OFFICE OF INSPECTOR GENERAL. OIG Risk Assessment and Proposed Work Plan

Transcription

1

2 OFFICE OF INSPECTOR GENERAL OIG Risk Assessment and Proposed Work Plan Stephanie C. Kopelousos Secretary June 25, 2009 Ron Russo Inspector General INTRODUCTION The purpose of this memorandum is two-fold: 1) To share the results of our annual risk assessment survey; and 2) To provide our proposed 2009/2010 (OIG) Work Plan for your review. The approved work plan document will guide our work throughout the year but will be adjusted to meet management needs as other priorities are identified. As you know, the American Recovery and Reinvestment Act (ARRA) of 2009 calls for unprecedented levels of federal funding designed to energize our economy and to address the many other challenges facing our nation. In return for such funds, ARRA requires fund recipients to heighten the level of accountability and transparency. We are available to discuss the risk assessment and proposed work plan topics at your convenience. RISK ASSESSMENT SURVEY As part of the OIG Annual Risk Assessment process, we surveyed 676 department managers about department risks. We had a 25% response rate. The survey consisted of 10 questions about: Emerging Issues of Concern; Executive Committee Topics; Significant Events and Changes; Management Controls; Staffing and Resources; Data Systems and Information; and Fraud. Enhancing Public Trust through Professionalism and Respect

3 RISK SURVEY RESULTS The survey results highlight department risk areas that should help you understand what your managers perceive as the most significant department risks. This information can be used to establish priorities as well as help you evaluate the proposed OIG work plan topics. More detailed survey information will be made available upon request. We have summarized the survey results below. Department-related Issues: When asked Which department-related issues concern you the most? survey respondents expressed concerns in the following areas: o Budget Reductions; o Staffing (Pay, Retirements, Succession Planning, Possible Reductions); o Right of Way; o Information Technology Security; o Over-weight Trucks; o Uniform Processes Across the Department; and o Asphalt Quality Control. To synopsize the responses to this question - management expressed concern about the ability to fulfill the department s mission with expected impacts to staffing, resources and corporate knowledge levels. Executive Board Topics: The topics listed below were routinely discussed at the Executive Board and Workshop over the past year. We asked management to rank these items. The topics are presented in the order they were ranked by the respondents. The number represents the percent of respondents who ranked each item as High risk. TOPIC High Risk Bridge Inspection, Repair and Replacement 47% Hurricane Issues 45% Claims Negotiation 36% Contract/Grant Enforcement 35% Contract Negotiation 31% Consultant Evaluation/Grading Process 27% Contractor Evaluation/Grading Process 26% Contract/Grant Monitoring 26% Intelligent Transportation Systems 20% Contract/Grant Development 13% Research Center Master Contract 7% Risk Assessment/Work Plan Page 2

4 The following chart presents these results in graph format: The following highlight some of the respondent s comments related to these topics. Bridges: Perform risk-based bridge inspection scheduling rather than two-year cycle to achieve cost savings; Prioritize to address issues with aging infrastructure; and Weight restriction enforcement - prevent infrastructure damage. Hurricane Issues: Evacuation and Contraflow Plans In advance of the event, coordinated with locals; Staffing Reductions Ability to handle major hurricanes; Reimbursement o Clearer guidelines needed o Training for consultants in Federal Highway Administration (FHWA) requirements. Risk Assessment/Work Plan Page 3

5 o Timeliness of federal reimbursement. Contract/Grant Development: Review Boilerplates Used for many years without update; Local Government Contract/Grant Clause Agreement expires if funds not used by DATE; and Negotiations Lump sum contracts. Contract/Grant Monitoring: Staffing Experienced/Trained; Monitoring all Funds Expended at the Local Level; and Enforceable Invoicing Contract Language. Significant Events: We asked For your program area, please discuss significant events that occurred in the last year which generated interest from the media, public interest groups, or senior management. With respect to media and public interest, respondents identified the following: ARRA; Revenue Reductions Work Program Impacts; Public Private Partnerships (I-595 & Alligator Alley); and Local Issues. With respect to senior management, respondents identified the same topics but added the following IT issues: Mainframe Consolidation; Expanding Video Conferencing Infrastructure; and Remote Access to the Department s Network by non-department personal computers. Internal Controls: We asked respondents to rate their confidence in internal management controls. Ninety-one percent indicated that controls were strong (35%) or adequate (56%). There was a difference between the responses of Directors and Managers indicating a higher percent of managers feel that controls are strong (37% compared to 25% of Directors). Also, 12% of Managers indicated they feel controls are weak. Directors Controls are Strong 25% Controls are Adequate 75% Managers Controls are Strong 37% Controls are Adequate 51% Controls are Weak 12% Risk Assessment/Work Plan Page 4

