1:
The City of Manteca has an Information Technology Security Policy which has not been updated since 2010, leaving the City relatively unprepared for a cyber event.
F5.2:
The City of Manteca lacks a policy and procedure for ransomware attacks. This absence of policy could cause confusion, delay, and greater loss of security in the event of such an attack.
F5.3:
The City of Manteca has a significant number of security devices with single power supplies. This lack of redundant power presents vulnerability in major or prolonged power outages.
F6.1:
It is unclear in the City of Ripon’s Organization Chart where responsibilities for IT and IT security lie, creating confusion over who is responsible to act in a disruptive event. 69
F6.2:
The City of Ripon has a rudimentary network diagram outlining the City’s router and firewall relationship with networks used, but the diagram lacks detail, leaving uncertainty about data security.
F6.3:
Although the City of Ripon met expectations in the areas of data confidentiality and security, lack of IT staff and leadership leaves these areas vulnerable to cyberattack.
F6.4:
The City of Ripon lacks a Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F6.5:
The City of Ripon does not have a Disaster Preparedness Plan, leaving the City at risk for significant delay and cost to restore IT systems in the event of a disaster.
F6.6:
The City of Ripon does not have a formal policy or procedure to address ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.1:
The City of Stockton does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.2:
The City of Stockton has a large IT Department which places cybersecurity and disaster preparedness at a high priority, minimizing risk to the City’s information and service systems.
F8.1:
Lacking a requirement for encryption of thumb drives used on City devices exposes the City of Tracy to potential data theft and contamination.
F8.2:
The City of Tracy lacks a completed Business Continuity Plan, rendering Tracy relatively unprepared to restore essential services in a disruptive event. 71
F8.3:
The City of Tracy lacks a completed Disaster Preparedness Plan, leaving Tracy at risk for delay and cost to restore IT systems in the event of a disaster.
F1.1.1:
Stockton Unified School District does not utilize financial software that aligns with the San Joaquin County Office of Education software, making analysis and review by the San Joaquin County Office of Education difficult.
F1.1.2:
Stockton Unified School District Business Services staff lacks necessary training and guidance to execute complex District business needs, resulting in the need to hire outside consultants at an increased cost to the District.
F1.1.3:
The current Chief Business Officer was hired without following Board Policy 4211.2, creating an appearance of partiality and creating diminished internal and external confidence.
F1.2.1:
Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
F1.3.1:
The elimination of the Stockton Unified School District Grant Development Office in a February 2021 District reorganization resulted in grants no longer being monitored by a specific department or individual, risking additional and unnecessary spending from the General Fund.
F1.3.2:
Stockton Unified School District does not identify and pursue all grant opportunities due to a lack of coordinated leadership, potentially resulting in unnecessary spending from the General Fund, contributing to a budget shortfall and missing opportunities for additional funding for the benefit of the students.
F1.4.1:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, allowing for deviation from California Association of School Business Officers best practices by the Business Services Department.
F1.4.2:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, causing inaccurate evaluations of actual cost and delivery of products and services.
F1.4.3:
Stockton Unified School District is inconsistent in use of Invitation for Bid, Request for Qualifications and Request for Proposal, resulting in providers not being strategically vetted and thereby allowing opportunity for misuse of funds and/or malfeasance. 30
F1.4.4:
Stockton Unified School District inconsistently uses a Request for Proposal for legal services as required by Board Bylaw 9124, potentially resulting in greater costs for legal services.
F1.4.5:
The Board of Trustees routinely disregards Stockton Unified School District staff
F1.5.1:
Lack of detailed billing and incomplete invoices for Board review creates risks of paying for services not received.
F1.6.1:
Consultant forms are accepted and forwarded to the Board without all sections completed and/or answered appropriately, impairing the Board’s ability to make informed decisions.
F1.6.2:
Stockton Unified School District paid at least one consultant for services not delivered, resulting in a misuse of public funds.
F1.7.1:
Stockton Unified School District current budget projections indicate there will be a budget deficit of more than $30 million in fiscal year 2024-2025, a deficit which could cause layoffs and elimination or reduction of student programs. 33
F1.7.2:
Stockton Unified School District has no plan in place to deal with deficit spending, putting Stockton Unified School District at risk of fiscal insolvency.
F1.7.3:
Stockton Unified School District Departments do not have clear operational budgets, decreasing the effectiveness of planning and implementation of student-focused decision making.
F1.7.4:
Stockton Unified School District has no defined and documented plan to pay for essential and on-going costs once one-time funds are depleted or unavailable, increasing the risk of General Fund depletion.
F1.7.5:
Stockton Unified School District has no Multi-Year Financial Projection to monitor the one-time fund expenditures as Stockton Unified School District moves into 2022-2023, potentially causing the projected deficit to occur earlier.
Findings & Recommendations
68 findings
F1:
2.1 Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
Related Recommendations (1)
R1:
1.1 By January 1, 2023, the Stockton Unified School District Board of Trustees direct the Superintendent to assess the current financial software to be compatible with the San Joaquin County Office of Education software.
F2:
Insufficient Budget Monitoring or Updates • Failure to regularly update budget assumptions • Negative or three consecutive qualified interim report certifications • Downgrade of an interim certification by the county superintendent • “Lack of going concern” designation from the county superintendent • Actual revenues and expenditures inconsistent with the most current budget • Budget revisions not posted in the financial system or communicated to the board regularly 40 • Lack of control or monitoring of total compensation as a percentage of total expenses • Failure to regularly reconcile balance sheet accounts in the general ledger • Incomplete responses to criteria and standards variances or deficiencies identified by the county office of education • Requisitions or purchase orders processed when the budget is insufficient
Related Recommendations (1)
R2:
1 By October 1, 2022, all members of the Stockton Unified School District Board of Trustees complete all five of the California School Board Association Masters in Governance training courses.
F3:
Inadequate Cash Management • Failure to reconcile cash accounts monthly • 18-month cash flow not forecast • Lack of short-term plan to address cash flow needs • Noncompliance with Education Code requirements when interfund borrowing is occurring • Failure to set aside repayment funds when external borrowing is occurring • Lack of communication to the board about the district’s cash position (with a clear distinction that cash and fund balance are not the same thing)
Related Recommendations (1)
R3:
1 By September 1, 2022, Stockton Unified School District Board of Trustees agendize and approve Board minutes at the following Board meeting to optimize public information and transparency in accordance with Board Bylaw 9324.
F4:
Mismanaged Collective Bargaining Agreements • Failure to consider long-term impact of collective bargaining agreements • Lack of bargaining agreements with all units for several years with no resources identified to cover potential settlements • Presettlement analysis not conducted thoroughly or timely • Settlements above the funded cost of living adjustment (COLA) • Lack of compliance with public disclosure requirements under Government Code Sections 3540.2, 3543.2 and 3547.5 and Education Code Section 42142 • Board approval of collective bargaining agreement is inconsistent with superintendent’s and CBO’s certification
Related Recommendations (1)
R4:
1 By January 1, 2023, the Lodi City Council, in conjunction with the City’s IT division, develop, adopt and implement a Business Continuity Plan. 5.0 City of Manteca−Discussion The City of Manteca met seven of the nine expectations considered in this investigation. Manteca’s Information Technology department is independent in the City’s organization. The department director reports directly to the City Manager and meets weekly with other City department heads. User level of access is determined by position, background and other departmental factors. Employees are trained on a regular basis. The training is mandatory for all employees. Hard drives are encrypted, and a Mobile Device Management tool is used for tablets, laptops and phones. Manteca’s ISD is currently updating its Information Technology Security Policy. This comprehensive policy has not been updated since 2010. Manteca’s Department of Information Technology and Innovation is collaborating with City administration and the City Attorney to update all policies relating to information technology security. Similarly, the City is in the process of bringing both hardware and software systems up to next-generation standards with new firewall, malware, user access, backup systems and applications in place. Employee training is executed through KnowB4, an industry-standard cybersecurity training program which includes phishing and other email compromise testing. Regarding firewalls and switches, roughly 60% still operate off single rather than dual or redundant power supplies. Over the next five years, the City is phasing out older devices as they reach end-of-life. 68
F5:
Increasing and/or Unplanned Contributions and Transfers • Insufficient control and monitoring of contributions and transfers • Lack of a board approved plan to eliminate, reduce, or control contributions/transfers • Transfers from the unrestricted general fund not made when needed to cover projected negative fund balances in other funds • Contributions/transfers to restricted programs and/or other funds not budgeted
Related Recommendations (1)
R5:
1 By January 1, 2023, the Manteca City Council, in conjunction with the City’s ISD, develop, approve and implement an updated Information Technology Security Policy.
F6:
Continuing Deficit Spending • Deficit spending in the current or two subsequent fiscal years • Not having or implementing a board-approved plan to reduce and/or eliminate deficit spending • Not decreasing deficit spending over the past two fiscal years 41
Related Recommendations (1)
R6:
1 By January 1, 2023, the Ripon City Council develop and make public an updated City Organization chart showing details of the City’s IT functions, including all IT positions.
F7:
Mismanaged Employee Benefits • Actuarial valuation not completed in accordance with Governmental Accounting Standards Board (GASB) requirements to determine the unfunded liability for other post-employment benefits (OPEB) • Lack of a board adopted plan to fund health and welfare retiree benefit liabilities • Nonexistence or noncompliance of a policy or collectively bargained agreement to limit accrued vacation balances • No verification and determination of eligibility for benefits for all active and retired employees and dependents in the last five years • Compensated leave balances not tracked, reconciled and reported
Related Recommendations (1)
R7:
1 By November 1, 2022, the Stockton City Council, in conjunction with the City’s IT department, develop, adopt and implement a formal internal policy and procedure for response to a ransomware attack. 8.0 City of Tracy−Discussion The City of Tracy met all expectations for cybersecurity or was in the process of meeting them when surveyed. The City has an Information Technology Division, which is part of the Finance Department. This division supports all departments and functions of the City except water treatment. Data confidentiality and security are guaranteed with industry-leading, next- generation firewalls and network access controls. Data storage, backup and cybersecurity are monitored continually. The IT Manager meets every two weeks with all other City department heads to address IT issues, including cybersecurity. Tracy does not require encryption of thumb drives used on City devices, a requirement that is considered a “best practice” by an expert witness. Tracy does not have either a formal Business Continuity Plan or Disaster Preparedness Plan in place but is in the process of developing both. The BCP was scheduled to be complete in April 2022. Completion date for the DPP was not specified by the City.
F8:
Inattention to Enrollment and Attendance Reporting • Enrollment decreasing and/or unstable • Enrollment and average daily attendance (ADA) data not monitored and analyzed at least monthly through P2 • Consistently inaccurate data reported through CALPADS and other state reporting • Enrollment projections and assumptions not based on historical data, industry-standard methods, and other reasonable considerations • CALPADS data not reviewed and verified by applicable sites and departments and corrected as needed before the report submission deadlines • Unplanned or unmonitored effects of enrollment losses to charter schools • Board policy to limit outgoing interdistrict transfers is nonexistent, or policy is not followed
Related Recommendations (1)
R8:
1 By November 1, 2022, the Tracy City Council, in conjunction with the IT division, develop, adopt and implement a policy requiring encryption of thumb drives used on City devices.
F9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
Related Recommendations (1)
R9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
F10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored 42 • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
Related Recommendations (1)
R10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored 42 • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
F1.1:
San Joaquin County does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of such an attack.
F11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
Related Recommendations (1)
R11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
F1.2:
San Joaquin County has an exemplary profile regarding cybersecurity and should serve as a model for other government agencies within San Joaquin County.
F12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10)
Related Recommendations (1)
R12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10)
F1.3:
The Board of Directors failed to enforce the District’s Credit Card Policy providing an opportunity for financial malfeasance.
F13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
Related Recommendations (1)
R13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
F1.4:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act, opening the District to potential liability.
F14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment 43 • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
Related Recommendations (1)
R14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment 43 • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
F1.5:
Funds generated for the use of the District through the Cal-JAC program were allocated to purchases, services and events, uses that were not in compliance with District’s purchasing and credit card policies. These expenditures could be construed as misuse of funds.
