Internal Audit Report. Right of Way Acquisition TxDOT Office of Internal Audit



Similar documents
Internal Audit Report. Highway Condition Reporting TxDOT Office of Internal Audit

Internal Audit Report. Receivables Management Statement of Cost TxDOT Office of Internal Audit

Internal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit

TxDOT Internal Audit Report Disaster Recovery - IT

Internal Audit Follow-Up Report. Equipment Maintenance and Repair. TxDOT Office of Internal Audit. Jan J

SCDA and SCDA Member Benefits Group

TxDOT Internal Audit Report Equipment Maintenance and Repair

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

October 2007 Report No An Audit Report on The Medical Transportation Program at the Texas Department of Transportation

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

REAL ESTATE ACQUISITION

Audit of IT Asset Management Report

REPORT 2014/078 INTERNAL AUDIT DIVISION

June 2008 Report No An Audit Report on The Texas Education Agency s Oversight of Alternative Teacher Certification Programs

Information Technology Internal Audit Report

Student Assessment Administrative Review Phase 1

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

ACCOUNTING AND FINANCIAL REPORTING REGULATION MANUAL

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

STANDARD ADMINISTRATIVE PROCEDURE

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

Protecting Electronic Data and Trade Secrets

FINAL May Guideline on Security Systems for Safeguarding Customer Information

September 28, Audit s Role in Governance, Risk Management and Internal Control

OVERALL RATING: PARTIALLY SATISFACTORY

MEMORANDUM INTERNAL CONTROL REQUIREMENTS FOR NON-PROFITS

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

Management and Set up for Cash and Credit Card Handling Procedures

AUDIT REPORT. Audit of the UNOG contracts for furniture supplies FINAL OVERALL RATING: PARTIALLY SATISFACTORY

SAMPLE FINANCIAL PROCEDURES MANUAL

HIPAA Auditing Tool. Department: Site Location: Visit Date:

Information Technology Internal Audit Report

Division of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014

Internal Audit. Audit of the Inventory Control Framework

A Risk-Based Audit Strategy November 2006 Internal Audit Department

Master Document Audit Program

Audit of the Test of Design of Entity-Level Controls

Ford & Thomas Insurance Agency

Contracts Management Software as a Tool for SOX Compliance

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

UCLA Policy 360: Internal Control Guidelines for Campus Departments

What is a definition of risk?

YEARENDED31DECEMBER2013 RISKMANAGEMENTDISCLOSURES

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Health Insurance Portability and Accountability Act (HIPAA) Compliance Audit Final Report

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

SANTA ANA UNIFIED SCHOOL DISTRICT LEAD INTERNAL AUDITOR

Anti-Money Laundering and Counter- Terrorism Financial Policy

Risk Management of Outsourced Technology Services. November 28, 2000

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

HIPAA Compliance: Are you prepared for the new regulatory changes?

Appendix D Components and Competencies for School Business and Support Services

Revenue Audits Article by Eamon Staunton, MBA AITI, CPA, Examiner - Formation 2 Taxation

DSU Identity Theft Prevention Policy No. DSU

REPORT 2016/035 INTERNAL AUDIT DIVISION

SECURITY RISK ASSESSMENT SUMMARY

Table of Contents: Chapter 2 Internal Control

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS

MISSION STATEMENT OBJECTIVES IN ACCOMPLISHING OUR MISSION

MONROE COUNTY WATER AUTHORITY IDENTITY THEFT PREVENTION POLICY REVISED MARCH 2014

Follow-up Audit Vital Registry and Health Statistics Program

Nassau County Office of the Comptroller

The following paragraphs, identified to coincide with the OHSAS 18001:2007 numbering system, provide a clause-by-clause summary of the standard.

LOCAL GOVERNMENT MANAGEMENT ASSESSMENT OVERVIEW AND QUESTIONNAIRE

USES AND DISCLOSURES OF HEALTH INFORMATION

Achieve. Performance objectives

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Transcription:

Internal Audit Report Right of Way Acquisition TxDOT Office of Internal Audit

Objective Evaluate the right of way acquisition process for efficiency and compliance. Opinion Based on the audit scope areas reviewed, control mechanisms are effective and substantially address risk factors and exposures considered significant relative to impacting operational execution and compliance. The organization's system of internal controls provides reasonable assurance that key goals and objectives will be achieved despite control gap corrections and improvement opportunities identified. Control gap corrections and improvement opportunities identified have the potential to negatively impact the achievement of the organization's business/control objectives. Overall Engagement Assessment Satisfactory Finding 1 Title Management and Security of Appraisal and Negotiation Records Findings Control Design Operating Effectiveness Rating x x Needs Improvement Management concurs with the above finding and prepared a management action plan to address the deficiencies. Control Environment Overall, there is a positive tone in the right of way environment, as demonstrated through attention and focus on addressing potential issues regarding right of way acquisition. In addition, ROW management exhibited a zero tolerance risk appetite for non-compliance and expressed interest in the benefits of an audit of their operations. Summary Results Finding Scope Area Evidence 1 Appraisal & Negotiation Appraisal and negotiation records are maintained in multiple locations (Right of Way Division headquarters, district offices, and other offices) and geographic areas (North, South, East and West). Records for 54 parcels sampled in 5 areas were located at 19 different locations (parcels represented projects from 11 districts). Records were also found to be unsecured at 3 of 5 sites visited. The team visited the Right of Way Division headquarters and geographic areas in the North (Dallas), South (Austin), East (Houston) and West (Lubbock). March 19, 2014 2

