I.
Compliance with House Bill 16: Posting the Internal Audit Plan, Internal
Audit Annual Report, and Other Audit Information on Internet Web Site...1
II.
Internal Audit Plan for Fiscal Year 2013 ... 2
III.
Consulting Engagements and Non-audit Services Completed ... 4
IV.
External Quality Assurance Review (Peer Review) ... 5
V.
Internal Audit Plan for Fiscal Year 2014 ... 6
VI.
External Audit Services Procured in Fiscal Year 2013 ... 9
Comptroller of Public Accounts
Annual Internal Audit Report for Fiscal Year 2013
1
I.
Compliance with House Bill 16: Posting the Internal Audit Plan, Internal Audit
Annual Report, and Other Audit Information on Internet Web Site
The Texas Comptroller of Public Accounts (CPA) has developed procedures to follow in order to
ensure compliance with the provisions of House Bill 16. Specifically, within 30 days of approval
by the Comptroller, the Internal Audit Division will provide the Data Services Division with the
approved Audit Plan for the applicable fiscal year. Data Services will post the approved fiscal
year Audit Plan on CPA’s Internet Web site, Window on State Government, as provided by
Texas Government Code, Section 2102.008. In addition, the Annual Internal Audit Report will
be provided to the Data Services Division within 30 days of its approval for posting on CPA’s
Internet Web site, as required by Texas Government Code, Section 2102.009.
The Internal Audit Division will update postings as needed on CPA’s Internet Web site, Window
on State Government, to include detailed summaries of any weaknesses, deficiencies,
wrongdoings or other concerns that may be raised by the audit plan or annual report. In addition,
a summary of the action taken by CPA to address concerns, if any, that are raised by the audit
plan or annual report will be posted as needed on CPA’s Internet Web site, Window on State
Government. The Internal Audit Division will post these summaries based on future guidelines
developed and provided by the State Auditor’s Office.
In accordance with Texas Government Code, Title 5 Open Government, Ethics, Chapter 552
Public Information, Subchapter C Information Excepted From Required Disclosure, Section
552.139 which provides an exemption to government information from public disclosure if it
relates to computer network security or to the design, operation or defense of a computer
network, the Internal Audit Division will not release any confidential or sensitive information
protected by this exemption. Any information not protected by this or another applicable
exemption that is determined to be confidential in nature will be specifically designated as such
in accordance with SAO guidelines.
Annual Internal Audit Report for Fiscal Year 2013
2
II.
Internal Audit Plan for Fiscal Year 2013
Project/Report Title
Comments/Explanations
Fiscal Year 2013 Audits:
Audit of Security Incident Management Carryforward audit project for FY 2014
Audit of Property Value Study In Progress - Planning Phase
Ethics Review Carryforward audit project for FY 2014
Audit of IT Proposals, Procurement Agreements, and Contracts
As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 Risk Assessment. No longer high risk. Limited coverage will be addressed in the Audit of Software Licensing.
Audit of Event Trust Funds In Progress - Planning Phase
Audit of Software Licensing In Progress - Planning Phase
Audit of Call Center Operations As a result of the Control Self-Assessment, the risk level decreased in the FY 2014 risk assessment. No longer high risk.
Audit of Treasury PeopleSoft System Carryforward audit project for FY 2014
Fiscal Year 2012 Audits in Progress:
Audit of Security Awareness Training In Progress - Reporting Phase
Audit Report # 2103: Audit of Innovation and Technology (IT) Hardware Services Section (Previously named
Audit of IT Desktop Services)
Completed - Report issued September 2013
Audit of TPASS Contract Management In Progress - Reporting Phase
Audit Report #2102:Audit of Expenditure Audit's Post-Payment Audit Processes
Completed - Report issued in August 2013
Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC)
In Progress - Fieldwork Phase
Audit of Business Continuity and Disaster Recovery Programs
In Progress - Reporting Phase
Audit of Cash Flow Forecasting In Progress - Fieldwork Phase
Audit Report #1103: Audit of Fund Disbursement Processes
Completed - Report issued in February 2013
Audit of Payments and Returns Process On Hold - Will review issues
Annual Internal Audit Report for Fiscal Year 2013
4
III.
List of Consulting Engagements and Non-audit Services Completed Showing
High-Level Objectives, Observations/Results, Recommendations, and
Implementation Status
Report
No. Report Date
Name of Report High-Level Consulting Engagement/Non-audit Service Objective(s) Observations/Results and Recommendations
Annual Internal Audit Report for Fiscal Year 2013
6
V.
Internal Audit Plan for Fiscal Year 2014
Project Title Division Area Project Hours
Fiscal Year 2014 Audits Audit of Security Incident Management
Information Security Privacy Office
Innovation and Technology
Information Security Privacy Office All
810
Ethics Review Agency Administration & Executive Administration
Human Resources 650
Audit of Treasury PeopleSoft System
Treasury Operations Innovation and Technology
All 910
Audit of Appropriation Control Fiscal Management Fiscal Integrity - Appropriation Control
980
Audit of Audit Headquarters Tax Administration Audit - Headquarters 985 Total FY 14 Audit Hours: 4,335
Fiscal Year 2013 Audits In Progress Audit of Property Value Study Field Area
Property Tax Assistance Property Value Study Field Area
830
Audit of Event Trust Funds Fiscal Management
Economic Development and Analysis
Fiscal Integrity - Fiscal Analysis
Statewide Fiscal Services - Expenditure Audit
Economic Development and Analysis
810
Audit of Software Licensing Innovation and Technology IR Planning, Budgeting and Contracting - IT Support Team
860
Audit of Expenditure Audit's Post-Payment Audit Processes
Fiscal Management Fiscal Services/ Expenditure Audit
70
Audit of IT Hardware Services Section
Innovation and Technology IT Infrastructure/ IT Customer Service/ Hardware Services/ Desktop Services Team
85
Audit of TPASS Contract Management
TPASS Statewide Procurement & Contract Management/ Contract Management
255
Audit of Business Continuity and Disaster Recovery Programs
Information Security Information Security 85
Audit of Fiscal Systems Support - Software Development Life Cycle (SDLC)
Fiscal Management Statewide Fiscal Systems/ Fiscal Systems Support
365
Audit of Security Awareness Training
Information Security Information Security 255
Audit of Cash Flow Forecasting Treasury Operations Cash Flow Forecasting 520
Audit of Payments and Returns Process
Revenue Administration Account Maintenance Revenue Processing Revenue Accounting
85
Audit of the JET Program Educational Opportunities & Investments
Educational Opportunities & Investments
Comptroller of Public Accounts
Annual Internal Audit Report for Fiscal Year 2013
7
Project Title Division Area Project Hours
Fiscal Year 2013 Audits In Progress - continued
Audit of Fleet Management TPASS Statewide Procurement & Contracts
60
Audit of Cash Handling and Returns Processing
Tax Administration Enforcement 300
Total FY 13 Audits In Progress Hours: 4,825 Special Projects/Management Requests:
Follow Ups 540
Client Assist (Internal/External) 158
FY 2013 Annual Internal Audit
Report 130
FY 2015 Risk Assessment 1020
IT Steering Committee 80
Other Projects 1885
Special Projects/Management Requests Carry forward 280
Peer Review (Internal) 200
Other Management Requests 3187
Total Special Projects/Management Requests: 7,480
Total Fiscal Year 2014 Audit Hours: 4,335 Total Fiscal Year 2013 Audits In Progress Hours: 4,825 Total Special Projects/Management Requests: 7,480
Direct Audit Hours: 16,640
Indirect Hours: 8,320
Annual Internal Audit Report for Fiscal Year 2013
8
Risk Assessment Process
The results from the Enterprise Risk Management (ERM) Surveys, Privacy Surveys, TeamRisk
Self-Assessments, interviews with Executive Management and division directors, and results from
internal audit activities were used to conduct our annual risk assessment.
Risk Factors and Weights:
Risk Factor Risk Weight
Control Environment 15.00%
Risk and Monitoring 25.00%
$ Value of Transactions 5.00%
Reliance on 3rd Parties 5.00%
Management Concern 10.00%
Legislative Interest 10.00%
Internal Control Awareness 10.00%
Internal Audit Factors 5.00%
Confidential Information 15.00%
As a part of the annual ERM Survey process, the Information Security Office (InfoSec) designated
651 key processes which the Internal Audit Division (Division) analyzed and assessed risks on
using the Division’s TeamRisk and self-assessment modules of our TeamMate audit software.
Coverage of High Risk Processes
Overall, 60 of 651 reported processes scored as high risk. The high risk processes will receive
coverage as follows:
•
6 processes will be covered in proposed audits
•
17 processes will be covered as part of a CSA
•
6 process are covered in currently scheduled audits
•
1 process will be covered as part of audits reviewing security controls
•
20 processes could be covered in backup audits
•
9 processes had previous coverage. Agency staff provided poor information in their
reported self-assessments. Upon further review of these processes, we found that these
processes had CSAs performed in fiscal 2012 or fiscal 2013. Staff could have used the
CSA
information for entry into their assigned self-assessment which would have resulted in a
moderate or low risk score.
Comptroller of Public Accounts
Annual Internal Audit Report for Fiscal Year 2013
9
VI.
