Opinion. reporting. Servicee Delivery. Scope Area. Findings. Evidence. research. 1 of 5

Transcription

1 TxDOT Internal Audit Regionalization Audit Reportt Objective To determine whether the Region Support Centers have standardized their operations and improved service delivery. Opinion Based on the audit scope areas reviewed, control mechanismss are effective and address risk factors and exposures considered significant relative to impacting financial reporting reliability, operational execution, and regulatory compliance. Internal Environment A goal of regionalization is to gain efficiency and improve service delivery. The Right of Way (ROW) function emphasizes minimizing delayss to letting, while Purchasing s goal is to keep working days from exceeding recommended days established in Service Level Agreements (SLA). Performance metrics havee recently been established to monitor performance and assist in decision-making related to resource investment and service delivery. Summary Results Scope Area Standardized Operations Servicee Delivery Findings None None Evidence No issues were identified. No issues were identified. Includedd in this report is a maturity model developedd by the Audit Office, based on research and analysis conducted during this engagement. 1 of 5 11/30/2012

2 Audit Scope The audit focus included Right of Way (ROW) and Purchasing functions managed by Region Service Centers (RSCs). The scope areas evaluated were 1) standardized operations and 2) service delivery. Audit team members included, Dennis Olson, Kim Wilson, Milan Hawkins, with oversight provided by Augustine Nwoko. Audit work was conducted during the period of April 7, 2011 to October 31, Methodology Reviewed applicable Standard Operating Procedures and Service Level Agreements (SOPs/SLAs), administrative Regionalization Restructure memo, and Regionalization Plan Assessment conducted by Deloitte Interviewed key RSC personnel and Operational Excellence Division staff Conducted statewide survey Developed Process Maturity model and evaluated the status of Regionalization Examined Region Service Center (RSC) performance reports using Regional Work Group recommended metrics Reviewed the September 2012 purchasing performance measure/metrics submitted by Regions and General Services Division Background This report was prepared for the Transportation Commission, TxDOT Administration and management. The report presents the results of the Regionalization Audit which was conducted as part of the Fiscal Year 2011 Audit Plan. TxDOT underwent Sunset Review during the legislative biennium. To prepare for the review, TxDOT contracted for a series of independent audits of its management and business operations by various firms. TxDOT management then performed a review and analysis of the findings and recommendations of the independent audits. At its March 26, 2009 meeting, the Commission approved the implementation of the draft regionalization plan, which originated from those audits. This resulted in the establishment of four Region Service Centers (RSCs) which transferred certain district responsibilities to the regions. The RSCs began operation September 1, As of the time of this audit, the regions had been operational for two and half years. The Region Service Centers operate according to four distinct business areas including Administration, Operations, Project Delivery, and Budget/Resource Management Support. The Regions developed procedures (Standard Operating Procedures (SOP) and Service Level Agreements (SLA)) for regional functions in The purpose of these procedures was to provide consistency, efficiency and cohesiveness for the regions in order to provide support to the client districts and streamline product delivery. The Regional SOP/SLA for each function included the detailed steps and processes and 2 of 5 11/30/2012

3 service delivery time commitment agreed upon among regions and various division offices. There were performance metrics proposed by the Regional Work Group; however, the performance metrics were not implemented. Modernization teams were to develop standardized regional performance metrics, including ROW and Purchasing functions, but they were not completed during the timeframe of this audit. We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. A defined set of control objectives was utilized to focus on financial, operational and regulatory goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against financial misstatement, operational sub-optimization, or regulatory non-compliance, particularly in areas not included in the scope of this audit. 3 of 5 11/30/2012

4 Regional Support Centers Maturity Model The regions were established in 2010 and are currently experiencing structural changes in alignment with TxDOT overall strategies. The following maturity model, Figure 1, recognizes the progress made by the regions and provides high level guidance for the regions to attain higher levels of performance. The audit team developed the maturity model by utilizing components of various maturity models reviewed during this engagement. 5. Optimizing 1. Startup 2. Repeatable 3. Defined 4. Managed Basic project management processes are established to track cost, schedule and functionality. The necessary discipline is in place to repeat early successes. Detailed measures of the process and product quality are collected. Both the process and the products are quantitatively understood and controlled. The process for both management and completion of work is documented, standardized and integrated in the RSCs methodology. Continuous process improvement is enabled by quantitative feedbacks for the process and from piloting innovative ideas and technology. RSCs are between Levels 2 and 3 The process is ad hoc. Few activities are explicitly defined, and success depends on individual effort & heroics. Movement up the maturity model can be expected with additional time and focus on process improvement/operational excellence for regional processes and activities. 4 of 5 11/30/2012

5 Summary Results Based on Enterprise Risk Management Framework Audit Results Dashboard Regionalization Audit Scope Areas Evaluated Business Objectives (Financial, Operational, Regulatory) F, O, R F, O, R ERM Component Control Activities Standardized Operations Service Delivery Internal Environment Organizational Tone Ethical Culture & Attitude Planning Objective Setting Forecasting Goal-Setting Cost-Benefit Analysis Event Identification Risk Assessment Risk Response Business Continuity Evaluations/Analysis Management Action Plans Policies/Procedure Development & Maintenance Approvals/Authorizations Control Activities Supporting Evidence/Records Availability Segregation of Duties Safeguarding Assets Information Classification Information & Communication Information Input Information Processing Output/Reporting and Messaging Exception Reporting Review Monitoring Reconciliations/Root-Cause Analysis Peer Reviews Management Representations Scope Area Assessment Rating Assessment Grid Legend Exemplary Satisfactory Needs Improvement Unsatisfactory Closing Comments The results of this audit were reviewed and discussed with Region Directors and Administration. We appreciate the assistance and cooperation provided by Region Support Center management and staff during this audit. 5 of 5 11/30/2012