Presented by Sandra Healy, CGFM Principal Auditor Idaho Transportation Department 1.

ANNUAL AUDIT RISKASSESSMENT & WORK PLAN

Presented by Sandra Healy, CGFMPrincipal Auditor

Idaho Transportation Department

1

Office of Internal Review Org Chart

2

Donita Stephens Admin Assistant

Mike Cram

Principal Auditor

Sandra Healy, CGFM

Principal Auditor

Diego Curt, CISA

Principal Auditor

Michelle Doane Mary Quarles,CPA

Internal Review ManagerCarri Rosti,

CPA, CGFM

ITD Director

ITD Board

(Audit Committee)

Principal Auditor Principal Auditor

ITD Office of Internal Review

Internal Review conducts independent reviews to assess the effectiveness, compliance, and efficiency of department programs, procedures, and internal controls (GAGAS compliant)

Internal Review reviews records and financial reports for certain third parties contracting and sub granting with ITD

3

Internal Review Staff & DutiesManager and five auditorsBoth internal & external auditsAllocation of staff hours between internal &

externalManagement requests for non-audit services

4

Audit and Review Work PlanBased upon Audit Risk AssessmentCriteria

Management Need Date of Last Audit Amount of Monies involved Inherent Control Risk

5

Annual Audit Work Plan Risk AssessmentAu

dit M

anag

erIT

D B

oard

@6/21/12

Begin Risk Assessment Mid-Dec

Meet with Exec Mgt for audit requests

for next 12 months

Review running list of audit requests

Meet w/FHWA to review their

requests for joint reviews

Log new requests into running list of

audit requests. Rate for high, med and

low risk

Choose top 5-7 high risk projects and prioritize using

IR Audit Risk Assessment Template to assess risk value for each project

Estimate time required for top 3-4 requests (960-1200

man hours per internal audit)

Calculate staff availability hours

Deduct estimated man hours for

external audits & joint FHWA reviews

Remainder is staff availability for

internal audits and non-audit services

Develop IR Work Plan; internal,

external and non-audit services

Complete audit work plan by mid-Feb

IR Annual report to Board scheduled in

March

Report covers past yrs audits & efforts

and plans for current year

Panel presentation; each auditor

presents on audit they conducted

Applause!

6

Risk Assessment ProcessProcess begins mid-DecReview running list of audit requestsMeet with executive managementMeet with FHWAAdd new requests to running listRate high, medium and low risk

7

IR Audit Risk AssessmentTop 5-7 high risk projectsIR Audit Risk Assessment Template Assess level of risk for each project

8

Internal Audit Risk AssessmentCriteria   Weight  

Factor Value   Extension

Dollar Impact   5        

>$ 10 mil. 5          

$ 5 mil. approximately 3          

<$100 K 1          

Federal Responsibility/Requirement   5        

Importance of Federal Regulations to this Program – Degree (5-0)            

Public Impact   5        

Degree (5-0)            

Prior Audit Performed (by IR, Legislative Auditor, FHWA)   5        

>5 Years 5          

Within 2 Years -2          

Past 12 Months -5          

Management Need/Request   5        

Within 6 Months 5          

No Hurry 1          

9

Internal Audit Risk Assessment (cont.)Inherent Risk Factor   3        

Potential for Irregularity or Fraud – Degree (5-0)            

Internal Controls/Administrative Controls   3        

Degree (5-0) (Very strong = 0;Very weak = 5)            

Legal Responsibility/Requirement   3        

Degree (5-0)            

Department Impact   3        

Degree (5-0)            

Reported Audit Problems on Most Recent Audit   3        

Degree (5-0)            

Potential Efficiency Improvement   2        

Degree (5-0)            

Audit Time Estimate   1        

<10 Man-Weeks 5          

>60 Man-Weeks 1          

Total Audit Risk Value            

10

Internal Review Audit Coverage2009 2010 2011 2012 2013 2014

Division of Motor Vehicles

X X X X X X

Division of Transportation Performance

X X X X

Division of Aeronautics

X X X

Division of Highways

X X X X X X

Division of Administration

X X X X X X

Division of Human Resources

X X X X

11

Audit Plan DevelopmentHours required for an Internal AuditStaff availability hoursExternal audit hoursResulting Internal Audit hours availableAudit work plan

12

Estimate Time Required (Internal Audits)Formula: Take top 3-4 and estimate time required

Planning: 4 weeksField Work: 8–12 weeks (complexity,

travel, etc.)Wrap-up: 4 weeksTotal: 16 – 20 weeks (team lead)

16 weeks x 40 hours/week = 640 hrs. 20 weeks x 40 hours/week = 800 hrs.

Team member: 320–400 hrs. (1/2 time)Thus, each internal audit time estimate: 960–1200 hrs.

13

Estimate Staff Availability5 Auditors @ 2,080 hours 10,400

Less vacation & SL @ 200 ea. 1,000Less training @ 50 ea. 250

Net 9,150Lost productivity (20%) 1,830

Estimated available time 7,320

(Not an exact science!)

14

External AuditsNeed to deduct from staff availability (high est.)40 Pre-award reviews

24-40 hours ea. 1,60060 Overhead rate reviews

16-24 hours ea. 1,4402-3 Cognizant reviews@80 hrs. 240

2 Post audits/yr. @120 hrs. 2401-2 Sub-grantees/yr. @ 80 hrs. 160Total 3,680

15

Internal Audits - Staff AvailabilityEstimated available staff hrs.7,320Less:

Est. external audits3,680

Est. FHWA joint audits 160Available time for internal audits &

non-audit services3,480(about 2-3 internal audits) 16

Audit Work Plan

17

Year: 2012 Auditor Jan Feb Mar Apr May June Jul Aug

INTERNAL AUDITS/REVIEWSDist Admin Fcts Follow up Rev Quarles X X X / > > w/ Procurement Pilot Doane X > >

Bus & Support Mgt. Perf Audit Doane > > >/ X X X

DMV - Motor Carrier Services Healy > > > X X X X Record's Sales (preventive) Quarles / > X

X One Month; > Two Weeks; / One Week; * One Day (Times are approximate)

Key:

Audit Work Plan (cont.)

18

Year: 2012 Auditor Jan Feb Mar Apr May June Jul AugEXTERNAL AUDITS/REVIEWS LHTAC Fin/Compl Rev w/FHWA Cram / > > / / COMPASS MPO OH Rate Rev Quarles * *

Ada Co Hwy Dist OH Rate Rev Cram **

Consultants: Pre Awards Staff / > / / / / / / OH Rate Reviews Staff / / / / / / / /

Audit Work Plan (cont.)

19

Year: 2012 Auditor Jan Feb Mar Apr May June Jul AugNon Audit and Consul ServMgt Control System update Healy / / > / / Internal Control Training

A-133 Monitoring Rosti/Staff * * * * * * * *

Peer Rev - Other States (Utah) Quarles / >/ / Remote Procedure Dev. Healy

Annual Report to the BoardPanel presentation – all auditorsLast year’s audits and reviews (Internal,

external & non-audit services)Each auditor speaks 1-2 mins. on a particular

audit/review or effort involved inAudit and review work plan for current year

(Internal, external and non-audit services)

20

Audit Resolution LogPrior audit recommendationsAudit Resolution Committee meets quarterlyRequests status updatesUpdate audit resolution logAudit Mgr. presents to Executive Team

21

SummaryRisk Assessment ProcessAudit Work PlanAudit Resolution Follow Up

22

Office of Internal Review Thank You/Questions

23

Contact InformationSandra Healy, CGFM Principal Auditor Idaho Transportation DepartmentOffice of Internal Review3311 W State StBoise, ID 83703 [email protected]

24