Carson City audit committee accepts credit‑card security report, closes several findings and outlines FY26 audits
October 20, 2025 | Carson City, Ormsby County, Nevada
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
The Carson City Audit Committee on Wednesday accepted an internal audit report on the city’s credit‑card payment security and compliance and approved closing several completed audit findings while setting the fiscal‑year 2026 audit schedule.
The committee voted to accept the report prepared by Eide Bailly LLP, which identified two primary observations: inconsistent fee structures across multiple payment processors used by city departments and one outdated payment‑processing contract among seven reviewed. Eric Poulce, principal on the engagement for Eide Bailly, told the committee the work examined “credit card transaction workflows, vendor oversight, PCI compliance procedures” and that “this does not represent a significant risk to the city’s compliance posture,” while noting opportunities to improve oversight and documentation.
The audit firm recommended a cross‑department review of payment‑processing agreements to align fee structures and standardize vendor contracts. The report also recommended improving contract‑management documentation; the treasurer and the city’s contracts administrator agreed to collaborate and the committee recorded that recommendation as implemented.
Why it matters: multiple payment processors and differing vendor agreements can lead to inconsistent merchant fees and potential confusion for customers. The committee’s acceptance directs the city to pursue standardization and better contract controls to improve transparency and oversight.
Audit findings and committee discussion
Eide Bailly’s briefing said several departments use different payment processors because some vendor systems require specific integrations. The audit noted the city maintains PCI (payment card industry) governance — including attestation, self‑assessment questionnaires and quarterly vulnerability reporting — and identified the payment‑processor fragmentation primarily as an operational and cost issue rather than a material compliance failure.
Carson City Treasurer Andrew Raizer explained department‑level choices at length, saying some systems were adopted when departments implemented or replaced their own software. He described the landfill’s move to a WayMaster system in early 2023 that led to a CardConnect implementation, while utility billing uses a Tyler‑connected solution (AMS BridgePay) and an alternate NCR one‑step payment link. Raizer said of one widely used processor, “it’s at 2.25%, meaning that if a customer's bill was a $100 and they paid with a credit card, it'd be a $2.25 fee.” He added the permit center and other small systems sometimes face higher rates because of lower transaction volumes and limited integration options.
Frank Cabello, the city’s director of IT operations, described a market trend among vendors that restrict available interfaces, saying, in part, “we're only gonna use this API or this interface,” which constrains the city's ability to force a single processor across all departmental systems.
Formal actions and committee votes
- The committee voted to accept Eide Bailly’s credit‑card payment security and compliance report and its recommendations; committee members present voted in favor and the motion passed.
- The committee also voted to close several completed audit items as recommended. Specific closures included a payroll processing item (pay‑code guidelines drafted and moved into policy technology; completion dated June 30) and a purchasing/contracts item for which Munis was documented to send contract‑expiration reminders 60 days in advance. The committee recorded a completion and immediate closure for the payment‑processing contract‑management recommendation after the treasurer and contracts administrator confirmed collaboration to monitor and maintain contracts.
Other committee business
Sherry (city audit staff) flagged updates in the follow‑up log: the Clerk/Recorder office completion date was revised to Dec. 30, 2026 (explanation provided in the report), and another item’s expected completion date was moved to Dec. 31, 2025 while in internal review.
Auditors and staff also reviewed the fiscal‑year 2026 internal audit plan and fraud, waste and abuse hotline activity. Audrey Donovan of Eide Bailly reported the FY26 plan will include capital‑asset accounting and public‑guardian asset management audits; kickoff for capital assets was scheduled for the coming Wednesday with the team aiming to finish before the next audit committee meeting, and a risk‑assessment update is planned for February 2026. Donovan said there were no hotline reports directly related to Carson City in the most recent review period; calls logged tended to concern identity theft rather than city operations.
Next meeting and closing
Committee members agreed to meet Tuesday, Feb. 17, 2026, at 1:30 p.m. The committee adjourned after closing the items on the consent and follow‑up lists.
The committee voted to accept the report prepared by Eide Bailly LLP, which identified two primary observations: inconsistent fee structures across multiple payment processors used by city departments and one outdated payment‑processing contract among seven reviewed. Eric Poulce, principal on the engagement for Eide Bailly, told the committee the work examined “credit card transaction workflows, vendor oversight, PCI compliance procedures” and that “this does not represent a significant risk to the city’s compliance posture,” while noting opportunities to improve oversight and documentation.
The audit firm recommended a cross‑department review of payment‑processing agreements to align fee structures and standardize vendor contracts. The report also recommended improving contract‑management documentation; the treasurer and the city’s contracts administrator agreed to collaborate and the committee recorded that recommendation as implemented.
Why it matters: multiple payment processors and differing vendor agreements can lead to inconsistent merchant fees and potential confusion for customers. The committee’s acceptance directs the city to pursue standardization and better contract controls to improve transparency and oversight.
Audit findings and committee discussion
Eide Bailly’s briefing said several departments use different payment processors because some vendor systems require specific integrations. The audit noted the city maintains PCI (payment card industry) governance — including attestation, self‑assessment questionnaires and quarterly vulnerability reporting — and identified the payment‑processor fragmentation primarily as an operational and cost issue rather than a material compliance failure.
Carson City Treasurer Andrew Raizer explained department‑level choices at length, saying some systems were adopted when departments implemented or replaced their own software. He described the landfill’s move to a WayMaster system in early 2023 that led to a CardConnect implementation, while utility billing uses a Tyler‑connected solution (AMS BridgePay) and an alternate NCR one‑step payment link. Raizer said of one widely used processor, “it’s at 2.25%, meaning that if a customer's bill was a $100 and they paid with a credit card, it'd be a $2.25 fee.” He added the permit center and other small systems sometimes face higher rates because of lower transaction volumes and limited integration options.
Frank Cabello, the city’s director of IT operations, described a market trend among vendors that restrict available interfaces, saying, in part, “we're only gonna use this API or this interface,” which constrains the city's ability to force a single processor across all departmental systems.
Formal actions and committee votes
- The committee voted to accept Eide Bailly’s credit‑card payment security and compliance report and its recommendations; committee members present voted in favor and the motion passed.
- The committee also voted to close several completed audit items as recommended. Specific closures included a payroll processing item (pay‑code guidelines drafted and moved into policy technology; completion dated June 30) and a purchasing/contracts item for which Munis was documented to send contract‑expiration reminders 60 days in advance. The committee recorded a completion and immediate closure for the payment‑processing contract‑management recommendation after the treasurer and contracts administrator confirmed collaboration to monitor and maintain contracts.
Other committee business
Sherry (city audit staff) flagged updates in the follow‑up log: the Clerk/Recorder office completion date was revised to Dec. 30, 2026 (explanation provided in the report), and another item’s expected completion date was moved to Dec. 31, 2025 while in internal review.
Auditors and staff also reviewed the fiscal‑year 2026 internal audit plan and fraud, waste and abuse hotline activity. Audrey Donovan of Eide Bailly reported the FY26 plan will include capital‑asset accounting and public‑guardian asset management audits; kickoff for capital assets was scheduled for the coming Wednesday with the team aiming to finish before the next audit committee meeting, and a risk‑assessment update is planned for February 2026. Donovan said there were no hotline reports directly related to Carson City in the most recent review period; calls logged tended to concern identity theft rather than city operations.
Next meeting and closing
Committee members agreed to meet Tuesday, Feb. 17, 2026, at 1:30 p.m. The committee adjourned after closing the items on the consent and follow‑up lists.
View full meeting
This article is based on a recent meeting—watch the full video and explore the complete transcript for deeper insights into the discussion.
View full meeting