Compliance
COLLABORATING FOR SUCCESS: Leveraging Local Expertise
Biography
Chief Audit and Compliance Officer, Texas Department of Transportation (TxDOT) • Certifications/Designations
•Certified Internal Auditor (CIA) •Certified Information Systems Auditor (CISA) •Certified Fraud Examiner (CFE)
• 18 years audit and investigations experience •TxDOT •Dell Inc. •Texas Guaranteed Student Loan Corporation
• Professional Organizations
•Institute of Internal Auditors North American Board •Institute of Internal Auditors Publications Advisory Committee •American Center for Government Auditing Advisory Board •American Association of State Highway Transportation Officials Peer Review Subcommittee Chair
TxDOT Audit and Compliance
2
Texas Department of Transportation Values
Goals
People: People are the department’s most important customer, asset, and resource. The well-being, safety, and quality of life for Texans and the traveling public are of the utmost concern to the Department. We focus on relationship building, customer service, and partnerships.
•
Accountability: We accept responsibility for our actions and promote open communication and transparency at all times.
•
Trust: We strive to earn and maintain your confidence through reliable and ethical decision-making. Honesty: We conduct ourselves with the highest degree of integrity, respect, and truthfulness.
• •
•
• •
Deliver the right projects: Implement
effective planning and forecasting processes that deliver the right project on-time and onbudget. Focus on the customer: People are at the center of everything we do. Foster stewardship: Ensure efficient use of state resources. Optimize system performance: Develop and operate an integrated transportation system that provides reliable and accessible mobility and enables economic growth. Preserve our assets: Deliver preventive maintenance for TxDOT’s system and capital assets to protect our investments. Promote safety: Champion a culture of safety. Value our employees: Respect and care for the well-being and development of our employees.
Strong focus on stewardship and providing value TxDOT Audit and Compliance
3
Texas Department of Transportation More than $85B in net capital assets (roads, bridges, land, etc.) – Over 80K centerline miles – Over 50K bridges
Estimated 600+ people moving to Texas daily Tremendous Pass-Through Grant Activity – $323M in federal pass through grants last fiscal year • Federal Transit Administration – $55.5M • Federal Highway Administration - $238M • National Highway Traffic Safety Administration - $29.3M • Federal Aviation Administration - $300K
Responsibility for being good stewards TxDOT Audit and Compliance
4
TxDOT Audit and Compliance Ultimate responsibility to People of Texas
Chief Audit and Compliance Officer reports directly to Texas Transportation Commission
Internal Audit and Compliance maintain functional/ operating independence in performing their jobs
5
TxDOT Audit and Compliance Compliance
Internal Audit •
• •
• •
•
Provide assurance and aim to strengthen processes and programs Conduct continuous risk assessment for strategic results Focus on all TxDOT programs/ activities, based on risks to program objectives Produce internal audit reports every 3-4 months Conduct follow up engagements to determine whether management action plans are closed/risks mitigated Participate/conduct external quality assessments (peer reviews)
• •
•
Promote stewardship, ethical conduct and organizational integrity Perform external audits, investigations, advisory services, and compliance evaluations Continuous, focused reporting, based on engagement objectives and relevance; in general: • •
•
External audits – to determine compliance with program objectives Investigations – fraud, waste, and/or abuse determination; proactive detection projects Advisory Services and Compliance Evaluations – conducting consulting/ non-audit services for internal stakeholders
Provides alignment between risk capacity and risk appetite 6
Quick Poll 1
How much time to you spend planning your audit engagements?
A) Up to 10% of the engagement B) Between 10% and 25% C) Between 25% and 50% D) Over 50%
7
TxDOT Planning Key Planning Activities
Reporting
• Interviews, documentation reviews, process mapping, control design evaluations • Conduct risk assessment • Determine scope • Determine skills/abilities required
Fieldwork Generally, between 25%35% invested in planning
• Determining need for training/outside expertise/assistance from others • Confirming key stakeholders, process owners and alignment with agency goals/values • Scheduling milestones
8
External Audits Overarching objective of external audits To foster stewardship by providing assurance regarding the integrity and performance of programs managed by TxDOT business partners. Audits include combination of financial, operational and compliance attributes
Recommendations to improve systems, processes and performance can be included in final reports
When non-compliance identified, questioned costs can be included
Triggers management decisions to remedy questioned costs, with potential to sanction
Sanctions may include reprimands, repayment of questioned costs, limitations on program participation and/or program participant’s termination from program
9
Recent Examples Safety • Collaborated with city and county auditors • Coordinated with National Highway Traffic Safety Administration (NHTSA) • Unallowed/Questioned Costs ($600K) in 4 programs
Public Transportation • Collaborated with local government auditing body • Coordinated with Federal Transit Administration (FTA) • Non-compliant transactions ($1.8M) in 6 programs
Upholding values and goals Strengthening programs through partnership 10
Criteria driving ability to rely on others Professional auditing standards
Program/Regulatory Requirements
•Statements on Auditing Standards (AICPA) •Government Auditing Standards (GAGAS – Yellow Book) •International Professional Practices Framework (IPPF – Red Book)
•Uniform Grant Guidance (2 CFR 200) •Program grant agreements •Applicable rules associated with management decisions based on audit results
Key Elements of Each •Independence •Due professional care •Award requirements •Cost principles •Reporting •Remedies for non-compliance
11
Reliance on Others AICPA AU Section 543.10 [In deciding whether to rely on the work of another independent auditor, the principal auditor] should make inquiries concerning the professional reputation and independence of the other auditor. – Make inquiries as to the professional reputation and standing of the other auditor – Obtain a representation from the other auditor that he is independent – That he or she is familiar with accounting principles generally accepted in the United States of America
AICPA AU Section 9543.03 When the principal auditor requests the other auditor to perform procedures, the principal auditor is responsible for determining the extent of the procedures to be performed.
12
Reliance on Others Government Auditing Standards 6.41 Auditors should obtain evidence concerning the other auditors’ qualifications and independence and should determine whether the scope, quality, and timing of the audit work performed by the other auditors is adequate for reliance in the context of the current audit objectives. Procedures that auditors may perform in making this determination include reviewing the other auditors’ report, audit plan, or audit documentation, and/or performing tests of the other auditors’ work.
13
Reliance on Others IPPF (Red Book) Practice Advisory 1210.A1-1 Obtaining External Service Providers to Support or Complement the Internal Audit Activity When the CAE intends to use and rely on the work of an external service provider, the CAE needs to consider the competence, independence, and objectivity of the external service provider as it relates to the particular assignment to be performed. The CAE determines that the external service provider possesses the necessary knowledge, skills, and other competencies to perform the engagement by considering: – Professional certification, license, or other recognition of the external service provider’s competence in the relevant discipline. – Membership of the external service provider in an appropriate professional organization and adherence to that organization’s code of ethics. – The reputation of the external service provider. This may include contacting others familiar with the external service provider’s work. – The external service provider’s experience in the type of work being considered. – The extent of education and training received by the external service provider in disciplines that pertain to the particular engagement. – The external service provider’s knowledge and experience in the industry in which the organization operates.
14
TxDOT Reliance on Others
Keys for TxDOT’s reliance on others • Review of external quality assessment/peer reviews • Experience and professional certifications • Discussions with staff and key stakeholders • Roles/responsibilities of auditor(s) • Review of work Professional Judgment: In the end, it is your responsibility to determine whether and/or the extent to which you rely on others’ work to support your conclusions. 15
Quick Poll 2
Based on what you’ve heard, where would you feel most comfortable relying on others? A) Planning the engagement B) Performing fieldwork (interviews, analysis, testing) C) Reporting results D) Review working papers
TxDOT Audit and Compliance
16
Reliance on Others
Drivers
Limitations
Safeguards
Lack of expertise
Need for complete independence
High level of supervisory review
Budget Constraints Timing Strategy
Inability to meet expectations Unwillingness to participate
Assignments on less critical aspects
17
Gaining Comfort WHAT
HOW
Identify and interview key governing body (e.g. organization’s senior management team, board)
• • • •
Determine overall engagement of governing body Obtain understanding of organization Evaluate operating and support structure Identify local climate (perceptions, challenges, etc.)
Identify funding sources (e.g. federal, state, cities, counties, etc.)
• Request and review required financial reports • Interview finance personnel • Obtain understanding of accounting systems, personnel expertise, and controls (e.g. comingling) • Conduct meetings with federal, city, county leadership/stakeholders
Identify local audit personnel expertise, roles, independence
• Obtain results of recent audits • Gain understanding of organization • Input to risk assessment/work plans
Helps determine potential role(s) for local audit participation 18
Working with TxDOT
Planning • Identification of key personnel • Document requests • Understanding of financial systems • Requesting documentation • Attendance at entrance conference
Degree of Confidence Required
Low High High Low Low
Fieldwork • Providing information/documentation • Assisting with interview scheduling • Validation of conclusions • Attendance at key meetings
High Low High Low
Reporting • Report review (confirm stakeholders, terminology, references)
Low
Varying degrees of confidence, based on professional judgment 19
Quick Poll 3
What is the most challenging aspect of leveraging the work of others?
A.
Gaining the trust/confidence of management
B. Ability to determine competency C. Coordination/Communication D. Availability E.
Other?
TxDOT Audit and Compliance
20
Questions and thank you!
TxDOT Audit and Compliance
21
Biography
Chief Audit and Compliance Officer, Texas Department of Transportation (TxDOT) • Certifications/Designations
•Certified Internal Auditor (CIA) •Certified Information Systems Auditor (CISA) •Certified Fraud Examiner (CFE)
• 18 years audit and investigations experience •TxDOT •Dell Inc. •Texas Guaranteed Student Loan Corporation
• Professional Organizations
•Institute of Internal Auditors North American Board •Institute of Internal Auditors Publications Advisory Committee •American Center for Government Auditing Advisory Board •American Association of State Highway Transportation Officials Peer Review Subcommittee Chair
TxDOT Audit and Compliance
2
Texas Department of Transportation Values
Goals
People: People are the department’s most important customer, asset, and resource. The well-being, safety, and quality of life for Texans and the traveling public are of the utmost concern to the Department. We focus on relationship building, customer service, and partnerships.
•
Accountability: We accept responsibility for our actions and promote open communication and transparency at all times.
•
Trust: We strive to earn and maintain your confidence through reliable and ethical decision-making. Honesty: We conduct ourselves with the highest degree of integrity, respect, and truthfulness.
• •
•
• •
Deliver the right projects: Implement
effective planning and forecasting processes that deliver the right project on-time and onbudget. Focus on the customer: People are at the center of everything we do. Foster stewardship: Ensure efficient use of state resources. Optimize system performance: Develop and operate an integrated transportation system that provides reliable and accessible mobility and enables economic growth. Preserve our assets: Deliver preventive maintenance for TxDOT’s system and capital assets to protect our investments. Promote safety: Champion a culture of safety. Value our employees: Respect and care for the well-being and development of our employees.
Strong focus on stewardship and providing value TxDOT Audit and Compliance
3
Texas Department of Transportation More than $85B in net capital assets (roads, bridges, land, etc.) – Over 80K centerline miles – Over 50K bridges
Estimated 600+ people moving to Texas daily Tremendous Pass-Through Grant Activity – $323M in federal pass through grants last fiscal year • Federal Transit Administration – $55.5M • Federal Highway Administration - $238M • National Highway Traffic Safety Administration - $29.3M • Federal Aviation Administration - $300K
Responsibility for being good stewards TxDOT Audit and Compliance
4
TxDOT Audit and Compliance Ultimate responsibility to People of Texas
Chief Audit and Compliance Officer reports directly to Texas Transportation Commission
Internal Audit and Compliance maintain functional/ operating independence in performing their jobs
5
TxDOT Audit and Compliance Compliance
Internal Audit •
• •
• •
•
Provide assurance and aim to strengthen processes and programs Conduct continuous risk assessment for strategic results Focus on all TxDOT programs/ activities, based on risks to program objectives Produce internal audit reports every 3-4 months Conduct follow up engagements to determine whether management action plans are closed/risks mitigated Participate/conduct external quality assessments (peer reviews)
• •
•
Promote stewardship, ethical conduct and organizational integrity Perform external audits, investigations, advisory services, and compliance evaluations Continuous, focused reporting, based on engagement objectives and relevance; in general: • •
•
External audits – to determine compliance with program objectives Investigations – fraud, waste, and/or abuse determination; proactive detection projects Advisory Services and Compliance Evaluations – conducting consulting/ non-audit services for internal stakeholders
Provides alignment between risk capacity and risk appetite 6
Quick Poll 1
How much time to you spend planning your audit engagements?
A) Up to 10% of the engagement B) Between 10% and 25% C) Between 25% and 50% D) Over 50%
7
TxDOT Planning Key Planning Activities
Reporting
• Interviews, documentation reviews, process mapping, control design evaluations • Conduct risk assessment • Determine scope • Determine skills/abilities required
Fieldwork Generally, between 25%35% invested in planning
• Determining need for training/outside expertise/assistance from others • Confirming key stakeholders, process owners and alignment with agency goals/values • Scheduling milestones
8
External Audits Overarching objective of external audits To foster stewardship by providing assurance regarding the integrity and performance of programs managed by TxDOT business partners. Audits include combination of financial, operational and compliance attributes
Recommendations to improve systems, processes and performance can be included in final reports
When non-compliance identified, questioned costs can be included
Triggers management decisions to remedy questioned costs, with potential to sanction
Sanctions may include reprimands, repayment of questioned costs, limitations on program participation and/or program participant’s termination from program
9
Recent Examples Safety • Collaborated with city and county auditors • Coordinated with National Highway Traffic Safety Administration (NHTSA) • Unallowed/Questioned Costs ($600K) in 4 programs
Public Transportation • Collaborated with local government auditing body • Coordinated with Federal Transit Administration (FTA) • Non-compliant transactions ($1.8M) in 6 programs
Upholding values and goals Strengthening programs through partnership 10
Criteria driving ability to rely on others Professional auditing standards
Program/Regulatory Requirements
•Statements on Auditing Standards (AICPA) •Government Auditing Standards (GAGAS – Yellow Book) •International Professional Practices Framework (IPPF – Red Book)
•Uniform Grant Guidance (2 CFR 200) •Program grant agreements •Applicable rules associated with management decisions based on audit results
Key Elements of Each •Independence •Due professional care •Award requirements •Cost principles •Reporting •Remedies for non-compliance
11
Reliance on Others AICPA AU Section 543.10 [In deciding whether to rely on the work of another independent auditor, the principal auditor] should make inquiries concerning the professional reputation and independence of the other auditor. – Make inquiries as to the professional reputation and standing of the other auditor – Obtain a representation from the other auditor that he is independent – That he or she is familiar with accounting principles generally accepted in the United States of America
AICPA AU Section 9543.03 When the principal auditor requests the other auditor to perform procedures, the principal auditor is responsible for determining the extent of the procedures to be performed.
12
Reliance on Others Government Auditing Standards 6.41 Auditors should obtain evidence concerning the other auditors’ qualifications and independence and should determine whether the scope, quality, and timing of the audit work performed by the other auditors is adequate for reliance in the context of the current audit objectives. Procedures that auditors may perform in making this determination include reviewing the other auditors’ report, audit plan, or audit documentation, and/or performing tests of the other auditors’ work.
13
Reliance on Others IPPF (Red Book) Practice Advisory 1210.A1-1 Obtaining External Service Providers to Support or Complement the Internal Audit Activity When the CAE intends to use and rely on the work of an external service provider, the CAE needs to consider the competence, independence, and objectivity of the external service provider as it relates to the particular assignment to be performed. The CAE determines that the external service provider possesses the necessary knowledge, skills, and other competencies to perform the engagement by considering: – Professional certification, license, or other recognition of the external service provider’s competence in the relevant discipline. – Membership of the external service provider in an appropriate professional organization and adherence to that organization’s code of ethics. – The reputation of the external service provider. This may include contacting others familiar with the external service provider’s work. – The external service provider’s experience in the type of work being considered. – The extent of education and training received by the external service provider in disciplines that pertain to the particular engagement. – The external service provider’s knowledge and experience in the industry in which the organization operates.
14
TxDOT Reliance on Others
Keys for TxDOT’s reliance on others • Review of external quality assessment/peer reviews • Experience and professional certifications • Discussions with staff and key stakeholders • Roles/responsibilities of auditor(s) • Review of work Professional Judgment: In the end, it is your responsibility to determine whether and/or the extent to which you rely on others’ work to support your conclusions. 15
Quick Poll 2
Based on what you’ve heard, where would you feel most comfortable relying on others? A) Planning the engagement B) Performing fieldwork (interviews, analysis, testing) C) Reporting results D) Review working papers
TxDOT Audit and Compliance
16
Reliance on Others
Drivers
Limitations
Safeguards
Lack of expertise
Need for complete independence
High level of supervisory review
Budget Constraints Timing Strategy
Inability to meet expectations Unwillingness to participate
Assignments on less critical aspects
17
Gaining Comfort WHAT
HOW
Identify and interview key governing body (e.g. organization’s senior management team, board)
• • • •
Determine overall engagement of governing body Obtain understanding of organization Evaluate operating and support structure Identify local climate (perceptions, challenges, etc.)
Identify funding sources (e.g. federal, state, cities, counties, etc.)
• Request and review required financial reports • Interview finance personnel • Obtain understanding of accounting systems, personnel expertise, and controls (e.g. comingling) • Conduct meetings with federal, city, county leadership/stakeholders
Identify local audit personnel expertise, roles, independence
• Obtain results of recent audits • Gain understanding of organization • Input to risk assessment/work plans
Helps determine potential role(s) for local audit participation 18
Working with TxDOT
Planning • Identification of key personnel • Document requests • Understanding of financial systems • Requesting documentation • Attendance at entrance conference
Degree of Confidence Required
Low High High Low Low
Fieldwork • Providing information/documentation • Assisting with interview scheduling • Validation of conclusions • Attendance at key meetings
High Low High Low
Reporting • Report review (confirm stakeholders, terminology, references)
Low
Varying degrees of confidence, based on professional judgment 19
Quick Poll 3
What is the most challenging aspect of leveraging the work of others?
A.
Gaining the trust/confidence of management
B. Ability to determine competency C. Coordination/Communication D. Availability E.
Other?
TxDOT Audit and Compliance
20
Questions and thank you!
TxDOT Audit and Compliance
21
