Internal Audit Report. Post Implementation Review PeopleSoft Project Costing TxDOT Internal Audit Division

Similar documents
Internal Audit Report. Post Implementation Review PeopleSoft Accounts Payable TxDOT Internal Audit Division

Internal Audit Report. Contract Administration - Closeout Phase TxDOT Internal Audit Division

Internal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division

Internal Audit Report

Internal Audit Report. Bulk Fuel Management and Reporting TxDOT Internal Audit Division

Internal Audit Report

Internal Audit Report. Toll Operations: FHWA Reporting TxDOT Office of Internal Audit

Internal Audit Report

Internal Audit Report

Internal Audit Report. Contract Administration TxDOT Office of Internal Audit

Internal Audit Report. Vegetation Management: Non-Contracted Herbicide Operations TxDOT Office of Internal Audit

Internal Audit Report

Internal Audit Report. Unified Transportation Program TxDOT Office of Internal Audit

Internal Audit Follow-Up Report

Internal Audit Report. Rail Project Management TxDOT Office of Internal Audit

Internal Audit Follow-Up Report

Internal Audit Follow-Up Report

Internal Audit Follow-Up Report

Internal Audit Follow-Up Report. General Controls - IT TxDOT Office of Internal Audit

TxDOT Internal Audit Internal Audit Report Purchase of Services Audit

Internal Audit Report. Professional Engineering Procurement Services (PEPS) Consultant Procurement Process TxDOT Internal Audit Division

Internal Audit Report

Internal Audit Follow-Up Report

Internal Audit Follow-Up Report

Internal Audit Follow-Up Report

CITY OF CORPUS CHRISTI

Audit of. Accounts Payable Procedures

REPORT 2013/123. Audit of Managing for Systems, Resources and People System interfaces FINAL OVERALL RATING: PARTIALLY SATISFACTORY

Internal Audit Follow-Up Report

Internal Audit Report

Internal Audit Follow-Up Report

Internal Audit Report Accounts Payable September 2017

Internal Audit Report. CDA Monitoring Process TxDOT Audit Office

Internal Audit Follow-Up Report

Internal Audit Follow-Up Report

Financial Controls Checklist

Table of Contents. Executive Summary...3. Overview of Division...5. Summary of Accomplishments...6

TxDOT Internal Audit Letting Programming and Scheduling Function (1101-2) Department-wide Report

Internal Audit Report. Materials Inventory. October 31, To:

Internal Audit Follow-Up Report

Internal Financial Control (IFC)& Internal Financial Controls over Financial Reporting (IFCoFR)

THE UNIVERSITY OF TEXAS AT DALLAS Office of Internal Audit 800 West Campbell Rd., ROC 32, RICHARDSON, TX (972)

TxDOT Internal Audit Follow-Up Report Tuition Assistance Program

CORRECTIVE ACTION MATRIX

TxDOT Internal Audit Internal Audit Report. Facilities Management Audit

HHS & NSF Audits of FDP Payroll Certification Pilots

Financial Ledger FINAL INTERNAL AUDIT REPORT 2015/16. Hywel Dda University Health Board. NHS Wales Shared Services Partnership

CORRECTIVE ACTION MATRIX

Plugging the Gaps in Financial Controls Monitoring

Internal Audit Follow-Up Report

Audit of Core Management Controls. Internal Audit Sector

Infor Risk & Compliance Monitor and control risk across your business

ACTION Agenda Item I ANNUAL AUDIT REPORT December 6, 2002

Financial CIA-I. Certified Internal Auditor (CIA) Download Full Version :

Internal Audit Follow-Up Report. Compass TxDOT Office of Internal Audit

UTPA FY2013 Financial Audit

Internal Audit Follow-Up Report

MPPM II INITIATIVE OVERVIEW

The use of CAATS in Auditing Application Controls. Institute Of Internal Auditors Zambia/ISACA Zambia Chapter, 28 August 2014 Tricha Simon

Internal Audit Follow-Up Report

PeopleSoft Highlights. PeopleSoft CoE

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Position Description Questionnaire

FY 2016 Annual Audit Report

PEORIA COUNTY, ILLINOIS

Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

TRA Internal Audit Fiscal Year 2019 Audit Plan

PROJECT SUMMARY. Summary of Significant Results

Employee Expense Audit

Tarleton State University: Review of Financial Management Services PROJECT SUMMARY. Summary of Significant Results

FLORIDA DEPARTMENT OF TRANSPORTATION

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

Bisan Enterprise. Governmental Edition. A New Dimension in Financial Management Applications

Department of Biology

The definition of a deficiency is also set forth in the attached Appendix I.

Market Data Reporting

Internal Control Program

Prairie View A&M University Audits Fiscal Office

STATE OF OREGON invites applications for the position of: Accountant II (Staff Accountant)

Internal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit

Bank Account Creation, Management, and Oversight at University of Wisconsin-Stevens Point. Office of Internal Audit

Opinion. reporting. Servicee Delivery. Scope Area. Findings. Evidence. research. 1 of 5

The University of Texas at San Antonio. Internal Audit Annual Report For Fiscal Year As required by the Texas Internal Auditing Act

A Magical Grants WorkCenter. July 14, 2017

Finance Committee, Board of Health Elizabeth Bowden, Interim Director of Administrative Services FINANCIAL CONTROLS CHECKLIST

The definition of a deficiency is also set forth in the attached Appendix I.

PeopleSoft v9.1 Project Costing Training Agenda

Seattle Public Schools The Office of Internal Audit

SEGREGATION OF DUTIES for SAP

GAIT FOR BUSINESS AND IT RISK

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

LeiningerCPA, Ltd. INTERNAL CONTROL PROCEDURE STATEMENT

Detailed competency map

The University of Texas at Tyler. Contract Administration Audit

College of Engineering and Computer Science Dean's Office

Office of the City Manager

Audit of the Integrated Services Function at Selected Research Centres

1. Corporate management (including the CEO) must certify monthly and annually their organization s internal controls over financial reporting.

Results in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019

Performance Audit: Accounts Receivable

Transcription:

Internal Audit Report Post Implementation Review PeopleSoft Project Costing TxDOT Internal Audit Division

Objective To determine if the implementation for project costing and the control design provides for effective and efficient business operations. Opinion Based on the audit scope areas reviewed, control mechanisms are effective and substantially address risk factors and exposures considered significant relative to impacting reporting reliability, operational execution, and compliance. The organization's system of internal controls provides reasonable assurance that key goals and objectives will be achieved despite control gap corrections and improvement opportunities identified. Control gap corrections and improvement opportunities identified have the potential to negatively impact the achievement of the organization's business/control objectives. Overall Engagement Assessment Satisfactory No findings were identified through the course of fieldwork; however, an observation with a recommendation has been provided in this report which could further improve the system access evaluation process for the project costing module in the Financial Management Division. Control Environment TxDOT implemented the Oracle PeopleSoft (PeopleSoft) Project Costing (PC) module in October 2014 and added customized functionality to drive efficiencies in operational and reporting functionality. Although PC relies on interfaces from other modules and systems (e.g., PeopleSoft Accounts Payable, SiteManager, Right of Way Information System), daily reviews of automated reports are performed to confirm the accuracy and reliability of information in the PC module. Financial Management Division has noted discrepancies in the data produced by the automated reports generated through Structured Query Language (SQL). As a result, compensatory controls have been implemented by the Financial Management Division (FIN) to perform additional reviews to identify and correct erroneous data. The PeopleSoft PC module implementation delivered efficiencies to the project costing process and subsequently decreased the amount of time to manage project costs throughout the project life-cycle. The PC module is supported by TxDOT employees, as well as, a third party service provider (vendor). The vendor supporting the PeopleSoft application software is also responsible for correcting module issues and developing query reports for TxDOT users. TxDOT system administrators who also support the module will approve and review changes completed by this vendor. Summary Results No findings were identified, based on fieldwork performed. The scope areas below were evaluated and were designed and operating satisfactorily: August 2016 2

Finding Scope Area Evidence 3 of 1934 (.2%) employees with access to Project Costing on June 7, 2016 were found to be terminated on May 31, 2016 None User Roles 6 of 127 (5%) employees who transferred to a new role and Identified no longer needed Project Costing access still maintained read-only access. This presents minimal risk as read-only access is permissible to employees across TxDOT. None Identified Data Accuracy and Reliability 83 of 83 (100%) projects tested were loaded correctly from Design and Construction Information System (DCIS) and activated in PeopleSoft 10 of 10 (100%) projects tested with amounts reported via a FIN overrun query were validated against data in PeopleSoft 10 of 10 (100%) project totals tested in PeopleSoft reconciled to project totals in SiteManager Audit Scope Audit testing was completed on PeopleSoft Project Costing for the period May 1, 2015 through May 31, 2016. User roles and PeopleSoft Project Costing access were evaluated to determine adequate control design and operating effectiveness exists to provide segregation of duties. Additional user access testing was performed to determine if authorized access is adequately monitored and maintained. A sample of TxDOT projects, including a representation of those that are high dollar amount and geographically dispersed, was selected for further control design and operating effectiveness testing. The sample project data was tested for data accuracy and reliability between PeopleSoft Project Costing and SiteManager. Additional testing was performed to verify data accuracy and reliability in PeopleSoft Project Costing from data that originated in DCIS. In addition, a random sample of projects listed on a FIN overrun query was also selected to determine the accuracy and reliability of overrun reporting The audit was performed by Jessica Esqueda, Jehryca Rayford, Ky Stafford and Casey Kopcho (Engagement Lead). The audit was conducted during the period from May 23, 2016 to July 29, 2016. Methodology The methodology used to complete the objectives of this audit included: Reviewed TxDOT internal documents, including Financial Management Division (FIN) and Information Management Division (IMD) policy and procedure manuals, organization charts, process maps, and management reports Reviewed state codes and manuals, including State of Texas Procurement manual, Texas Government Code, and Texas Administrative Code sections for purchase rules Reviewed prior audit reports from TxDOT s Internal Audit Division, and Texas State Auditor s Office Evaluated control design and operating effectiveness of the project costing process August 2016 3

Reviewed the Financial Supply Chain Management (FSCM) Functional Roles and Responsibilities for Project Costing between May 1, 2015 and May 31, 2016 which was used as the criteria for access security policy Reviewed employees assigned FSCM Project Costing roles between May 1, 2015 and May 31, 2016 to validate access was in accordance with security policy Tested PeopleSoft Project Costing employee access against list of terminated and transferred employees to validate access management for departed employees as of June 7, 2016 Interviewed key stakeholders, including staff and management, from IMD and FIN Through data analysis and random sampling in production environment: o Tested data where project cost overruns were identified o Tested data for project set-up from Design and Construction Information System (DCIS) Through data analysis and stratified sampling in production environment: o Tested data processed between SiteManager and PeopleSoft Project Costing Background This report is prepared for the Texas Transportation Commission and for the Administration and Management of TxDOT. The report presents the results of the Post Implementation Review PeopleSoft - Project Costing which was conducted as part of the Fiscal Year 2016 Audit Plan. TxDOT implemented a new Oracle PeopleSoft system in October 2014. PeopleSoft is an integrated suite of software, which provides a common technology platform across core business areas of human resources, finance, supply chain, and payroll. The TxDOT PeopleSoft system replaced over 20 mainframe and legacy systems in Finance, Human Resources, and General Services. The new PeopleSoft consists of three main applications: Financial Supply Chain Management (FSCM), Enterprise Learning Management (ELM), and Human Capital Management (HCM). The FSCM application includes project costing, procurement, contracts and purchasing, as well as, other finance functions (e.g. accounts payable, asset management, billing, general ledger, and inventory). The project costing function in the FSCM module was reviewed for this audit. In the FSCM module, the Project Costing function relies on data interfaces with other systems. Project information is first set up in the Design and Construction Information System (DCIS) by individuals at the district and division level. The Letting Management team in FIN downloads DCIS extracts and reviews project data for completeness and accuracy before activating the project within PeopleSoft Project Costing. Once activated, an individual project may receive expenditure data from multiple systems (e.g., SiteManager, Right of Way Information System, electronic Grants). The primary source of expenditure information in PeopleSoft Project Costing originates in SiteManager, a project management system provided by American Association of State Highway and Transportation Officials (AASHTO). Project costing data is monitored by FIN to determine if additional funds are necessary to avoid cost overruns on any particular project. Upon project completion, FIN utilizes PeopleSoft Project Costing to perform closeout reviews and final billing, if necessary. We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional August 2016 4

Practice of Internal Auditing. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. Recommendations to mitigate risks identified were provided to management during the engagement to assist in the formulation of the management action plans included in this report. The Internal Audit Division uses the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Integrated Framework version 2013. A defined set of control objectives was utilized to focus on reporting, operational, and compliance goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of the enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against reporting misstatement and reliability, operational sub-optimization, or non-compliance, particularly in areas not included in the scope of this audit. August 2016 5

Observation and Recommendation Audit Observation (a): Access Roles Access controls do not provide an effective mechanism for the removal of access for terminated and transferred employees. Three terminated employees still retained Project Costing read-only access at the time testing was conducted; however, that access was subsequently removed in later weeks. In addition, six transferred employees still retain Project Costing read-only access; however this access was validated as appropriate by FIN as any TxDOT employee may have read-only access to view project information. There were 1,869 employees that were tested to verify their appropriateness. Effect/Potential Impact Improper and unnecessary access within the Project Costing system can lead to increased susceptibility to fraud or inappropriate actions. Audit Recommendation Information Management Division (IMD) should continue to systematically remove PeopleSoft Project Costing access within one business day of receiving notification of employees who transfer out of a role requiring such access. IMD should also continue to work with Human Resources Division to confirm access is removed upon employee termination. In addition, IMD should provide Financial Management Division managers the ability to review their direct reports access to evaluate any potential segregation of duties issues. FIN should continue to at least annually perform access role evaluations for any potential segregation of duties issues that result from access between PeopleSoft Financial Supply Chain Management (FSCM) modules. August 2016 6

Summary Results Based on Enterprise Risk Management Framework Closing Comments The results of this audit were discussed with Financial Management Division and Information Management Division on August 10, 2016. The Internal Audit team appreciates the assistance and cooperation received from the Financial Management Division and Information Management Division contacted during this audit. August 2016 7

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback