Internal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division

Similar documents
Internal Audit Report. Post Implementation Review PeopleSoft Accounts Payable TxDOT Internal Audit Division

Internal Audit Report. Post Implementation Review PeopleSoft Project Costing TxDOT Internal Audit Division

Internal Audit Report

Internal Audit Report

Internal Audit Report. Contract Administration TxDOT Office of Internal Audit

Internal Audit Report. Rail Project Management TxDOT Office of Internal Audit

Internal Audit Report. Contract Administration - Closeout Phase TxDOT Internal Audit Division

Internal Audit Report. Bulk Fuel Management and Reporting TxDOT Internal Audit Division

Internal Audit Report

Results in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019

Results in Brief. Audit of WMATA s Vendor Master File (VMF) OIG January 18, 2019

Internal Audit Report

Internal Audit Report

FLORIDA DEPARTMENT OF TRANSPORTATION

Internal Audit Follow-Up Report

CITY OF CORPUS CHRISTI

TxDOT Internal Audit Internal Audit Report Purchase of Services Audit

Internal Audit Follow-Up Report

Internal Audit Report

Internal Audit Report. Vegetation Management: Non-Contracted Herbicide Operations TxDOT Office of Internal Audit

Internal Audit Report. Professional Engineering Procurement Services (PEPS) Consultant Procurement Process TxDOT Internal Audit Division

Contract Management Handbook. Texas Government Code, Title 10, Subtitle F, Chapter Statewide Contract Management

Internal Audit Follow-Up Report

Seattle Public Schools The Office of Internal Audit

Internal Audit Report Accounts Payable September 2017

General Government and Gainesville Regional Utilities Vendor Master File Audit

TxDOT Internal Audit Follow-Up Report Tuition Assistance Program

The definition of a deficiency is also set forth in the attached Appendix I.

Internal Audit Report

UNIVERSITY OF TOLEDO INTERNAL AUDIT DEPARTMENT MANAGE FIXED ASSETS

Internal Audit Follow-Up Report

THE UNIVERSITY OF TEXAS AT DALLAS Office of Internal Audit 800 West Campbell Rd., ROC 32, RICHARDSON, TX (972)

Florida A&M University Division of Audit and Compliance

Audit of. Accounts Payable Procedures

SEGREGATION OF DUTIES for SAP

TEXAS BOARD OF NURSING CONTRACT PROCUREMENT AND MANAGEMENT HANDBOOK JULY 2018

The definition of a deficiency is also set forth in the attached Appendix I.

Frequently Asked Questions About Government Payment Authorities Provincial Comptroller s Office

REPORT OF INTERNAL AUDIT

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA

Review of Water and Wastewater Services Procurement Card Transactions

Audit of Core Management Controls. Internal Audit Sector

Audit of Key Financial Controls at Health Canada, Final Report. December 2016

R.C. Lipscomb Elementary School Audit of School Internal Accounts For the Year Ended June 30, 2016

This Questionnaire/Guide is intended to assist you in decision making, as well as in day-to-day operations. Best Regards,

MONTH END CLOSING INSTRUCTIONS FOR ACTUALS LEDGER

HHS & NSF Audits of FDP Payroll Certification Pilots

Internal Audit Report. CDA Monitoring Process TxDOT Audit Office

Pima County Community College District Year Ended June 30, 2008

Financial Controls Checklist

Chapter 5 Matters Arising from Our Tests of Controls

K-State Athletics, Inc. Report on Internal Controls related to the Contracting, Travel, and Expenditure processes.

Internal Audit Follow-Up Report

Audit Department Report for June 2014

TxDOT Internal Audit Letting Programming and Scheduling Function (1101-2) Department-wide Report

Internal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit

Several unallowable expenditures and exceptions to policy were noted.

REPORT 2013/123. Audit of Managing for Systems, Resources and People System interfaces FINAL OVERALL RATING: PARTIALLY SATISFACTORY

AUDIT UNDP COUNTRY OFFICE KUWAIT. Report No Issue Date: 20 May 2014

County of Summit Alcohol, Drug Addiction and Mental Health Services Board Audit Report

Internal Audit Report. Toll Operations: FHWA Reporting TxDOT Office of Internal Audit

Financial Statement Close Process

Newark Central School District Review of Payroll Processing, Reconciliation and Approval Procedures

Citywide Payroll

Fiscal Oversight Fundamentals

Lawrence Berkeley National Lab. Observations from Audit Procedures October 17, 2005

ACL ESSENTIALS. Get insight into your ERP process health, compliance & financial exposure SEGEREGATION OF DUTIES

Credit Cards & Purchasing Cards (P-Card) (USFR Memorandum No. 253)

Bank Account Creation, Management, and Oversight at University of Wisconsin-Stevens Point. Office of Internal Audit

PEORIA COUNTY, ILLINOIS

Dutchess County Department of Planning and Community Development Division of Mass Transit January 2007 December 2008

Scope, Objectives, and Methodology. Report #1208

Eric Anderson, City Manager. Scottie Nix, Internal Auditor

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

Advanced Finance for Governing Board Members. Charter Schools: Advancing the Promise!! 2015 Annual Conference

Implementation Tool for Auditors

ACTION Agenda Item I ANNUAL AUDIT REPORT December 6, 2002

Internal Audit Follow-Up Report

Prince William County, Virginia. Internal Audit of Fleet Management Division

Guide to Internal Controls

Using Transactional Analysis for

Seminar Internal Control Identification and Filtering

Sheena Tran, CPA May 19, 2014

Minneapolis Public Schools Special School District No. 1 Minneapolis, Minnesota. Communications Letter of the Student Activity Accounts.

University System of Maryland University of Maryland, College Park

Northern Oklahoma College Tonkawa, Oklahoma

Internal Control Program

HFTP Hospitality Financial and Technology Professionals

FEDERAL AWARD PROGRAMS INTERNAL CONTROL EVALUATION. Cross-cutting characteristics (generally applicable to all fourteen requirements)

Transportation and Infrastructure Renewal: Mechanical Branch Management

PART 6 - INTERNAL CONTROL

STAFF QUESTIONS AND ANSWERS

Internal Audit Report. Unified Transportation Program TxDOT Office of Internal Audit

Internal Controls Integrating COSO

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Single Audit Update: Internal Control over Compliance and the GAO s Green Book. MSBO s 80 th Annual Conference April 19, 2018

LeiningerCPA, Ltd. INTERNAL CONTROL PROCEDURE STATEMENT

Internal Audit Report Review of Controls Operating over Accounts Payable. Issued: 21 February 2018 Final Report

SUGGESTED SOLUTIONS Audit and Assurance. Certificate in Accounting and Business II Examination March 2014

Transcription:

Internal Audit Report Contract Administration: 601CT Contracts TxDOT Internal Audit Division

Objective Review contract administration and governance of 601CT contracts for structural compliance with laws and TxDOT policy. Opinion Based on the audit scope areas reviewed, control mechanisms require improvement and only partially address risk factors and exposures considered significant relative to impacting reporting reliability, operational execution, and compliance. The organization's system of internal controls requires improvement in order to provide reasonable assurance that key goals and objectives will be achieved. Improvements are required to minimize existing process variation and control gap corrections that may result in potentially significant negative impacts to the organization including the achievement of the organization's business/control objectives. Overall Engagement Assessment Needs Improvement Title Findings Control Design Operating Effectiveness Rating Finding 1 Data Integrity x x Unsatisfactory Finding 2 Segregation of Duties and Role Access x x Needs Improvement Finding 3 Contract Monitoring x x Needs Improvement Management concurs with the above findings and prepared management action plans to address deficiencies. Control Environment Contract governance, including monitoring vendor performance in accordance with contract terms, for 601CT contracts is the responsibility of the districts and divisions (DD) for whom the contract was executed. Contracts and Purchasing Division provides contract reporting to the Legislative Budget Board and assists DDs in the contract formation process and establishing contract policy for the agency. 601CT contracting activities and processes vary by DD. It is the responsibility of the DD to develop standard operating procedures or policy manuals to provide guidance on how to ensure vendors perform in accordance with the contract and also to address problems or issues that arise. As the division responsible for establishing TxDOT contract policy and reporting, the Contracts and Purchasing Division communicates the authority and contracting responsibilities to the DDs, however, these policies do not outline procedures to be followed for monitoring vendor contract conformance (e.g. work authorization, invoice review, etc.) in accordance with the Comptroller s Contract Management Guide. August 2016 2

