cpa ia annual internal audit report
Post on 05-Jan-2017
223 Views
Preview:
TRANSCRIPT
TABLE OF CONTENTS I. Compliance with House Bill 16: Posting the Internal Audit Plan, Internal
Audit Annual Report, and Other Audit Information on Internet Web Site.....1 II. Internal Audit Plan for Fiscal Year 2013 ............................................................. 2 III. Consulting Engagements and Non-audit Services Completed ........................... 4 IV. External Quality Assurance Review (Peer Review) ............................................ 5 V. Internal Audit Plan for Fiscal Year 2014 ............................................................. 6 VI. External Audit Services Procured in Fiscal Year 2013 ...................................... 9 VII. Reporting Suspected Fraud and Abuse .............................................................. 12
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
1
I. Compliance with House Bill 16: Posting the Internal Audit Plan, Internal Audit
Annual Report, and Other Audit Information on Internet Web Site The Texas Comptroller of Public Accounts (CPA) has developed procedures to follow in order to ensure compliance with the provisions of House Bill 16. Specifically, within 30 days of approval by the Comptroller, the Internal Audit Division will provide the Data Services Division with the approved Audit Plan for the applicable fiscal year. Data Services will post the approved fiscal year Audit Plan on CPA’s Internet Web site, Window on State Government, as provided by Texas Government Code, Section 2102.008. In addition, the Annual Internal Audit Report will be provided to the Data Services Division within 30 days of its approval for posting on CPA’s Internet Web site, as required by Texas Government Code, Section 2102.009. The Internal Audit Division will update postings as needed on CPA’s Internet Web site, Window on State Government, to include detailed summaries of any weaknesses, deficiencies, wrongdoings or other concerns that may be raised by the audit plan or annual report. In addition, a summary of the action taken by CPA to address concerns, if any, that are raised by the audit plan or annual report will be posted as needed on CPA’s Internet Web site, Window on State Government. The Internal Audit Division will post these summaries based on future guidelines developed and provided by the State Auditor’s Office. In accordance with Texas Government Code, Title 5 Open Government, Ethics, Chapter 552 Public Information, Subchapter C Information Excepted From Required Disclosure, Section 552.139 which provides an exemption to government information from public disclosure if it relates to computer network security or to the design, operation or defense of a computer network, the Internal Audit Division will not release any confidential or sensitive information protected by this exemption. Any information not protected by this or another applicable exemption that is determined to be confidential in nature will be specifically designated as such in accordance with SAO guidelines.
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
2
II. Internal Audit Plan for Fiscal Year 2013 Project/Report Title Comments/Explanations Fiscal Year 2013 Audits:
Audit of Security Incident Management Carryforward audit project for FY 2014
Audit of Property Value Study In Progress - Planning Phase
Ethics Review Carryforward audit project for FY 2014
Audit of IT Proposals, Procurement Agreements, and Contracts
As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 Risk Assessment. No longer high risk. Limited coverage will be addressed in the Audit of Software Licensing.
Audit of Event Trust Funds In Progress - Planning Phase
Audit of Software Licensing In Progress - Planning Phase
Audit of Call Center Operations As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 risk assessment. No longer high risk.