F15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control findings • Inadequate, undocumented monitoring and oversight of authorized charter schools • Out-of-date long-range facilities master plan • Special education costs not monitored, with contribution rate above the statewide average contribution rate • Special education staffing ratios, class sizes and caseload sizes do not align with statutory requirements and industry standards • District and the county office of education have different financial systems and lack automated interface Revised 8-14-2019 44 Appendix B: ESSER funds The Elementary and Secondary School Emergency Relief Fund (ESSER) was established as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in March 2020. CARES provided direct funding to states and districts to address the impact COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. The ESSER Fund is the leading source of funding for public elementary and secondary education under each law. As each succeeding law was enacted, the U.S. Department of Education (ED) modified the acronym ESSER to distinguish each fund from the other. Collectively known as ESSER funds. The Office of Elementary and Secondary Education (https://oese.ed.gov/offices/education- stabilization-fund/elementary-secondary-school-emergency-relief-fund/) clarifies each ESSER phase as: ESSER I On March 27, 2020, Congress set aside approximately $13.2 billion of the $30.75 billion allotted to the Education Stabilization Fund through the Coronavirus Aid Relief, and Economic Security (CARES) Act for the Elementary and Secondary School Emergency Relief Fund (ESSER) Fund. The Department awarded these grants to State educational agencies (SEAs) for the purpose of providing local educational agencies (LEAs), including charter schools that are LEAs, with emergency relief funds to address the impact that COVID-19 has had, and continues to have, on elementary and secondary schools across the Nation. ESSER Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2019. ESSER II The Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act, 2021, was signed into law on December 27, 2020, and provided an additional $54.3 billion for the Elementary and Secondary School Emergency Relief (ESSER II) Fund. ESSER II Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. American Rescue Plan (ARP) ESSER (III) On Thursday, March 11, 2021, the American Rescue Plan (ARP) Act was signed into law. It was an unprecedented $1.9 trillion package of assistance measures, including $122 billion for the ARP Elementary and Secondary School Emergency Relief (ARP ESSER) Fund. Funds are provided to SEAs and LEAs to help safely reopen and sustain the same operation of schools and address the impact of the coronavirus pandemic on the Nation’s students. ARP ESSER Fund awards to 45 SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. https://oese.ed.gov/offices/education-stabilization-fund/elementary-secondary-school-emergency-relief-fund/ ESSER funds can be used in a variety of ways as long as the use addresses the impact of COVID-
Related Recommendations (1)
R15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control
F1.6:
Beginning in 2019 the District’s fireworks booth was operated by the 501(c)(3) nonprofit Behind the Fire LMFD, overseen by a member of the Chief’s family. This occurred with no oversight by the Board, who held the license for the booth, a situation that could expose the District and its Board to allegations of misconduct and malfeasance.
F19:
While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. Appendix C: Consultant Forms E 3600 BOARD POLICY Adopted: 06/12/07 Business and Noninstructional Operations Consultants CONSULTANT UTILIZATION FORM The following form is to be utilized by all non-instructional Consultants. The form is divided into two sections. Section #1 is to be utilized by the Consultant, and Section #2 by the District designees. Section #1 To provide consultant services to the Stockton Unified School District, all potential noninstructional Consultants must first provide the District’s ____________________Office with the following information. The information may be provided below or attached hereto.
Related Recommendations (1)
R19:
While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. 46
F2.1:
The Stockton Unified School District Board of Trustees has shown disregard for Board Bylaw 9270, Conflict of Interest, contributing to an appearance of impropriety that may diminish the integrity of the District.
F2.2:
Not all Stockton Unified School District Board of Trustee members have completed the California School Board Association Masters in Governance training program, leaving them inadequately trained in Board duties and responsibilities.
F2.3:
Requiring non-exempt administrative employees to attend a retreat that created overtime hours without compensation was in violation of the current Memorandum of Understanding and the Fair Labor Standards Act. This action could expose the District to potential liability including financial penalties.
F2.4:
Allegations were made that merit or step pay increases were withheld pending the signing of a non-disclosure agreement which violates the District’s Memorandum of Understanding for Executive Staff. If proven to be true, and not corrected, the District could be subject to legal action brought by affected employees.
F2.5:
Pending litigation filed against the Fire District by employees for harassment and intimidation could expose the District to expenses for financial settlements and legal fees.
F2.6:
The District does not have a nepotism and cronyism policy that prohibits the direct supervision of family members and/or individuals with whom the supervising manager has a romantic or other close personal, financial, business or political relationship. Not having a clear policy for nepotism and cronyism has created discord within the District.
F3.1:
Lack of Stockton Unified School District Board of Trustee meeting minutes posted publicly and/or timely per Board Bylaw 9324, Minutes and Recordings, and Ed Code §35145a creates diminished public awareness of the actions of the Board of Trustees.
F3.2:
The absence of general discussion in Board minutes diminishes Board accountability and public transparency, leaving District constituents ill-informed of District issues that could have adverse effects on the students.
F3.3:
Board agenda packets are often missing important information, a violation of Board Bylaw 9324, Agenda/Meeting Materials, contributing to ill-informed decision making which could adversely impact students and constituents.
F3.4:
Lack of public discussion on Board agenda items creates an appearance of business being conducted “behind closed doors” and fosters mistrust among District staff and constituents.
F3.5:
Lack of certified translators for Board meetings causes inaccurate and nontransparent translations of public meetings. 37
F4.1:
The City of Lodi does not have an approved Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F4.2:
The City of Lodi has implemented an excellent cyber awareness training program for all employees minimizing risk to damage from cyberattack.
F5.1:
The City of Manteca has an Information Technology Security Policy which has not been updated since 2010, leaving the City relatively unprepared for a cyber event.
F5.2:
The City of Manteca lacks a policy and procedure for ransomware attacks. This absence of policy could cause confusion, delay, and greater loss of security in the event of such an attack.
F5.3:
The City of Manteca has a significant number of security devices with single power supplies. This lack of redundant power presents vulnerability in major or prolonged power outages.
F6.1:
It is unclear in the City of Ripon’s Organization Chart where responsibilities for IT and IT security lie, creating confusion over who is responsible to act in a disruptive event. 69
F6.2:
The City of Ripon has a rudimentary network diagram outlining the City’s router and firewall relationship with networks used, but the diagram lacks detail, leaving uncertainty about data security.
