Login

Fillable Printable Internal Audit Plan Fy 2014

Fillable Printable Internal Audit Plan Fy 2014

Internal Audit Plan Fy 2014

Internal Audit Plan Fy 2014

Internal Audit Plan FY 
Internal Audit Division
Internal Audit Plan FY 2014
1
Internal Audit
Plan FY 
Internal Audit Division
Table of Contents
Introduction
2
Recommended Engagements
3
-
Risk Assessment Scores
5
Appendix B
-
Estimated Hours
6
Internal Audit Plan FY 2014
2
Introduction
The Texas Internal Auditing Act
1
and the International Professional Practices
Framework
2
require the Internal Audit function of an organization to develop an
annual Internal Audit Plan. The Internal Audit Plan establishes the framework for
the audit and consulting activities to be performed by the Texas Department of
Motor Vehicles (TxDMV) Internal Audit Division (IAD) during the 2014 Fiscal Year.
Scope and Objective
This Internal Audit Plan covers the period of September 1
st
, 2013 to August 31
st
,
2014.
The preparation of the Internal Audit Plan serves as the process by which the
Internal Audit Division accumulates the data necessary to identify and rank potential
engagement areas according to risk. The ultimate objective of IAD is to provide the
Board of Directors and management with information to reduce exposure to the
negative effects that may be associated with operations of the agency. The degree
or materiality (size) of exposure can be viewed as risks mitigated by establishing
sound internal control.
Responsibilities
The Internal Audit Division is responsible for preparing the Annual Audit Plan and
submitting it to the Board of Directors for review and approval. Periodic updates
relating to project status, schedules and significant interim changes will also be
communicated.
1
Texas Government Code, Section 2102.005.
2
International Professional Practices Framework (Altamonte Springs, Florida; IIA, 2011 Edition
Standard 2010)
Internal Audit Plan FY 2014
3
Recommended Engagements
Based on the results of the risk assessment process performed (Appendix A), IAD is
recommending the engagements detailed in Tables 1 and 2 below, to comprise the
Internal Audit Plan for the 2014 Fiscal Year.
Table 1
FY 201
4
Aud
it Engagements
with reports to the Board
Audit Area
Identified Risks and Summary of Work to be Performed
Review of Agency
Approved
Contracts
Potential Risks
To obtain reasonable assurance that the agency is
receiving the goods or services contracted for.
Work Plan – This audit will focus on examining executed contracts to
evaluate attributes including justification, authorization and sufficient
documentation to support the purchases.
Information
Security
Potential Risks
This is a statutorily
3
required engagement.
Work Plan – This audit would review the agency’s compliance with the
provisions of TAC 202 Information security requirements.
Web-enabled
Subcontractor
Renewals
(Web Sub)
Potential Risks
Th
is is a new program
for processing a large volume
of registration renewal transactions via the internet.
Work Plan – This engagement is a continuation of the audit previously
started and will focus on reviewing the application controls over data.
Data Integrity of
selected RTS
Information
Potential Risks
The potential for
corrupt or incomplete data within
the RTS system which is used by law enforcement and other external
stakeholders.
Work Plan – This project would be a follow-up to the current agency
RTS data integrity clean-up project to determine the effectiveness of
the effort to purify vehicle information and data contained within RTS.
Internal Audit
Plan (FY 2015)
Potential Risks
This is a statutorily
4
required engagement.
Work Plan – Propose the engagements which will comprise the FY
2015 Internal Audit Plan.
Annual Audit
Report (FY 2013)
Potential Risks
This is a statutorily
5
required engagement.
Work Plan – Report on the FY 2013 activities of the Internal Audit
Division to the appropriate oversight agencies by November 1
st
, 2013.
3
Statutory Mandate – Texas Administrative Code, Section 202.21 (e).
4
Statutory Mandate – Texas Government Code, Section 2102.007 (2).
5
Statutory Mandate – Texas Government Code, Section 2102.009.
Internal Audit Plan FY 2014
4
Table 2
FY 201
4
Other Activities
(Final Deliverable to be determined)
Project
Area
Summary Description
Board and
Executive
Management
Requests
Potential Risks – Varied, depending on the nature of the request.
Work Plan –In anticipation of requests during the 2014 Fiscal Year, IAD
is allocating time to assist the Board and Executive Management.
Monitoring of
RTS Refactoring
including IV&V
Potential Risks
The refactoring project is both highly visible and with
large financial considerations which will have a significant impact on
the various external and internal stakeholders of the agency.
Work Plan – On-going monitoring to include attending meetings,
reviewing status reports, invoice processes and providing feedback on
issues to the Executive Director and Board.
ABTPA Single
Audit Reviews
Potential Risks
Statutorily
6
required engagement.
Work Plan – On-going monitoring of grantee compliance with Uniform
Grant Management Standards.
6
Statutory Mandate – Texas Government Code, Section 783.010.
Internal Audit Plan FY 2014
5
Appendix A – Risk Assessment Scores
Listed below are the results of the risk assessment scoring (RAS) process conducted
by IAD. Those engagements in red have been included in the FY 2014 Audit Plan.
Those engagements which are statutorily required were not part of the RAS process.
Table 3
Risk Assessment Scores for identified
Engagement
Audit Areas
-
FY 201
4
Engagement
Area
RAS
Score
Assessed Risk Level
7
1
Monitoring of RTS
Refactoring Project
4.84
2
Review of
Agency
Approved Contracts
4.08
3
Data Integrity of selected RTS Information
4.06
4
Web Sub
4.02
5
Review of Motor Carrier Division
3.96
6
Review of RTS Refactoring Contract Process
3.94
7
Dealer Licensing
3.90
8
Review of Agency Performance Scorecard
3.
71
9
Vehicle Registration
3.61
10
TxPros
3.5
9
11
Permits
3.51
12
Review of HR Processes
3.47
13
Vehicle Titling
3.35
14
Revenue Processing Controls
3.33
15
Regional Operations
3.27
16
Vendor
Payment Processing Controls
2.96
17
Customer Service Process Review
2.84
18
Vehicle Consumer Complaints
2.33
19
Speciality Plate Testing and Implementation
2.27
20
Investigations
2.12
7
Legend – Red represents Risk Scores > 4.0 (Highest Assessed Risk), Yellow represents Risk Score
between 3.0 and 3.99 (Intermediate Risk), Green represents Risk Scores < 3.0 (Lowest Assessed Risk)
Internal Audit Plan FY 2014
6
Appendix B – Estimated Hours
For each of the potential engagements noted above in Tables 1 and 2, IAD has
developed an estimate of the number of hours needed for each project. These
estimates are based both on the time needed for each engagement as well as the
amount of direct audit hours (3,600)
8
available for the year.
IAD will track and monitor the status of engagements as well as the availability of
audit resources on an ongoing basis. As circumstances occur which necessitate
adjustments, IAD will include these changes in the FY 2015 Internal Audit plan.
Table 4
Engagement
Estimated Hours
Monitoring of RTS Refactoring Project
600
Review of
Agency
Approved Contracts
600
Data
Integrity of selected RTS Information
500
Web Sub
400
ABTPA Single Audit Reviews
350
Internal Audit Plan
(FY 201
5
)
150
Annual Audit Report (FY 201
3
)
150
Board and Executive Management Requests
500
Information Security Review
350
Total
3,
60
0
8
This amount is calculated based on approximately 33% direct audit hours for the Division Director
and 67% direct audit hours for division staff.
Login to HandyPDF
Tips: Editig or filling the file you need via PC is much more easier!
By logging in, you indicate that you have read and agree our Terms and Privacy Policy.