Add to collection(s) Add to saved
  1. Business
  2. Management

SUBJECT: Fiscal Year 2013 Annual Internal Audit Report

advertisement 
DEPARTMENT OF ASSISTIVE AND REHABILITATIVE SERVICES
INTERNAL AUDIT DIVISION
EXCELLENT SERVICE  EVERY CUSTOMER  EVERY TIME
Fiscal Year 2013
Annual Internal Audit Report
October 2013
MISSION
The Internal Audit Division serves as a resource dedicated to support DARS’ mission by
providing independent and objective assurance and advisory services to increase
agency control awareness, improve the effectiveness of risk management and
governance processes, and promote continuous improvement of agency operations.
2013 Team Members
Christy Alvarado, CGAP
Gail Ates, CFE
Jeannie Coale, CPA
Angel Flores, CGAP
Paul Gentry, CPA, CIA
Karen Henry, CPA
Lissette Nadal-Hogan, CIA, CISA, CRISC
Blanca Rodriguez
Internal Audit Director
Karin Hill, CIA, CGAP, CRMA
TO:
Veronda L. Durden, Commissioner
FROM:
Karin Hill, Internal Audit Director
SUBJECT: Fiscal Year 2013 Annual Internal Audit Report
DATE:
October 17, 2013
Attached for your approval is the Fiscal Year 2013 Annual Internal Audit Report from the
Texas Department of Assistive and Rehabilitative Service’s (DARS) Internal Audit
Division. This report is provided in accordance with the Texas Internal Auditing Act
requirements for internal auditors to prepare and distribute an annual report of activities
and complies with the guidelines set forth by the State Auditor’s Office.
The DARS Internal Audit Division completed audit work and provided management with
information and analyses to assist in initiating improvements to operations and to
strengthen internal controls. In addition to audit work, DARS Internal Audit provided
advice and assistance on governance, risk management, and controls, and
management actively engages the Division as they continue to work toward more
effective and efficient processes in the agency.
DARS Internal Audit staff continues to be active in the local internal audit community
through participation in the State Agency Internal Audit Forum, the Austin Chapter of the
Institute of Internal Auditors, and the Information Systems Audit and Control
Association. Staff also continues to attend training courses offered by the State
Auditor’s Office and other local trainers as well as completing work toward professional
certification.
If you have any questions please contact Karin Hill, Director of Internal Audit at
(512)424-4021.
Partnerships for Independence A+
Internal Audit Division, 4800 N. Lamar Blvd. MC-3030, Austin, TX, 78756
DARS Annual Internal Audit Report
Table of Contents
Section I
Compliance with House Bill 16: Posting the Internal Audit Plan, Internal Audit Annual Report,
and Other Audit Information on Internet Web Site ............................................................................ 1
Section II
DARS Internal Audit Plan for Fiscal Year 2013 ................................................................................. 1
Section III
Consulting Services and Non-audit Services Completed ................................................................ 2
Section IV
External Quality Assurance Review .................................................................................................... 4
Section V
DARS Internal Audit Plan for Fiscal Year 2014 ................................................................................. 5
Section VI
External Audit Services Procured in Fiscal Year 2013 ..................................................................... 6
Section VII
Reporting Suspected Fraud and Abuse.............................................................................................. 7
DARS Internal Audit Division
i
DARS Annual Internal Audit Report
Section I
Compliance with House Bill 16: Posting the Internal Audit Plan, Internal
Audit Annual Report, and Other Audit Information on Internet Web Site
The Department of Assistive and Rehabilitative Services (DARS) has organized a
section of its Internet site to include the approved audit plan and annual report for the
Internal Audit Division. This can be located under “Annual Reports & Plans” in the
“News & Information” section of the agency’s website.
The DARS Fiscal Year 2014 Audit Plan was approved by Commissioner Durden on
August 21, 2013and posted on this site on September 11, 2013.
Section II
DARS Internal Audit Plan for Fiscal Year 2013
Report
Number
11-004
12-002
13-001
13-002
Audit/Project Title
Division of Rehabilitation Services – Community
Rehabilitation Programs Contract Management
A Special Project on Inventory, Management, and
Storage of Agency Confidential Data
Division for Rehabilitation Services – Specialized
Telecommunications Assistance Program
Information Resources – Contract Management
13-003
Division for Blind Services – Budget Management
and Monitoring of Consumer Purchases
13-101
Independent Assessment of Information Resources
Audit-Related Action Plans
Follow Up of DARS Internal Audit Report on Controls
over the Access Termination Process
13-202
13-201
Follow Up of DARS Internal Audit Report on the
Centers for Independent Living Program and HHSC
OIG Report on Texas State Independent Living
Centers
Division for Rehabilitation Services – Comprehensive
Rehabilitation Services Contract Management
DARS Internal Audit Division
Report Date
3/26/2013
2/22/2013
9/23/2013
In Progress
Estimated
Completion
11/2013
In Progress
Estimated
Completion
11/2013
6/19/2013
In Progress
Estimated
Completion
11/2013
4/12/2013
Cancelled
1
DARS Annual Internal Audit Report
Section III
Consulting Services and Non-audit Services Completed
The DARS Internal Audit Division completed the following non-audit services during
fiscal year 2013:
Special Project on Inventory, Management, and Storage of Agency Confidential
Data
This special project was initiated in fiscal year 2012 at the request of DARS
management in response to an enterprise audit and a DARS information security
assessment. The objective of this project was to identify where agency confidential
information is located, how it is managed and stored, and communicate risks associated
with current business practices. This project was included on the Fiscal Year 2013
