CPA IA Annual Internal Audit Report

TABLE OF CONTENTS I. Compliance with House Bill 16: Posting the Internal Audit Plan, Internal

Audit Annual Report, and Other Audit Information on Internet Web Site.....1 II. Internal Audit Plan for Fiscal Year 2013 ............................................................. 2 III. Consulting Engagements and Non-audit Services Completed ........................... 4 IV. External Quality Assurance Review (Peer Review) ............................................ 5 V. Internal Audit Plan for Fiscal Year 2014 ............................................................. 6 VI. External Audit Services Procured in Fiscal Year 2013 ...................................... 9 VII. Reporting Suspected Fraud and Abuse .............................................................. 12

Comptroller of Public Accounts Annual Internal Audit Report for Fiscal Year 2013

1

I. Compliance with House Bill 16: Posting the Internal Audit Plan, Internal Audit

Annual Report, and Other Audit Information on Internet Web Site The Texas Comptroller of Public Accounts (CPA) has developed procedures to follow in order to ensure compliance with the provisions of House Bill 16. Specifically, within 30 days of approval by the Comptroller, the Internal Audit Division will provide the Data Services Division with the approved Audit Plan for the applicable fiscal year. Data Services will post the approved fiscal year Audit Plan on CPA’s Internet Web site, Window on State Government, as provided by Texas Government Code, Section 2102.008. In addition, the Annual Internal Audit Report will be provided to the Data Services Division within 30 days of its approval for posting on CPA’s Internet Web site, as required by Texas Government Code, Section 2102.009. The Internal Audit Division will update postings as needed on CPA’s Internet Web site, Window on State Government, to include detailed summaries of any weaknesses, deficiencies, wrongdoings or other concerns that may be raised by the audit plan or annual report. In addition, a summary of the action taken by CPA to address concerns, if any, that are raised by the audit plan or annual report will be posted as needed on CPA’s Internet Web site, Window on State Government. The Internal Audit Division will post these summaries based on future guidelines developed and provided by the State Auditor’s Office. In accordance with Texas Government Code, Title 5 Open Government, Ethics, Chapter 552 Public Information, Subchapter C Information Excepted From Required Disclosure, Section 552.139 which provides an exemption to government information from public disclosure if it relates to computer network security or to the design, operation or defense of a computer network, the Internal Audit Division will not release any confidential or sensitive information protected by this exemption. Any information not protected by this or another applicable exemption that is determined to be confidential in nature will be specifically designated as such in accordance with SAO guidelines.


2

II. Internal Audit Plan for Fiscal Year 2013 Project/Report Title Comments/Explanations Fiscal Year 2013 Audits:

Audit of Security Incident Management Carryforward audit project for FY 2014

Audit of Property Value Study In Progress - Planning Phase

Ethics Review Carryforward audit project for FY 2014

Audit of IT Proposals, Procurement Agreements, and Contracts

As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 Risk Assessment. No longer high risk. Limited coverage will be addressed in the Audit of Software Licensing.

Audit of Event Trust Funds In Progress - Planning Phase

Audit of Software Licensing In Progress - Planning Phase

Audit of Call Center Operations As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 risk assessment. No longer high risk.

Audit of Treasury PeopleSoft System Carryforward audit project for FY 2014

Fiscal Year 2012 Audits in Progress:

Audit of Security Awareness Training In Progress - Reporting Phase

Audit Report # 2103: Audit of Innovation and Technology (IT) Hardware Services Section (Previously named Audit of IT Desktop Services)

Completed - Report issued September 2013

Audit of TPASS Contract Management In Progress - Reporting Phase

Audit Report #2102:Audit of Expenditure Audit's Post-Payment Audit Processes

Completed - Report issued in August 2013

Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC)