Summary Results Finding Scope Area Evidence Contract Data Conversion from FIMS to PeopleSoft Data comparisons performed for 67 active contracts ($3 billion) input from the Financial Information Management System (FIMS) to PeopleSoft, as of September 30, 2015, identified one or more of the following issues: Contracts were not input in PeopleSoft Contract amounts were not correct in PeopleSoft Contracts were entered more than once in PeopleSoft 1 2 3 Data Reliability and Role Access Contract Management Contract Monitoring Data Reliability and Role Access Contract Monitoring Contract Monitoring Data Reliability Checks for PeopleSoft Contracts PeopleSoft contracts were reviewed to assess if any data reliability concerns existed, and the following were noted: 458 contracts listed an incorrect buyer o 188 contracts remained uncorrected more than one year after conversion 969 of 2,170 (45%) contracts were misclassified as generic contracts (system default) Five of eight contracts tested for data reliability within PeopleSoft had one or more of the following issues: o Inaccurate paid-to-date balances, including one contract ($2.8 million) paid manually through the Uniform Statewide Accounting System that was not updated in PeopleSoft o A contract ($1.6 million) entered into PeopleSoft under two separate PO numbers o PeopleSoft encumbrance balances that were $368,313 more than the balance represented by invoice payment summaries A review of the contract specialist role and role descriptions within the Financials and Supply Chain Management (FSCM) module identified 11 employees who had both a contract specialist and an Accounts Payable (AP) role. These roles allow the contract specialist access to create and edit vendor information, initiate and approve a requisition and purchase order, and enter vendor receipts to release payment. Additionally, 2 of the 11 employees also had a general ledger (GL) role which also allows the employee to create or edit journal entries and execute upload/batch processes. Issues were identified in invoices within four of nine contracts sampled: 6 of 27 (22%) invoices totaling $229,564 for work insufficiently documented to demonstrate it was authorized to be performed August 2016 3

5 of 27 (19%) invoices totaling $223,639 were not paid within 30 days of invoice receipt 3 of 27 (11%) invoices totaling $172,970 that did not include detail to support the deliverables being verified prior to contract payment 3 of 27 (11%) invoices totaling $56,593 that did not include sufficient detail to support whether the invoice payment met contract requirements Audit Scope 601CT contract data within PeopleSoft was tested for reliability and accuracy as of September 30, 2015. Based on results of data analysis, one cooperative research and implementation agreement (CRIA) and eight interagency cooperation ( interagency ) contracts representing 7 divisions and 2 districts were selected for further testing. The nine contracts totaled $26.4 million and represented two districts and seven divisions. Testing included a review of contract terms and monitoring documentation provided to support invoice approval and payment on selected 601CT contracts. Contracting processes tested included contract formation (e.g. approvals, authority, and scope of services) and vendor performance monitoring (e.g. vendor deliverables, adherence to contract terms, and payment approval). The audit was performed by Jarmon Dorsey, Cynthia Scheick, Monica Washington, and Karen Henry (Engagement Lead). The audit was conducted during the period from September 30, 2015 to November 27, 2015. Methodology The methodology used to complete the objectives of this audit-included review of information converted from Financial Information Management System (FIMS) to PeopleSoft and the completeness and accuracy of the data. In addition, a judgmental sample of nine contracts by type (e.g., mix of DDs and vendors) and dollar amount (contracts exceeding $1 million) were selected to test key processes within contract formation, vendor management, and contract oversight. From the nine contracts, 27 corresponding invoices (three invoices per contract) were selected for testing of contract monitoring processes (e.g. invoice authorization, supporting documentation, and payment timeliness). The engagement work included: Reviewed Texas Government Code and Texas Administrative Code sections for contract rules Reviewed TxDOT Policies and Procedures Manuals and Standard Operating Procedures utilized in the performance of contract administration processes for 601CT contracts Reviewed prior audit reports from TxDOT s Internal Audit Division and Texas State Auditor s Office Interviewed contract managers from selected DDs and management from Contracts and Purchasing Division August 2016 4

