INTERNAL AUDIT DEPARTMENT FY2015 YEAR-END REPORT

Transcription

1 FY2015 AUDIT AGENDA INTERNAL AUDIT DEPARTMENT FY2015 YEAR-END REPORT The FY2015 Audit Agenda was comprised of four main types of audit engagements: Performance Audits Information Technology Risk Assessment Follow-up Special Requests AUDITS SCHEDULED AND COMPLETED Risk Based Audits Each year the Internal Audit Department conducts an Annual Risk Assessment to determine, based on risk, which functions in the City would benefit most from an Internal Audit. We utilize our audit software TeamMate to maintain our audit universe of 110 auditable units and to assign risk metrics for each audit unit. The criteria we use to evaluate and rank each auditable unit include: 1. Dollar Impact 2. Complexity of Operations 3. Organizational Changes 4. Time Since Last Audit 5. Results of Last Audit 6. Risk to Public Welfare/Public Perception 7. Impact of Laws, Rules, and Regulations 8. Professional Judgment

2 FY2015 For FY2015, based on risk ranking, we selected 8 audits from the Audit Department s audit universe to be scheduled on the FY2015 audit agenda. One audit, Finance, Cash, Banking and Investments was added to the Audit Plan for FY 2015 during the September Commission meeting when the Audit Plan was received and approved. The East Central Regional Water Reclamation Facility audit was completed in FY2014 (Exhibit II). However, this audit consisted of three sub-audits, the facility s internal control environment, the plant s inventories and warehouse management, and the Human Resources Employee Relations department. There were no audits in progress at the beginning of FY2014 other than the ECR audit which began in the last month of FY2013. This occurred because the Internal Audit Department was re-launched in 2013 and no staff was on board when the new Audit Director was retained in FY IT Risk Assessment We completed an information technology audit project in FY2014. We issued an RFP for a comprehensive IT Risk Assessment, which resulted in 22 proposals. After the review committee analyzed the proposals for best value, McGladrey LLP was selected to perform the IT Risk Assessment. They delivered an Assessment Report on September 30, 2014, which included over 50 findings and recommendations. We also engaged McGladrey to perform an analysis of the City s IT Storage Area Network (SAN) in FY2015. FY2015 For FY2015, based on risk ranking, a total of 12 audits were included in the audit agenda (Exhibit I). Two were requested audits and ten were from the FY2015 risk assessment, which included four audits that were carried forward from FY2014. Further, two of the FY2014 audits, EMS Billing and P-card audits, were substantially completed by fiscal year-end and planned for release in early The four carry-over audits on the FY2014 agenda, were a result of FY2014 staffing shortages, resulting from two of our three auditors out on extended FLMA leave, and the third member of the staff leaving for another higher paying position in the private sector. Additionally, 500 hours were reserved in FY2014 for special requests from the Mayor, City Commission, and the operating departments. Post Audit Reviews Post audit reviews (PARs) are scheduled six to twelve months after the audits have been completed. The purpose of a post audit review is to determine if the auditee has implemented the audit recommendations they agreed to implement. This increases assurance that progress is being made on an operational level to correct items identified during the audits. We began our first PAR at the ECR facility during FY2015.

3 Professional Development The Internal Audit Department emphasizes professional development to keep our staff s audit skills current and improve our effectiveness and efficiency. To achieve this goal, we provide continuing professional education and support the staff s involvement in professional auditing and accounting organizations. The department follows the Government Auditing Standards. These standards require that each member of our staff obtain at least 80 hours of professional education every 2 years. All of the staff met or exceeded the professional training benchmark. We try to use training that is provided by local chapters of professional organizations as much as possible. These include organizations such as the Institute of Internal Auditors, the Association of Certified Fraud Examiners, Information Systems Audit and Control Association, Florida Government Finance Officers Association, and the Florida Audit Forum. Training from these groups is lower in cost and effective. Several staff members are active in auditing and accounting organizations. These include, on the local level, the Institute of Internal Auditors (IIA), the Association of Certified Fraud Examiners, the Information Systems Audit and Control Association, the Florida Government Finance Officers Association, and the Florida Audit Forum. Two auditors hold positions in the local chapter of the Institute of Internal Auditors (IIA). One of the staff is on the Board of Governors for both the Florida Audit Forum and the Palm Beach County Chapter of the Institute of Internal Auditors. Another staff member is a Vice President with the local IIA chapter. At the national level, one staff member sits on the Membership Committee of the Association of Local Government Auditors (ALGA). Staff Credentials Each staff member has a college degree in one or more of the following fields: Accounting, Finance, Business Administration, or Government. One member of the staff has a Juris Doctorate (J.D.). One or more members have professional certifications, these include: Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Government Auditing Professional (CGAP), Certified Fraud Examiner (CFE), Certified in Risk Management Assurance (CRMA), and Certified Internal Controls Auditor (CICA). Two auditors are preparing for certification as a Certified Internal Auditor. All have previous auditing and/or management experience in the public and private sectors. Implementation of Audit Recommendations Primary benefits of the work performed by Internal Audit include reduced costs, increased revenues, improved services, and accountablity. We do not directly produce these benefits; rather, they come from implementation of our recommendations. It is Internal Audit s responsibility to present accurate and convincing information that clearly support our recommendations. It is management s responsibility to implement them. The Mayor and the Administrators are responsible for ensuring the agreed upon recommended changes and improvements occur. Recommendations cannot be