Audit of Treasury PeopleSoft System Carryforward audit project for FY 2014
Fiscal Year 2012 Audits in Progress:
Audit of Security Awareness Training In Progress - Reporting Phase
Audit Report # 2103: Audit of Innovation and Technology (IT) Hardware Services Section (Previously named Audit of IT Desktop Services)
Completed - Report issued September 2013
Audit of TPASS Contract Management In Progress - Reporting Phase
Audit Report #2102:Audit of Expenditure Audit's Post-Payment Audit Processes
Completed - Report issued in August 2013
Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC)
In Progress - Fieldwork Phase
Audit of Business Continuity and Disaster Recovery Programs
In Progress - Reporting Phase
Audit of Cash Flow Forecasting In Progress - Fieldwork Phase
Audit Report #1103: Audit of Fund Disbursement Processes
Completed - Report issued in February 2013
Audit of Payments and Returns Process On Hold - Will review issues
Audit of the JET Program In Progress - Reporting Phase
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
4
III. List of Consulting Engagements and Non-audit Services Completed Showing
High-Level Objectives, Observations/Results, Recommendations, and Implementation Status
Report No. Report Date
Name of Report
High-Level Consulting Engagement/Non-audit
Service Objective(s) Observations/Results and
Recommendations
N/A N/A N/A N/A N/A
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
6
V. Internal Audit Plan for Fiscal Year 2014
Project Title Division Area Project Hours
Fiscal Year 2014 Audits Audit of Security Incident Management
Information Security Privacy Office Innovation and Technology
Information Security Privacy Office All
810
Ethics Review Agency Administration & Executive Administration
Human Resources 650
Audit of Treasury PeopleSoft System
Treasury Operations Innovation and Technology
All 910
Audit of Appropriation Control Fiscal Management Fiscal Integrity - Appropriation Control
980
Audit of Audit Headquarters Tax Administration Audit - Headquarters 985 Total FY 14 Audit Hours: 4,335
Fiscal Year 2013 Audits In Progress Audit of Property Value Study Field Area
Property Tax Assistance Property Value Study Field Area
830
Audit of Event Trust Funds Fiscal Management Economic Development and Analysis
Fiscal Integrity - Fiscal Analysis Statewide Fiscal Services - Expenditure Audit Economic Development and Analysis
810
Audit of Software Licensing Innovation and Technology IR Planning, Budgeting and Contracting - IT Support Team
860
Audit of Expenditure Audit's Post-Payment Audit Processes
Fiscal Management Fiscal Services/ Expenditure Audit
70
Audit of IT Hardware Services Section
Innovation and Technology IT Infrastructure/ IT Customer Service/ Hardware Services/ Desktop Services Team
85
Audit of TPASS Contract Management
TPASS Statewide Procurement & Contract Management/ Contract Management
255
Audit of Business Continuity and Disaster Recovery Programs
Information Security Information Security 85
Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC)
Fiscal Management Statewide Fiscal Systems/ Fiscal Systems Support
365
Audit of Security Awareness Training
Information Security Information Security 255
Audit of Cash Flow Forecasting Treasury Operations Cash Flow Forecasting 520
Audit of Payments and Returns Process
Revenue Administration Account Maintenance Revenue Processing Revenue Accounting
85
Audit of the JET Program Educational Opportunities & Investments
Educational Opportunities & Investments
245
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
7
Project Title Division Area Project Hours Fiscal Year 2013 Audits In Progress - continued Audit of Fleet Management TPASS Statewide Procurement &
Contracts 60
Audit of Cash Handling and Returns Processing
Tax Administration Enforcement 300
Total FY 13 Audits In Progress Hours: 4,825 Special Projects/Management Requests: Follow Ups
540
Client Assist (Internal/External)
158 FY 2013 Annual Internal Audit Report
130
FY 2015 Risk Assessment
1020 IT Steering Committee
80
Other Projects
1885 Special Projects/Management Requests Carry forward
280
Peer Review (Internal)
200 Other Management Requests
3187
Total Special Projects/Management Requests: 7,480
Total Fiscal Year 2014 Audit Hours: 4,335
Total Fiscal Year 2013 Audits In Progress Hours: 4,825
Total Special Projects/Management Requests: 7,480
Direct Audit Hours:
16,640
Indirect Hours:
8,320
Total Hours
24,960
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
8
Risk Assessment Process The results from the Enterprise Risk Management (ERM) Surveys, Privacy Surveys, TeamRisk Self-Assessments, interviews with Executive Management and division directors, and results from internal audit activities were used to conduct our annual risk assessment. Risk Factors and Weights:
Risk Factor Risk Weight
Control Environment 15.00%
Risk and Monitoring 25.00%
$ Value of Transactions 5.00%
Reliance on 3rd Parties 5.00%
Management Concern 10.00%
Legislative Interest 10.00%
Internal Control Awareness 10.00%
Internal Audit Factors 5.00%
Confidential Information 15.00%
As a part of the annual ERM Survey process, the Information Security Office (InfoSec) designated 651 key processes which the Internal Audit Division (Division) analyzed and assessed risks on using the Division’s TeamRisk and self-assessment modules of our TeamMate audit software. Coverage of High Risk Processes Overall, 60 of 651 reported processes scored as high risk. The high risk processes will receive coverage as follows:
• 6 processes will be covered in proposed audits • 17 processes will be covered as part of a CSA • 6 process are covered in currently scheduled audits • 1 process will be covered as part of audits reviewing security controls • 20 processes could be covered in backup audits • 9 processes had previous coverage. Agency staff provided poor information in their
reported self-assessments. Upon further review of these processes, we found that these processes had CSAs performed in fiscal 2012 or fiscal 2013. Staff could have used the CSA information for entry into their assigned self-assessment which would have resulted in a moderate or low risk score.