External Audit Services
Name of External Auditor Services Provided Date of Service (Report Date) McConnell & Jones LLC Professional public accounting
services - Financial audit for Texas Tomorrow Fund
FY 2012 Audited AFR issued on December 20, 2012
Padgett Stratemann & Co., LLP Professional public accounting services – Financial audit for the Texas Tomorrow Fund
FY 2013 Audited AFR to be issued on December 20, 2013
State Auditor’s Office Statewide Single Audit/CAFR Audit February 2013
MGT of America, Inc. Best practices and due diligence review of processes related to the Major Events Trust Fund Program
Term: April 12, 2013 through June 30, 2013
Experis US, Inc. Overpayment Recovery Audits Term: April 2, 2012 through August 31, 2014
Deloitte & Touche LLP Professional public accounting for fiscal, technical and monitoring services for the stimulus grant program
Term: October 20, 2010 through March 31, 2013
Audit Services, U.S. LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013
Verus Financial LLC Unclaimed Property Audit Services Term: November 9, 2010 through August 31, 2013
Xerox State & Local Solutions, Inc. (formerly ACS State & Local Solutions)
Unclaimed Property Audit Services Term: December 16, 2010 through August 31, 2013.
Audit Services, U.S. LLC (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 28, 2013 through August 31, 2014
Discovery Audit Services, LLC (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Hertz, Herson & Company, LLP (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Kelmar Associates LLC d/b/a Kelmar Unclaimed Property Services, LLC (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 28, 2013 through August 31, 2014
Treasury Services Group, LLC (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Verus Financial, LLC (Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Annual Internal Audit Report for Fiscal Year 2013
10
Name of External Auditor Services Provided Date of Service (Report Date) Xerox State & Local Solutions, Inc. d/b/aXerox Unclaimed Property Clearinghouse
(Effective 9-1-13)
Unclaimed Property Audit Services Term: August 30, 2013 through August 31, 2014
Independent Contract Examiners - 22 contracts:
Dan A. Northern
David Tran d/b/a Lone Star Sales Tax Consulting- TERMINATED
Dibrell P. Dobbs d/b/a State Tax Consulting Group
Jean Chan
Garrett State Tax Service (Trevor Garrett) – Amd No. 3
Cherise D. Collins
Marina Roy Buenaventura, CPA Paul Hernandez
Vernice Seriale, Jr. Brenda Maldonado Max Dwain Martino, PC Paul D. Underwood Stephanie (Clark) Jackson Terra Hillman
William R. Smith
Homer Max Wiesen, CPA Antonio V. Concepcion Art Koenings, Jr, CPA
D. Smith Consulting (Dixie Smith) Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed)
Stephen T. Broad
Stites Pybus, LLC (A. Michiell Stites)
Tax Compliance Examination Services
Term: August 2010 through August 31, 2013
Independent Contract Examiners - 3 contracts:
Celia Chang
State and Local Tax Group (Wayne Wharton)
Willie Sullivan
Tax Compliance Examination Services
August 18, 2011 through August 31, 2013
Independent Contract Examiners – 10 contracts:
Delores A. Nornberg Thomas W. Gay
Taygor Associates, LLC (L.C. Gordon, Jr.) Michael J. Robertson
Cindy H. Coats Cynthia Alvarez Sam W. Armstrong, PC
Tax Compliance Examination Services
July 30, 2012 through August 31, 2013
Comptroller of Public Accounts
Annual Internal Audit Report for Fiscal Year 2013
11
Name of External Auditor Services Provided Date of Service (Report Date) Independent Contract Examiners – 10contracts: (Continued)
Texas Tax Consulting Group, LC (Frank Castro)
Nedzra J. Ward Gordon Wheeler
Independent Contract Examiners – 26 contracts: (Effective 9-1-2013)
Fabian Avina Stephen T. Broad
Marina Roy Buenaventura Jean Chan
Cherise D. Collins Antonio V. Concepcion
Dibrell P. Dobbs d/b/a State Tax Consulting Group
Garrett State Tax Service, Inc. (Trevor Garrett)
Ramira J. Garza Paul Hernandez Terra Hillman
Stephanie (Clark) Jackson d/b/a The Ann Group
Art Koenings, Jr. & Nancy Wilkins Brenda Maldonado
Max Dwain Martino Dan Northern Grace Rhodes
Ruzicka-Reed Partnership (Dale Ruzicka & Cindy Reed)
Vernice Seriale, Jr.
Judy Shinn d/b/a Shinn Tax Services D Smith Consulting (Dixie Smith) State Tax Group, LLC (Richard Fleming) Stites Pybus, LLC (A. Michiell Stites) Treva M. Sullivan
Paul D. Underwood Homer Max Wiesen
Tax Compliance Examination Services
August 2013 through August 31, 2014