In Progress - Fieldwork Phase

Audit of Business Continuity and Disaster Recovery Programs

In Progress - Reporting Phase

Audit of Cash Flow Forecasting In Progress - Fieldwork Phase

Audit Report #1103: Audit of Fund Disbursement Processes

Completed - Report issued in February 2013

Audit of Payments and Returns Process On Hold - Will review issues

Audit of the JET Program In Progress - Reporting Phase


4

III. List of Consulting Engagements and Non-audit Services Completed Showing

High-Level Objectives, Observations/Results, Recommendations, and Implementation Status

Report No. Report Date

Name of Report

High-Level Consulting Engagement/Non-audit

Service Objective(s) Observations/Results and

Recommendations

N/A N/A N/A N/A N/A


6

V. Internal Audit Plan for Fiscal Year 2014

Project Title Division Area Project Hours

Fiscal Year 2014 Audits Audit of Security Incident Management

Information Security Privacy Office Innovation and Technology

Information Security Privacy Office All

810

Ethics Review Agency Administration & Executive Administration

Human Resources 650

Audit of Treasury PeopleSoft System

Treasury Operations Innovation and Technology

All 910

Audit of Appropriation Control Fiscal Management Fiscal Integrity - Appropriation Control

980

Audit of Audit Headquarters Tax Administration Audit - Headquarters 985 Total FY 14 Audit Hours: 4,335

Fiscal Year 2013 Audits In Progress Audit of Property Value Study Field Area

Property Tax Assistance Property Value Study Field Area

830

Audit of Event Trust Funds Fiscal Management Economic Development and Analysis

Fiscal Integrity - Fiscal Analysis Statewide Fiscal Services - Expenditure Audit Economic Development and Analysis

810

Audit of Software Licensing Innovation and Technology IR Planning, Budgeting and Contracting - IT Support Team

860

Audit of Expenditure Audit's Post-Payment Audit Processes

Fiscal Management Fiscal Services/ Expenditure Audit

70

Audit of IT Hardware Services Section

Innovation and Technology IT Infrastructure/ IT Customer Service/ Hardware Services/ Desktop Services Team

85

Audit of TPASS Contract Management

TPASS Statewide Procurement & Contract Management/ Contract Management

255

Audit of Business Continuity and Disaster Recovery Programs

Information Security Information Security 85

Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC)

Fiscal Management Statewide Fiscal Systems/ Fiscal Systems Support

365

Audit of Security Awareness Training

Information Security Information Security 255

Audit of Cash Flow Forecasting Treasury Operations Cash Flow Forecasting 520

Audit of Payments and Returns Process

Revenue Administration Account Maintenance Revenue Processing Revenue Accounting

85

Audit of the JET Program Educational Opportunities & Investments

Educational Opportunities & Investments

245


7

Project Title Division Area Project Hours Fiscal Year 2013 Audits In Progress - continued Audit of Fleet Management TPASS Statewide Procurement &

Contracts 60

Audit of Cash Handling and Returns Processing

Tax Administration Enforcement 300

Total FY 13 Audits In Progress Hours: 4,825 Special Projects/Management Requests: Follow Ups

540

Client Assist (Internal/External)

158 FY 2013 Annual Internal Audit Report

130

FY 2015 Risk Assessment

1020 IT Steering Committee

80

Other Projects

1885 Special Projects/Management Requests Carry forward

280

Peer Review (Internal)

200 Other Management Requests

3187

Total Special Projects/Management Requests: 7,480

Total Fiscal Year 2014 Audit Hours: 4,335

Total Fiscal Year 2013 Audits In Progress Hours: 4,825

Total Special Projects/Management Requests: 7,480

Direct Audit Hours:

16,640

Indirect Hours:

8,320

Total Hours

24,960


8

Risk Assessment Process The results from the Enterprise Risk Management (ERM) Surveys, Privacy Surveys, TeamRisk Self-Assessments, interviews with Executive Management and division directors, and results from internal audit activities were used to conduct our annual risk assessment. Risk Factors and Weights:

Risk Factor Risk Weight

Control Environment 15.00%

Risk and Monitoring 25.00%

$ Value of Transactions 5.00%

Reliance on 3rd Parties 5.00%

Management Concern 10.00%

Legislative Interest 10.00%

Internal Control Awareness 10.00%

Internal Audit Factors 5.00%

Confidential Information 15.00%

As a part of the annual ERM Survey process, the Information Security Office (InfoSec) designated 651 key processes which the Internal Audit Division (Division) analyzed and assessed risks on using the Division’s TeamRisk and self-assessment modules of our TeamMate audit software. Coverage of High Risk Processes Overall, 60 of 651 reported processes scored as high risk. The high risk processes will receive coverage as follows:

• 6 processes will be covered in proposed audits • 17 processes will be covered as part of a CSA • 6 process are covered in currently scheduled audits • 1 process will be covered as part of audits reviewing security controls • 20 processes could be covered in backup audits • 9 processes had previous coverage. Agency staff provided poor information in their

reported self-assessments. Upon further review of these processes, we found that these processes had CSAs performed in fiscal 2012 or fiscal 2013. Staff could have used the CSA information for entry into their assigned self-assessment which would have resulted in a moderate or low risk score.

• 1 process will be covered in a proposed special project


9

VI. External Audit Services

Name of External Auditor Services Provided Date of Service (Report Date)

McConnell & Jones LLC Professional public accounting services - Financial audit for Texas Tomorrow Fund

FY 2012 Audited AFR issued on December 20, 2012

Padgett Stratemann & Co., LLP Professional public accounting services – Financial audit for the Texas Tomorrow Fund

FY 2013 Audited AFR to be issued on December 20, 2013

State Auditor’s Office Statewide Single Audit/CAFR Audit February 2013

MGT of America, Inc. Best practices and due diligence review of processes related to the Major Events Trust Fund Program

Term: April 12, 2013 through June 30, 2013

Experis US, Inc. Overpayment Recovery Audits Term: April 2, 2012 through August 31, 2014

Deloitte & Touche LLP Professional public accounting for fiscal, technical and monitoring services for the stimulus grant program

Term: October 20, 2010 through March 31, 2013

Audit Services, U.S. LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013

Verus Financial LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013

Xerox State & Local Solutions, Inc. (formerly ACS State & Local Solutions)

Unclaimed Property Audit Services Term: December 16, 2010 through August 31, 2013.

Audit Services, U.S. LLC (Effective 9-1-13)

Unclaimed Property Audit Services Term: August 28, 2013 through August 31, 2014

Discovery Audit Services, LLC

(Effective 9-1-13)


Hertz, Herson & Company, LLP

(Effective 9-1-13)


Kelmar Associates LLC d/b/a Kelmar Unclaimed Property Services, LLC

(Effective 9-1-13)


Treasury Services Group, LLC

(Effective 9-1-13)


Verus Financial, LLC

(Effective 9-1-13)



10


Xerox State & Local Solutions, Inc. d/b/a Xerox Unclaimed Property Clearinghouse

(Effective 9-1-13)


Independent Contract Examiners - 22 contracts:

Dan A. Northern David Tran d/b/a Lone Star Sales Tax Consulting- TERMINATED Dibrell P. Dobbs d/b/a State Tax Consulting Group Jean Chan Garrett State Tax Service (Trevor Garrett) – Amd No. 3 Cherise D. Collins Marina Roy Buenaventura, CPA Paul Hernandez Vernice Seriale, Jr. Brenda Maldonado Max Dwain Martino, PC Paul D. Underwood Stephanie (Clark) Jackson Terra Hillman William R. Smith Homer Max Wiesen, CPA Antonio V. Concepcion Art Koenings, Jr, CPA D. Smith Consulting (Dixie Smith) Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed) Stephen T. Broad Stites Pybus, LLC (A. Michiell Stites)

Tax Compliance Examination Services

Term: August 2010 through August 31, 2013

Independent Contract Examiners - 3 contracts: Celia Chang State and Local Tax Group (Wayne Wharton) Willie Sullivan


August 18, 2011 through August 31, 2013

Independent Contract Examiners – 10 contracts: Delores A. Nornberg Thomas W. Gay Taygor Associates, LLC (L.C. Gordon, Jr.) Michael J. Robertson Cindy H. Coats Cynthia Alvarez Sam W. Armstrong, PC


July 30, 2012 through August 31, 2013


11


Independent Contract Examiners – 10 contracts: (Continued) Texas Tax Consulting Group, LC (Frank Castro) Nedzra J. Ward Gordon Wheeler Independent Contract Examiners – 26 contracts: (Effective 9-1-2013) Fabian Avina Stephen T. Broad Marina Roy Buenaventura Jean Chan Cherise D. Collins Antonio V. Concepcion Dibrell P. Dobbs d/b/a State Tax Consulting Group Garrett State Tax Service, Inc. (Trevor Garrett) Ramira J. Garza Paul Hernandez Terra Hillman Stephanie (Clark) Jackson d/b/a The Ann Group Art Koenings, Jr. & Nancy Wilkins Brenda Maldonado Max Dwain Martino Dan Northern Grace Rhodes Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed) Vernice Seriale, Jr. Judy Shinn d/b/a Shinn Tax Services D Smith Consulting (Dixie Smith) State Tax Group, LLC (Richard Fleming) Stites Pybus, LLC (A. Michiell Stites) Treva M. Sullivan Paul D. Underwood Homer Max Wiesen


August 2013 through August 31, 2014


12

VII. Reporting Suspected Fraud and Abuse The Comptroller of Public Accounts has taken several measures to address the potential misuse or misappropriation of state resources, including funds received under the American Recovery and Reinvestment Act. The Comptroller of Public Accounts has also taken action to implement the requirements to report suspected fraud, waste and abuse involving state resources directly to the State Auditor’s Office (SAO). Actions taken to implement the requirements of: • Fraud Reporting, Article IX, Sec. 7.09, General Appropriations Act (83rd Legislature,

Conference Committee Report). The Window on State Government home page of the Comptroller of Public Accounts’ website contains a Report Fraud page (http://www.window.state.tx.us/fraud.html) explaining how to report fraud involving state resources to the SAO. The SAO’s phone number for reporting fraud, (800) TX-AUDIT and a link to the State Auditor’s Fraud website, (http://sao.fraud.state.tx.us/), are included in the information provided on the Report Fraud page. The Comptroller of Public Accounts’ Employee Handbook, Chapter 02: Ethics Policy, Policy Prohibiting Fraud, Waste, Theft and Abuse includes information on how to report suspected fraud involving state funds to the SAO by calling (800) TX-AUDIT or by making a report on-line (http://sao.fraud.state.tx.us/). The Comptroller of Public Accounts’ Employee Handbook includes a requirement that all employees take the Anti-Fraud Training on an annual basis. The Comptroller’s Office Internal Audit Division website also contains fraud links and contact information to include the SAO’s phone number for reporting fraud (800) TX-AUDIT, a link to the State Auditor’s Fraud website (http://sao.fraud.state.tx.us/), a link to the SAO Fraud Reporting Form (https://sao.fraud.state.tx.us/Hotline.aspx), the link to the Government Accountability Office (GAO) FraudNET (http://www.gao.gov/fraudnet/fraudnet.htm) and the GAO’s Toll Free 1-800-424-5454 and Fax: 202-512-3086. • Texas Government Code, Section 321.022. Coordination of Investigations The Comptroller of Public Accounts has established the Policy Prohibiting Fraud, Theft, Waste, or Abuse in Business Dealings or in any Relationship with the Comptroller’s Office (Anti-Fraud Policy) (http://www.window.state.tx.us/ssv/ethics.html) to enforce controls and to aid in the prevention and detection of fraud, theft, waste or abuse against the agency or the State of Texas. Suspected fraud, waste, theft or abuse can be reported to the Ethics Officer, Internal Audit Division, Criminal Investigations Division or through The Network at (866) 420-8369. It can also be reported outside the agency to the SAO by calling (800) TX-AUDIT or by making a report online at (http://sao.fraud.state.tx.us/ ).

Documents

CPA IA Annual Internal Audit Report