CITY OF MINNEAPOLIS Risk Assessment and Updating Audit Plan
Contents • Process and results • Impact of pandemic on assessment • Proposed Covid-19 Approach • Proposed Audit Plan Modifications 2
Purpose • Cannot entirely avoid risk, events which may impair an organization in achieving objectives • Assessment helps identify, quantify, and rank risk • Drives an audit plan, future engagements 3
Recall February Update • Completed City leadership risk assessment survey • Project prioritization in progress • Proposed audit plan, updated to reflect current enterprise risks and strategic priorities, to be presented to Audit Committee April 27, 2020. 4
Covid-19 Impact • Leadership responses to completely different circumstances • Rapidly changing and complex environment • Existing identified risks amplified 5
Survey Results • Resources/Staffing • “not enough “FTEs” • “inadequate staffing” • “staffing shortages” • “resources (people)” • “Turnover” • “the right staff” • “Staffing below industry standards” • “staff constraints” • “Limited staff/financial resources” 6
Survey Results - Top 3 • IT Systems: • “Lack of funding for IT tools/technologies/training” • “Systems-related security and access risks” • “Trouble accessing needed information” • “Risks of downtime due to old equipment, outside hacking, or software changes” • “Secure and appropriate information systems” • “Loss of IT communications” 7
Survey Results - Top 3 • Inadequate policy/procedures: • “Best practices aren’t available” • “Inefficient workflow leads to delays” • “potential for severe non-compliance” • “lack of oversight over [assets]” • “lack of internal controls” 8
Covid-19 Impacts • Impact to identified risks • Staffing/Budget allocations • Data governance/IT impacts • Inadequate/insufficient policy and procedures • New, unanticipated risks abound • Some departments face more significant impacts 9
Audit P Plan an 2020 Q2 Affordable Housing Audit Review the City's progress with affordable housing strategic planning, quantifiable goals, implementation, and monitoring for compliance to identify risks to the achievement of outcomes of multiple affordable housing programs. -Phase I 2020 Q2 MPD Equity in Post-Hire Consult Collaborate with IT Analytics, MPD, Office of Police Conduct Review, and to Separation Processes Human Resources to analyze equity in MPD post-hire to separation processes Data Analysis - Phase II and identify areas for improvement if applicable 2020 Q1 IT Governance and Audit Assess the maturity and readiness of the City's IT Governance and Cybersecurity Risk cybersecurity risk management programs. Management Audit 2020 Q2 Revenue and Collections Audit Review design and effectiveness of controls around City revenue and collections processes 2020 Q2 Water Network Consult Secure Integration: Review the configuration of the planned network Integration Consultation connection between City and Water IT to help ensure that the Water SCADA systems are secured from external internet threats 2020 Q2 Security Incident Event Consult Review the configuration of the Splunk SIEM and associated governance to Monitoring (SIEM) remediate identified security threats. Review 2020 Q3 Geographic Information Audit Review governance and effectiveness of IT general controls in the City's use System (GIS) Governance of GIS systems and IT General Controls 2020 Q4 Park Board Patron Safety Audit Review whether Park Board Aquatics safety and maintenance practices align - Aquatics with policies and program goals 10
Covid-19 Audit Approach 1. Criteria/KPI/Best Practices Research – In Progress 2. Documenting and evaluating key control processes 3. Department continuity planning • Rapidly changing financial environment 11
Covid-19 Audit Approach 4. Target sectors with high risk of fraud, waste, abuse 5. Single audit requirements related to Covid-19 funding 6. Continuity of Operations Analysis 12
Recommendations • Work to understand and remediate resource constraints • Modify audit plan while addressing prior identified issues, current projects • Open Q2 2020 to proceed with Covid-19 approach • Split audits/consultations to address most relevant areas 13
Prop opos osed 2 2020 A 20 Audit Plan 2020 Q2/Q3 Contract Amendments Audit Review City and Park Board construction contract change order and amendment Review - Phase II - processes and related controls to ensure key controls are adequately designed and Construction Contracts operating effectively to sufficiently mitigate operational, financial, compliance and fraud risks. 2020 Q2 MPRB grant Audit Review the Park Board grant administration processes and related controls to administration process ensure compliance and fraud risks are sufficiently mitigated. 2020 Q2 Covid-19 Related Special Collaborating with ALGA to identify key risks and knowledge bank. Use to inform Consultation Projects - Project work with departments to identify, document, and strengthen key control Phase I processes. 2020 Q2/Q3 Covid-19 Related Special Reviewing department strategies to cope with budget, staffing constraints and Consultation Projects - Project efficiency measures. Phase II 2020 Q3 Data Governance Consult Assess the maturity and readiness of the City's IT Governance and cybersecurity risk management programs. 2020 Q3 Revenue and Audit Review design and effectiveness of controls around City revenue and collections Collections processes 2020 Q4 Covid-19 Related Special Reviewing compliance with Continuity of Operations during Covid-19 pandemic Consultation Projects - Project response Phase III 2020 Q4 IT Cybersecurity Risk Audit Assess the maturity and readiness of the City's IT cybersecurity risk management Management Audit programs. 2020 Q4 Affordable Housing Audit Review the City's progress with affordable housing strategic planning, quantifiable goals, implementation, and monitoring for compliance to identify risks to the achievement of outcomes of multiple affordable housing programs. -Phase I 2020 Q4 MPD Equity in Post- Consult Collaborate with IT Analytics, MPD, Office of Police Conduct Review, and Human Hire to Separation Resources to analyze equity in MPD post-hire to separation processes and identify Processes Data areas for improvement if applicable Analysis - Phase II 14
Prop opos osed 2 2021 A 21 Audit Plan 2021 Security Incident Consult Review the configuration of the Splunk SIEM and associated governance to Event Monitoring remediate identified security threats. (SIEM) Review 2021 Water Network Consult Secure Integration: Review the configuration of the network connection Integration between City and Water IT to help ensure that the Water SCADA systems are Consultation secured from external internet threats 2021 Geographic Audit Review governance and effectiveness of IT general controls in the City's use Information System of GIS systems (GIS) Governance and IT General Controls 2021 Water Network Consult Secure Integration: Review the configuration of the network connection Integration between City and Water IT to help ensure that the Water SCADA systems are Consultation secured from external internet threats 2021 Park Board Patron Audit Review whether Park Board Aquatics safety and maintenance practices align Safety - Aquatics with policies and program goals 15
Recommend
More recommend