• 1 process will be covered in a proposed special project
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
9
VI. External Audit Services
Name of External Auditor Services Provided Date of Service (Report Date)
McConnell & Jones LLC Professional public accounting services - Financial audit for Texas Tomorrow Fund
FY 2012 Audited AFR issued on December 20, 2012
Padgett Stratemann & Co., LLP Professional public accounting services – Financial audit for the Texas Tomorrow Fund
FY 2013 Audited AFR to be issued on December 20, 2013
State Auditor’s Office Statewide Single Audit/CAFR Audit February 2013
MGT of America, Inc. Best practices and due diligence review of processes related to the Major Events Trust Fund Program
Term: April 12, 2013 through June 30, 2013
Experis US, Inc. Overpayment Recovery Audits Term: April 2, 2012 through August 31, 2014
Deloitte & Touche LLP Professional public accounting for fiscal, technical and monitoring services for the stimulus grant program
Term: October 20, 2010 through March 31, 2013
Audit Services, U.S. LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013
Verus Financial LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013
Xerox State & Local Solutions, Inc. (formerly ACS State & Local Solutions)
Unclaimed Property Audit Services Term: December 16, 2010 through August 31, 2013.
Audit Services, U.S. LLC (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 28, 2013 through August 31, 2014
Discovery Audit Services, LLC
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Hertz, Herson & Company, LLP
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Kelmar Associates LLC d/b/a Kelmar Unclaimed Property Services, LLC
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 28, 2013 through August 31, 2014
Treasury Services Group, LLC
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Verus Financial, LLC
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
10
Name of External Auditor Services Provided Date of Service (Report Date)
Xerox State & Local Solutions, Inc. d/b/a Xerox Unclaimed Property Clearinghouse
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Independent Contract Examiners - 22 contracts:
Dan A. Northern David Tran d/b/a Lone Star Sales Tax Consulting- TERMINATED Dibrell P. Dobbs d/b/a State Tax Consulting Group Jean Chan Garrett State Tax Service (Trevor Garrett) – Amd No. 3 Cherise D. Collins Marina Roy Buenaventura, CPA Paul Hernandez Vernice Seriale, Jr. Brenda Maldonado Max Dwain Martino, PC Paul D. Underwood Stephanie (Clark) Jackson Terra Hillman William R. Smith Homer Max Wiesen, CPA Antonio V. Concepcion Art Koenings, Jr, CPA D. Smith Consulting (Dixie Smith) Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed) Stephen T. Broad Stites Pybus, LLC (A. Michiell Stites)
Tax Compliance Examination Services
Term: August 2010 through August 31, 2013
Independent Contract Examiners - 3 contracts: Celia Chang State and Local Tax Group (Wayne Wharton) Willie Sullivan
Tax Compliance Examination Services
August 18, 2011 through August 31, 2013
Independent Contract Examiners – 10 contracts: Delores A. Nornberg Thomas W. Gay Taygor Associates, LLC (L.C. Gordon, Jr.) Michael J. Robertson Cindy H. Coats Cynthia Alvarez Sam W. Armstrong, PC
Tax Compliance Examination Services
July 30, 2012 through August 31, 2013
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
11
Name of External Auditor Services Provided Date of Service (Report Date)
