AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk - - PowerPoint PPT Presentation

audit plan
SMART_READER_LITE
LIVE PREVIEW

AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk - - PowerPoint PPT Presentation

Mar 19, 2023 97 likes •157 views

AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk Assessment Required by Texas Internal Auditing Act and professional auditing standards, including approval of audit plan by governing body (Texas Transportation Commission)

slide-1
SLIDE 1

AUDIT PLAN

Fiscal Year 2020

September 26, 2019

slide-2
SLIDE 2

Texas Transportation Commission Meeting – September 26, 2019

FY2020 Risk Assessment

2

▪ Required by Texas Internal Auditing Act and professional auditing standards, including approval of audit plan by governing body (Texas Transportation Commission) ▪ Helps affirm and ensure sufficient resource focus on areas of highest risk and impact ▪ Objective, independent risk assessment focused on organizational improvement

slide-3
SLIDE 3

Texas Transportation Commission Meeting – September 26, 2019

Audit Plan Lifecycle

Risk sk Asses sessm sment t Proc

  • cess

ess

  • Conduct objective analysis of risks based on a 12-point criteria comprised of the following categories:

▪ Strategy, Safety, Operations, Frequency, Exposure, Technology, Regulatory, Fraud, Prior Audits, Management, Budget, and Employee Engagement Results

  • Assess risks identified in prior audits but considered out of scope, submission of risks by Internal Audit Division staff, reviewing relevant

legislation, trends and standards, and conducting business process discussions with district and division leadership

  • Prioritize risks above to determine potential risk themes, internal audit staffing capabilities and to inform training and recruitment plans

Developin loping Audit it Plan

  • Identify audit resources available to determine the number of engagements that can be performed based on resources and past

performance trending (i.e., number of hours to complete an engagement)

  • Develop draft audit objectives for higher ranking risks and required audits
  • Present draft audit plan to Executive Administration and Executive Director for comments and potential requests for audits

Audit it Plan Approval

  • Chief Audit and Compliance Officer approves final draft of Audit Plan
  • Request and obtain formal approval of the Audit Plan from the Texas Transportation Commission

3

slide-4
SLIDE 4

Texas Transportation Commission Meeting – September 26, 2019

Risk Themes TxDOT Risks

  • Population growth
  • Impacts on state

highway system

  • Resource limitations
  • Reliance on contractors/

third parties

  • Quality assurance

External Risks/ Megatrends

  • Climate change
  • Resource/supply chain

impacts

  • Technology disruption
  • Demographic shifts
  • Rapid urbanization

FY2020 Risk Themes

  • Governance/Program

Management

  • Information Technology
  • Contracting/Third Party
  • Program Optimization
  • Asset Management

4

Sources: World Economic Forum, Blackrock, PWC, EY, Deloitte, KPMG

slide-5
SLIDE 5

Texas Transportation Commission Meeting – September 26, 2019

FY 2020 Internal Audit Plan (Grouped by Risk Theme)

5

Infor

  • rmat

ation ion Technolo nology gy (3)

  • Data Management
  • Data Classification
  • Information Management Division (IMD) Contract Management – FY 2020

Contracts Implementation Governanc nance and Program am Manag agement ent (4)

  • Performance Measures
  • Advertising Effectiveness
  • Unified Transportation Program: Portfolio Analysis Tool
  • Title VI & Americans with Disabilities Act (ADA) Goal Setting and Reporting

Process Contrac actin ing/ g/Third hird Party (3)

  • Professional Engineering Procurement Services (PEPS) Contractor

Performance Monitoring

  • Service Organization Controls (SOC) 1 & 2 Compliance
  • Construction Project Website Administration

Recur urring ing (4)

  • Public Funds Investment Act
  • Toll Facilities – Federal Reporting
  • Physical Security
  • Tuition Assistance Program (TAP)

Manag ageme ement nt Action

  • n Plan

n Follow-Ups (17)

  • Engagements to determine mitigation of risks previously communicated.

Conting ingency ency (10)

  • Information Technology
  • Network Security: Vulnerability Scanning & Penetration Testing
  • IT Purchasing Process
  • Segregation of Duties/Access Controls – Critical Applications
  • Governance and Program Management
  • Third Party Website Purchases
  • Human Resources Operations
  • Vegetation Management – Contracted Operations
  • Contracting/Third Party
  • Legislative Budget Board (LBB) Contract Reporting
  • Program Optimization
  • Site Manager – Post Implementation
  • TxDOT Business Impact Analysis
  • Performance Management

Program am Optimizat ization ion (4)

  • Reporting Integrity: Maintenance Management System (MMS)
  • Post-Implementation – Modernize Portfolio and Project Management
  • Post-Implementation – Travel and Expense Module
  • Facilities and Asset Management System (FAMIS) Efficiency

Asset Manag agement ent (2)

  • Non-Contracted Bridge Inspections
  • Lease Accounting Implementation