Finance & Audit Committee Meeting

Similar documents
Chapter 2 IWK Health Centre: Financial Management Controls and Governance

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

TRA Internal Audit Fiscal Year 2019 Audit Plan

College of Engineering and Computer Science Dean's Office

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

Maryland School for the Deaf

Department of Biology

AUDIT UNDP HAITI GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. Report No Issue Date: 15 April 2014

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update

Internal Audit Work Plan First Half of Fiscal Year Department of Management and Finance

Internal Audit Policy and Procedures Internal Audit Charter

Guidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.

TxDOT Internal Audit Follow-Up Report Tuition Assistance Program

INTERNAL AUDIT PLAN AND CHARTER 2018/19

W207: How should you leverage internal audit? October 26, 2016

Group Internal Audit Charter

AUDIT OF EARNINGS LOSS

Internal Audit Department Update. December 7, 2016 Cassaundra Rouse

REPORT 2015/102 INTERNAL AUDIT DIVISION

Audit of the Integrated Services Function at Selected Research Centres

BOARD OF REGENTS OF THE UNIVERSITY OF WISCONSIN SYSTEM

FY INTERNAL AUDIT ACCOMPLISHMENTS REPORT AND ANNUAL STRATEGIC WORK PLAN

BROOKLYN CHARTER SCHOOL FINANCIAL MANAGEMENT PRACTICES. Report 2006-N-9 OFFICE OF THE NEW YORK STATE COMPTROLLER

Washington State University Office of Internal Audit FY 2015 Audit Plan

AUDIT UNDP SOUTH SUDAN GRANTS FROM THE GLOBAL FUND TO FIGHT AIDS, TUBERCULOSIS AND MALARIA. Report No.1400 Issue Date: 6 February 2015

EXECUTIVE SUMMARY INTERNAL AUDIT REPORT. IOM Sto. Domingo DO JULY 2017

University of Toledo Finance and Audit Committee

5/24/2018 BOARD OF REGENTS OF THE UNIVERSITY OF WISCONSIN SYSTEM. I.6. Joint Meeting of the Business and Finance and Audit Committees

Lake County School District s Physical Inventory Audit for Executive Summary & Detailed Audit Report Fiscal Year

CHARTER FEDERAL RESERVE BANK OF RICHMOND BOARD OF DIRECTORS AUDIT AND RISK COMMITTEE

General Government and Gainesville Regional Utilities Vendor Master File Audit

Advanced Finance for Governing Board Members. Charter Schools: Advancing the Promise!! 2015 Annual Conference

Monitoring and Oversight Standards and Guidelines

Transportation and Infrastructure Renewal: Mechanical Branch Management

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

INTERNAL CONTROLS REVIEW PROGRESS REPORT Yellow highlighted items have been completed/validated since last report in August 2016

Prince William County Public Schools Annual Audit Plan

INTERNAL CONTROLS REVIEW PROGRESS REPORT Highlighted items have been completed since last report in January 2016

REPORT 2015/086 INTERNAL AUDIT DIVISION. Audit of the Kuwait Joint Support Office

Third Party Fiduciary Agent. Guam Department of Education. In partial fulfillment of Contract: Monthly Project Status Report.

K-State Athletics, Inc. Report on Internal Controls related to the Contracting, Travel, and Expenditure processes.

Office of Inspector General. Annual Report for Fiscal Year

Single Audit Update: Internal Control over Compliance and the GAO s Green Book. MSBO s 80 th Annual Conference April 19, 2018

Dutchess County Department of Planning and Community Development Division of Mass Transit January 2007 December 2008

STATE OF LOUISIANA LEGISLATIVE AUDITOR

REPORT 2015/184 INTERNAL AUDIT DIVISION. Audit of rations management in the United Nations Support Office in Somalia

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Self Assessment Workbook

Audit of Core Management Controls. Internal Audit Sector

Internal Controls Overview

Audit of Policy on Internal Control Implementation (Phase 1)

FEDERAL AWARD PROGRAMS INTERNAL CONTROL EVALUATION. Cross-cutting characteristics (generally applicable to all fourteen requirements)

HUD-US DEPT OF HOUSING & URBAN DEVELOPMENT: Understanding Internal Controls. Ladies and gentlemen, thank you for standing by and welcome to the

Chapter 18. Integrated Audits of Public Companies. McGraw-Hill/Irwin. Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Compliance Program Effectiveness Guide

ENGAGEME ENT PLAN AND RISK. his/her own. and controls. annual plan. approach. Identify. objectives. Risks (START) Select Audits and.

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

Internal Controls and Sampling Tests

Internal Audit Report Accounts Payable September 2017

Table of Contents. Executive Summary Introduction... 5

AUDIT COMMITTEE CHARTER. Specifically, the Audit Committee is responsible for overseeing that:

Periodic internal quality assessment Questions for discussion

Prince William County, Virginia. Internal Audit of Fleet Management Division

Internal Controls Over Financial Reporting (ICoFR) Overview and Practical Aspects

Purpose. CSU Benefits. Objective

Firm Profile TURNING RISKS INTO OPPORTUNITIES

Chapter 6 Field Work Standards for Performance Audits

3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?

2005 OIG Supplemental Compliance Guidance for Hospitals Focus on Culture & Leadership Hospitals with an organizational culture that values compliance

Department of Health and Mental Hygiene Clifton T. Perkins Hospital Center

The definition of a deficiency is also set forth in the attached Appendix I.

FRIENDSHIP HOUSE JOB DESCRIPTION. Full Time: Monday - Friday 9AM-6PM, Weekends and evenings as needed

INTERNAL CONTROLS REVIEW PROGRESS REPORT Yellow highlighted items have been updated since last report in October 2017

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

Measuring Compliance Program Effectiveness

University System of Maryland University of Maryland, College Park

OPERATIONAL RISK EXAMINATION TECHNIQUES

Risk Assessment - Balancing Risk While Enhancing Controls

OFFICE OF INSPECTOR GENERAL. Department of Veterans Affairs

INTERNAL CONTROLS REVIEW PROGRESS REPORT

Office of Inspector General Applications Development

RISK MANAGEMENT STRATEGY AND POLICY

Student Information System Project Review

INTERNAL CONTROLS REVIEW PROGRESS REPORT Yellow highlighted items have been updated since last report in October 2016

Annual Governance Statement

Control Environment Toolkit: Internal Audit Function

Anti-Fraud Programs and Control Policy

TABLE OF CONTENTS. Page OBJECTIVES, SCOPE AND METHODOLOGY... 1 BACKGROUND Personnel Financial Information... 4

Office of the City Manager

Ambulance Contract Billing Report October 12, 2016 KEY CONTROL FINDING RECOMMENDATION STATUS The City should:

INTERNAL AUDIT OFFICE (IAO) FISCAL YEAR 2019 RISK-BASED AUDIT PLAN

Internal Control Questionnaire and Assessment

Community Bankers Conference

identifying areas for improvement with respect to the Institute s research administration internal control structure.

ROLE OF CEO IN AN EDUCATIONAL INSTITUTION ASHOK KUMAR CEO INDIAN HIGH SCHOOL (GROUP OF SCHOOLS) DUBAI

CORRECTIVE ACTION MATRIX

CITY OF CORPUS CHRISTI

The definition of a deficiency is also set forth in the attached Appendix I.

AUDIT UNDP COUNTRY OFFICE SOUTH AFRICA. Report No Issue Date: 22 September 2014 [REDACTED]

Transcription:

Finance & Audit Committee Meeting Third Quarter Fiscal Year 2017 January 25, 2017 Page 1

Page 2 Audit Update

Risk Management Framework (Prior Meeting Follow up) A sustainable risk management framework is a combination of ongoing activities that is built into strategic and operational decision making, embeded into the current governance structure and accountability demostrated through oversight and monitoring. Monitoring and Reporting Embedded Risk Management Activities Risk Identification & Assessment Mitigation and Response Risk Analysis A sustainable risk management process includes: Risk identification and assessment to update risk universe, quantify risk impact and likelihood, and prioritize risk. Risk analysis to understand full risk composition including how and when the risk could present itself to the organization. Mitigation and response leading to action plans to monitor, mitigate, transfer, or eliminate risk, including understanding cost benefit equation of action plans. Embedded risk management activities to help ensure consistent risk appetite application and risk prioritization. Ongoing monitoring, reporting, and oversight by the Board and management. To refresh existing risk management processes, the Office of Internal Audit and Compliance (IAC) completed an Enterprise Risk Assessment and a Compliance Risk Assessment with the goals of: Identifying, evaluating and prioritizing risks; Creating a risk based internal audit plan; Enhancing Chicago Public Schools (CPS) ongoing risk monitoring processes. Page 3

Enterprise Risk Assessment Priority Risks Page 4 The priority risks identified by management during the Enterprise Risk Assessment are: Priority Risk Risk Definition Impact Likelihood Academic Program Excellence Federal & State Requirements Funding Infrastructure Information Technology Systems Internal Control Environment Talent Inability to effectively maintain and expand academic program excellence. Inability of timely and effective maintenance for compliance with federal and state requirements. Inadequate funding to maintain academic gains, provide support services, and meet operational, and capital objectives. Inability to effectively sustain an aging, complex and costly infrastructure footprint. Inability of IT systems and applications to support current and future CPS needs. Lack of effective controls to safeguard assets, provide reliable financial reporting, comply with applicable laws, regulations, and policies, and achieve organization objectives. Inability to attract and retain quality talent needed to sustain academic progress and meet organization objectives. to to Low to Low to to Key Comments The priority risks stated in this document are based on a combination of factors: review of relevant historical information, data analysis, high level assessment of current organizational strengths and weaknesses, and management judgment. The summary is a current, or point in time, assessment of risk impact and likelihood; priority risks will likely change with conditions. The risk assessment process undertaken is consistent with both audit standards and leading practices. Key next steps include defining the level of management effectiveness (or degree to which each risk is controlled) and confirming ongoing risk mitigation actions many of which are underway.

Compliance Risk Assessment Priority Risks The priority risks identified by management during the Compliance Risk Assessment are: Priority Risk Risk Definition Impact Likelihood Environmental, Health & Safety ISBE Reporting Requirements Grant Monitoring (District, Charter, Nonpublic) Grant Revenue Management Privacy & Information Security Time & Effort Attestation Limited capacity to detect or prevent non compliance with environmental laws and regulations. Inadequate capacity to provide accurate and timely data to demonstrate organizational compliance with ISBE requirements. Inadequate monitoring of school and central office management use of grants. Inability to monitor the proper and timely usage of grant funds within established guidelines and timeframes. Inadequate storing and safeguarding of personally identifiable information, HIPAA covered information, and academic records. Inadequate capacity and technical processes to properly monitor time and effort reporting requirements consistent with applicable requirements. to to to Low to Low to Page 5

School Audit Program Initiative Started in Late 2015, Confirmed During Risk Assessment, and Evolving Implemented a school risk assessment based on key performance and risk indicators, such as the following: Length of Time Since Last Audit Last Audit Score Prior History of Non Compliance Prior Year Scope Areas Key Risk Assessment Outcome Integration Internal Accounts Reporting Exceptions Financial Information (Bank Account, Cash Receipts, Cash Disbursements, Cash On Hand, etc..) Academic Information (Enrollment, SQRP, Transfers, Grade and Attendance Changes) Combined school based audit objectives into a single yet comprehensive school audit program to reduce the number of school visits and time allocated by school and department staff to respond to audit and compliance inquiries. Expanded the school based audit scope to include grant compliance, school performance data integrity, and other administrative areas to better gauge the overall strength of internal controls and governance. Incorporated the Grant Compliance Work Program into school audit program. Additional Scope Areas Cash Disbursements Internal Accounting Athletics Safety & Security Cash Receipts Payroll Facilities Management School Performance Data Integrity** Employee Reimbursements Procurement Grant Compliance* Key School based Programs Fixed Assets Supplemental Pay Human Resources Created a robust desk audit process, utilizing exception reporting and data analytics, to test and evaluate larger transaction populations and increase audit coverage across CPS at a lower operational cost. In early Fall FY18, incorporate the use of a Control Self Assessment to expand overall coverage of schools reviewed in programs. *Includes SGSA; Title I, II, III, IV; IDEA; and Early Childhood Education (Head Start) **Includes enrollment; attendance and grade changes Page 6

Risk Management Framework Responsibilities Lines of Defense Model (Representative Model) Board of Education Executive &Senior Leadership 1st Line of Defense 2nd Line of Defense 3rd Line of Defense Own & Manage Risk Monitor & Control Risk Validation & Assurance Management Controls Financial Controller Internal Audit & Compliance Internal Control Measures Risk Management Policies & Procedures Safety & Security Grant Management School Quality Management Page 7

Key Ongoing Internal Audit Activities Cybersecurity Diagnostic Assessment Evaluate key internal control and management processes related to cybersecurity such as: leadership and governance; information risk management, and incident response; identify strengths and gaps based on IT standards and leading practices; and develop recommendations to remediate gaps. Option Schools Attendance Audit Assess accuracy of attendance data provided by management and evaluate alternative funding models based on attendance and enrollment. Payroll Audit Evaluate the design and operational effectiveness of key internal controls designed to help ensure integrity in payroll transactions including employee payments, withholdings, and third party remittances will begin in February 2017 (planning is underway). English Language Learners (EL) Program Compliance EL Program Compliance Monitoring Visits based on prior OLCE EL Program Review including district and charter schools will begin in February 2017 (planning is underway). School Audits Ongoing as described on prior page. Page 8

District wide Audit lights Closed School Asset Review Objectives CPS invested millions of dollars in assets including textbooks; computers, laptops, and tablets; tables, desks, and chairs; and other equipment such as boilers and furnaces. These assets are located primarily within the schools and purchased using a range of funding sources. In mid to late 2016, IAC conducted a fixed asset assessment to both understand internal controls from acquisition to disposal and to determine location of assets transferred during the 2013 school closings. Results IAC was able to gain an understanding of processes employed to tracks assets both on a general basis and related to the 2013 school closings. IAC, however, was not able to identify with reasonable certainty where all closed school assets ultimately were placed. The primary reasons for IAC s inability to re create the exact location of all closed school assets are: 1) the project leadership responsible for tracking the assets are no longer with CPS, 2) lack of available supporting documentation and clear audit trail, and 3) CPS no longer has a relationship the prior vendor. Based on work performed, IAC is fairly confident that a significant portion of closed school assets were re purposed to other schools. For example: IAC determined there were open houses whereby the leadership from non impacted schools conducted in person inspections of assets and took immediate possession. There were also opportunities for non impacted school leadership to visit a CPS warehouse to obtain closed school assets for use at their school. The primary goal appeared to have been focused on quickly reallocating closed school assets to non impacted schools, particularly welcoming schools. Detailed tracking of asset movement appeared to be a secondary or lower priority. Key Recommendations While there are existing polices and internal controls over assets, there is opportunity for improvement. Asset management processes are inherently difficult for any organization due to portability and transaction volume for items such as laptops and textbooks. Management is undertaking a number of actions to improve fixed asset processes including: Implementing an integrated system that more effectively tracks assets throughout their life cycle. Designating a single individual responsible for oversight of all aspects of the asset lifecycle, policy maintenance and enforcement, and management reporting. Performing cycle counts and year end physical inventory of assets to verify the accuracy and completeness of asset records. Updating board rules and management polices as needed. Page 9

District wide Audit lights Options Attendance Audit (Started in 2016 with update underway) Objectives CPS provides funding to Option schools, which include Alternative Learning Opportunities Program (ALOP); alternative charter and contract; and Safe* schools. Option schools generally serve students who need a new pathway toward high school graduation. IAC performed an audit of Option schools during FY16 to verify attendance against enrollment and gain insight into attendance recording processes. Results IAC noted that for Option schools tested in early to mid 2016, average IMPACT attendance was 52% of enrollment. Additionally, the average actual headcount based on IAC testing was 44% for the same timeframe. As such, Option schools attendance levels are exceptionally low based on IMPACT attendance data and are even lower based on IAC testing. Deficient internal controls have led to low attendance and inaccurate reporting. The primary reasons for deficient controls over the attendance appear to be: 1) Option Schools are not held fully accountable for low attendance as funding is based on enrollment, not attendance; 2) attendance verification controls are less than ideal; and 3) Option schools oversight could be improved as the program is overseen by only two individuals from Innovation and Incubation (I&I). Key Recommendations IAC highly recommends that management address the observed gaps including the following actions: Develop a new program model and funding allocation that takes into consideration student attendance. Perform a reasonableness check on IMAPCT attendance data by comparing to audited student attendance headcount results on a periodic basis. This includes continued collaboration with IAC to conduct periodic and random attendance headcounts. Enhance oversight of the Option schools program to better detect programmatic issues. Quantitative Impact CPS could see significant savings if Option school funding was based on IMPACT attendance data or actual headcount data, instead of enrollment. If funding were based on IMPACT attendance data, IAC estimates CPS could save $12 million annually; and if funding were based on actual headcount obtained from periodic audits, estimated savings could be $15 million annually. Recent Count Results In late 2016, average IMPACT attendance for Option schools improved to 60% of enrollment. While the gap between IMPACT attendance and average actual headcount based on IAC testing narrowed, the over reporting by Option schools persists. IAC results were 55% of enrollment vs. the 60% reported to IMPACT. *Safe schools were not included in the initial audit scope, but are included in the follow up attendance audit. Page 10

Accountability Audit lights Description of Accountability Audits Accountability Audit Outcomes Time/Attendance 9 Misappropriation of Funds 2 Referred to IG 9 Falsification of Documents Ethics Other 3 4 6 Unsubstantiated Discipline TBD 4 14 Testing 5 Written Discipline 2 Enrollment 7 Terminated/DNH 14 0 2 4 6 8 10 0 2 4 6 8 10 12 14 16 Accountability Audit lights Time/Attendance IAC performed a school audit and determined there were numerous issues involving payroll. Five employees are awaiting discipline due to misuse of benefit time, swiping in for other employees, and extended day payments received for time not worked. Time and sick day abuse results in employee termination. Ineligibility of Sports Players IAC received a complaint regarding student athletes at multiple high schools who had recently transferred. IAC reviewed address information and interviewed homeowners to determine students primary residence. Seven students were denied eligibility due to unverified addresses and residency verification is still pending for four students. Misappropriation of Funds IAC received a complaint regarding school facilities rental income. It was determined that an Athletic Director was receiving payments from third parties and not remitting to CPS. Escalated to the OIG for further investigation. Chief Internal Auditor (CIA) and Inspector General (IG) Interactions Since late 2015, the CIA and IG meet regularly to discuss work being performed by IAC and to coordinate efforts as deemed prudent. Several other CPS departments and staff continue to refer issues to the IG as deemed prudent. Page 11

Internal Audit Follow up Process Ongoing Management Reporting and Quarterly Board Updates Findings & Observations Action Plans and Timelines Audit Follow Actions Remediation Evidence Audit Closure Issue audit results with recommendations. Central Office Compliance School Audits External Audits Obtain agreed upon action plans and timelines from management and issue final report. Follow up monthly on prioritized open action plans, i.e. high and moderate rated findings. Obtain evidence of remediation for highmoderate rated findings; IAC validates that remediation is effective. Close out audit findings to complete the audit process Board Reporting Quarterly Board updates commencing fourth quarter FY2017 (next Finance and Audit Committee Meeting). Findings will be tracked from July 1, 2016 to current. Page 12

Page 13 Finance Update

CAFR General Operating Fund Results 000's 2017 2016 2015 Forecast Actuals Actuals C B A Total Revenue $ 5,299,873 $ 4,877,767 $ 4,909,584 Total Expenses $ 5,299,873 $ 5,414,846 $ 5,620,366 Revenues in excess (below) $ $ (537,079) $ (710,782) Expenditures If CPS would have received its 2016 State Revenue $ 107,000 $107,000 on time then the actual 2016 Adjusted 2016 Total $ (430,079) A. 2015 Operating Revenue was below Operating Expenses short term borrowing and fund balance were used to complete the year B. In 2016, CPS improved its financial condition, even though we did not receive over $700M of State and Federal revenue but expenses came in $276M lower C. CPS is still committed to continuing to improve its financial condition by balancing its budget in spite of the Governor vetoing the $215M pension funding Page 14

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback