Annual Audit Risk Assessment and Work Plan - AASHTO

Report
Presented by Sandra Healy, CGFM
Principal Auditor
Idaho Transportation Department
1
Office of Internal Review
Org Chart
ITD Board
(Audit Committee)
ITD Director
Internal Review Manager
Carri Rosti,
CPA, CGFM
Donita Stephens
Admin Assistant
Mike Cram
Principal Auditor
Sandra Healy, CGFM
Principal Auditor
Diego Curt, CISA
Principal Auditor
Michelle Doane
Principal Auditor
Mary Quarles,CPA
Principal Auditor
2
ITD Office of Internal Review
 Internal Review conducts independent reviews to
assess the effectiveness, compliance, and efficiency of
department programs, procedures, and internal
controls (GAGAS compliant)
 Internal Review reviews records and financial reports
for certain third parties contracting and sub granting
with ITD
3
Internal Review Staff & Duties
 Manager and five auditors
 Both internal & external audits
 Allocation of staff hours between internal & external
 Management requests for non-audit services
4
Audit and Review Work Plan
 Based upon Audit Risk Assessment
 Criteria
 Management Need
 Date of Last Audit
 Amount of Monies involved
 Inherent Control Risk
5
Annual Audit Work Plan Risk Assessment
@6/21/12
Audit Manager
Begin Risk Assessment
Mid-Dec
Log new requests
into running list of
audit requests. Rate
for high, med and
low risk
ITD Board
Deduct estimated
man hours for
external audits &
joint FHWA reviews
IR Annual report to
Board scheduled in
March
Review running list
of audit requests
Choose top 5-7 high risk
projects and prioritize using
IR Audit Risk Assessment
Template to assess risk
value for each project
Remainder is staff
availability for
internal audits and
non-audit services
Report covers past
yrs audits & efforts
and plans for
current year
Meet with Exec Mgt
for audit requests
for next 12 months
Estimate time
required for top 3-4
requests (960-1200
man hours per
internal audit)
Develop IR Work
Plan; internal,
external and nonaudit services
Panel presentation;
each auditor
presents on audit
they conducted
Meet w/FHWA to
review their
requests for joint
reviews
Calculate staff
availability hours
Complete audit work
plan by mid-Feb
Applause!
6
Risk Assessment Process
 Process begins mid-Dec
 Review running list of audit requests
 Meet with executive management
 Meet with FHWA
 Add new requests to running list
 Rate high, medium and low risk
7
IR Audit Risk Assessment
 Top 5-7 high risk projects
 IR Audit Risk Assessment Template
 Assess level of risk for each project
8
Internal Audit Risk Assessment
Criteria
Weight
Dollar Impact
>$ 10 mil.
$
5 mil. approximately
<$100 K
Factor
Value
Extension
5
5
3
1
Federal Responsibility/Requirement
5
Importance of Federal Regulations to this
Program – Degree (5-0)
Public Impact
5
Degree (5-0)
Prior Audit Performed (by IR, Legislative Auditor,
FHWA)
5
>5 Years
5
Within 2 Years
-2
Past 12 Months
-5
Management Need/Request
5
Within 6 Months
5
No Hurry
1
9
Internal Audit Risk Assessment (cont.)
Inherent Risk Factor
3
Potential for Irregularity or Fraud – Degree (5-0)
Internal Controls/Administrative Controls
3
Degree (5-0) (Very strong = 0;
Very weak = 5)
Legal Responsibility/Requirement
3
Degree (5-0)
Department Impact
3
Degree (5-0)
Reported Audit Problems on Most Recent Audit
3
Degree (5-0)
Potential Efficiency Improvement
2
Degree (5-0)
Audit Time Estimate
1
<10 Man-Weeks
5
>60 Man-Weeks
1
Total Audit Risk Value
10
Internal Review Audit Coverage
Division of Motor
Vehicles
2009
2010
2011
2012
2013
2014
X
X
X
X
X
X
X
X
X
Division of
Transportation
Performance
X
Division of
Aeronautics
X
X
Division of
Highways
X
X
X
X
X
X
Division of
Administration
X
X
X
X
X
X
X
X
X
Division of Human
Resources
X
X
11
Audit Plan Development
 Hours required for an Internal Audit
 Staff availability hours
 External audit hours
 Resulting Internal Audit hours available
 Audit work plan
12
Estimate Time Required (Internal Audits)
Formula: Take top 3-4 and estimate time required
Planning: 4 weeks
Field Work: 8–12 weeks (complexity, travel, etc.)
Wrap-up: 4 weeks
Total: 16 – 20 weeks (team lead)
16 weeks x 40 hours/week = 640 hrs.
20 weeks x 40 hours/week = 800 hrs.
Team member: 320–400 hrs. (1/2 time)
Thus, each internal audit time estimate: 960–1200 hrs.
13
Estimate Staff Availability
5 Auditors @ 2,080 hours
Less vacation & SL @ 200 ea.
Less training @ 50 ea.
Net
Lost productivity (20%)
Estimated available time
10,400
1,000
250
9,150
1,830
7,320
(Not an exact science!)
14
External Audits
Need to deduct from staff availability (high est.)
40 Pre-award reviews
24-40 hours ea.
1,600
60 Overhead rate reviews
16-24 hours ea.
1,440
2-3 Cognizant [email protected] hrs. 240
2 Post audits/yr. @120 hrs.
240
1-2 Sub-grantees/yr. @ 80 hrs.
160
Total
3,680
15
Internal Audits - Staff Availability
Estimated available staff hrs.
Less:
Est. external audits
Est. FHWA joint audits
Available time for internal audits &
non-audit services
(about 2-3 internal audits)
7,320
3,680
160
3,480
16
Audit Work Plan
Year: 2012
Auditor Jan
INTERNAL AUDITS/REVIEWS
Dist Admin Fcts Follow up Rev
w/ Procurement Pilot
Quarles
Doane
Bus & Support Mgt. Perf Audit
Doane
X
X
DMV - Motor Carrier Services
Healy
Record's Sales (preventive) Quarles
Feb
Mar
Apr
X
>
X
>
/
>
>
>
>
>/
X
X
X
>
>
X
X
/
X
>
X
X
>
May June Jul
Aug
Key:
X One Month; > Two Weeks; / One Week;
* One Day
(Times are approximate)
17
Audit Work Plan (cont.)
Year: 2012
Auditor Jan
EXTERNAL AUDITS/REVIEWS
LHTAC Fin/Compl Rev w/FHWA Cram
/
COMPASS MPO OH Rate Rev
Quarles
Ada Co Hwy Dist OH Rate Rev
Cram
Consultants:
Pre Awards
OH Rate Reviews
Staff
Staff
Feb
Mar
Apr
>
>
/
May June
Jul
Aug
/
/
/
/
/
*
*
/
/
/
/
**
/
/
>
/
/
/
/
/
18
Audit Work Plan (cont.)
Year: 2012
Non Audit and Consul Serv
Mgt Control System update
Internal Control Training
A-133 Monitoring
Auditor Jan
Healy
Rosti/Staff *
Peer Rev - Other States (Utah) Quarles
Remote Procedure Dev.
Healy
Feb
Mar
Apr
May June
/
/
>
/
/
*
*
*
*
*
/
>/
/
Jul
Aug
*
*
19
Annual Report to the Board
 Panel presentation – all auditors
 Last year’s audits and reviews (Internal, external &
non-audit services)
 Each auditor speaks 1-2 mins. on a particular
audit/review or effort involved in
 Audit and review work plan for current year (Internal,
external and non-audit services)
20
Audit Resolution Log
 Prior audit recommendations
 Audit Resolution Committee meets quarterly
 Requests status updates
 Update audit resolution log
 Audit Mgr. presents to Executive Team
21
Summary
 Risk Assessment Process
 Audit Work Plan
 Audit Resolution Follow Up
22
Office of Internal Review
Thank You/Questions
23
Contact Information
Sandra Healy, CGFM
Principal Auditor
Idaho Transportation Department
Office of Internal Review
3311 W State St
Boise, ID 83703
[email protected]
24

similar documents