6 A few comments submitted in response to this question addressed decentralization and communications from Central Office. These responses indicate that communications tend to be slow and top-down only. Staffing: Personnel issues seem to be the largest single process that causes concerns in the work units. When asked if managers are able to maintain the necessary expertise to carry out their job functions, 74% agreed. This indicates that approximately a quarter of those surveyed do not believe the department has adequate staffing. For the 74% who agreed, respondents noted issues on the horizon including: Retention; Compensation; Succession Planning; and Training. Resources: More than a quarter of respondents (29%) could not agree that they have adequate resources (equipment, materials, supplies and budget) to carry out their job functions. As the following information demonstrates, more Directors felt resources were adequate than those at the manager level. Areas of concern were: Expense (Travel, Training and General Cost of Operations); Fuel and Utilities Costs; Aging Heavy Equipment and Vehicle Fleet; and Technology Rapidly Changing Environment Directors Agree 79% Disagree 21% Managers Agree 71% Disagree 29 % Data Systems: When posed with the statement, The major data systems I rely on for management information provides sufficient information for decision making, 79% of respondents agreed. Of the 21% who disagreed, the following concerns were identified: Right of Way Management System; Outdoor Advertising System; Crash Data History The Department of Highway Safety and Motor Vehicles retains only five years; and Financial Management System. Comments also indicated a general desire for more ready access to data and ease of manipulation not found in older legacy systems. Risk Assessment/Work Plan Page 5

7 Change: When prompted with the statement, My work unit has undergone significant change in our business processes within the last year, slightly more than a third (36%) of Directors and Managers indicated that there were significant changes. Directors focused on changes to IT Systems and Management Personnel. Managers focused on changes in travel and expense money and related processes. When asked about the effectiveness of changes Directors and Mangers responded the change was: Directors Managers Effective 50% 43% Non-Effective 7% 21% More Time Needed to Assess 43% 36% Fraud Risk: We asked respondents to describe any fraud risk specific to their area. Areas noted as having higher risk of fraud include: Contractors - Bribes; Right of Way Appraisals and Expert Fees; Right of Way Kickbacks; Misuse of IT Resources; Maintenance Inspections-Bribes; Contractor Quality Control o Contractor Error Rate 3-8% o Independent Sample Error Rate 20-25% Time Abuse Stealing Time, Long Lunches, Flex Time, Field Offices; Contract Negotiations; and Use of Vehicles. OIG Requests: We asked Do you have a program or function which would benefit from having an independent assessment? If so, please describe. Respondents identified the following areas which would benefit from independent assessment: Right of Way Legal Settlements; South Florida Regional Transportation Authority; Land Acquisitions - Eminent Domain Process; Access and Drainage Permits; Laboratory Information Management System- Consultant User Access Process; and Professional Services Contracting More Final Audits. Risk Assessment/Work Plan Page 6

8 AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 The has committed significant resources to ensure appropriate audit coverage of the department s $1.5 billion of ARRA funding. Risks associated with the expenditure of ARRA funds may be increased by the considerable number of projects and the accelerated business processes for project advertisement, bid, award and letting activities. These risks may include: Failure to include ARRA reporting requirements in transportation project agreements and contracts; Non-compliance of ARRA and Disadvantaged Business Enterprise/Minority Business Enterprise reporting by the department/contractors resulting in loss of ARRA funding; Inadequate competition for transportation projects; Increased costs for materials due to higher demand; Paying too much for services, paying for unnecessary services, and paying for services not received; and Cost overruns and funding shortfalls may cause funds to be spent for purposes other than intended by contracts and grants, result in the failure to contribute adequate matching funds, increase the risk of misappropriation, jeopardizing the project s success. We have established a Rapid Review, Advisory and Consulting team which will be primarily responsible for the OIG s ARRA-related reporting, monitoring and oversight efforts. Staff throughout the office will focus audit efforts on ARRA projects and agreements. Through planned audit and investigative activities we are confident we can provide increased levels of monitoring, oversight, accountability and transparency. As part of the OIG s on-going ARRA-related activities we plan to: Monitor how ARRA funds are being spent and conduct construction site visits to review project billing documentation; Conduct unannounced construction site visits to help deter fraud; Review change orders and supplemental agreements of ARRA projects to ensure there is adequate justification and support for the changes; Monitor the implementation of the state agency s response to any report on the state agency issued by the Auditor General or by the Office of Program Policy Analysis and Government Accountability, the Government Accountability Office, FHWA or any other related entity; Provide investigative services (as needed) for all ARRA projects; Monitor the residual economic effects of ARRA funds resulting from Florida construction projects; Analyze bids to examine the effects ARRA funds have on upcoming bids for our non-arra regular work program projects that include non-arra Federal Funds; Risk Assessment/Work Plan Page 7