F6.3:
Although the City of Ripon met expectations in the areas of data confidentiality and security, lack of IT staff and leadership leaves these areas vulnerable to cyberattack.
F6.4:
The City of Ripon lacks a Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F6.5:
The City of Ripon does not have a Disaster Preparedness Plan, leaving the City at risk for significant delay and cost to restore IT systems in the event of a disaster.
F6.6:
The City of Ripon does not have a formal policy or procedure to address ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.1:
The City of Stockton does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.2:
The City of Stockton has a large IT Department which places cybersecurity and disaster preparedness at a high priority, minimizing risk to the City’s information and service systems.
F8.1:
Lacking a requirement for encryption of thumb drives used on City devices exposes the City of Tracy to potential data theft and contamination.
F8.2:
The City of Tracy lacks a completed Business Continuity Plan, rendering Tracy relatively unprepared to restore essential services in a disruptive event. 71
F8.3:
The City of Tracy lacks a completed Disaster Preparedness Plan, leaving Tracy at risk for delay and cost to restore IT systems in the event of a disaster.
F1.1.1:
Stockton Unified School District does not utilize financial software that aligns with the San Joaquin County Office of Education software, making analysis and review by the San Joaquin County Office of Education difficult.
F1.1.2:
Stockton Unified School District Business Services staff lacks necessary training and guidance to execute complex District business needs, resulting in the need to hire outside consultants at an increased cost to the District.
F1.1.3:
The current Chief Business Officer was hired without following Board Policy 4211.2, creating an appearance of partiality and creating diminished internal and external confidence.
F1.2.1:
Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
F1.3.1:
The elimination of the Stockton Unified School District Grant Development Office in a February 2021 District reorganization resulted in grants no longer being monitored by a specific department or individual, risking additional and unnecessary spending from the General Fund.
F1.3.2:
Stockton Unified School District does not identify and pursue all grant opportunities due to a lack of coordinated leadership, potentially resulting in unnecessary spending from the General Fund, contributing to a budget shortfall and missing opportunities for additional funding for the benefit of the students.
F1.4.1:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, allowing for deviation from California Association of School Business Officers best practices by the Business Services Department.
F1.4.2:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, causing inaccurate evaluations of actual cost and delivery of products and services.
F1.4.3:
Stockton Unified School District is inconsistent in use of Invitation for Bid, Request for Qualifications and Request for Proposal, resulting in providers not being strategically vetted and thereby allowing opportunity for misuse of funds and/or malfeasance. 30
F1.4.4:
Stockton Unified School District inconsistently uses a Request for Proposal for legal services as required by Board Bylaw 9124, potentially resulting in greater costs for legal services.
F1.4.5:
The Board of Trustees routinely disregards Stockton Unified School District staff
F1.5.1:
Lack of detailed billing and incomplete invoices for Board review creates risks of paying for services not received.
F1.6.1:
Consultant forms are accepted and forwarded to the Board without all sections completed and/or answered appropriately, impairing the Board’s ability to make informed decisions.
F1.6.2:
Stockton Unified School District paid at least one consultant for services not delivered, resulting in a misuse of public funds.
F1.7.1:
Stockton Unified School District current budget projections indicate there will be a budget deficit of more than $30 million in fiscal year 2024-2025, a deficit which could cause layoffs and elimination or reduction of student programs. 33
F1.7.2:
Stockton Unified School District has no plan in place to deal with deficit spending, putting Stockton Unified School District at risk of fiscal insolvency.
F1.7.3:
Stockton Unified School District Departments do not have clear operational budgets, decreasing the effectiveness of planning and implementation of student-focused decision making.
F1.7.4:
Stockton Unified School District has no defined and documented plan to pay for essential and on-going costs once one-time funds are depleted or unavailable, increasing the risk of General Fund depletion.
F1.7.5:
Stockton Unified School District has no Multi-Year Financial Projection to monitor the one-time fund expenditures as Stockton Unified School District moves into 2022-2023, potentially causing the projected deficit to occur earlier.
Quick View
Full Details →
Findings & Recommendations
32 findings
F1:
1 San Joaquin County does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of such an attack.
Related Recommendations (1)
R1:
1 By November 1, 2022, the San Joaquin County Board of Supervisors, in conjunction with San Joaquin County ISD, develop, adopt and implement a formal internal policy and procedure for response to a ransomware attack. 2.0 City of Escalon−Discussion The City of Escalon does not have an independent IT department but has a contract agreement with Mid Valley IT to provide all IT services. In the City organization, IT functions report to the Finance and HR Directors. Each employee is given a level of access according to assigned responsibilities within their department. All employees receive information security training specific to their responsibilities as well as general security awareness training. The IT consultant employs an aggressive multi-layered approach to mitigate security threats through software and hardware protection measures. Critical or confidential data is stored in multiple cloud-based locations and systems employing numerous safeguards, including use of multi-factor authentication for access. IT functions are protected with a standby generator and redundant backups in case of a system failure. The generator is tested periodically for functionality. The City of Escalon met all but one of the expectations for adequate cybersecurity. Escalon is by far the smallest city in San Joaquin County, but by using a contracted IT service provider, Escalon is meeting its cybersecurity needs. The City of Escalon does not have a documented Business Continuity Plan.
F2:
1 The City of Escalon does not have a documented Business Continuity Plan, leaving the City relatively unprepared to restore essential services in a disruptive event.
Related Recommendations (1)
R2:
1 By January 1, 2023, the Escalon City Council, in conjunction with Mid Valley IT, develop, adopt and implement a Business Continuity Plan. 3.0 City of Lathrop−Discussion The City of Lathrop met six of the expectations for the nine elements considered in this investigation. Lathrop’s IT organization includes a Director of Information Technology at the cabinet leadership level, a policy strongly recommended by an IT expert for maximum IT security. Including the Director of IT in frequent, regular meetings with other department heads allows effective communication of IT security needs to all City departments. Expectations for data confidentiality and data security were met. However, use of multi-factor authentication for system access was not universal at the time of this investigation, leaving Lathrop at higher risk of attack. Lathrop provides an unsecured public Wi-Fi network, separate from the City’s secure business network and accessible to any user. Hackers or other bad actors could take advantage of the unsecured network, possibly resulting in compromise of log-in credentials from that network and possibly exposing the City to costly liability suits. Lathrop was in the process of developing and approving a BCP and DPP plan at the time of this investigation. Similarly, the City was updating an internal policy for response to a ransomware attack. At the time of this investigation, Lathrop lacked insurance against losses incurred in a cybersecurity incident.