Audit Plan and issued as report #12-002 in February 2013.
The high level observations/results were as follows:
 Agency staff comes in contact with, downloads, and consistently stores
confidential data from the information systems to mobile devices as part of their
job responsibilities.
 Agency procedures do not specifically provide guidance related to the security
and storage of confidential data processed in stand-alone databases.
 The agency is improving existing controls over the management and storage of
confidential data.
 The agency promotes the protection of confidential data within its divisions or
programs, and with service providers, vendors, and contractors.
 Confidential data is shared with service providers that may not have a contract
with the agency.
Recommendations were not issued for this project. DARS management continues to
work with the HHS Enterprise to address confidential data as well as to strengthen
agency controls.
Independent Assessment of Information Resources Audit-Related Action Plans
This assessment was requested as part of an initiative of management, to ensure
appropriate actions were being taken to address audit recommendations from three
reports: The SAO Audit on the ReHabWorks System; the HHSC Audit of HHS
Information Security; and the HHSC Audit of Proxy Server and Batch File Processing
Security and Compliance, and report the results to the DARS Chief Operating Officer.
DARS Internal Audit Division
2
DARS Annual Internal Audit Report
This project was included on the Fiscal Year 2013 Audit Plan and issued as report #13101 in April 2013.
The high-level observations/results were that 24 of the 25 recommendations assessed
were identified as either implemented or substantially implemented.
Recommendations were not issued for this project. Management utilized the
information to determine whether additional actions were necessary to fully implement
the recommendations.
Early Childhood Intervention Family Cost Share Project
This was a special project completed by a team of University of Texas, McCombs
School of Business students under the supervision and guidance of the DARS Internal
Audit Division. The objective of the project was to identify the factors that needed to be
taken into consideration for the agency to implement the recommendations made by the
Texas State Government Effectiveness and Efficiency Report to improve the cost
effectiveness of family share provisions. The report issued for this project was limited to
the students’ report that was submitted for their class project.
The high-level observation/result for this project was a proposed model to calculate
family cost share and considerations the agency should take into account during
implementation. There were no recommendations issued with this project.
Early Childhood Intervention Funding Chronology
This special project was requested to document the chronology of the changes in the
Early Childhood Intervention program’s payment methodology since the chronology
prepared by the Internal Audit Division in 2009. There were no recommendations
issued with this project.
Board for Evaluation of Interpreters
This special project was conducted to evaluate and document selected current Board
for Evaluation of Interpreter processes; identify risks and determine whether the risks
are adequately mitigated; and to provide advice on considerations for improvement and
implementing statutory requirements.
The high-level observations/results for this project were detailed flowcharts of the fees
collection, interpreter testing, and interpreter training processes and identification of
existing and missing controls in each of them. As a result of this project the DARS
Internal Audit Division included an audit of the processes related to fees in the Fiscal
Year 2014 Audit Plan.
DARS Internal Audit Division
3
DARS Annual Internal Audit Report
Fraud Training to Early Childhood Intervention Staff
Two members of the Internal Audit Division developed and provided a four-hour training
session on fraud. During this time they discussed such topics as how to identify fraud
and what action to take if they have concerns that fraud exists. Respondents found this
training helpful and rated it as 3.4 out of 4.0 in the survey that was conducted.
Section IV
External Quality Assurance Review
The Division’s External Quality Assurance Review was completed in July, 2013, by an
independent consultant. The opinion that was reported was as follows:
Based on the original work and the follow up work outlined above, it is the
opinion of the reviewer that the internal audit activity at the Texas
Department of Assistive and Rehabilitative Services generally conforms
to the IIA Standards, the Government Auditing Standards, and the Texas
Internal Auditing Act. This opinion, representing the best possible
evaluation, means that policies, procedures, and an internal audit charter
are in place, and that the practices that are followed provide reasonable
assurance that the audit work conducted is in compliance with the
requirements of the applicable professional standards and the Texas
Internal Auditing Act.
DARS Internal Audit Division
4
DARS Annual Internal Audit Report
Section V
DARS Internal Audit Plan for Fiscal Year 2014
The audit plan, as listed below, was approved by the DARS Commissioner on August
21, 2013.
Audit/Project
Division for Rehabilitation Services – Vocational Rehabilitation
Financial Controls
Autism Program
Blind Children’s Vocational Discovery & Development Program
Deaf and Hard of Hearing
Division for Blind Services – Budget Management and
Monitoring of Consumer Purchases (carryover from FY 2013)
Division for Blind Services – Independent Living Program
Information Technology Governance
Follow Up on the CRS Management Review conducted by
HHSC Internal Audit
Follow Up of DARS Internal Audit Report on Controls over the
Access Termination Process (carryover from FY 2013)
Risk Assessment Model for Consumer Programs
Estimated
Budget Hours
1500
800
750
750
750
750
750
750
500
250
125
The areas identified as high risk that were not included in the Fiscal Year 2014 Audit
Plan and the reason are as follows:



Early Childhood Intervention – significant consulting/non-audit work was
conducted in this area during fiscal year 2013. Specifically, the Internal Audit
Division completed a special project on the funding chronology, led a group of
University of Texas students through a project to identify the factors that needed
to be taken into consideration for the agency to implement the recommendations
made by the Texas State Government Effectiveness and Efficiency Report to
improve the cost effectiveness of family share provisions, and provided a fourhour training session on fraud for ECI staff.
Criss Cole Rehabilitation Center – the center is currently undergoing a significant
review and revision of all policies and procedures. Review of the risks and
discussions with management determined that more value could be gained
through auditing this at a later date.
Division for Rehabilitation Services Independent Living – portions of this program
were included in the Audit of Centers for Independent Living, which was
completed in 2011.
DARS Internal Audit Division
5
DARS Annual Internal Audit Report

Centers for Independent Living – as stated above, this audit was completed in
2011. Additionally, a follow up of the audit was completed in 2013.
The results of the risk assessment were discussed with management. Management
understands its responsibilities regarding risk and the importance of mitigating it to the
extent possible. Dialogue between the Internal Audit Division and management is
conducted as a matter of day-to-day business and any changes in risk will be discussed
and adjustments made to the audit plan if determined necessary.
The risk assessment was conducted using a combination of methodologies. A survey
was sent to management who directly report to members of the Executive Management
Team requesting their views on where risks are the highest in their area as well as
across the agency along with other questions pertaining to controls, and executive
management was interviewed to gain their opinions and concerns.
The identified list of auditable areas was risk assessed, by DARS Internal Audit staff,
using the following risk factors with additional weight added to those that executive
management and/or the Internal Audit Division identified interest or concerns about:





Impact on the consumers
Potential for Fraud, Waste, and Abuse
Violation of State and/or Federal Regulations
Negative Publicity/Loss of Public Trust
Complexity of Operations
Finally, review of the history of audit coverage over the past five years was conducted to
assist in determining the areas that would be included in the Fiscal Year 2014 Audit
Plan.
Section VI
External Audit Services Procured in Fiscal Year 2013
The Department of Assistive and Rehabilitative Services did not contract for audit
services during fiscal year 2013.
DARS Internal Audit Division
6
DARS Annual Internal Audit Report
Section VII
Reporting Suspected Fraud and Abuse
The DARS Internet and Intranet, and HHS Circular C-027, HHS Enterprise Fraud
Prevention and Awareness, provide information on how to report suspected fraud,
waste, and abuse directly to the State Auditor’s Office (SAO).
To our knowledge, these reports are being made in accordance with Section 7.09,
Fraud Reporting, in the General Appropriations Act.
DARS Internal Audit Division
7
Related documents
Marketing Plan Rubric
Marketing Plan Rubric
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
system audit - Study Channel
system audit - Study Channel
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Most Important Issues Confronting Colleges
Most Important Issues Confronting Colleges
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
Accounting I Chapter 8 Vocabulary
Accounting I Chapter 8 Vocabulary
Download
advertisement