Risk Assessment and Updating Audit Plan Contents Process and - - PowerPoint PPT Presentation

CITY OF MINNEAPOLIS

Risk Assessment and Updating Audit Plan

Contents

• Process and results
• Impact of pandemic on assessment
• Proposed Covid-19 Approach
• Proposed Audit Plan Modifications

2

Purpose

• Cannot entirely avoid risk, events which may impair

an organization in achieving objectives

• Assessment helps identify, quantify, and rank risk
• Drives an audit plan, future engagements

3

Recall February Update

• Completed City leadership risk assessment survey
• Project prioritization in progress
• Proposed audit plan, updated to reflect current

enterprise risks and strategic priorities, to be presented to Audit Committee April 27, 2020.

4

Covid-19 Impact

• Leadership responses to completely different

circumstances

• Rapidly changing and complex environment
• Existing identified risks amplified

5

Survey Results

• Resources/Staffing
• “not enough “FTEs”
• “inadequate staffing”
• “staffing shortages”
• “resources (people)”
• “Turnover”
• “the right staff”
• “Staffing below industry standards”
• “staff constraints”
• “Limited staff/financial resources”

6

Survey Results - Top 3

• IT Systems:
• “Lack of funding for IT tools/technologies/training”
• “Systems-related security and access risks”
• “Trouble accessing needed information”
• “Risks of downtime due to old equipment, outside

hacking, or software changes”

• “Secure and appropriate information systems”
• “Loss of IT communications”

7

Survey Results - Top 3

• Inadequate policy/procedures:
• “Best practices aren’t available”
• “Inefficient workflow leads to delays”
• “potential for severe non-compliance”
• “lack of oversight over [assets]”
• “lack of internal controls”

8

Covid-19 Impacts

• Impact to identified risks
• Staffing/Budget allocations
• Data governance/IT impacts
• Inadequate/insufficient policy and procedures
• New, unanticipated risks abound
• Some departments face more significant impacts

9

Audit P Plan an

10 2020 Q2 Affordable Housing Audit Review the City's progress with affordable housing strategic planning, quantifiable goals, implementation, and monitoring for compliance to identify risks to the achievement of outcomes of multiple affordable housing

• programs. -Phase I

2020 Q2 MPD Equity in Post-Hire to Separation Processes Data Analysis - Phase II Consult Collaborate with IT Analytics, MPD, Office of Police Conduct Review, and Human Resources to analyze equity in MPD post-hire to separation processes and identify areas for improvement if applicable 2020 Q1 IT Governance and Cybersecurity Risk Management Audit Audit Assess the maturity and readiness of the City's IT Governance and cybersecurity risk management programs. 2020 Q2 Revenue and Collections Audit Review design and effectiveness of controls around City revenue and collections processes 2020 Q2 Water Network Integration Consultation Consult Secure Integration: Review the configuration of the planned network connection between City and Water IT to help ensure that the Water SCADA systems are secured from external internet threats 2020 Q2 Security Incident Event Monitoring (SIEM) Review Consult Review the configuration of the Splunk SIEM and associated governance to remediate identified security threats. 2020 Q3 Geographic Information System (GIS) Governance and IT General Controls Audit Review governance and effectiveness of IT general controls in the City's use

• f GIS systems

2020 Q4 Park Board Patron Safety

• Aquatics

Audit Review whether Park Board Aquatics safety and maintenance practices align with policies and program goals

Covid-19 Audit Approach

• 1. Criteria/KPI/Best Practices Research – In Progress
• 2. Documenting and evaluating key control

processes

• 3. Department continuity planning
• Rapidly changing financial environment

11

Covid-19 Audit Approach

• 4. Target sectors with high risk of fraud, waste,

abuse

• 5. Single audit requirements related to Covid-19

funding

• 6. Continuity of Operations Analysis

12

Recommendations

• Work to understand and remediate resource

constraints

• Modify audit plan while addressing prior identified

issues, current projects

• Open Q2 2020 to proceed with Covid-19 approach
• Split audits/consultations to address most relevant

areas

13

Prop

• pos
• sed 2

2020 A 20 Audit Plan

14 2020 Q2/Q3 Contract Amendments Review - Phase II - Construction Contracts Audit Review City and Park Board construction contract change order and amendment processes and related controls to ensure key controls are adequately designed and

• perating effectively to sufficiently mitigate operational, financial, compliance and

fraud risks. 2020 Q2 MPRB grant administration process Audit Review the Park Board grant administration processes and related controls to ensure compliance and fraud risks are sufficiently mitigated. 2020 Q2 Covid-19 Related Consultation Projects - Phase I Special Project Collaborating with ALGA to identify key risks and knowledge bank. Use to inform work with departments to identify, document, and strengthen key control processes. 2020 Q2/Q3 Covid-19 Related Consultation Projects - Phase II Special Project Reviewing department strategies to cope with budget, staffing constraints and efficiency measures. 2020 Q3 Data Governance Consult Assess the maturity and readiness of the City's IT Governance and cybersecurity risk management programs. 2020 Q3 Revenue and Collections Audit Review design and effectiveness of controls around City revenue and collections processes 2020 Q4 Covid-19 Related Consultation Projects - Phase III Special Project Reviewing compliance with Continuity of Operations during Covid-19 pandemic response 2020 Q4 IT Cybersecurity Risk Management Audit Audit Assess the maturity and readiness of the City's IT cybersecurity risk management programs. 2020 Q4 Affordable Housing Audit Review the City's progress with affordable housing strategic planning, quantifiable goals, implementation, and monitoring for compliance to identify risks to the achievement of outcomes of multiple affordable housing programs. -Phase I 2020 Q4 MPD Equity in Post- Hire to Separation Processes Data Analysis - Phase II Consult Collaborate with IT Analytics, MPD, Office of Police Conduct Review, and Human Resources to analyze equity in MPD post-hire to separation processes and identify areas for improvement if applicable

Prop

• pos
• sed 2

2021 A 21 Audit Plan

15 2021 Security Incident Event Monitoring (SIEM) Review Consult Review the configuration of the Splunk SIEM and associated governance to remediate identified security threats. 2021 Water Network Integration Consultation Consult Secure Integration: Review the configuration of the network connection between City and Water IT to help ensure that the Water SCADA systems are secured from external internet threats 2021 Geographic Information System (GIS) Governance and IT General Controls Audit Review governance and effectiveness of IT general controls in the City's use

• f GIS systems

2021 Water Network Integration Consultation Consult Secure Integration: Review the configuration of the network connection between City and Water IT to help ensure that the Water SCADA systems are secured from external internet threats 2021 Park Board Patron Safety - Aquatics Audit Review whether Park Board Aquatics safety and maintenance practices align with policies and program goals