F3:
1 The City of Lathrop does not employ multi-factor authentication universally, leaving City systems more vulnerable to the activities of bad actors.
Related Recommendations (1)
R3:
1 By November 1, 2022, the Lathrop City Council, in conjunction with the City’s IT department, develop, adopt and implement a procedure for universal multi-factor authentication for access to City data.
F4:
1 The City of Lodi does not have an approved Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
Related Recommendations (1)
R4:
1 By January 1, 2023, the Lodi City Council, in conjunction with the City’s IT division, develop, adopt and implement a Business Continuity Plan. 5.0 City of Manteca−Discussion The City of Manteca met seven of the nine expectations considered in this investigation. Manteca’s Information Technology department is independent in the City’s organization. The department director reports directly to the City Manager and meets weekly with other City department heads. User level of access is determined by position, background and other departmental factors. Employees are trained on a regular basis. The training is mandatory for all employees. Hard drives are encrypted, and a Mobile Device Management tool is used for tablets, laptops and phones. Manteca’s ISD is currently updating its Information Technology Security Policy. This comprehensive policy has not been updated since 2010. Manteca’s Department of Information Technology and Innovation is collaborating with City administration and the City Attorney to update all policies relating to information technology security. Similarly, the City is in the process of bringing both hardware and software systems up to next-generation standards with new firewall, malware, user access, backup systems and applications in place. Employee training is executed through KnowB4, an industry-standard cybersecurity training program which includes phishing and other email compromise testing. Regarding firewalls and switches, roughly 60% still operate off single rather than dual or redundant power supplies. Over the next five years, the City is phasing out older devices as they reach end-of- life.
F5:
1 The City of Manteca has an Information Technology Security Policy which has not been updated since 2010, leaving the City relatively unprepared for a cyber event.
Related Recommendations (1)
R5:
1 By January 1, 2023, the Manteca City Council, in conjunction with the City’s ISD, develop, approve and implement an updated Information Technology Security Policy.
F6:
1 It is unclear in the City of Ripon’s Organization Chart where responsibilities for IT and IT security lie, creating confusion over who is responsible to act in a disruptive event.
Related Recommendations (1)
R6:
1 By January 1, 2023, the Ripon City Council develop and make public an updated City Organization chart showing details of the City’s IT functions, including all IT positions.
F7:
1 The City of Stockton does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
Related Recommendations (1)
R7:
1 By November 1, 2022, the Stockton City Council, in conjunction with the City’s IT department, develop, adopt and implement a formal internal policy and procedure for response to a ransomware attack. 8.0 City of Tracy−Discussion The City of Tracy met all expectations for cybersecurity or was in the process of meeting them when surveyed. The City has an Information Technology Division, which is part of the Finance Department. This division supports all departments and functions of the City except water treatment. Data confidentiality and security are guaranteed with industry-leading, next-generation firewalls and network access controls. Data storage, backup and cybersecurity are monitored continually. The IT Manager meets every two weeks with all other City department heads to address IT issues, including cybersecurity. Tracy does not require encryption of thumb drives used on City devices, a requirement that is considered a “best practice” by an expert witness. Tracy does not have either a formal Business Continuity Plan or Disaster Preparedness Plan in place but is in the process of developing both. The BCP was scheduled to be complete in April 2022. Completion date for the DPP was not specified by the City.
F8:
1 Lacking a requirement for encryption of thumb drives used on City devices exposes the City of Tracy to potential data theft and contamination.
Related Recommendations (1)
R8:
1 By November 1, 2022, the Tracy City Council, in conjunction with the IT division, develop, adopt and implement a policy requiring encryption of thumb drives used on City devices.
F1.1:
San Joaquin County does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of such an attack.
F1.2:
San Joaquin County has an exemplary profile regarding cybersecurity and should serve as a model for other government agencies within San Joaquin County.
F2.1:
The City of Escalon does not have a documented Business Continuity Plan, leaving the City relatively unprepared to restore essential services in a disruptive event.
F3.1:
The City of Lathrop does not employ multi-factor authentication universally, leaving City systems more vulnerable to the activities of bad actors.
F3.2:
The City of Lathrop provides an unsecured public Wi-Fi network. Misuse of this unsecured network could expose the City to liability risks.
F3.3:
The City of Lathrop does not have an approved Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event. 9
F3.4:
The City of Lathrop does not have a formal internal policy or procedure to address ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of such an attack.
F3.5:
The City of Lathrop does not have an insurance policy covering financial losses from a cyberattack, possibly exposing City financial resources.
F4.1:
The City of Lodi does not have an approved Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F4.2:
The City of Lodi has implemented an excellent cyber awareness training program for all employees minimizing risk to damage from cyberattack.
F5.1:
The City of Manteca has an Information Technology Security Policy which has not been updated since 2010, leaving the City relatively unprepared for a cyber event.
F5.2:
The City of Manteca lacks a policy and procedure for ransomware attacks. This absence of policy could cause confusion, delay, and greater loss of security in the event of such an attack.
F5.3:
The City of Manteca has a significant number of security devices with single power supplies. This lack of redundant power presents vulnerability in major or prolonged power outages. 11
F6.1:
It is unclear in the City of Ripon’s Organization Chart where responsibilities for IT and IT security lie, creating confusion over who is responsible to act in a disruptive event.
F6.2:
The City of Ripon has a rudimentary network diagram outlining the City’s router and firewall relationship with networks used, but the diagram lacks detail, leaving uncertainty about data security.
F6.3:
Although the City of Ripon met expectations in the areas of data confidentiality and security, lack of IT staff and leadership leaves these areas vulnerable to cyberattack.
F6.4:
The City of Ripon lacks a Business Continuity Plan, rendering the City relatively unprepared to restore essential services in a disruptive event.
