AUDIT PLAN Fiscal Year 2020 September 26, 2019 FY2020 Risk - PowerPoint PPT Presentation

AUDIT PLAN Fiscal Year 2020 September 26, 2019

FY2020 Risk Assessment ▪ Required by Texas Internal Auditing Act and professional auditing standards, including approval of audit plan by governing body (Texas Transportation Commission) ▪ Helps affirm and ensure sufficient resource focus on areas of highest risk and impact ▪ Objective, independent risk assessment focused on organizational improvement Texas Transportation Commission Meeting – September 26, 2019 2

Audit Plan Lifecycle Risk sk Asses sessm sment t Proc ocess ess Conduct objective analysis of risks based on a 12-point criteria comprised of the following categories: o ▪ Strategy, Safety, Operations, Frequency, Exposure, Technology, Regulatory, Fraud, Prior Audits, Management, Budget, and Employee Engagement Results Assess risks identified in prior audits but considered out of scope, submission of risks by Internal Audit Division staff, reviewing relevant o legislation, trends and standards, and conducting business process discussions with district and division leadership Prioritize risks above to determine potential risk themes, internal audit staffing capabilities and to inform training and recruitment plans o Developin loping Audit it Plan Identify audit resources available to determine the number of engagements that can be performed based on resources and past o performance trending (i.e., number of hours to complete an engagement) Develop draft audit objectives for higher ranking risks and required audits o Present draft audit plan to Executive Administration and Executive Director for comments and potential requests for audits o Audit it Plan Approval Chief Audit and Compliance Officer approves final draft of Audit Plan o Request and obtain formal approval of the Audit Plan from the Texas Transportation Commission o Texas Transportation Commission Meeting – September 26, 2019 3

Risk Themes FY2020 Risk Themes • Governance/Program Management External Risks/ • Information Technology Megatrends • Contracting/Third Party • Program Optimization • Climate change TxDOT Risks • Asset Management • Resource/supply chain impacts • Population growth • Technology disruption • Impacts on state highway system • Demographic shifts • Resource limitations • Rapid urbanization • Reliance on contractors/ Sources: World Economic Forum, Blackrock, PWC, EY, Deloitte, KPMG third parties • Quality assurance Texas Transportation Commission Meeting – September 26, 2019 4

FY 2020 Internal Audit Plan (Grouped by Risk Theme) Infor ormat ation ion Technolo nology gy (3) Asset Manag agement ent (2) • Data Management • Non-Contracted Bridge Inspections • Data Classification • Lease Accounting Implementation • Information Management Division (IMD) Contract Management – FY 2020 Recur urring ing (4) Contracts Implementation Public Funds Investment Act • Toll Facilities – Federal Reporting • Governanc nance and Program am Manag agement ent (4) Physical Security • • Performance Measures Tuition Assistance Program (TAP) • • Advertising Effectiveness • Unified Transportation Program: Portfolio Analysis Tool Manag ageme ement nt Action on Plan n Follow-Ups (17) • Title VI & Americans with Disabilities Act (ADA) Goal Setting and Reporting • Engagements to determine mitigation of risks previously communicated. Process Conting ingency ency (10) • Information Technology Contrac actin ing/ g/Third hird Party (3) o Network Security: Vulnerability Scanning & Penetration Testing • Professional Engineering Procurement Services (PEPS) Contractor o IT Purchasing Process Performance Monitoring o Segregation of Duties/Access Controls – Critical Applications • Service Organization Controls (SOC) 1 & 2 Compliance • Governance and Program Management • Construction Project Website Administration o Third Party Website Purchases o Human Resources Operations Program am Optimizat ization ion (4) o Vegetation Management – Contracted Operations • Reporting Integrity: Maintenance Management System (MMS) • Contracting/Third Party • Post-Implementation – Modernize Portfolio and Project Management o Legislative Budget Board (LBB) Contract Reporting • Post-Implementation – Travel and Expense Module • Program Optimization • Facilities and Asset Management System (FAMIS) Efficiency o Site Manager – Post Implementation o TxDOT Business Impact Analysis o Performance Management Texas Transportation Commission Meeting – September 26, 2019 5