Internal Audit Report. Contract Administration - Closeout Phase TxDOT Internal Audit Division

Transcription

1 Internal Audit Report Contract Administration - Closeout Phase TxDOT Internal Audit Division

2 Objective To evaluate and verify the contract closeout process on selected construction and maintenance contracts including final payment, record retention, vendor evaluations, and other documentation. Opinion Based on the audit scope areas reviewed, control mechanisms are effective and substantially address risk factors and exposures considered significant relative to impacting reporting reliability, operational execution and compliance. The organization s system of internal controls provides reasonable assurance that key goals and objectives will be achieved despite control gap corrections and improvement opportunities identified. Control gap corrections and improvement opportunities identified have the potential to negatively impact the achievement of the organization s business/control objectives. Overall Engagement Assessment Satisfactory No findings were identified through the course of fieldwork; however, an observation with a recommendation has been provided in this report which could further improve procedures supporting the SiteManager approval process. Control Environment The district offices, with guidance from Construction Division (CST) and Maintenance Division (MNT), are the offices of primary responsibility for the contract closeout process. CST has provided the SiteManager Contract Administration User Manual (May 2006) as guidance for closing projects in SiteManager, including inspections, approvals, and required documentation. An updated version of the user manual has been drafted and is pending final approval. Items tested for approval and supporting evidence indicated district personnel were following the manual. May

3 Summary Results No findings were identified, based on fieldwork performed. Scope areas below were evaluated and were designed and operating satisfactorily: Finding Scope Area Evidence Contract File Review To determine whether districts had complete documentation related to the closeout process various control activities were tested and the following results were noted: 18 contract files in the seven districts reviewed were complete and accessible for review Each district tested also created checklists for use during the contract closeout phase To determine if the districts review and process final None Identified estimates timely and according to policy, payment requests submitted to the Financial Management Contract Invoice Review Division were reviewed and the following was determined: No variances were noted between the estimates submitted and total amount paid Contract Data Integrity 18 final estimates were approved appropriately To determine if contracts identified as completed in SiteManager are closed in TxDOT reporting, selected 54 contracts marked as completed and verified that all contracts reviewed were reported correctly. Audit Scope The engagement focused on the contract closeout process to ensure that the judgmentally selected districts for this audit complied with TxDOT policies and procedures. Eighteen inactive contracts as of September 30, 2015 (10 construction and 8 maintenance) from seven districts were reviewed and tested for adequate closing documentation, review, and approval. Districts were selected based on type and that they were closed during Fiscal Year Districts selected included Brownwood, Dallas, Fort Worth, Laredo, Pharr, San Angelo, and Yoakum. The audit was performed by Kathy Baca, Milan Hawkins, Bill Urbina and Eva Vargas (Engagement Lead). The audit was conducted during the period from September 28, 2015 to November 27, Methodology The methodology used to complete the objectives of this audit included: Reviewed the SiteManager Contract Administration User Manual (2006) Reviewed TxDOT policies and procedures for the close-out process Researched Texas Administrative Code, TxDOT administrative memorandums, and federal statutes on contract administration Interviewed key district personnel in the Construction Division (CST) and Maintenance Division (MNT) May

4 Selected a judgmental sample of CST and MNT contract files for review and testing Reviewed selected Financial Management Division (FIN) reports Verified status of active contracts with termination from SiteManager report Background This report is prepared for the Texas Transportation Commission and for the Administration and Management of TxDOT. The report presents the results of the Contract Administration: Closeout Process which was conducted as part of the Fiscal Year 2016 Audit Plan. The districts are responsible for the contract closeout process for their Construction and Maintenance agreements. The SiteManager Contract Administration User Manual (2006) provides guidance on how to perform this process. Using the manual, the districts have created checklists for use during the closeout process. The checklists serve as reference tools outlining the proper steps to perform during the closeout process. The district offices are also responsible for retaining complete contract files. As per the SiteManager Contract Administration User Manual (2006), all essential documentation such as copies of the executed contracts, acceptance letters, various reports (such as the Over and Underrun Report, Contract Line Report, and Sampling Checklist Report), and approved monthly estimates should be kept together for future reference. We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. Recommendations to mitigate risks identified were provided to management during the engagement to assist in the formulation of the management action plans included in this report. The Internal Audit Division uses the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Integrated Framework version A defined set of control objectives was utilized to focus on reporting, operational, and compliance goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of the enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against reporting misstatement and reliability, operational sub-optimization, or non-compliance, particularly in areas not included in the scope of this audit. May

5 Observation and Recommendation Audit Observation (a): Policy and Procedures for District Approval Levels Individuals in the district construction and maintenance offices were noted with the access to change Contractor Payment Approval Levels. These approval levels document supervisory review of input and should be established by district policy. The ability to make changes to the default approval levels should be documented in district policy and should ensure adequate segregation of duties between those who can make changes and those who approve. In the districts reviewed, no district internal policies governing changes to SiteManager approval levels were available identifying which individuals were authorized to modify the approval levels in SiteManager. Effect/Potential Impact The ability to change approval levels without supervision or review could allow monthly and final estimates to be approved by unauthorized individuals resulting in erroneous vendor payments. Audit Recommendation The districts should develop and implement policy and procedures for authorizing and justifying which individuals are allowed to modify approval levels in SiteManager. To limit additional risk, individual(s) authorized to modify the number of approval levels should not be part of the approval process in SiteManager. Finally, the authorization and justification for any of the approval modifications in SiteManager would need to be retained for future reference and audit trail. May

6 Summary Results Based on Enterprise Risk Management Framework Closing Comments The results of this audit were discussed on November 23, 2015 with the Construction and Maintenance Divisions along with District Engineers for those districts selected. We appreciate the assistance and cooperation received from the Construction and Maintenance Divisions; as well as, the Brownwood, Dallas, Fort Worth, Laredo, Pharr, San Angelo, and Yoakum districts contacted during this audit. May