F6.5:
The City of Ripon does not have a Disaster Preparedness Plan, leaving the City at risk for significant delay and cost to restore IT systems in the event of a disaster.
F6.6:
The City of Ripon does not have a formal policy or procedure to address ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack. 12
F7.1:
The City of Stockton does not have a formal internal policy concerning payments or procedures in ransomware attacks. This absence of policy could cause confusion, delay and greater loss of security in the event of an attack.
F7.2:
The City of Stockton has a large IT Department which places cybersecurity and disaster preparedness at a high priority, minimizing risk to the City’s information and service systems. 13
F8.1:
Lacking a requirement for encryption of thumb drives used on City devices exposes the City of Tracy to potential data theft and contamination.
F8.2:
The City of Tracy lacks a completed Business Continuity Plan, rendering Tracy relatively unprepared to restore essential services in a disruptive event.
F8.3:
The City of Tracy lacks a completed Disaster Preparedness Plan, leaving Tracy at risk for delay and cost to restore IT systems in the event of a disaster.
Quick View
Full Details →
Findings & Recommendations
41 findings
F1:
2.1 Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
Related Recommendations (1)
R1:
1.1 By January 1, 2023, the Stockton Unified School District Board of Trustees direct the Superintendent to assess the current financial software to be compatible with the San Joaquin County Office of Education software. 11
F2:
Insufficient Budget Monitoring or Updates • Failure to regularly update budget assumptions • Negative or three consecutive qualified interim report certifications • Downgrade of an interim certification by the county superintendent • “Lack of going concern” designation from the county superintendent • Actual revenues and expenditures inconsistent with the most current budget • Budget revisions not posted in the financial system or communicated to the board regularly • Lack of control or monitoring of total compensation as a percentage of total expenses • Failure to regularly reconcile balance sheet accounts in the general ledger • Incomplete responses to criteria and standards variances or deficiencies identified by the county office of education • Requisitions or purchase orders processed when the budget is insufficient 31
Related Recommendations (1)
R2:
1 By October 1, 2022, all members of the Stockton Unified School District Board of Trustees complete all five of the California School Board Association Masters in Governance training courses.
F3:
Inadequate Cash Management • Failure to reconcile cash accounts monthly • 18-month cash flow not forecast • Lack of short-term plan to address cash flow needs • Noncompliance with Education Code requirements when interfund borrowing is occurring • Failure to set aside repayment funds when external borrowing is occurring • Lack of communication to the board about the district’s cash position (with a clear distinction that cash and fund balance are not the same thing)
Related Recommendations (1)
R3:
1 By September 1, 2022, Stockton Unified School District Board of Trustees agendize and approve Board minutes at the following Board meeting to optimize public information and transparency in accordance with Board Bylaw 9324.
F4:
Mismanaged Collective Bargaining Agreements • Failure to consider long-term impact of collective bargaining agreements • Lack of bargaining agreements with all units for several years with no resources identified to cover potential settlements • Presettlement analysis not conducted thoroughly or timely • Settlements above the funded cost of living adjustment (COLA) • Lack of compliance with public disclosure requirements under Government Code Sections 3540.2, 3543.2 and 3547.5 and Education Code Section 42142 • Board approval of collective bargaining agreement is inconsistent with superintendent’s and CBO’s certification
Related Recommendations (1)
R4:
Mismanaged Collective Bargaining Agreements • Failure to consider long-term impact of collective bargaining agreements • Lack of bargaining agreements with all units for several years with no resources identified to cover potential settlements • Presettlement analysis not conducted thoroughly or timely • Settlements above the funded cost of living adjustment (COLA) • Lack of compliance with public disclosure requirements under Government Code Sections 3540.2, 3543.2 and 3547.5 and Education Code Section 42142 • Board approval of collective bargaining agreement is inconsistent with superintendent’s and CBO’s certification
F5:
Increasing and/or Unplanned Contributions and Transfers • Insufficient control and monitoring of contributions and transfers • Lack of a board approved plan to eliminate, reduce, or control contributions/transfers • Transfers from the unrestricted general fund not made when needed to cover projected negative fund balances in other funds • Contributions/transfers to restricted programs and/or other funds not budgeted
Related Recommendations (1)
R5:
Increasing and/or Unplanned Contributions and Transfers • Insufficient control and monitoring of contributions and transfers • Lack of a board approved plan to eliminate, reduce, or control contributions/transfers • Transfers from the unrestricted general fund not made when needed to cover projected negative fund balances in other funds • Contributions/transfers to restricted programs and/or other funds not budgeted
F6:
Continuing Deficit Spending • Deficit spending in the current or two subsequent fiscal years • Not having or implementing a board-approved plan to reduce and/or eliminate deficit spending • Not decreasing deficit spending over the past two fiscal years
Related Recommendations (1)
R6:
Continuing Deficit Spending • Deficit spending in the current or two subsequent fiscal years • Not having or implementing a board-approved plan to reduce and/or eliminate deficit spending • Not decreasing deficit spending over the past two fiscal years
F7:
Mismanaged Employee Benefits • Actuarial valuation not completed in accordance with Governmental Accounting Standards Board (GASB) requirements to determine the unfunded liability for other post-employment benefits (OPEB) • Lack of a board adopted plan to fund health and welfare retiree benefit liabilities • Nonexistence or noncompliance of a policy or collectively bargained agreement to limit accrued vacation balances • No verification and determination of eligibility for benefits for all active and retired employees and dependents in the last five years • Compensated leave balances not tracked, reconciled and reported
Related Recommendations (1)
R7:
Mismanaged Employee Benefits • Actuarial valuation not completed in accordance with Governmental Accounting Standards Board (GASB) requirements to determine the unfunded liability for other post-employment benefits (OPEB) • Lack of a board adopted plan to fund health and welfare retiree benefit liabilities • Nonexistence or noncompliance of a policy or collectively bargained agreement to limit accrued vacation balances • No verification and determination of eligibility for benefits for all active and retired employees and dependents in the last five years • Compensated leave balances not tracked, reconciled and reported
F8:
Inattention to Enrollment and Attendance Reporting • Enrollment decreasing and/or unstable • Enrollment and average daily attendance (ADA) data not monitored and analyzed at least monthly through P2 • Consistently inaccurate data reported through CALPADS and other state reporting • Enrollment projections and assumptions not based on historical data, industry-standard methods, and other reasonable considerations 32 • CALPADS data not reviewed and verified by applicable sites and departments and corrected as needed before the report submission deadlines • Unplanned or unmonitored effects of enrollment losses to charter schools • Board policy to limit outgoing interdistrict transfers is nonexistent, or policy is not followed
Related Recommendations (1)
R8:
Inattention to Enrollment and Attendance Reporting • Enrollment decreasing and/or unstable • Enrollment and average daily attendance (ADA) data not monitored and analyzed at least monthly through P2 • Consistently inaccurate data reported through CALPADS and other state reporting • Enrollment projections and assumptions not based on historical data, industry-standard methods, and other reasonable considerations 32 • CALPADS data not reviewed and verified by applicable sites and departments and corrected as needed before the report submission deadlines • Unplanned or unmonitored effects of enrollment losses to charter schools • Board policy to limit outgoing interdistrict transfers is nonexistent, or policy is not followed
