Audit Plan for Fiscal Year 2014 TxDOT Audit Office

Transcription

1

2 Exhibit A Audit Plan for Fiscal Year 2014 TxDOT Audit Office Introduction This is the proposed Audit Plan (the Plan) for FY It was developed by the Chief Audit Executive and audit staff. The Plan includes proposed internal and external audits to be performed by the Audit Office, including the audit resources for FY The Plan will be distributed department-wide after it is approved by the Texas Transportation Commission (Commission). Continuous evaluation of the Plan, based on risks identified, could result in modifications being made during the year. These modifications will be proposed to the Audit Subcommittee and included in the Plan, if approved. Risk Assessment The Audit Office performs a department-wide risk assessment to develop the annual Internal Audit Plan. The risk assessment process is conducted to assign the Audit Office s resources and includes: Performing an evaluation of department functions, based on objective criteria and professional judgment Review and consideration of prior audit results Obtaining input from members of the Commission, Administration and Management Review and consideration of the Federal Highway Administration (FHWA) Risk Assessment Review and consideration of the Office of Compliance and Ethics Risk Assessment Review and consideration of Investigative Trends Review and consideration of Professional/Industry standards Review and consideration of Moving Ahead for Progress in the 21 st Century (MAP-21) The Audit Office will provide quarterly status reports on audit activities to the Commission, and we will present the results of completed audits at quarterly Audit Subcommittee meetings. Audit Plan The Plan consists of 55 risk-based, value-adding engagements for the fiscal year. The audit engagements (including FY2013 Audits Carried Over) are divided into four areas of focus and coverage, as follows: Full Scope Audits Large scale program and/or business unit focus Limited Scope Audits Limited-scope engagements; focused on design and effectiveness of key regional/district business operations Management Action Plan (MAP) Follow Up Follow up engagements designed to determine risk remediation (these can occur at least 6 months from the original audit engagement s completion, based on risk) Advisory Service - Requests by management to assist in improving risk management and operations (value-added, non-audit services/consulting)

3 A contingency list of five engagements is also included in the Plan. This provides for additional coverage if the above engagements are completed prior to the conclusion of the fiscal year. Internal Audit Audit Plan FY 2014 Full Scope Audits (17) Records Management Program Bid Estimation Revenue Accounting Encumbrance Review Work Zone Safety CCO Work Authorization Process PEPs Contract Process Review FIN Penalities/Mitigation IT Service Level Contract Management /Billing Limited Scope Audits (15) Material Quality of Non-Bid Items Maintenance Operations Metropolitan Planning Organization Plan Review Process COMPASS Vegetation Management Procurement Policies and Procedures Unified Transportation Program (UTP) HR Procedures Management Rail Project Management ROW Acquisition FIN Project Ledger and Federal Receivables Toll Operations Contract Management Highway Performance Monitoring Systems Reporting CDA Central and South Texas Off-System Bridge Program Public Transportation Grant Management ROW Maps, Survey, & Utilities RTI Billing /Accounts Payable Traffic Logo Program Electronic Bidding Letting Management Highway Condition Reporting Travel Information Center Safety Management Action Plan (MAP) Follow Up (12) Ferry Operations Physical Security Equipment & Maintenance General Controls Review IT Local Government Project Monitoring Multiple Use Agreements Communication of Policies and Guidelines Purchase of Service Office of Civil Rights Disaster Recovery IT Receivables Management Statement of Cost Safety Program 2 of 4

4 FY2013 Audits Carried Over (4) Bond Covenants Receivables Management Statement of Cost Advance Funding Agreements Toll Operations Contingency List (5) Payment Processing Efficiency Enterprise Resource Planning (ERP) Implementation Cash Forecasting Funds Management Training Effectiveness HRD Hiring Process External Audit External audit coverage is expected to include 906 contracts generating approximately $1.6 million in audit exceptions. We estimate that 211 consultant engineering firms will submit CPA overhead audit reports which we will evaluate for administrative qualification requirements. Additionally, we will receive approximately 350 CPA Single Audit Reports on local governments and non-profit organizations that will provide for audit coverage to approximately $300 million in grant expenditures. External Audit will provide Advisory Service coverage to fulfill requests by management to assist in improving risk management and operations (value-added, non-audit services/consulting). Additionally, coverage in support of the department s Spirit of Sarbanes-Oxley program will be provided. Advisory Service (7) Environmental NEPA Traffic Safety Grant Monitoring Sarbanes-Oxley (SOX) Disclosure SOX Key Controls Testing Purchase Card Enhancements Traffic Safety Pre-Award Audits Project Health Management Information System (PHMIS with focus on Primavera 6) 3 of 4

5 Audit Resources for FY 2014 There are 63 employees allocated to the Audit Office for FY The expected budget for the audit function is $3.8 million. The employees will be allocated as follows: Internal Audit 39 External Audit 11 Investigations 5 Audit Administration 8 The Texas Internal Auditing Act requires the governing board of a state agency to periodically review the resources dedicated to the internal audit program. This helps determine if adequate resources exist to ensure that risks identified in the annual risk assessment are adequately addressed within a reasonable time frame. Our planned resources (employees and operating budget) are adequate to complete the engagements listed in the Plan. We believe the proposed projects listed in the Plan allocate audit resources to the highest priorities and risks of the agency. Our continuous risk assessment program and communication with the Audit Subcommittee allows flexibility to address other risk areas that are identified during the year. 4 of 4