9 Provide oversight for new Public Private Partnership projects which may result from the use of ARRA funds; and Review unsolicited project proposals (resulting from improved economic market conditions and the influx of ARRA funds). The OIG welcomes the responsibility and opportunity to assist in the oversight, transparency and accountability of the ARRA funds. We will continue to coordinate our efforts with those involved in the accountability community. We are committed to completing timely, efficient, and effective monitoring and oversight activities and plan to keep the FHWA and Congress informed of our progress. Risk Assessment/Work Plan Page 8

10 PROPOSED WORK PLAN The following pages contain our proposed work plan provided for your review. We have listed the proposed projects by Audit Unit and provided a brief statement explaining the project selection criteria Work plan Selection Criteria Rapid Review, Advisory and Consulting ARRA POLICY AND OPERATIONS Transparency, Accountability and Oversight Performance and Information Technology Bridge Inspections Contract Management/Negotiation (Department Training) Performance Measures Quality Assurance/Quality Control Follow-up Right of Way Payment Card Industry 2010 AEIT Risk Assessment Annual Review District 6 LAP Application Development ARRA Application Operations and Maintenance FLAIR Contract Data Review MicroStation Home Use Program Use and Administration DBE Application - Data Integrity Agency IT Continuity of Operations Plan System Development Monitoring and Review Data Classification Monitoring Data Mining District Information Technology Reviews Use of Work Program Funds for IT Information Technology Forensics Internet and - Appropriate Use, Monitoring and Analysis ITR Monitoring and Compliance Reviews Computer Security Incident Response Team (CSIRT) Risk Assessment Issue - Costs/Policy Compliance Risk Assessment Issue - Costs/Policy Compliance Statutory Compliance - Recurring Work Plan Item Compliance - Statutes, Policies and Procedures Risk Assessment Issue - Economic Impact-Costs/Compliance Compliance - Recurring Work Plan Item Compliance - Recurring Work Plan Item OIG Identified Compliance - Reporting, Transparency, Accountability and Oversight OIG Identified Compliance - Policies Data Integrity Continuity of Operations IT Controls and Security IT Security - Management Request Identify Potential Fraud and Other Risks IT Controls and Security Compliance - Management Request Compliance - Statutes, Policies and Procedures Compliance - Statutes, Policies and Procedures Security - Protection of Assets Risk Assessment/Work Plan Page 9

11 Transportation Department Rates FDOT Fringe Benefit Rate FDOT Indirect Rate Monitoring OIG Billing Rate CSXT 2009 Rate Santa Rosa Bay Bridge Authority - Compilation Aviation Projects Seaports Expressway Authorities Transit Projects Utility Relocation Public Private Partnerships (PPP) ACQUSITION AND PROCUREMENT Recurring Management Request - Robin Naitove - Supports Billing Recurring Management Request - Robin Naitove - Supports Billing OIG Identified - Supports Billing Recurring Management Request - Supports Billing Recurring Management Request - Marsha Johnson Economic Impact-Costs / Compliance - Policies Contracts Accounting System Reviews Consulting Firm Rate Reviews Consultant Finals Contract Final/Interim Multiple Contracts Lump Sum Contracts CPA Work Paper Reviews Other Rate Reviews (Self Cert/Provisional/Dist Assist) Contract Modification Reviews (includes Claims) Miami Intermodal Center - GMP #4 Mega Project Monitoring Single Audit Single Audit Liaison Single Audit District Reviews Single Audit Training Help Ensure Accuracy of Professional Services Billings Help Ensure Accuracy of Professional Services Billings Help Ensure Accuracy of Professional Services Billings Help Ensure Accuracy of Professional Services Billings Help Ensure Accuracy of Professional Services Billings Recurring OIG Work Plan Item Recurring OIG Work Plan Item Recurring OIG Work Plan Item Risk Assessment/Work Plan Page 10

12 ATTACHMENT 1 Addressee and Distribution List Stephanie C. Kopelousos, Secretary Copies distributed to: Kevin Thibault, Assistant Secretary for Engineering and Operations Debbie Hunt, Assistant Secretary for Intermodal Systems Development Bill Thorp, Interim Assistant Secretary for Finance and Administration Jon Bussey, Deputy Chief of Staff/Legislative Programs Administrator Risk Assessment/Work Plan Page 11

13