F9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
Related Recommendations (1)
R9:
Decreasing Fund Balance and Reserve for Economic Uncertainty • Failure to accurately estimate the ending fund balance • Failure to maintain the minimum reserve for economic uncertainty • If unable to maintain the minimum reserve for economic uncertainty, a board-approved plan to restore the minimum reserve for economic uncertainty does not exist • Projected unrestricted fund balance not stable or not increasing • Unrestricted fund balance does not include assigned or committed reserves above the recommended reserve level when unfunded or contingent liabilities or one-time costs exist
F10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
Related Recommendations (1)
R10:
Ineffective Internal Controls and Fraud Prevention • Lack of controls that limit access to the financial system • Access and authorization controls to the financial system not reviewed and updated upon employment actions (e.g., resignations, terminations, promotions or demotions) and at least annually • Duties in accounts payable, accounts receivable, purchasing, contracts, payroll, human resources, associated student body, and warehouse/receiving not segregated, supervised or monitored • Beginning balances for the new fiscal year not posted and reconciled with the ending balances from the prior fiscal year • Prior year accruals not reviewed and cleared by first interim • Suspense accounts not reconciled regularly • General ledger not reconciled or closed timely • Inadequate processes and procedures in place to discourage and detect fraud
F11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
Related Recommendations (1)
R11:
Breakdown in Leadership and Communication • Uninformed decisions made because the system(s) can’t provide key financial and personnel data needed • Instability in the chief business official or superintendent positions (been with the district less than two years) • Lack of regular communication between the superintendent and all members of the administrative cabinet • Timely training on financial management, budget and governance not provided to site and department administrators who are responsible for budget management and decision-making • Board policies and administrative regulations routinely ignored, not adopted, updated, implemented or communicated to staff • Micromanagement by board members • Systems fully or partially controlled by highly influential special interest groups
F12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10) 33
Related Recommendations (1)
R12:
Lack of Multiyear Planning • Unreasonable and/or unclear multiyear projections that are not aligned with industry standards • Failure to explain trend analysis • LCFF calculation not prepared with multiyear considerations • Financial decisions made without most current multiyear projection in mind • Detailed information not included when “other adjustments” is used with multiyear projections (line B10) 33
F13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
Related Recommendations (1)
R13:
Inattention to Non-Voter-Approved Debt and Risk Management • Sources of non-voter-approved debt repayment unstable, unpredictable and from the unrestricted general fund • Downgrade of credit rating • Out-of-date actuarial study without a plan to pay for any unfunded liabilities when self-insured • High levels of non-voter-approved debt (such as COPs, bridge financing, BANS, RANS and others), with total annual debt service payments greater than 2% of the district’s unrestricted general fund revenues
F14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
Related Recommendations (1)
R14:
Lack of Position Control • Financial and human resources systems not integrated • Accounting for positions and costs is incomplete • Staffing not analyzed or adjusted based on staffing ratios and enrollment • Budget, payroll and position control not reconciled regularly • Budget source not identified for each new position before the position is authorized by the governing board • New positions and extra assignments posted before governing board approval • Staffing ratios for certificated, classified and administrative positions not adopted or followed • Lack of regular meetings between human resources, payroll and budget to discuss issues and improve processes.
F15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control findings • Inadequate, undocumented monitoring and oversight of authorized charter schools • Out-of-date long-range facilities master plan • Special education costs not monitored, with contribution rate above the statewide average contribution rate • Special education staffing ratios, class sizes and caseload sizes do not align with statutory requirements and industry standards • District and the county office of education have different financial systems and lack automated interface Revised 8-14-2019 34 Appendix B: ESSER funds The Elementary and Secondary School Emergency Relief Fund (ESSER) was established as part of the Coronavirus Aid, Relief, and Economic Security (CARES) Act in March 2020. CARES provided direct funding to states and districts to address the impact COVID-19 has had, and continues to have, on elementary and secondary schools across the nation. The ESSER Fund is the leading source of funding for public elementary and secondary education under each law. As each succeeding law was enacted, the U.S. Department of Education (ED) modified the acronym ESSER to distinguish each fund from the other. Collectively known as ESSER funds. The Office of Elementary and Secondary Education (https://oese.ed.gov/offices/education- stabilization-fund/elementary-secondary-school-emergency-relief-fund/) clarifies each ESSER phase as: ESSER I On March 27, 2020, Congress set aside approximately $13.2 billion of the $30.75 billion allotted to the Education Stabilization Fund through the Coronavirus Aid Relief, and Economic Security (CARES) Act for the Elementary and Secondary School Emergency Relief Fund (ESSER) Fund. The Department awarded these grants to State educational agencies (SEAs) for the purpose of providing local educational agencies (LEAs), including charter schools that are LEAs, with emergency relief funds to address the impact that COVID-19 has had, and continues to have, on elementary and secondary schools across the Nation. ESSER Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2019. ESSER II The Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act, 2021, was signed into law on December 27, 2020, and provided an additional $54.3 billion for the Elementary and Secondary School Emergency Relief (ESSER II) Fund. ESSER II Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. American Rescue Plan (ARP) ESSER (III) On Thursday, March 11, 2021, the American Rescue Plan (ARP) Act was signed into law. It was an unprecedented $1.9 trillion package of assistance measures, including $122 billion for the ARP Elementary and Secondary School Emergency Relief (ARP ESSER) Fund. Funds are provided to SEAs and LEAs to help safely reopen and sustain the same operation of schools and address the impact of the coronavirus pandemic on the Nation’s students. ARP ESSER Fund awards to SEAs are in the same proportion as each State received funds under Part A of Title I of the Elementary and Secondary Education Act of 1965, as amended, in fiscal year 2020. https://oese.ed.gov/offices/education-stabilization-fund/elementary-secondary-school-emergency-relief-fund/ 35 ESSER funds can be used in a variety of ways as long as the use addresses the impact of COVID-19. While all three funds can be used for things like hiring new staff, avoiding layoffs and implementing strategies that address the public health crisis. There are some additional nuances that were added to the terms for ESSER II and ESSER III. These include: • accelerating learning recovery, • facilitating remote learning, • prepping for reopening, • testing for reopening, • improving air quality in schools, • maintaining health and safety and • building new protocols to meet CDC guidance. Appendix C: Consultant Forms E 3600 BOARD POLICY Adopted: 06/12/07 Business and Noninstructional Operations Consultants CONSULTANT UTILIZATION FORM The following form is to be utilized by all non-instructional Consultants. The form is divided into two sections. Section #1 is to be utilized by the Consultant, and Section #2 by the District designees. Section #1 To provide consultant services to the Stockton Unified School District, all potential noninstructional Consultants must first provide the District’s ____________________Office with the following information. The information may be provided below or attached hereto.
Related Recommendations (1)
R15:
Related Issues of Concern • Failure to produce timely and accurate financial information • Annual Independent Audit Report contains material apportionment or internal control
F2.1:
The Stockton Unified School District Board of Trustees has shown disregard for Board Bylaw 9270, Conflict of Interest, contributing to an appearance of impropriety that may diminish the integrity of the District.
F2.2:
Not all Stockton Unified School District Board of Trustee members have completed the California School Board Association Master in Governance training program, leaving them inadequately trained in Board duties and responsibilities.
F3.1:
Lack of Stockton Unified School District Board of Trustee meeting minutes posted publicly and/or timely per Board Bylaw 9324, Minutes and Recordings, and Ed Code §35145a creates diminished public awareness of the actions of the Board of Trustees.
F3.2:
The absence of general discussion in Board minutes diminishes Board accountability and public transparency, leaving District constituents ill-informed of District issues that could have adverse effects on the students. 27
F3.3:
Board agenda packets are often missing important information, a violation of Board Bylaw 9324, Agenda/Meeting Materials, contributing to ill-informed decision making which could adversely impact students and constituents.
F3.4:
Lack of public discussion on Board agenda items creates an appearance of business being conducted “behind closed doors” and fosters mistrust among District staff and constituents.
F3.5:
Lack of certified translators for Board meetings causes inaccurate and nontransparent translations of public meetings.
F1.1.1:
Stockton Unified School District does not utilize financial software that aligns with the San Joaquin County Office of Education software, making analysis and review by the San Joaquin County Office of Education difficult.
F1.1.2:
Stockton Unified School District Business Services staff lacks necessary training and guidance to execute complex District business needs, resulting in the need to hire outside consultants at an increased cost to the District.
F1.1.3:
The current Chief Business Officer was hired without following Board Policy 4211, creating an appearance of partiality and creating diminished internal and external confidence.
F1.2.1:
Not all change orders are brought to the Board of Trustees for approval or ratification, leaving the Board and senior management unaware of overruns and total cost of projects and causing possible cost overages and budget deficits.
F1.3.1:
The elimination of the Stockton Unified School District Grant Development Office in a February 2021 District reorganization resulted in grants no longer being monitored by a specific department or individual, risking additional and unnecessary spending from the General Fund.
F1.3.2:
Stockton Unified School District does not identify and pursue all grant opportunities due to a lack of coordinated leadership, potentially resulting in unnecessary spending from the General Fund, contributing to a budget shortfall and missing opportunities for additional funding for the benefit of the students.
F1.4.1:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, allowing for deviation from California Association of School Business Officers best practices by the Business Services Department. 20
F1.4.2:
Stockton Unified School District’s purchasing policies and procedures are not clearly defined, causing inaccurate evaluations of actual cost and delivery of products and services.
F1.4.3:
Stockton Unified School District is inconsistent in use of Invitation for Bid, Request for Qualifications and Request for Proposal, resulting in providers not being strategically vetted and thereby allowing opportunity for misuse of funds and/or malfeasance.
F1.4.4:
Stockton Unified School District inconsistently uses a Request for Proposal for legal services as required by Board Bylaw 9124, potentially resulting in greater costs for legal services.
F1.4.5:
The Board of Trustees routinely disregards Stockton Unified School District staff
F1.5.1:
Lack of detailed billing and incomplete invoices for Board review creates risks of paying for services not received.
F1.6.1:
Consultant forms are accepted and forwarded to the Board without all sections completed and/or answered appropriately, impairing the Board’s ability to make informed decisions.
F1.6.2:
Stockton Unified School District paid at least one consultant for services not delivered, resulting in a misuse of public funds.
F1.7.1:
Stockton Unified School District current budget projections indicate there will be a budget deficit of more than $30 million in fiscal year 2024-2025, a deficit which could cause layoffs and elimination or reduction of student programs.
F1.7.2:
Stockton Unified School District has no plan in place to deal with deficit spending, putting Stockton Unified School District at risk of fiscal insolvency.
F1.7.3:
Stockton Unified School District Departments do not have clear operational budgets, decreasing the effectiveness of planning and implementation of student-focused decision making.
F1.7.4:
Stockton Unified School District has no defined and documented plan to pay for essential and on-going costs once one-time funds are depleted or unavailable, increasing the risk of General Fund depletion.
F1.7.5:
Stockton Unified School District has no Multi-Year Financial Projection to monitor the one- time fund expenditures as Stockton Unified School District moves into 2022-2023, potentially causing the projected deficit to occur earlier.