4 effective without management s support and follow-up. The rate for fully or partially implemented audit recommendations, based on Management s responses to our recommendations was 74% during 2014, and 79% overall including the first half of We expect this number will rise significantly as we begin conducting our Post Audit Reviews. Cost Savings/Revenue Enhancements Identified/Efficiencies The Internal Audit Department s primary activity is conducting performance audits. A performance audit systematically examines evidence to independently assess the performance and management of a program or department against objective criteria. Performance audits also provide information to improve program operations and facilitate decision making by the organization with responsibility to administer or implement corrective action. Most of the audit reports result in recommendations that will improve resource utilization, reduce risk of loss of assets, increase productivity, or correct wasteful practices. Our recommendations can improve services to the community by making programs more effective and efficient. Moreover, they may identify revenue recoveries or may help determine how to increase future revenue flows. However, most of our work identifies significant potential economic impact that is difficult to quantify. The quantifiable savings and/or increased revenue opportunities identified during audits in progress during FY2014 were significant and could total well over $3 million. As previously mentioned, some of these benefits may take years to be fully realized. Further, some of these increases will reoccur annually (repeatable) and others are a one time occurrence. The savings and revenue enhancement estimates are noted below. Allied Chemical overcharges identified at the ECR - $32,400 Morton Salt overcharges identified at the ECR - $2,300 Additional Rental License Revenue possible through follow-up of Property Appraiser listed residential properties that are not homesteaded and potentially rented within West Palm Beach City Limits - $3,000,000 (may take several years to fully realize). Recovery of Fire Rescue transport revenues not billed by billing vendor ADPI - $2,463,700 (recovery of all of the unbilled revenues is unlikely due to low collection rates).

5 Exhibit l EXHIBIT I Internal Audit Work Plan for FY 2015 FY 2015 Audit work-in-process from FY 2014 AUD14-06/07 Warehouse & Inventory Audit FY 2015 Audit work carried over from FY 2014 AUD14-03 AUD14-05 AUD14-08 Fleet Maintenance Housing & Community Development Grants Management FY 2015 Scheduled Audits AUD15-01 AUD15-03 AUD15-04/05 AUD15-06 AUD15-07 AUD15-10 Water Treatment Plant Parks & Recreation Commercial and Residential Refuse & Yard Waste Collection Police Property Room & Impound Lots Parking Enforcements & Ticket Collections Procurement Process/Policy FY 2015 Requested Audits AUD15-09 AUD15-11 Finance Cash & Investments Chronic Nuisance

6 Exhibit ll EXHIBIT II Audits completed during FY 2014 Issue Date AUD13-02 ECR Wastewater Reclamation Facility 02/28/14 Audits substantially completed in wrap-up stage at end of FY 2014 AUD14-01 Accounts Receivable 02/27/15 AUD14-02 EMS Billing 04/28/15 AUD14-04 Business Tax 02/27/15 Note: Staffing was very limited during 2014 as a result of two out of our three auditors were out on extended FMLA leave, and one auditor resigned to accept a higher paying position in the private sector. During the first five months of 2015 (calendar year) 4 audits in progress during 2014 have been released and one presented to management for comments. Special Projects Completed FY2014 SR14-00 SR14-01 SR14-02 Hotline RFP and Implementation Vehicle Registrations Tax Recovery IT Risk Assessment

7 Exhibit III EXHIBIT III Audit Recommendation Status at Completion of Audits Audit Number of Recommendations Partially Not AUD13-02 ECR AUD14-04 Business, Rental and Special Events Taxes AUD14-01 Accounts Receivable AUD14-06/07 Warehouse and Inventory AUD14-02 EMS Billing Total Percentage 46% 33% 21%

8 EXHIBIT IV Audit Recommendations for Fiscal Years 2014 through Year Total 2 Year Percentage Number of Recommendations % Partially % Not % Recommendations are classified as partially implemented when action to resolve the issue identified in the audit has been started; however, due to either time constraints, funding limitations, or technical issues, the procedures were not fully in practice at the time of the completion of the audit. The Post Audit Review completed 6 to 12 months after the completion of the audit usually identifies higher implemention rates.

9 FY 2014 Exhibit Vll Year-End Performance Report Recommendations Not 21% 46% Partially Not Partially 33%