Independent Contract Examiners – 10 contracts: (Continued) Texas Tax Consulting Group, LC (Frank Castro) Nedzra J. Ward Gordon Wheeler Independent Contract Examiners – 26 contracts: (Effective 9-1-2013) Fabian Avina Stephen T. Broad Marina Roy Buenaventura Jean Chan Cherise D. Collins Antonio V. Concepcion Dibrell P. Dobbs d/b/a State Tax Consulting Group Garrett State Tax Service, Inc. (Trevor Garrett) Ramira J. Garza Paul Hernandez Terra Hillman Stephanie (Clark) Jackson d/b/a The Ann Group Art Koenings, Jr. & Nancy Wilkins Brenda Maldonado Max Dwain Martino Dan Northern Grace Rhodes Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed) Vernice Seriale, Jr. Judy Shinn d/b/a Shinn Tax Services D Smith Consulting (Dixie Smith) State Tax Group, LLC (Richard Fleming) Stites Pybus, LLC (A. Michiell Stites) Treva M. Sullivan Paul D. Underwood Homer Max Wiesen
Tax Compliance Examination Services
August 2013 through August 31, 2014
Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013
12
VII. Reporting Suspected Fraud and Abuse The Comptroller of Public Accounts has taken several measures to address the potential misuse or misappropriation of state resources, including funds received under the American Recovery and Reinvestment Act. The Comptroller of Public Accounts has also taken action to implement the requirements to report suspected fraud, waste and abuse involving state resources directly to the State Auditor’s Office (SAO). Actions taken to implement the requirements of: • Fraud Reporting, Article IX, Sec. 7.09, General Appropriations Act (83rd Legislature,
Conference Committee Report). The Window on State Government home page of the Comptroller of Public Accounts’ website contains a Report Fraud page (http://www.window.state.tx.us/fraud.html) explaining how to report fraud involving state resources to the SAO. The SAO’s phone number for reporting fraud, (800) TX-AUDIT and a link to the State Auditor’s Fraud website, (http://sao.fraud.state.tx.us/), are included in the information provided on the Report Fraud page. The Comptroller of Public Accounts’ Employee Handbook, Chapter 02: Ethics Policy, Policy Prohibiting Fraud, Waste, Theft and Abuse includes information on how to report suspected fraud involving state funds to the SAO by calling (800) TX-AUDIT or by making a report on-line (http://sao.fraud.state.tx.us/). The Comptroller of Public Accounts’ Employee Handbook includes a requirement that all employees take the Anti-Fraud Training on an annual basis. The Comptroller’s Office Internal Audit Division website also contains fraud links and contact information to include the SAO’s phone number for reporting fraud (800) TX-AUDIT, a link to the State Auditor’s Fraud website (http://sao.fraud.state.tx.us/), a link to the SAO Fraud Reporting Form (https://sao.fraud.state.tx.us/Hotline.aspx), the link to the Government Accountability Office (GAO) FraudNET (http://www.gao.gov/fraudnet/fraudnet.htm) and the GAO’s Toll Free 1-800-424-5454 and Fax: 202-512-3086. • Texas Government Code, Section 321.022. Coordination of Investigations The Comptroller of Public Accounts has established the Policy Prohibiting Fraud, Theft, Waste, or Abuse in Business Dealings or in any Relationship with the Comptroller’s Office (Anti-Fraud Policy) (http://www.window.state.tx.us/ssv/ethics.html) to enforce controls and to aid in the prevention and detection of fraud, theft, waste or abuse against the agency or the State of Texas. Suspected fraud, waste, theft or abuse can be reported to the Ethics Officer, Internal Audit Division, Criminal Investigations Division or through The Network at (866) 420-8369. It can also be reported outside the agency to the SAO by calling (800) TX-AUDIT or by making a report online at (http://sao.fraud.state.tx.us/ ).
top related