Audit Scope The audit was performed by Dennis Frazier, Anuradha Masand, Yania Munro, Augustine Nwoko, and Raymond Martinez (Engagement Lead). The audit was conducted during the period from September 25 to November 26, 2013. This audit focused on the appraisal and negotiation functions and records for right of way acquired by the Right of Way (ROW) Division. Methodology The methodology used to complete the objectives of this audit for the appraisal and negotiation scope areas included: Selected a sample of 54 out of 674 right of way parcels acquired by the ROW Division in Fiscal Year 2013. The sample provided coverage from all four geographic areas (North, South, East and West) including at least two districts in each geographic area. The team visited the Right of Way Division offices and four district offices (Dallas, Austin, Houston and Lubbock) where the files were located or delivered. Reviewed the relevant appraisal records for the sampled parcels to determine if the parcels were acquired in accordance with select appraisal requirements. This included the verification of the following: o a written appraisal report o appraisal report was prepared before negotiations o appraiser was properly certified o appraisal was properly reviewed and approved by different individuals o records were properly safeguarded Reviewed the relevant negotiation records to determine if the parcels were acquired in accordance with select negotiation requirements. This included the verification of the following: o supporting evidence that a copy of Landowner s Bill of Rights was provided o a written offer o offer letter was delivered by certified mail o supporting evidence that there was a reasonable effort to negotiate o title information was reviewed and title insurance was obtained o final offer wasn t less than appraised value or excessively more than appraised value o counter offer was properly approved o records were properly safeguarded Verified the appraisal and negotiation processes in each of the five sites visited and evaluated the timelines for key milestone dates to determine if the efficiency of the processes can be improved. Also determined if 2 key appraisal dates and 2 key negotiation dates (discussed in Observation (a)) in the files matched the dates in Right of Way Information System (ROWIS). Interviewed management and staff involved with the appraisal and negotiation functions in each geographic area to get the necessary information to complete the audit work. March 19, 2014 3

Background This report is prepared for the Texas Transportation Commission, TxDOT Administration and Management. The report presents the results of the Right of Way Acquisition Audit which was conducted as part of the Fiscal Year 2014 Audit Plan. Right of way acquisition is the purchasing of parcels of property from private individuals, businesses or city/county/state entities for public purposes. It can include the appraisal of property, negotiation of payment based on just compensation, relocation services, administrative settlement (e.g. when an offer isn t accepted), and condemnation/eminent domain (e.g. when a settlement can t be reached). The ROW Division is responsible for acquiring the needed right of way in accordance with the legal requirements and in a timely manner so the department can let transportation projects. The ROW Division was recently centralized to include headquarters staff in Austin, project delivery staff throughout the four geographic areas of the state, and all the records that support right of way acquisition. We conducted this performance audit in accordance with Generally Accepted Government Auditing Standards and in conformance with the International Standards for the Professional Practice of Internal Auditing. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. Recommendations to mitigate risks identified were provided to management during the engagement to assist in the formulation of the management action plans included in this report. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. The Office of Internal Audit transitioned to Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Integrated Framework version 2013 in December 2013. A defined set of control objectives was utilized to focus on the operational and compliance goals for the identified scope areas. Our audit opinion is an assessment of the health of the overall control environment based on (1) the effectiveness of the enterprise risk management activities throughout the audit period and (2) the degree to which the defined control objectives were being met. Our audit opinion is not a guarantee against operational sub-optimization or non-compliance, particularly in areas not included in the scope of this audit. March 19, 2014 4

Detailed Findings and Management Action Plans (MAP) Finding No. 1: Management and Security of Appraisal and Negotiation Records Condition Appraisal and negotiation records are maintained in multiple locations (e.g. Right of Way Division headquarters, district offices, and other offices) and by geographic areas (North, South, East and West). Additionally, records were found unsecured at 3 of 5 sites visited where offices or file cabinets were not consistently locked or adequately controlled. These records included non-public, private information. Effect/Potential Impact Maintaining these records at multiple locations makes them more difficult to retrieve and safeguard. This condition also increases the complexity of ensuring that required documents, reviews, and approvals are retained and increases the potential for inconsistent or multiple versions of a document. Not securing the records that contain non-public, private information increases the likelihood of information breach, identity theft and a negative impact to the department s reputation. Criteria & Cause Having one file of record is a best practice for effectively and efficiently documenting and managing right of way acquisition records. The Right of Way Appraisal and Review Manual (Chapter 2, Section 7) states that appraisal reports must be confidential and may only be disclosed after all parcels on a project have been acquired. The records were maintained at multiple locations due to the following reasons identified: Right of Way (R/W) managers/supervisors throughout the state need certain records for reviews, approvals, and payments agents throughout the state need certain records to support the appraisal and negotiation activities the work is sometimes spread out to various agents in a geographic area in order to meet the demands of the area the records involve hard copy documents and there is no central repository The records were found unsecured due to the following reasons identified: limited policies and procedures on protecting private or confidential information inconsistent practices reliance on a locked or badge controlled building(s) Evidence The 54 sampled parcels of right of way for the four geographic areas tested were maintained in hard copy documents at 19 different locations throughout the state: 26 parcels; projects from 2 districts in the North were maintained at 7 offices 9 parcels; projects from 3 districts in the South were maintained at 4 offices 9 parcels; projects from 3 districts in the East were maintained at 4 offices 10 parcels; projects from 3 districts in the West were maintained at 4 offices March 19, 2014 5

Additionally, the right of way hard copy files were found unsecured at the following three sites: Austin Division Headquarters one entrance to the office where the right of way files were kept was not locked or controlled by badge access North geographic area the file cabinets with right of way files did not have locks at one location East geographic area the file cabinets and office where right of way files were kept was not locked at one location Management Action Plan (MAP): MAP Owner: Hilda Correa, Director of R/W Asset Management MAP 1.1: The Right of Way Division serves as the office of record for all real property transactions. This includes right of way documents for the four R/W Project Delivery geographical areas of responsibility located in 25 district offices statewide. 1. Access controls, Right of Way Division (RA 118) In Process The ROW Division Headquarters is served by two entrances. The division has coordinated with TxDOT Security Operations Supervisor to ensure that all entrances to ROW division are secured. Short-term goals December 1, 2013 - Physical security was increased for the main entrance to ROW Division Headquarters (west entrance), utilized by external customers and TxDOT Division personnel. A ROW division customer service representative for the Document Information Exchange Center (DIEC) is required to be present during normal business hours. The customer service representative will: o Monitor to ensure visitor sign in at the front desk o Enforce visitor escort into and out of the ROW division December 1, 2013- Assign a designated employee(s) as security officer(s) to review and improve security of physical facility and files. December 1, 2013- Enforce Division policies that consist of escorting non- TxDOT visitors within the division by division employees. 2. Internal Asset Management and File Control Long-term goal The ROW Division is furthering efforts to secure documentation by implementing statewide use of the department s Electronic Document Management System (EDMS). Update, publish, and enforce standard operating procedures (SOPs) for access to right of way files. March 19, 2014 6

3. External Right of Way Project Delivery In-Process Conduct site visits to review and assess security measures for R/W assets and records management at the distributed R/W Project Delivery office locations. Perform annual physical security reviews of R/W Project Delivery sites. Mid-term goal Develop policies and procedures for safeguarding right of way assets, files, and documents Communicate and disseminate policies through standard operating procedures (SOPs) to R/W Project Delivery workforce. Completion Date: May 15, 2014 March 19, 2014 7

Observations and Recommendations Audit Observation (a): Right of Way Information System (ROWIS) Information As part of the review of key dates in ROWIS for appraisal and negotiation milestones, some dates were not recorded in ROWIS and some dates did not match dates in files. In addition, for appraisal milestones, some date stamps were not located in the files. Effect/Potential Impact Two key appraisal dates and two key negotiation dates were selected from a sample of 14 parcels from the four geographic areas. The dates were not recorded in ROWIS in 20 of 56 (36%) instances and the dates in ROWIS did not match the dates in the files in 12 of 56 (21%) instances. Attributes Receipt Date Appraisal Dates Approval Date Total Date of Initial Offer Negotiation Dates Date of Acceptance Total Date not in ROWIS 0 11 11 of 28 6 3 9 of 28 Date did not match file 4 1 5 of 28 3 4 7 of 28 In addition, the auditors checked for the date stamp on appraisal report in the file for a sample of 54 parcels from the four geographic areas and found that 35 of 54 (65%) parcels did not have a date stamp on appraisal report. The date stamp helps ensure that appraisal services are paid in timely manner and was used to assess efficiency. Audit Recommendation The Right of Way Division should determine whether incomplete or inaccurate dates in ROWIS are negatively impacting users of ROWIS. March 19, 2014 8

Summary Results Based on Enterprise Risk Management Framework Closing Comments The results of this audit were discussed with the Right of Way Division Director and staff. We appreciate the assistance and cooperation received from the Right of Way Division management and staff contacted during this audit. We would also like to thank the employees who gathered and delivered the right of way project files for our review. March 19, 2014 9