Reviewed contract database and identified errors in 601CT contract data (e.g. buyers, amounts, contract types) input from Financial Information Management System (FIMS) to PeopleSoft Tested, analyzed, and compared 601CT contract data obtained from PeopleSoft to physical contract documents Obtained vendor payment data from Texas State Comptroller s Office and tested for payments exceeding contract remaining balances Reviewed contract authority and approval documentation Reviewed files and other supporting documents for evidence of vendor performance, management and oversight, and invoice and payment approval Reviewed the Financials and Supply Chain Management (FSCM) module functional roles and responsibilities for contracting activity roles (e.g. contract specialist, Accounts Payable (AP), General Ledger (GL)) granted in PeopleSoft Tested and analyzed functional role assignments for employees given a Contract Specialist role in PeopleSoft, including review of posted receipts (e.g. contracts with goods or services received and payment authorized in PeopleSoft) by these employees in PeopleSoft Reviewed internal communication and management s overall organizational tone related to policies, procedures, and directives for contracting functions for agency staff and among DDs Background This report is prepared for the Texas Transportation Commission and for the Administration and Management of TxDOT. The report presents the results of the Contract Administration: 601CT Contracts audit which was conducted as part of the Fiscal Year 2016 Audit Plan. TxDOT enters into varied types of contracts and agreements. At September 30, 2015, 2,170 contracts totaling $5.5 billion were identified as 601CT contracts in the PeopleSoft system. 601CT contracts (formerly known as Segment 41 due to the accounting recordkeeping of the contracts) consist of many types of miscellaneous contracts and agreements including but not limited to: design-build and registered engineering (comprehensive development agreements) professional engineering intergovernmental agreements with counties and other local government bodies interagency cooperation appraisal acquisition providers research agreements As of October 2014, TxDOT implemented PeopleSoft as the repository system for 601CT contract management. The implementation also required that all active contracts formerly housed in FIMS would need to be input to PeopleSoft in order to keep a current listing of 601CT contracts as FIMS was retired. This process was conducted by both the divisions and districts. We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and perform the audit to August 2016 5

obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. Recommendations to mitigate risks identified were provided to management during the engagement to assist in the formulation of the management action plans included in this report. The Internal Audit Division uses the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Integrated Framework version 2013. A defined set of control objectives was utilized to focus on reporting, operational, and compliance goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of the enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against reporting misstatement and reliability, operational sub-optimization, or non-compliance, particularly in areas not included in the scope of this audit. August 2016 6

Detailed Findings and Management Action Plans (MAP) Finding No. 1: Data Integrity Condition An accurate accounting of 601CT contracts in PeopleSoft could not be determined. The contract system of record (PeopleSoft) did not include all contracts and payments that were actively managed prior to the conversion date from Financial Information Management System (FIMS). Additionally, data entry errors and variances were identified, including the contract ID number, contract category or type, buyer name, contract dollar amount, encumbered amount, and paid-to-date balances. Effect/Potential Impact Incorrect or incomplete data can lead to misreporting and negatively impact key business decisions. Additionally, if data is not corrected, contract payments could exceed the maximum contract or appropriated amount. Without accurate data stored in contract management and reporting systems, TxDOT cannot report accurate and complete 601CT contract data to the Legislative Budget Board (LBB), as required. Criteria Per Article IX Sec. 7.04 of the General Appropriations Act for the 2016-17 biennium, state agencies must report to the Legislative Budget Board (LBB) all contracts, including interagency agreements that exceed $50,000. In addition, use of the centralized accounting and payroll systems to identify and record each contract entered into by the TxDOT is required as intended by legislation and the Texas Comptroller of Public Accounts. Cause The data from the Financial Information Management System (FIMS) used for conversion into PeopleSoft was as of July 26, 2014; however, the PeopleSoft go-live date was October 2014. Between those dates, contract payments in FIMS still occurred and payment information, encumbrance balances, or contract changes were not completely captured/updated in PeopleSoft after go-live. Reconciliations between FIMS and PeopleSoft after system conversion could not be provided. Divisions and districts were instructed to perform reconciliations on converted contract data; however, no verification for completeness of these reconciliations was performed. A secondary review or approval of contract data and payments entered in the PeopleSoft system was not included in the control design, as well as, ongoing monitoring to ensure reported data is accurate. Direct voucher payments through the Comptroller s Uniform Statewide Accounting System (USAS) were also identified for contract payments but not properly reflected or reconciled in PeopleSoft. August 2016 7

Evidence Contract Data Conversion from FIMS to PeopleSoft Data comparisons performed for 67 active contracts ($3 billion) input from FIMS to PeopleSoft, as of September 30, 2015, identified one or more of the following issues: Contracts were not input in PeopleSoft Contract amounts were not correct in PeopleSoft Contracts were entered more than once in PeopleSoft Data Reliability Checks for PeopleSoft Contracts PeopleSoft contracts were reviewed to evaluate data accuracy, classification and completeness, and the following exceptions were identified: 458 contracts converted to PeopleSoft were identified with the same incorrect buyer o 188 of 458 (41%) contracts remained uncorrected more than one year after conversion 969 of 2,170 (45%) contracts were misclassified as generic contracts (system default), which should have been classified as other contract types. Five of eight contracts tested for data reliability within PeopleSoft had one or more of the following issues: Inaccurate paid-to-date balances, including one contract ($2.8 million) paid manually through the Uniform Statewide Accounting System that was not updated in PeopleSoft A contract ($1.6 million) entered into PeopleSoft twice under two separate PO numbers PeopleSoft encumbrance balances that were $368,313 more than the balance represented by invoice payment summaries Management Action Plan (MAP): MAP Owner: Kenneth Stewart, Contract Section Director, Contracts and Purchasing Division (CPD) MAP 1.1: Contracts and Purchasing Division (CPD) will resolve all 67 contracts that were not entered or incorrectly entered into PeopleSoft and identify the root cause of the problem. MAP 1.2 CPD will share this information with the impacted DD s and their corresponding Administration member. CPD will schedule a webinar inviting staff from any DD impacted by one of the 67 contracts and others that request to attend. Completion Date: October 15, 2016 August 2016 8

MAP 1.3 During conversion, contracts were paid outside the system and CPD worked with divisions and districts (DDs) to process a receipt for the amounts paid outside of PeopleSoft. As part of that process, the DD was required to request Financial Management Division (FIN) to process a zero dollar voucher. Upon receipt of the 5 interagency contracts, CPD will work with the DD to review and reconcile any errors. Completion Date: September 15, 2016 MAP 1.4 Contract Services will correct the 188 contracts converted to PeopleSoft that were identified with incorrect buyer. Completion Date: January 15, 2017 MAP 1.5 Contract Services will notify DD s to review and change classifications as needed on 969 contracts that were misclassified as generic contracts. Completion Date: November 15, 2016 August 2016 9

Finding No. 2: Segregation of Duties and Role Access Condition Employees with the contract specialist role also have accounts payable access, and in some instances, general ledger (GL) access, which can create a conflict of duties when used by the same employee. Effect/Potential Impact Improper access controls within the PeopleSoft system can lead to increased susceptibility to fraud or inappropriate actions being performed in regards to contract management at TxDOT. Criteria The TxDOT Functional Roles and Descriptions document does not permit any individual to have both a contract specialist role and an AP role. TxDOT Information Security Manual Chapter 4 Section 2 also requires TxDOT to maintain an information security program to ensure adequate controls and separation of duties for tasks susceptible to fraud or other unauthorized activity. Cause There was no evidence of a conflict of duty review for roles granted to contract specialists to ensure role assignments were provided to employees in accordance with the security policy and that did not provide added risk to the contract management operations. Evidence A review of the contract specialist role and role descriptions within the Financials and Supply Chain Management (FSCM) module identified 11 employees who had both a contract specialist role and an Accounts Payable (AP) role. These roles allow the contract specialist access to create and edit vendor information, initiate and approve a requisition and purchase order, and enter vendor receipts for what was requisitioned for payment release. Additionally, 2 of the 11 employees with the contract specialist and AP roles also had a general ledger (GL) role assigned that allows the same employee access to perform all functions mentioned above plus enter or edit journal entries and execute upload/batch process. Further assessment could not be performed due to no available activity logs. Management Action Plan (MAP): MAP Owner: Kenneth Stewart, Contract Section Director, Contracts and Purchasing Division MAP 2.1: 601CT was designed and implemented to allow single staffers to perform all of the data entry required for the system. As opposed to the purchasing segment of PeopleSoft FSCM, 601-00 (other purchasing business units), the operative documents and the review and August 2016 10

approval processes reside outside of the system. The Contract Specialist role in 601-CT is exclusively data entry. Roles are granted by a number of different divisions other than CPD. The substance of this finding has been shared with those Divisions. Even with data entry, role based access must be constrained. The thirteen staff with Contract Specialist roles referenced in the finding also had a Supplier Author role that did give them access to change payment information, which is incompatible with their data entry role for Contracts. All 11 have had the Supplier Author role removed on April 6, 2016. A programming request has been submitted to the Information Management Division (IMD) to make these two roles non-permissible in the system. As an interim step, IMD has agreed to run monthly reports to identify any Contract Specialist role that has also been given the Supplier Author role. CPD will review this report and remove the Contract Specialist role or communicate with the granter or the conflicting role to have one of the two roles removed. The Accounts Payable role referenced in the finding has been corrected to read-only. Completion Date: August 15, 2016 August 2016 11

Finding No. 3: Contract Monitoring Condition Contract monitoring practices in the Divisions and Districts (DDs) did not consistently ensure work was properly authorized and deliverables were verified prior to contract payment. Effect/Potential Impact Potential impacts include: Breach of contract Overpayment or payment errors Unsupported or undocumented costs Non-conforming or unacceptable vendor performance Criteria Contract Management Guide (CMG) Chapter 7 describes contract administration, retention requirements, oversight processes, and other contract manager responsibilities which require review of vendor conformance with contract terms (e.g. authorization verification, review of deliverables and invoices). Pursuant to Texas Government Code 2262.052, each state agency is required to comply with the CMG. Texas Government Code Chapter 771 requires payment be made to the providing agency within 30 days after services are provided and an invoice is received. Cause Through discussions with the business client, contract management focus is put on larger material contracts such as construction and maintenance contracts. In addition, no secondary oversight or monitoring occurs on interagency contracts to help ensure contract managers are adequately monitoring vendor and payment activities. Evidence Issues were identified in invoices within four of nine contracts sampled: 6 of 27 (22%) invoices totaling $229,564 for work insufficiently documented to demonstrate it was authorized to be performed 5 of 27 (19%) invoices totaling $223,639 were not paid within 30 days of invoice receipt 3 of 27 (11%) invoices totaling $172,970 that did not include detail to support the deliverables being verified prior to contract payment 3 of 27 (11%) invoices totaling $56,593 that did not include sufficient detail to support whether the invoice payment met contract requirements August 2016 12

Management Action Plan (MAP): MAP Owner: Kenneth Stewart, Contract Section Director, Contracts and Purchasing Division MAP 3.1: References to the Contract Management Guide have been included in revised Negotiated Contracts Procedures Manual. More detailed guidance is provided in training classes provided by CPD, including CTR 109 Advanced Interagency Contracting, CTR 104 Best Value Professional Services, CTR 615 Consultant Management and Administration, as well as, in an online course, CTR 103, Professional and Scientific Services Contract Training. CPD will identify those employees with a role in 601CT and identify which of those individuals have not taken one of the courses referenced above. CPD will communicate that information to the responsible District or Division director with an invitation to have the identified employee(s), or any other employee(s), to take the online course or attend a live course when it is offered. Completion Date: August 15, 2016 August 2016 13

Observation and Recommendation Audit Observation (a): Contract Specialist Role Access The Contract Specialist role in PeopleSoft allows the same individual to perform all functions of contract execution including authorizing a purchase, data entry in the system of record, and receipt of services with no secondary review or approval for data accuracy. A review of 913 purchase orders (PO) on contracts identified: 389 of 913 (43%) PO s had the same individual performing all duties within PeopleSoft based on our review of the requisitioner, approver, buyer and receiver roles for these transactions Effect/Potential Impact Contract roles that allow activity without review or approval of activity can subject TxDOT to an unnecessary risk and potential fraud. Audit Recommendation A separate approval role in the system should be established. Alternatively, a mitigating detective control should be established to monitor the activity of individuals with incompatible access where access is considered needed in order to monitor for any misuse. August 2016 14

Summary Results Based on Enterprise Risk Management Framework Closing Comments The results of this audit were discussed with the Contracts and Purchasing Division on November 13, 2015, December 2, 2015, March 8, 2016, March 30, 2016, April 29, 2016, July 29, 2016, and August 5, 2016. We appreciate the assistance and cooperation received from the Contracts and Purchasing Division and all the Districts and Divisions contacted during this audit. August 2016 15

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback