TABLE OF CONTENTS. II. Internal Audit Plan for Fiscal Year III. Consulting Engagements and Non-audit Services Completed...

Transcription

1

2 TABLE OF CONTENTS I. Compliance with House Bill 16: Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit Information on Internet Web Site...1 II. Internal Audit Plan for Fiscal Year III. Consulting Engagements and Non-audit Services Completed... 4 IV. External Quality Assurance Review (Peer Review)... 5 V. Internal Audit Plan for Fiscal Year VI. External Audit Services Procured in Fiscal Year VII. Reporting Suspected Fraud and Abuse... 12

3 I. Compliance with House Bill 16: Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit Information on Internet Web Site The Texas Comptroller of Public Accounts (CPA) has developed procedures to follow in order to ensure compliance with the provisions of House Bill 16. Specifically, within 30 days of approval by the Comptroller, the Internal Audit Division will provide the Data Services Division with the approved Audit Plan for the applicable fiscal year. Data Services will post the approved fiscal year Audit Plan on CPA s Internet Web site, Window on State Government, as provided by Texas Government Code, Section In addition, the Annual Internal Audit Report will be provided to the Data Services Division within 30 days of its approval for posting on CPA s Internet Web site, as required by Texas Government Code, Section The Internal Audit Division will update postings as needed on CPA s Internet Web site, Window on State Government, to include detailed summaries of any weaknesses, deficiencies, wrongdoings or other concerns that may be raised by the audit plan or annual report. In addition, a summary of the action taken by CPA to address concerns, if any, that are raised by the audit plan or annual report will be posted as needed on CPA s Internet Web site, Window on State Government. The Internal Audit Division will post these summaries based on future guidelines developed and provided by the State Auditor s Office. In accordance with Texas Government Code, Title 5 Open Government, Ethics, Chapter 552 Public Information, Subchapter C Information Excepted From Required Disclosure, Section which provides an exemption to government information from public disclosure if it relates to computer network security or to the design, operation or defense of a computer network, the Internal Audit Division will not release any confidential or sensitive information protected by this exemption. Any information not protected by this or another applicable exemption that is determined to be confidential in nature will be specifically designated as such in accordance with SAO guidelines. 1

4 II. Internal Audit Plan for Fiscal Year 2013 Project/Report Title Fiscal Year 2013 Audits: Comments/Explanations Audit of Security Incident Management Carryforward audit project for FY 2014 Audit of Property Value Study In Progress - Planning Phase Ethics Review Carryforward audit project for FY 2014 Audit of IT Proposals, Procurement Agreements, and Contracts Audit of Event Trust Funds As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 Risk Assessment. No longer high risk. Limited coverage will be addressed in the Audit of Software Licensing. In Progress - Planning Phase Audit of Software Licensing In Progress - Planning Phase Audit of Call Center Operations As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 risk assessment. No longer high risk. Audit of Treasury PeopleSoft System Carryforward audit project for FY 2014 Fiscal Year 2012 Audits in Progress: Audit of Security Awareness Training Audit Report # 2103: Audit of Innovation and Technology (IT) Hardware Services Section (Previously named Audit of IT Desktop Services) Audit of TPASS Contract Management Audit Report #2102:Audit of Expenditure Audit's Post-Payment Audit Processes Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC) Audit of Business Continuity and Disaster Recovery Programs Audit of Cash Flow Forecasting Audit Report #1103: Audit of Fund Disbursement Processes Audit of Payments and Returns Process Audit of the JET Program In Progress - Reporting Phase Completed - Report issued September 2013 In Progress - Reporting Phase Completed - Report issued in August 2013 In Progress - Fieldwork Phase In Progress - Reporting Phase In Progress - Fieldwork Phase Completed - Report issued in February 2013 On Hold - Will review issues In Progress - Reporting Phase 2

5

6 III. List of Consulting Engagements and Non-audit Services Completed Showing High-Level Objectives, Observations/Results, Recommendations, and Implementation Status Report No. Report Date Name of Report High-Level Consulting Engagement/Non-audit Service Objective(s) N/A N/A N/A N/A N/A Observations/Results and Recommendations 4

7

8 V. Internal Audit Plan for Fiscal Year 2014 Project Title Division Area Project Hours Fiscal Year 2014 Audits Audit of Security Incident Management Ethics Review Information Security Privacy Office Innovation and Technology Agency Administration & Executive Administration Treasury Operations Innovation and Technology Information Security 810 Privacy Office All Human Resources 650 Audit of Treasury PeopleSoft System All 910 Audit of Appropriation Control Fiscal Management Fiscal Integrity Appropriation Control Audit of Audit Headquarters Tax Administration Audit - Headquarters 985 Total FY 14 Audit Hours: 4,335 Fiscal Year 2013 Audits In Progress Audit of Property Value Study Field Area Property Tax Assistance Property Value Study Field Area Audit of Event Trust Funds Fiscal Management Fiscal Integrity - Fiscal Economic Development and Analysis Analysis Statewide Fiscal Services - Expenditure Audit Economic Development and Analysis Audit of Software Licensing Innovation and Technology IR Planning, Budgeting and Contracting - IT Support Team Audit of Expenditure Audit's Post- Payment Audit Processes Audit of IT Hardware Services Section Audit of TPASS Contract Management Audit of Business Continuity and Disaster Recovery Programs Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC) Audit of Security Awareness Training Fiscal Management Fiscal Services/ Expenditure Audit Innovation and Technology IT Infrastructure/ IT Customer Service/ Hardware Services/ Desktop Services Team 85 TPASS Statewide Procurement & 255 Contract Management/ Contract Management Information Security Information Security 85 Fiscal Management Statewide Fiscal Systems/ Fiscal Systems Support Information Security Information Security 255 Audit of Cash Flow Forecasting Treasury Operations Cash Flow Forecasting Audit of Payments and Returns Process Audit of the JET Program Revenue Administration Educational Opportunities & Investments Account Maintenance Revenue Processing Revenue Accounting Educational Opportunities & Investments

9 Project Title Division Area Project Hours Fiscal Year 2013 Audits In Progress - continued Audit of Fleet Management TPASS Statewide Procurement & 60 Contracts Audit of Cash Handling and Returns Processing Tax Administration Enforcement 300 Special Projects/Management Requests: Total FY 13 Audits In Progress Hours: 4,825 Follow Ups 540 Client Assist (Internal/External) 158 FY 2013 Annual Internal Audit Report 130 FY 2015 Risk Assessment 1020 IT Steering Committee 80 Other Projects 1885 Special Projects/Management Requests Carry forward 280 Peer Review (Internal) 200 Other Management Requests 3187 Total Special Projects/Management Requests: 7,480 Total Fiscal Year 2014 Audit Hours: 4,335 Total Fiscal Year 2013 Audits In Progress Hours: 4,825 Total Special Projects/Management Requests: 7,480 Direct Audit Hours: 16,640 Indirect Hours: 8,320 Total Hours 24,960 7

10 Risk Assessment Process The results from the Enterprise Risk Management (ERM) Surveys, Privacy Surveys, TeamRisk Self-Assessments, interviews with Executive Management and division directors, and results from internal audit activities were used to conduct our annual risk assessment. Risk Factors and Weights: Risk Factor Risk Weight Control Environment 15.00% Risk and Monitoring 25.00% $ Value of Transactions 5.00% Reliance on 3rd Parties 5.00% Management Concern 10.00% Legislative Interest 10.00% Internal Control Awareness 10.00% Internal Audit Factors 5.00% Confidential Information 15.00% As a part of the annual ERM Survey process, the Information Security Office (InfoSec) designated 651 key processes which the Internal Audit Division (Division) analyzed and assessed risks on using the Division s TeamRisk and self-assessment modules of our TeamMate audit software. Coverage of High Risk Processes Overall, 60 of 651 reported processes scored as high risk. The high risk processes will receive coverage as follows: 6 processes will be covered in proposed audits 17 processes will be covered as part of a CSA 6 process are covered in currently scheduled audits 1 process will be covered as part of audits reviewing security controls 20 processes could be covered in backup audits 9 processes had previous coverage. Agency staff provided poor information in their reported self-assessments. Upon further review of these processes, we found that these processes had CSAs performed in fiscal 2012 or fiscal Staff could have used the CSA information for entry into their assigned self-assessment which would have resulted in a moderate or low risk score. 1 process will be covered in a proposed special project 8

11 VI. External Audit Services Name of External Auditor Services Provided Date of Service (Report Date) McConnell & Jones LLC Padgett Stratemann & Co., LLP Professional public accounting services - Financial audit for Texas Tomorrow Fund Professional public accounting services Financial audit for the Texas Tomorrow Fund FY 2012 Audited AFR issued on December 20, 2012 FY 2013 Audited AFR to be issued on December 20, 2013 State Auditor s Office Statewide Single Audit/CAFR Audit February 2013 MGT of America, Inc. Best practices and due diligence review of processes related to the Major Events Trust Fund Program Term: April 12, 2013 through June 30, 2013 Experis US, Inc. Overpayment Recovery Audits Term: April 2, 2012 through Deloitte & Touche LLP Professional public accounting for fiscal, technical and monitoring services for the stimulus grant program Term: October 20, 2010 through March 31, 2013 Audit Services, U.S. LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013 Verus Financial LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013 Xerox State & Local Solutions, Inc. (formerly ACS State & Local Solutions) Unclaimed Property Audit Services Term: December 16, 2010 through August 31, Audit Services, U.S. LLC (Effective ) Discovery Audit Services, LLC (Effective ) Hertz, Herson & Company, LLP (Effective ) Kelmar Associates LLC d/b/a Kelmar Unclaimed Property Services, LLC (Effective ) Treasury Services Group, LLC (Effective ) Verus Financial, LLC (Effective ) Unclaimed Property Audit Services Unclaimed Property Audit Services Unclaimed Property Audit Services Unclaimed Property Audit Services Unclaimed Property Audit Services Unclaimed Property Audit Services Term: August 28, 2013 through Term: August 30, 2013 through Term: August 30, 2013 through Term: August 28, 2013 through Term: August 30, 2013 through Term: August 30, 2013 through 9

12 Name of External Auditor Services Provided Date of Service (Report Date) Xerox State & Local Solutions, Inc. d/b/a Xerox Unclaimed Property Clearinghouse (Effective ) Independent Contract Examiners - 22 contracts: Dan A. Northern David Tran d/b/a Lone Star Sales Tax Consulting- TERMINATED Dibrell P. Dobbs d/b/a State Tax Consulting Group Jean Chan Garrett State Tax Service (Trevor Garrett) Amd No. 3 Cherise D. Collins Marina Roy Buenaventura, CPA Paul Hernandez Vernice Seriale, Jr. Brenda Maldonado Max Dwain Martino, PC Paul D. Underwood Stephanie (Clark) Jackson Terra Hillman William R. Smith Homer Max Wiesen, CPA Antonio V. Concepcion Art Koenings, Jr, CPA D. Smith Consulting (Dixie Smith) Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed) Stephen T. Broad Stites Pybus, LLC (A. Michiell Stites) Independent Contract Examiners - 3 contracts: Celia Chang State and Local Tax Group (Wayne Wharton) Willie Sullivan Unclaimed Property Audit Services Tax Compliance Examination Services Tax Compliance Examination Services Term: August 30, 2013 through Term: August 2010 through August 31, 2013 August 18, 2011 through August 31, 2013 Independent Contract Examiners 10 contracts: Delores A. Nornberg Thomas W. Gay Taygor Associates, LLC (L.C. Gordon, Jr.) Michael J. Robertson Cindy H. Coats Cynthia Alvarez Sam W. Armstrong, PC Tax Compliance Examination Services July 30, 2012 through August 31,

13 Name of External Auditor Services Provided Date of Service (Report Date) Independent Contract Examiners 10 contracts: (Continued) Texas Tax Consulting Group, LC (Frank Castro) Nedzra J. Ward Gordon Wheeler Independent Contract Examiners 26 contracts: (Effective ) Fabian Avina Stephen T. Broad Marina Roy Buenaventura Jean Chan Cherise D. Collins Antonio V. Concepcion Dibrell P. Dobbs d/b/a State Tax Consulting Group Garrett State Tax Service, Inc. (Trevor Garrett) Ramira J. Garza Paul Hernandez Terra Hillman Stephanie (Clark) Jackson d/b/a The Ann Group Art Koenings, Jr. & Nancy Wilkins Brenda Maldonado Max Dwain Martino Dan Northern Grace Rhodes Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed) Vernice Seriale, Jr. Judy Shinn d/b/a Shinn Tax Services D Smith Consulting (Dixie Smith) State Tax Group, LLC (Richard Fleming) Stites Pybus, LLC (A. Michiell Stites) Treva M. Sullivan Paul D. Underwood Homer Max Wiesen Tax Compliance Examination Services August 2013 through August 31,

14 VII. Reporting Suspected Fraud and Abuse The Comptroller of Public Accounts has taken several measures to address the potential misuse or misappropriation of state resources, including funds received under the American Recovery and Reinvestment Act. The Comptroller of Public Accounts has also taken action to implement the requirements to report suspected fraud, waste and abuse involving state resources directly to the State Auditor s Office (SAO). Actions taken to implement the requirements of: Fraud Reporting, Article IX, Sec. 7.09, General Appropriations Act (83rd Legislature, Conference Committee Report). The Window on State Government home page of the Comptroller of Public Accounts website contains a Report Fraud page ( explaining how to report fraud involving state resources to the SAO. The SAO s phone number for reporting fraud, (800) TX-AUDIT and a link to the State Auditor s Fraud website, ( are included in the information provided on the Report Fraud page. The Comptroller of Public Accounts Employee Handbook, Chapter 02: Ethics Policy, Policy Prohibiting Fraud, Waste, Theft and Abuse includes information on how to report suspected fraud involving state funds to the SAO by calling (800) TX-AUDIT or by making a report on-line ( The Comptroller of Public Accounts Employee Handbook includes a requirement that all employees take the Anti-Fraud Training on an annual basis. The Comptroller s Office Internal Audit Division website also contains fraud links and contact information to include the SAO s phone number for reporting fraud (800) TX-AUDIT, a link to the State Auditor s Fraud website ( a link to the SAO Fraud Reporting Form ( the link to the Government Accountability Office (GAO) FraudNET ( and the GAO s Toll Free and Fax: Texas Government Code, Section Coordination of Investigations The Comptroller of Public Accounts has established the Policy Prohibiting Fraud, Theft, Waste, or Abuse in Business Dealings or in any Relationship with the Comptroller s Office (Anti-Fraud Policy) ( to enforce controls and to aid in the prevention and detection of fraud, theft, waste or abuse against the agency or the State of Texas. Suspected fraud, waste, theft or abuse can be reported to the Ethics Officer, Internal Audit Division, Criminal Investigations Division or through The Network at (866) It can also be reported outside the agency to the SAO by calling (800) TX-AUDIT or by making a report online at ( ). 12