SPS Annual Risk Assessment and Audit Plan - October 2011

Seattle Public Schools Annual Risk Assessment and Audit Plan
Presented By The Office of Internal Audit
October 11, 2011 through August 31, 2012
Issue Date: October 11, 2011
Seattle Public Schools Office of Internal Audit Annual Risk Assessment and Audit Plan 2011-2012 TABLE OF CONTENT
EXECUTIVE SUMMARY.. Significant Risks Assessment Audit Plan BACKGROUND INFORMATION. Purpose Scope The Office of Internal Audit Risk Considerations Internal Controls Internal Audit Process PROCEDURES PERFORMED. Audit Universe Compliance Impact Financial Impact Prior Audit Exceptions Overall Risk Assessment Planned Control Monitoring Current or Planned Activities Audit Plan AUDIT PLAN....................... Full-Scope Audits Follow-Up Audits Limited Site-Based Procedures Other Projects Calendar Areas Not Selected for Audit Appendices Appendix A Universe.. Appendix B Elimination of Low Risk Audit Areas. Appendix C Risk Assessment and Audit Plan. Appendix D Available Audit Resources.. Appendix E Internal Audit Process Flowchart Appendix F Internal Audit Staff Biographies.. Appendix G Audit Plan Timeline. Appendix H Organization Chart.. Appendix I Internal Audit Policy. Appendix J Internal Audit Procedure.. 1
12
17 25 33 35 36 37 38 39 40 42
Executive Summary
The Office of Internal Audit conducts audits to support and promote integrity, openness and transparency with respect to internal financial controls and compliance of the district. To accomplish this goal, the Office of Internal Audit, adhering to Generally Accepted Government Auditing Standards, shall identify areas of risk on an annual basis and test for compliance based on an annual audit plan. The following information summarizes the significant risks impacting the District, as well as the current year audit plan. Significant Risks Decentralized Environment One of the biggest risks to the District is its decentralized environment. This environment creates situations where central office managers and supervisors are responsible for employees that they rarely see because these employees are assigned to schools. It also means that several central office functions, such as contract approval, equipment tracking, payroll, accounts payable, and risk management, rely heavily on the procedures performed at outlying sites and schools. For example, although accounts payable may process payments to vendors, they rely on individual departments and schools to perform a thorough review of the vendors invoice. The centralized accounts payable staff does not have direct knowledge of the transaction, so they rely on the responsible departments and schools to determine if an invoice is appropriate to pay. This environment increases the risk that employees will not follow procedures because they know that they are not being adequately monitored. There is also the risk that central office staff will not effectively communicate key control activity requirements to the outlying sites and schools, or provide them with the resources they need to perform the control activity properly. Leadership Turnover and Few Formalized Written Procedures The majority of the Districts leadership team is new. Several key leaders are either new to the District or are new to their current position. Also, a handful of leadership positions are still filled by interim personnel. Although these leaders appear to be competent, accountable, and transparent, this situation still increases the risk that internal controls will not be clearly established, or that they will not be assigned clear ownership. This environment is further complicated by the condition that few formalized written procedures are available to the new leadership team. This increases the risk that institutional knowledge held by previous leaders has left the District. Budget Constraints and Reduction in Force Due to budget constraints, reductions in force have occurred over the last several years. There is a risk that control activities were not adequately transitioned to the remaining employees. In addition, employees are now asked to take on an increased workload. Instead of rewarding high-performers with additional compensation or benefits, they have been given the responsibilities previously performed by someone else. Having more procedures performed by fewer people increases risk that key control activities will not be performed. Employees may not have sufficient time or resources to perform their due diligence. Worse yet, employees may take advantage of the lack of monitoring because they believe they are owed something for their increased workload. This situation can also have a negative impact on employee retention, as high-performing employees begin to look for more rewarding employment opportunities. This risk is only expected to increase with the States recent negative economic projection.
Page 1 of 45
Assessment The risks summarized above may not individually necessitate an internal audit, but they can all have a negative impact on key internal controls. Due to the above risks, there is an increased likelihood that: Key controls are not effectively designed Key controls are not visibly communicated to staff Key controls are not being performed properly Key controls are not adequately monitored by District management Key controls are not clearly prioritized against other job responsibilities Due to this increased risk associated with key controls, the Office of Internal Audit has an obligation to audit the areas where the key controls are actually performed. Even if an audit is being conducted of a centralized function, internal audit best practices require that key controls and transactions be verified at the source. Thus, any plan designed by the Office of Internal Audit should include procedures to verify key controls where they are performed. The significant risks identified above are also deemed to be universal, meaning they are not specific to any one area within the District. Thus, the Office of Internal Audits effectiveness in mitigating risk is diminished by the fact that any single audit will only mitigate the risks for that one specific area. In order for the Office of Internal Audit to have a measurable impact on risk mitigation they should develop a plan that provides coverage to as many different audit areas as possible. Audit Plan Based on the significant risks identified above, and their potential to negatively impact key internal controls, this years audit plan will include procedures to verify key controls at the source, while also providing coverage to multiple audit areas. The Office of Internal Audit has devised a plan to accomplish this by combining the following types of engagements: Full-Scope Audits Conducted of central administration functions Limited Site-Based Procedures - Conducted at schools Follow-Up Audits Conducted in audit areas where management recently remedied past audit issues These different types of audits will leverage off of one another, and will increase audit efficiency. Although some procedures will be conducted at schools, the audits will have a holistic approach to the overall system. The focus will be on improving entity-wide systems, and the audits will have an added benefit of highlighting those areas where schools do not receive adequate support from central administration. As previously noted, key internal controls will need to be verified at the source. The Office of Internal Audit will leverage the time spent at a school by also gathering data and information related to a widevariety of activities. The limited procedures will cover multiple audit areas, but they will also have a minimal impact on school staff. Although the audit scope of some areas will be limited, the different audit areas that will be covered by this years audit plan include:
Page 2 of 45
Office of Internal Audit Annual Risk Assessment and Audit Plan 2011-2012
Human Resources Centralized ASB Technology Services Inventory/Equipment Tracking Personal Service Contracts Transportation Payroll and Leave Time Reporting Enrollment/Student Counts School Security Risk Management Grants and Fiscal Compliance Purchasing & Contracting Nutrition Services Volunteering with SPS Rentals/Facility Usage Time & Effort Reporting Donations Athletics Expense Reimbursements Travel Expenditures Kindergarten Tuition ASB and Self Help at Schools Class Fees & Student Fines Loss Reporting to the SAO Booster Clubs
The biggest benefit of performing site-based key control verifications in these areas is that it will allow the Office of Internal Audit to identify potential problem areas now, rather than waiting until a FullScope Audit can be performed sometime in the future. Even though the procedures will be limited, they will still identify the key deficiencies that could be indicative of a major system weakness. Identifying these risks sooner, rather than later, will provide the School Board, District Leadership, and the Office of Internal Audit advanced warning of impending problem areas. In essence, the Limited Site-Based Procedures are a proactive approach to prevent potential problem areas from going undetected for a long period of time. Specific details of this years audit plan can be found in the Audit Plan section of this document. The Audit Plan section elaborates on the type of coverage each audit area will receive, and also documents how the areas selected for a Full-Scope Audit were selected. A summary of the audit plan schedule is also illustrated in a Gantt chart located at Appendix G. Subsequent Years As of today, this years plan is envisioned as having a multi-year aspect. Limited audit procedures will continue to be conducted at schools with the results contributing towards entity-wide risk assessments and any centralized audits that are also being performed. Ideally, the planning procedures performed this year will only have to be refreshed for next years Annual Risk Assessment and Audit Plan. However, the Office of Internal Audit will conduct a comprehensive risk assessment each year, and will alter the plan as needed.
Page 3 of 45
BACKGROUND INFORMATION Purpose The Office of Internal Audit is committed to conducting risk-based audits. This process increases the likelihood that internal audits will be conducted in the areas with the greatest need. This Annual Risk Assessment and Audit Plan is an effort by the Office of Internal Audit to assist the District in mitigating risks. This document summarizes the risks impacting the District, and it includes an audit plan detailing which areas will be audited this year. Scope This document covers the period from October 2011 through August 2012. In subsequent years the audit plan will cover a full year Beginning September 1 and ending August 31. The Office of Internal Audit The Office of Internal Audit was created in 2011 to promote integrity and accountability. It is considered an essential function of the District and reports directly to the Chair of the Audit and Finance Committee. This reporting structure was established to ensure that the Office of Internal Audit remains independent of District Management. Independence is essential to ensure that audit results are objective, and are communicated directly to the School Board. The Office of Internal Audit provides recommendations only, and does not have any authority to implement operational policies or procedures on behalf of the District. Upon completion of an audit, the results are communicated to the Audit and Finance Committee, which ensures full transparency of the internal audit function. The Policy and Procedure governing the Office of Internal Audit are included at Appendix I (Policy) and Appendix J (Procedure) The Office of Internal Audit also has an administrative reporting structure directly to the Superintendant, which is necessary to accommodate paychecks, reimbursements, provisions for office space, and approval of leave time. A flowchart showing the Office of Internal Audits reporting structure is located at Appendix H. The Office of Internal Audit is currently staffed by one Director, but is expected to expand to a staff of three total employees during the current year. Staff biographies are located in Appendix F. Appendix D illustrates the departments available resources, assuming two staff auditors begin employment with the District on January 3, 2012. Risk Considerations A risk is a set of circumstances that can hinder an objective. Throughout the preparation of this document, the Office of Internal Audit was aware of the following risks and circumstances that contributed to our final risk assessment and audit plan. This list is not intended to be all-inclusive, but it is intended to illustrate the numerous considerations that have gone into this risk assessment. Control Environment The attitudes, values, actions, philosophies, and policies that set the culture for an organization. Sometimes referred to as the Tone at the Top. Inherent Risks The risk that would exist even if no internal controls or mitigating factors were put in place. For example, cash handling has a high inherent risk.
Page 4 of 45
Control risks The risk that an internal control procedure will not be effective in mitigating risk. Simply having a control in place does not ensure that it will be effective. Reputational risk Risk that key customers and stakeholders will lose confidence in the organization. This could have a negative impact on the Districts enrollment numbers and its chances of passing future levies. Compliance risk The risk of sanctions, financial loss, or loss of reputation resulting from failure to comply with laws, regulations, codes of conduct, or standards. The District has a significant amount of compliance requirements applicable to K-12 districts, and resulting from Federal, State, and grant funding. Financial risk The risk of losing funding or cash flow. There are a wide variety of circumstances that could cause the District to lose public funds or property. Operational risks The risk of loss resulting from a breakdown in internal controls, operations, or procedures. The following list identifies some of the risk considerations that are taken into account when assessing risk. Each of the following situations would result in a higher risk rating: Cash Areas that handle cash, or have a billing and collection function Prior Audit Findings and Exceptions Areas prone to audit findings Discretionary Budgets Areas that have large expenditures for contracts, purchases, or overtime Turnover Areas that have recently experienced significant turnover Policies and Procedures Areas without clearly defined and available written policies and procedures Certain significant risks associated with the District have been summarized in the Executive Summary section of this document. Throughout the preparation of this document, the Office of Internal Audit has maintained a degree of professional skepticism, and will continue to do so as audits are conducted. Internal Controls In response to risks, organizations implement internal controls to mitigate those risks to an acceptable level. The Office of Internal Audit has considered the Districts internal controls during the preparation of this document. The most widely used framework for internal control in the United States, and around the world, is COSO. COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission and it is dedicated to providing guidance to executive management and governance entities on critical aspects of organizational governance. COSO defines internal control as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations. COSO defines internal control as having five components: 1. Control Environment - Sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control.
Page 5 of 45
2. Risk Assessment - The identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed. 3. Information and Communication - Systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities. 4. Control Activities - The policies and procedures that help ensure management directives are carried out. 5. Monitoring - Processes used to assess the quality of internal control performance over time. Internal Audit Process Appendix E shows the process of creating an annual plan, conducting audits, communicating with District staff and management, and finally reporting audit results directly to the Audit and Finance Committee. It is not intended to show reporting structure, but rather to summarize the process that the Office of Internal Audit goes through.
Page 6 of 45
PROCEDURES PERFORMED The following procedures were followed in the completion of this Annual Risk Assessment and Audit Plan: 1. Create an Audit Universe In order to start assessing risks and identifying which areas to audit, it is necessary to first identify all the areas that could be selected for an audit. The audit universe serves as a starting point for selecting areas to audit, and it includes all departments, programs, systems, and activities of the District. The creation of an audit universe has an added benefit of providing knowledge about the different functions the District performs. The knowledge gained during this process will be instrumental in assessing risks. The audit universe is a constantly evolving document that will be updated throughout the year to reflect the creation or deletion of District programs. The audit universe used for this years audit planning is attached in Appendix A, and is considered current as of September 23, 2011. The following items were reviewed and evaluated in order to compile the audit universe: Districts Public Internet Site Districts Internal Intranet Site Districts Organizational Charts Financial Reports Prior Audit Reports and Workpapers District Publications Districts Policies & Procedures The Accounting Manual for Public School Districts District Training Material Observation of District Facilities The Audit Universe and Annual Plans for Other School Districts Internal Audit Guides and Publications The Washington Association of School Business Officials Website and Publications Media Communications The Office of the Superintendant of Public Instruction Website and Publications
In addition to reviewing the above items, meetings were also conducted with the following groups: School Board Directors District Leaders and Managers The State Auditors Office The City of Seattles Ethics and Elections Commission
2. Eliminate Low Risk Audit Areas As indicated above, the audit universe includes all departments, programs, systems, and activities of the District. This includes all academic and partnership programs, which are not likely to have large discretionary budgets or cash receipting functions. Since these types of programs consist mainly of salaries and are focused primarily on the education of students, they are less likely to be selected for audit this year. There is the potential to audit these academic areas in future years to evaluate their efficiency and effectiveness; however, this years audit plan will focus heavily on financial controls and compliance. The Internal Audit Policy (G.23.00) states that the Office of Internal Audit is, to conduct performance audits to support and promote integrity, openness and transparency with
Page 7 of 45
respect to internal financial controls and compliance of the district. Thus, the audit universe can be scaled back to only include those areas that involve financial controls and compliance. Appendix B shows those areas that are being eliminated from the audit universe because they are deemed to be low risk with respect to financial controls and compliance. Areas predominately associated with a financial statement audit are also eliminated, since the State Auditors Office conducts a financial audit annually. Some of the attributes used to determine if an area should be automatically excluded from this years audit plan include: Lack of a Discretionary Budget Lack of a Cash Handling or Billing Function Limited Compliance Requirements Goals & Objectives are Primarily Academic
3. Condense Audit Universe into Major Audit Areas In order to make the audit universe more manageable for risk assessment purposes, it will be condensed into major audit areas. The original audit universe contained numerous audit areas within the same department. For example, the Department of Technology Services (DoTS) has more than twenty different areas listed as potential audit candidates. However, if DoTS is ultimately selected for audit, it will not include procedures for all twenty areas. Only those areas deemed to be the most risky would be audited. The excluded areas would be considered for an audit in subsequent years. The specific risk areas to be audited within one department will be determined during the planning phase of that audit. See Appendix E for an illustration of the planning process. Based on the same procedures and meetings documented in step #1 above, the remaining audit universe was condensed into major audit areas. These major audit areas are documented in the first column of Appendix C. Each major audit area is deemed to have a risk related to financial controls and/or compliance. This condensed audit universe will be the basis for a formal risk assessment that will determine which areas to include in this years audit plan. 4. Compliance Impact Column #2 of Appendix C assesses the compliance impact of each major audit area. An assessment of Low, Medium, or High was made, depending on the volume of compliance requirements associated with each area. The compliance requirements include District policies and procedures, as well as Federal and State laws and regulations. 5. Financial Impact Column #3 of Appendix C assesses the financial impact of each major audit area. Each area is rated as having a Low, Medium, or High financial impact to the District. An exact dollar threshold is not utilized because there are many uncertainties and factors that can affect the financial impact. Specifically, certain areas can have a large financial impact despite having a relatively small budget. For example, rentals/facility usage is not a significant funding source for the District; however, the potential financial impact associated with liability lawsuits resulting from an injury sustained on District property, escalates this audit area to a high financial impact. Another example is District volunteers. There is little financial impact with performing background checks on volunteers; however, the potential impact associated with allowing someone with a criminal background to interact with students is high. Since financial data alone cannot be used to assess the financial impact to the District, these assessments were reviewed by a committee consisting of the Interim
Page 8 of 45
Assistant Superintendant of Business of Finance, the Executive Director of Finance, the Risk Management and Insurance Manager, the Audit Response Manager, and the Accounting Manger. The assessments were first made by the Office of Internal Audit and were then reviewed by this Committee. Adjustments were made where necessary, but the final assessment rests with the Office of Internal Audit. In subsequent years, when the Office of Internal Audit is more knowledgeable of the District, the Office of Internal Audit will take more ownership of this assessment to ensure its ongoing independence. 6. Prior Audit Exceptions In addition to the Internal Audit Function, the District is audited frequently by various State and Federal agencies, as well as the occasional independent contractor. Columns 4, 5, and 6 of Appendix C identify whether or not any exceptions were noted in these audits. The reporting agency is identified in the year that the audit report was issued, and past audit exceptions include audit findings, management letters items, or exit conference notifications. These columns are intended to highlight those areas that may be prone to audit findings. They may also help identify those areas that are audited frequently, but do not have any audit exceptions. The major programs audited by the State Auditors Office during their Financial and Single Audit engagements are identified below. If any exceptions were noted in these audits, that fact has been documented in Appendix C: Major Program Title I Grants to Local Educational Agencies Special Education - Grants to States Indian Education Special Education - Preschool Grants ARRA - Title I Grants to Local Educational Agencies, Recovery Act ARRA - Special Education Grants to States, Recovery Act ARRA - Special Education - Preschool Grants, Recovery Act ARRA State Fiscal Stabilization Fund Education State Grants, Recovery Act Head Start ARRA - Head Start Child Nutrition Cluster Improving Teacher Quality Education and Human Resources Safe and Drug Free Schools and Communities State Grants Reading First 2009 X 2010 X X X 2011 X X X X X X X X X X X X X X X X X X X
7. Overall Risk Assessment Based upon all the information obtained to date, the Office of Internal Audit then assessed the overall risk for each major audit area. This assessment is based on the items documented in
Page 9 of 45
Appendix C (Compliance Impact, Financial Impact, and exceptions noted in prior audit engagements), and upon all the knowledge gained while performing each of the above procedures. All of the Risk Considerations documented in the Background section of this document play an important role in the overall risk assessment. However, in the absence of any additional information, the following table illustrates how risk is assessed if relying solely upon the financial and compliance impact of each audit area: Overall Risk Assessment Financial Impact High Medium Low Medium Medium Low Low High Medium High Medium
Low Medium Medium High Compliance Impact
As this table illustrates, a slightly higher emphasis is placed on financial impact than compliance impact. 8. Planned Control Monitoring The Districts Board of Directors is taking a proactive approach to ensure adequate internal controls. Several departments have been placed on a rotating schedule to appear before the School Boards Oversight Work Session. During these sessions, the departments identify their key internal control procedures, risks, and major initiatives. The Audit & Finance Committee also brings various departments forward to discuss risks, controls, and initiatives. The schedule of upcoming and recent sessions is documented in column #8 of Appendix C. The departments presentations in these sessions contain valuable information to the Office of Internal Audit, and will be used in ongoing risk assessments. In addition, the dates of these sessions can impact the timing of internal audit engagements. A department that has not gone through the practice of identifying risks and controls may be in a greater need of an internal audit. On the other hand, a department that has already presented their risks and controls may benefit from an audit soon after their presentation to determine if their major initiatives are working as intended. 9. Current or Planned Activities The Districts leadership team is also taking the initiative in mitigating risks and ensuring adequate internal controls. Column #9 in Appendix C identifies any current or planned activities that the District is undertaking with respect to the major audit areas. This step was completed by the Districts Audit Response Manager who is familiar with these initiatives, and was also reviewed by the same committee identified in step #5 above. This column also identifies any future engagements planned by the State Auditors Office or other governing body. This information is helpful in planning the timing of internal audit engagements. An area that is actively working to change and improve their procedures may be best suited for an internal audit six to nine months after the improvements are implemented. This would provide the audit area with valuable information as to whether or not their procedures were adequate, and if they are working as intended.
Page 10 of 45
10. Audit Plan Based on the results of all planning procedures performed to date, the final step associated with Appendix C is to determine which areas to include in this years audit plan. An examination of Appendix C reveals that 30 audit areas are rated as High Risk. However, given the Office of Internal Audits available resources, as discussed in the Background section of this document, only a few of these high risk areas can be audited in the first year. In response to this limitation, the Office of Internal Audit has developed a plan that will provide coverage to 15 high risk audit areas and 10 medium risk audit areas in the first year alone. The plan involves a hybrid approach between FullScope Audits, Follow-Up Audits, and Limited Site-Based Procedures. Column #10 of Appendix C identifies the major audit areas that will be covered by each type of audit. Detailed information about the different types of audits to be performed, and the areas selected for each type, is included in the Audit Plan section of this document.
Page 11 of 45
AUDIT PLAN Column #10 in Appendix C identifies the different types of audits that will be conducted this year, along with the major audit areas to be covered by each engagement type. This section of the Annual Risk Assessment and Audit Plan explains the different types of engagements, and also documents why each area was selected to be included in the final audit plan. Once approved, the final audit plan will guide the Office of Internal Audits activities for the upcoming year. Any unforeseen changes to the plan will be communicated to the Audit and Finance Committee as soon as possible. If a school Board Member wishes to alter the approved audit plan, the proposal must be submitted by two Board Directors, and ultimately approved by the Audit and Finance Committee. These procedures will ensure the Office of Internal Audits independence and prevent the Office from being used to promote a personal agenda. Full-Scope Audits The Full-Scope audits will involve a comprehensive review of the operation or system as a whole. The focus will be on whether or not the operation or system is meeting its compliance requirements while also providing effective financial internal controls. Depending on the area audited, fieldwork procedures may also involve sampling various outlying schools and locations. This may be necessary since some of the key control procedures may be performed outside of the central administration building. A prime example of this is the Payroll system. Although Payroll is a centralized system, the central office staff does not have direct knowledge of most employees work schedules. As a result they rely heavily on the outlying Managers and Principals to conduct a thorough review of their staffs payroll entry. When sampling of outlying schools is necessary, the procedures will leverage off of the Limited Site-Based Procedures discussed below. In short, the Limited Site-Based Procedures will include tests of transactions that will directly relate to these Full-Scope audits. The following audit areas have been selected to receive a Full-Scope Audit: Human Resources The Districts largest operating expenditures are salaries and benefits. Human resources is not only responsible for the hiring of new employees, but they are also instrumental in providing internal controls to ensure that only legitimate employees are entered into the payroll system. They also administer the employee benefits contracts, and ensure compliance with numerous Federal, State, and local requirements. Significant financial implications could be caused by fines or litigation resulting from non-compliance with requirements relating to fair labor standards, discrimination, harassment, or the Family Medical Leave Act. The Human Resources function is also responsible for maintaining data related to teacher experience and qualifications, which has a material impact on the apportionment funding that the District receives from the State. All of these factors uphold the notion that Human Resource has an extremely high compliance and financial impact to the District. In addition to the compliance and financial impacts noted above, the Human Resources function has endured twelve different changes to the top leadership position during the last thirteen years. This alarming rate of turnover in a key leadership position increases the risk that responsibilities and expectations are not clearly understood or aligned with District
Page 12 of 45
initiatives. It also increases the risk that institutional knowledge has left the District with these previous employees, and that current staff are unaware of key internal control requirements. The current Executive Director of Human Resources is in the midst of restructuring and improving the Human Resources function, but has also indicated that the Office of Internal Audit can be of value at the same time. Centralized ASB (Associated Student Body Fund) Numerous interviews were conducted with District staff to determine where the Districts significant risks are. The one audit area that was mentioned most frequently as an area of concern was ASB funds. There is widespread belief that problems exist with ASB funds. This is further substantiated by recent ASB fund exceptions noted by the State Auditors Office. There is a high likelihood of errors noted with ASB funds; however, the financial impact is less certain. The total value of the ASB fund is approximately $4 million, which is less than 1% of the Districts general fund amount. However, the ASB fund represents monies that are generated by students. Finding cost savings in the ASB fund will not increase the available resources to the District, because those funds belong to students. However, as a steward to these funds, the District has an obligation to ensure they are safe. Also, failure to properly account for these funds can negatively impact the Districts reputation. Reputational risk is difficult to quantify, but the long term impact of negative publicity could impact future enrollment numbers as well as the Districts ability to pass upcoming levies. Safeguarding the Districts reputation is increasingly important, due to the negative publicity received within the past year. The Limited Site-Based Procedures conducted at schools will include procedures relating to ASB funds, including a surprise cash count. The results of these school audits will be used to support an audit of the centralized ASB system, which will be conducted during the summer months when schools are on break. The focus of this centralized system audit will be to determine if the central office is properly accounting for all school ASB funds, and to ensure that Central Administration is adequately supporting the schools. The Interim Superintendants 4th Pillar of Success calls for Central Office Staff Serving and Supporting Schools and Families. One way that the Office of Internal Audit will be contributing to this initiative is by ensuring that other centralized functions are adequately supporting schools as well. Technology Services The Department of Technology Services takes up a significant portion of the Districts general fund. The department also has capital expenditures associated with the Building, Technology, and Academics levy. An interim Director was recently appointed, and the department is not currently scheduled for any appearances before the Audit and Finance Committee or the Oversight Work Sessions. In addition, there have not been any recent audits completed in this area. All of these factors indicate that the Department of Technology Services could benefit from an internal audit. Follow-Up Audits The Follow-Up Audits will focus solely on those problem areas identified in previous audit reports. A good candidate for a Follow-Up Audit will be an audit area that has received significant or numerous
Page 13 of 45
prior audit exceptions, and has recently implemented corrective actions to resolve those exceptions. The primary objective of a Follow-Up Audit will be to determine if the newly implemented corrective action plans are working as intended. The following audit areas have been selected to receive a Follow-Up Audit: Inventory/Equipment Tracking Personal Service Contracting Limited Site-Based Procedures The Limited Site-Based Procedures will focus on the key compliance and financial controls expected to be completed at schools. In addition to providing data to support the Full-Scope Audits and the Follow-Up Audits that are already scheduled, they will also include procedures to ensure compliance and financial accountability in a wide variety of other areas. By overlapping these audits and leveraging off of the time spent at schools, the Office of Internal Audit will increase efficiency and be able to provide coverage to more audit areas while limiting the amount of time required from school-based employees. These procedures will be limited in duration, and will overlap with the Full-Scope Audits and FollowUp Audits that are also being conducted. As indicated in the Full-Scope Audits section above, auditing procedures will most likely involve visits to outlying schools in order to verify certain key controls. Since schools must be visited anyway, the Limited Site-Based Procedures are going to leverage off of these school visits. In addition to verifying the key controls specific to the current Full-Scope and Follow-Up Audits, the time spent at schools will also include procedures to gather information about other key controls that the schools are expected to be following. Essentially, the Office of Internal Audit will be using the time spent at schools to accomplish more than one objective. The Executive Summary also discusses the importance of verifying key internal controls at the source. An individual audit report will be issued after each school visit; however, the intent of the report is not to highlight the deficiencies of specific schools, but rather to shed light on those areas that may represent a system-wide failure of internal controls. In fact, these engagements will actually offer the schools an opportunity to articulate the challenges they face, and identify the areas where they do not get enough support from Central Administration. The results of these engagements will also be tracked and summarized in the Office of Internal Audits Annual Summary. These results will be used to identify potential audit areas in subsequent years. This plan provides a great opportunity to identify those areas where key controls are not being adequately followed, or perhaps have not been adequately communicated to the schools. It could also identify those situations where schools do not have the support they need from central administration, or where insufficient resources are available to perform the control procedures properly. The biggest benefit of these site-based key control verifications is that it will allow the Office of Internal Audit to identify these potential problem areas now, rather than waiting until a Full-Scope Audit can be performed sometime in the future. Even though the procedures will be limited, they
Page 14 of 45
will still identify the key deficiencies that could be indicative of a major system weakness. Identifying these risks sooner, rather than later, will provide the School Board, District Leadership, and the Office of Internal Audit advanced warning of impending problem areas. Corrective action plans can be put in place before these impending problem areas escalate even further. In essence, the Limited Site-Based Procedures are a proactive approach to prevent potential problem areas from going undetected for a long period of time. A total of six site-based audits are planned for this year, and will be conducted at various schools dispersed throughout the district. The Office of Internal Audit will attempt to select schools from different regions, and will divide them equally among high schools, middle schools, and elementary schools. The identity of the schools selected will be kept confidential until after the engagement has begun. This will allow the Office of Internal Audit to begin each engagement with a surprise cash count. The major audit areas to be covered by these Limited Site-Based Procedures include: Transportation Payroll and Leave Time Reporting Enrollment/Student Counts School Security Risk Management Grants and Fiscal Compliance Purchasing & Contracting Nutrition Services Volunteering with SPS Rentals/Facility Usage Time & Effort Reporting Donations Athletics Expense Reimbursements Travel Expenditures Kindergarten Tuition ASB and Self Help at Schools Class Fees & Student Fines Loss Reporting to the SAO Booster Clubs
Other Projects In addition to the audits noted above, the Office of Internal Audit will have other projects to complete as well. Some of these projects, such as maintaining a department website and preparing an annual summary for the School Board, will be ongoing projects from year to year. However, other projects, such as hiring new staff auditors and creating a department Policy and Procedures Manual, are one-time projects associated with setting up a new department. The following list is presented to identify the non-audit projects that will incur internal audit resources this year: Hiring of New Staff Members Supervision of Staff Auditors Continuing Professional Education Training Special Requests and Investigations Creating Protocols for Accepting Special Requests Developing Department Mission, Goals, and Objectives Developing Department Policy and Procedures Manual Documenting Generally Accepted Government Auditing Standards (Yellow Book) Compliance Creating & Maintaining a Department Website Preparing the Internal Audit Annual Summary
Page 15 of 45
Developing Subsequent Years Annual Risk Assessment and Audit Plan With regard to Special Requests and Investigations, the Office of Internal Audit will include a customer service aspect in its audit plan. Resources will be made available to support schools should they encounter a situation that requires internal audit expertise. Offering this service will accomplish two objectives. First, it will support the Interim Superintendants 4th Pillar or Success Central Office Staff Serving and Supporting Schools and Families. Second, it will serve to break down the barriers associated with audits, and demonstrate to schools that the Office of Internal Audit can be viewed as a resource and a partner. However, to ensure independence and the proper use of internal audit resources, special requests must demonstrate why internal audits expertise or objectivity is necessary. Calendar Appendix G is a Gantt chart illustrating the timing of this years audit plan. The calendar is simply an estimate based on certain facts and assumptions as of October 2011. Updates to the calendar will be made as necessary. Areas Not Selected for Audit One high risk area that is not selected for audit at this time is Capital. Although Capital is rated as a high risk area, and has had recent audit findings cited, it is not included in this years audit plan due to timing. The District is currently making significant changes to the Capital department, and is contracting with the Educational Service District (ESD) to provide restructuring recommendations. The ESD is providing consulting services related to the department reorganization, and is also conducting reviews of potential problem areas. An internal audit conducted during this transitional phase would likely identify problem areas that are already known to exist, and have already been identified for corrective action. A better alternative would be to audit this area once a majority of the restructuring is complete, and the department has had some time to implement and modify its new procedures. In addition, the State Auditors Office has indicated Capital is going to be a main area of focus for their current audit. An internal audit at this point could be a duplication of efforts, and would be an unnecessary burden to the Capital department employees.
Page 16 of 45
Appendix A Audit Universe Audit Universe The audit universe serves as a starting point for selecting areas to audit, and it includes all departments, programs, systems, and activities of the District. Department/Program Superintendants Office Administration Control Environment (Strategic Plan and Tone at the Top) Reflected in staffing decisions, budgets, and dept goals, objectives, & procedures? Policies and Procedures, internal communication, safety, evaluations, etc Academics/Teaching & Learning Executive Director Offices Research, Evaluation & Assessment-SISO Reliability and usefulness of data in analyzing program effectiveness MAP Assessment Student Information Services Office (SISO) Testing Integrity Enrollment Reporting/Student Counts e-SIS Phase Out Plan English Language Learners (ELL) Bilingual Family Center Migrant Education Refugee Impact International Education Special Education Administration/Contracting Reporting/Compliance Student Discipline Individualized Education Plan (IEP) Physical Therapy School Psychologists Speech Language Pathology Audiology Career & Technical Education Agriculture, Arts, Media, Science, & Engineering Business, Marketing, & IT Special Population City Campus Counseling Health & Human Services and Family & Consumer Science Career Academics Counselor Nontraditional Program Analyst Auto Shop College & Career Readiness Curriculum & Instruction
Page 17 of 45
Department/Program Math & Science Science Materials Center Literacy & Social Studies Library Services & Technology Instructional Support Head Start Physical Ed & Health Literacy Professional Development & PLC Native American Education (Federal Funding) Visual & Performing Arts Merit & School Improvement Grants Early Learning Advanced Learning Alternative Programs (Southlake, Interagency, Pinehurst, Pathfinder) Alternative Learning Experience Adequate documentation to support funding? Traffic Education All City Band Approved Instructional Materials Catalog Professional Library Huchoosedah Indian Education Booster Clubs STAR Program ASB at Schools Cash Handling Classes, Clubs, Private Monies Athletics Class fees Graduation Requirements Effectiveness of Academic Programs (Working or can they be cut entirely?) Intervention Programs Does an intervention program such as math really improve a students performance? KNHC Radio Instructional Broadcast Center Partnerships, Policy, & Communications School & Community Partnerships Community Schools Grant Coordinator Acceptable Expenditures Out of Community Schools Alignment Initiative Coordinator Supplemental Education Services Communications Office Board Office Board Policies School Family Partnerships
Page 18 of 45
Department/Program Outreach & Training Specialist Readiness to Learn Family & Community Engagement Building and Ground Use Rental/Lease Rates Outside organization in the classroom and after school programs Volunteering with SPS Background checks Government Relations PDC Reports and Quarterly L-5s Operations Logistics/ Procurement & Distribution Services Purchasing Contracting Services/Bid Compliance Warehouse & Distribution Mail Services Fleet Management Vehicle Usage Transportation Operations/Efficiency ORCA Cards Enrollment & Customer Services Open Enrollment Facilities Operations Operations (Property Mgmt/Grounds) Maintenance Inter-dept billing Prioritizing Projects 1st come/1st served, or based on need or ability to pay? Custodial Services Rentals/Facility Usage Buildings and Grounds Use (Also related to Partnerships, Policy, & Communications) Insurance Requirement Self Help Energy Conservation (Reduction of utility costs) Environmental Services Surplus Warehouse Major Preventive Maintenance Work Management System (WMS) Capital Projects & Planning Capital Facilities Capital Project Management Capital Planning Coordination Capital Facilities Communication Capital Document Control
Page 19 of 45
Capital Financial Controls Building Excellence (BEX) Buildings, Technology & Academics (BTA) Small Works Capitalization/Valuation CIP Appropriate Usage of Capital Funds Staffing Supplies and textbooks Storage of Furniture and Portables Technology Board Disclosure Public Bids/Splitting of Contracts/Change Orders Project Planning/Design Current capacity vs. future need Change Orders Disclosure of Known Conditions Upfront Planning for Unknown Conditions Impact of Enrollment Projections Levy Planning Process Overpayments to Vendors Invoice Standardization Asset Management Technology Services (DoTS) Tech Plan Long term strategies for upgrades and replacement System Security & Access Backup & Recovery Procedures Data Disaster Recovery (Also relates to Continuity of Operations) Equipment Purchasing Equipment Tracking Equipment Surplus Software Licenses Publishing Services Project Management Application Services Customer Support/TechLine Operations/Network Services Web Publishing Support Classroom Technology Proper Use of Capital Funds Use of Contractors vs. Hiring of Employees Telephones (Telecommunications) Voicemail Standard Course Catalog Search eSIS Student Reporting System Records Management Archives (Legal?)
Page 20 of 45
School Record Retention Student Records Safety & Emergency Management Emergency Communications Alarm Response Fingerprinting School Security Key Inventory Athletics Gate Receipts Tournaments Rentals/Facility Usage Fundraising/ASB Compliance Recruiting Academic Integrity Coordinated School Health School Nurses Nutrition Services Cash Handling Expenditure Cycle Fixed Assets Inventory Controls Inter-dept billing Federal and State Health Regulations Compliance Centralized Cooking Did it reduce costs? Did it also reduce sales? Family Support Program Health Intervention Truancy Discipline Intervention Homelessness Health Network Operations Analysis & Special Projects Management Systems Professional Development Tracking & Compliance Administration/Course Offerings Data Analysis-Grants Management Asst Superintendant Business & Finance Accounting/Finance Audit Response Budget Office Development Monitoring Transfers
Page 21 of 45
Personal Service Contracts Scope of Work Management of Contract/Invoice Review Insurance/Liability Accounts Payable Employee Expense Reimbursements (Avenue to bypass purchasing procedures?) Travel Agent & Expenditures Purchasing Cards??? Payroll and Leave Time Reporting Billing Accounts Receivable/Collections General Ledger/Financial Reporting Grant Accounting Cash Collection Treasury/Investment Management (King County) Centralized ASB Procedures Purchasing (1/1/12) Contracting Services/Bid Compliance (1/1/12) Debt Service Fund Bonds Kindergarten Tuition Loss Reporting to the SAO Furlough Administration Risk Management Enterprise Risk Management Insurance Claims & Processing Safety DOSH Compliance Workers Compensation (Also related to HR) Administration Disability Payments School Health Rules DOH Student Safety Insurance WORMP Incident/Accident Reviews Safe Routes to School DOT Random drug/alcohol screening Medicare Secondary Payout On-school Activities (Bouncy Houses, Dunk Tanks, etc) Fire Prevention HIV/AIDS Education Compliance School Site Emergency Mgmt Plan/Critical Incident Mgmt for School Training Asbestos Management Plan Continuity of Operations Plan in place for disasters, loss of facilities, pandemics, loss of key personnel? Enrollment Planning and Projections
Page 22 of 45
Impact on Staffing (# of Teachers Impact to Principals and HR) Impact on zoning, construction, & school resources (equip, lunches, books) Local Levies Time & Effort Reporting Federal Funds Deputy Superintendants Office General Counsel Public Records Requests Section 504 Coordinator Contracting Human Resources and Employment Recruitment & Selection Position Control Staff Mix S-275 Reporting Transfers & Promotions Performance Evaluations Terminations/Retirements Temporary Contracts (Are they really an employee?) Personnel Records Professional Certification Employee Labor Relations/Discipline Timeliness of investigations/resolutions Quality of investigations Severance Packages Substitutes Compensation Benefits Regular bidding of providers and administrator contracts Employee Assistance Program (EAP) Compliance (FMLA, Harassment, etc) Adding/Removing Employees from Payroll System File Room Professional Growth & Leadership Teacher Consulting SIG Schools Principal Consulting Teacher Incentive Fund (TIF) Career Advancement, Growth and Support Office of Internal Audit Internal Audit Peer Review Additional Audit Areas (Not Identified on the Org Charts) Grants and Fiscal Compliance (Part of Teaching & Learning Merit & School Improvement Grants or part of Partnership, Policy, & Communications Community Schools Grant Coordinator or part of Operations Data Analysis Grants Mgmt?)
Page 23 of 45
Inventory (Part of Nutrition Services, warehouse, or ICT? What is accountings role?) Physical Inventories/Tracking Valuation Surplus/Retirements Small and Attractive Assets Scrap Metal National Board Certification (Part of Teaching & Learning or HR?) Service Learning Inter-department billing Source Teach for America Reduction in Force Planning Self Help Accounting Contract Negotiations (An audit could be valuable in an area is due for negotiation soon.) Seattle Schools Scholarship Fund Outside Agency Alliance for Education Outside Agency Public Education Foundations??? Donations Is there a centralized donation office? Does central office know when a school receives a donation? Other Projects to Include in the Audit Plan 1. Special Requests, investigations, and hotline referrals 2. SAO Loss Reporting and Restitution Agreements 3. Hiring of new staff members 4. Developing department Mission, goals, and objectives 5. Developing department policy and procedures manual 6. Documenting GAGAS (Yellow Book) compliance 7. Department Website creation 8. Audit Plan Development 9. Annual Summary for School Board 10. Internal Audit Administrative Duties 11. Professional Development
Page 24 of 45
Appendix B Appendix B shows those areas that are being eliminated from the audit universe because they are deemed to be low risk with respect to financial controls and compliance. Areas eliminated are lined out: Department/Program Superintendants Office Administration Control Environment (Strategic Plan and Tone at the Top) Reflected in staffing decisions, budgets, and dept goals, objectives, & procedures? Policies and Procedures, internal communication, safety, evaluations, etc Academics/Teaching & Learning Executive Director Offices Research, Evaluation & Assessment-SISO Reliability and usefulness of data in analyzing program effectiveness MAP Assessment Student Information Services Office (SISO) Testing Integrity Enrollment Reporting/Student Counts e-SIS Phase Out Plan English Language Learners (ELL) Bilingual Family Center Migrant Education Refugee Impact International Education Special Education Administration/Contracting Reporting/Compliance Student Discipline Individualized Education Plan (IEP) Physical Therapy School Psychologists Speech Language Pathology Audiology Career & Technical Education Agriculture, Arts, Media, Science, & Engineering Business, Marketing, & IT Special Population City Campus Counseling Health & Human Services and Family & Consumer Science Career Academics Counselor Nontraditional Program Analyst Auto Shop College & Career Readiness Curriculum & Instruction Math & Science
Page 25 of 45
Department/Program Science Materials Center Literacy & Social Studies Library Services & Technology Instructional Support Head Start Physical Ed & Health Literacy Professional Development & PLC Native American Education (Federal Funding) Visual & Performing Arts Merit & School Improvement Grants Federal Grants/Title 1 Early Learning Advanced Learning Alternative Programs (Southlake, Interagency, Pinehurst, Pathfinder) Alternative Learning Experience Adequate documentation to support funding? Traffic Education All City Band Approved Instructional Materials Catalog Professional Library Huchoosedah Indian Education Booster Clubs STAR Program ASB at Schools Cash Handling Classes, Clubs, Private Monies Athletics Class fees Graduation Requirements Effectiveness of Academic Programs (Working or can they be cut entirely?) Intervention Programs Does an intervention program such as math really improve a students performance? KNHC Radio Instructional Broadcast Center Partnerships, Policy, & Communications School & Community Partnerships Community Schools Grant Coordinator Acceptable Expenditures Out of Community Schools Alignment Initiative Coordinator Supplemental Education Services Communications Office Board Office Board Policies School Family Partnerships
Page 26 of 45
Department/Program Outreach & Training Specialist Readiness to Learn Family & Community Engagement Building and Ground Use Rental/Lease Rates Outside organization in the classroom and after school programs Volunteering with SPS Background checks Government Relations PDC Reports and Quarterly L-5s Operations Logistics/ Procurement & Distribution Services Purchasing Contracting Services/Bid Compliance Warehouse & Distribution Mail Services Fleet Management Vehicle Usage Transportation Operations/Efficiency ORCA Cards Enrollment & Customer Services Open Enrollment Facilities Operations Operations (Property Mgmt/Grounds) Maintenance Inter-dept billing Prioritizing Projects 1st come/1st served, or based on need or ability to pay? Custodial Services Rentals/Facility Usage Buildings and Grounds Use (Also related to Partnerships, Policy, & Communications) Insurance Requirement Self Help Energy Conservation (Reduction of utility costs) Environmental Services Surplus Warehouse Major Preventive Maintenance Work Management System (WMS) Capital Projects & Planning Capital Facilities Capital Project Management Capital Planning Coordination Capital Facilities Communication Capital Document Control
Page 27 of 45
Department/Program Capital Financial Controls Building Excellence (BEX) Buildings, Technology & Academics (BTA) Small Works Capitalization/Valuation CIP Appropriate Usage of Capital Funds Staffing Supplies and textbooks Storage of Furniture and Portables Technology Board Disclosure Public Bids/Splitting of Contracts/Change Orders Project Planning/Design Current capacity vs. future need Change Orders Disclosure of Known Conditions Upfront Planning for Unknown Conditions Impact of Enrollment Projections Levy Planning Process Overpayments to Vendors Invoice Standardization Asset Management Technology Services (DoTS) Tech Plan Long term strategies for upgrades and replacement System Security & Access Backup & Recovery Procedures Data Disaster Recovery (Also relates to Continuity of Operations) Equipment Purchasing Equipment Tracking Equipment Surplus Software Licenses Publishing Services Project Management Application Services Customer Support/TechLine Operations/Network Services Web Publishing Support Classroom Technology Proper Use of Capital Funds Use of Contractors vs. Hiring of Employees Telephones (Telecommunications) Voicemail Standard Course Catalog Search eSIS Student Reporting System Records Management
Page 28 of 45
Department/Program Archives (Legal?) School Record Retention Student Records Safety & Emergency Management Emergency Communications Alarm Response Fingerprinting School Security Key Inventory Athletics Gate Receipts Tournaments Rentals/Facility Usage Fundraising/ASB Compliance Recruiting Academic Integrity Coordinated School Health School Nurses Nutrition Services Cash Handling Expenditure Cycle Fixed Assets Inventory Controls Inter-dept billing Federal and State Health Regulations Compliance Centralized Cooking Did it reduce costs? Did it also reduce sales? Family Support Program Health Intervention Truancy Discipline Intervention Homelessness Health Network Operations Analysis & Special Projects Management Systems Professional Development Tracking & Compliance Administration/Course Offerings Data Analysis-Grants Management Asst Superintendant Business & Finance Accounting/Finance Audit Response Budget Office Development
Page 29 of 45
Department/Program Monitoring Transfers Personal Service Contracts Scope of Work Management of Contract/Invoice Review Insurance/Liability Accounts Payable Employee Expense Reimbursements (Avenue to bypass purchasing procedures?) Travel Agent & Expenditures Purchasing Cards??? Payroll and Leave Time Reporting Billing Accounts Receivable/Collections General Ledger/Financial Reporting Grant Accounting Cash Collection Treasury/Investment Management (King County) Centralized ASB Procedures Purchasing (1/1/12) Contracting Services/Bid Compliance (1/1/12) Debt Service Fund Bonds Kindergarten Tuition Loss Reporting to the SAO Furlough Administration Risk Management Enterprise Risk Management Insurance Claims & Processing Safety DOSH Compliance Workers Compensation (Also related to HR) Administration Disability Payments School Health Rules DOH Student Safety Insurance WORMP Incident/Accident Reviews Safe Routes to School DOT Random drug/alcohol screening Medicare Secondary Payout On-school Activities (Bouncy Houses, Dunk Tanks, etc) Fire Prevention HIV/AIDS Education Compliance School Site Emergency Mgmt Plan/Critical Incident Mgmt for School Training Asbestos Management Plan Continuity of Operations
Page 30 of 45
Department/Program Plan in place for disasters, loss of facilities, pandemics, loss of key personnel? Enrollment Planning and Projections Impact on Staffing (# of Teachers Impact to Principals and HR) Impact on zoning, construction, & school resources (equip, lunches, books) Local Levies Time & Effort Reporting Federal Funds Deputy Superintendants Office General Counsel Public Records Requests Section 504 Coordinator Contracting Human Resources and Employment Recruitment & Selection Position Control Staff Mix S-275 Reporting Transfers & Promotions Performance Evaluations Terminations/Retirements Temporary Contracts (Are they really an employee?) Personnel Records Professional Certification Employee Labor Relations/Discipline Timeliness of investigations/resolutions Quality of investigations Severance Packages Substitutes Compensation Benefits Regular bidding of providers and administrator contracts Employee Assistance Program (EAP) Compliance (FMLA, Harassment, etc) Adding/Removing Employees from Payroll System File Room Professional Growth & Leadership Teacher Consulting SIG Schools Principal Consulting Teacher Incentive Fund (TIF) Career Advancement, Growth and Support Office of Internal Audit Internal Audit Peer Review
Page 31 of 45
Department/Program Additional Audit Areas (Not Identified on the Org Charts) Grants and Fiscal Compliance (Part of Teaching & Learning Merit & School Improvement Grants or part of Partnership, Policy, & Communications Community Schools Grant Coordinator or part of Operations Data Analysis Grants Mgmt?) Inventory (Part of Nutrition Services, warehouse, or ICT? What is accountings role?) Physical Inventories/Tracking Valuation Surplus/Retirements Small and Attractive Assets Scrap Metal National Board Certification (Part of Teaching & Learning or HR?) Service Learning Inter-department billing Source Teach for America Reduction in Force Planning Self Help Accounting Contract Negotiations (An audit could be valuable in an area is due for negotiation soon.) Seattle Schools Scholarship Fund Outside Agency Alliance for Education Outside Agency Public Education Foundations??? Donations Is there a centralized donation office? Does central office know when a school receives a donation? Other Projects to Include in the Audit Plan 12. Special Requests, investigations, and hotline referrals 13. SAO Loss Reporting and Restitution Agreements 14. Hiring of new staff members 15. Developing department Mission, goals, and objectives 16. Developing department policy and procedures manual 17. Documenting GAGAS (Yellow Book) compliance 18. Department Website creation 19. Audit Plan Development 20. Annual Summary for School Board 21. Internal Audit Administrative Duties 22. Professional Development
Page 32 of 45
Appendix C Risk Assessment and Audit Plan

1 2 3 4 5 6 7 8 9 10
Audit Area Human Resources Centralized ASB Procedures Technology Services Inventory/Equipment Tracking Personal Service Contracting Transportation Payroll and Leave Time Reporting Enrollment/Student Counts School Security Risk Management Grants and Fiscal Compliance Purchasing & Contracting Nutrition Services Volunteering with SPS Rentals/Facility Usage Time & Effort Reporting Donations Athletics Expense Reimbursements Travel Agent & Expenditures Kindergarten Tuition ASB and Self Help at Schools Class Fees & Student Fines Loss Reporting to the SAO Booster Clubs
OWS = Oversight Work Session SAO = State Auditors Office A&F = Audit & Finance Committee ESD = Educational Service District
Compliance Impact
High High High High High High High High High High High High High High Medium High High High High High High High High High Medium
Financial Impact
High Medium High Medium Medium High High High High High High High High High High Medium Medium Medium Medium Medium Medium Medium Medium Low Low
Previous Audit Exceptions * 2009

SAO
2010
SAO
2011
SAO SAO
Overall Risk Rating

High High High
Planned Control Monitoring

OWS 3/21/12
Current or Planned Activities

(Non-Internal Audit)
Review and restructuring Increased training
2011/2012 Audit Plan

Full-Scope Audit
SAO SAO SAO SAO SAO
SAO SAO SAO SAO SAO
SAO SAO
High High High
A&F Annual
Improved process Improved procedures
Follow-up Audit
OWS 2/8/12 OWS 10/26/11
New service model Improved procedures Improved procedures Limited SiteBased Procedures (Procedures will verify that key controls specific to these areas are be performed at 6 schools. The results of these audits will also support the Full-Scope Audits and the Follow-Up Audits.)
SAO SAO
High High High High
OWS 6/6/12 OWS 8/17/11 OWS 11/30/11 OWS 2/1/12 Training OWS 11/30/11 Revised procedure Centralized billing function Increased training Revised procedure Centralized production
SAO
SAO SAO SAO SAO
SAO
High High High High
SAO SAO SAO
High Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium
SAO SAO SAO SAO SAO
SAO SAO SAO
*Includes Audit Findings, Management Letter Items, and Exit Items, as well as recommendations from Performance Audits and Special Investigations.
Page 33 of 45
Appendix C Risk Assessment and Audit Plan

1 2 3 4 5 6 7 8 9 10
Audit Area Capital Projects & Planning Enrollment Planning & Projection Special Education Staff Mix Federal Programs (Head Start, Title 1, Native American Education) Treasury/Investment Mgmt Safety & Emergency Mgmt Maintenance Accounts Payable Budget Development General Counsel Reduction in Force Planning Custodial Services Energy Conservation Central Office Cash Collection Property Management Purchasing Cards Alternative Learning Experience GL/Financial Reporting Billing, A/R, & Collections Overall Control Environment Traffic Education Warehouse & Distribution Fleet Management Enrollment & Customer Services School & Community Partners Surplus Warehouse Environmental Services Enterprise Risk Management
Compliance Impact
High High High High High High High Medium Medium Medium High Medium Medium Low High High High High High Medium Medium Medium Medium Medium Medium Medium Medium Low Low
Financial Impact
High High High High High High High High High High High High High Medium Medium Medium Medium Medium Low High Medium Medium High Medium Low Medium Medium Medium Medium
Previous Audit Exceptions * 2009

SAO
2010
SAO
2011
SAO
Overall Risk Rating

High High
Planned Control Monitoring

OWS 4/4/12 OWS 3/7/12
Current or Planned Activities

(Non-Internal Audit)
ESD 112 review & SAO Audit-Winter2011/2012
2011/2012 Audit Plan
SAO SAO SAO SAO SAO
SAO
High High
SAO SAO
High High High OWS 5/23/12 OWS 2/1/12 OWS 10/26/11 OWS 6/20/12 OWS 2/1/12 Future Audit Engagement Based on Subsequent Years Risk Assessment Improved procedures High
SAO SAO SAO SAO
High High High High High Medium
SAO SAO SAO SAO SAO
Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium Medium New Function - A&F Quarterly & OWS 6/6/12 OWS 8/17/11 OWS 10/26/11 Improved process OWS 2/1/12 Improved procedures
Page 34 of 45
Appendix D - Available Resources The following information is based on the Director of Internal Audit being available for audit work on October 12, 2011, and the two Internal Audit staff members being available on January 3, 2012. Resources are calculated through August 31, 2012: % of Total Description Hours Time Available Total Contract Hours 4648 100% Less Total Leave Time 565 12% Net Hours Available 4083 88% Less General Administration (10%) 408 9% Hours Available for Project Scheduling: 3674 79% Department-Wide Projects: Supervision of Staff Auditors (45% of Staff Project Time) 886 19% District/New Employee Training (5 days per person) 120 3% CPE Training (40 hrs per person annually) 93 2% Special Request Protocols 24 1% Hiring of New Staff Members 40 1% Developing Department Mission, goals, and Objectives 16 0% Developing Department Policy and Procedures Manual 40 1% Documenting GAGAS (Yellow Book) Compliance 40 1% Department Website Creation & Maintenance 40 1% Total Dept-Wide Projects: 1299 28% Audit Projects: Audit Plan Development 120 3% Special Requests (12% of Available Project Time) 414 9% Internal Audit Annual Summary 40 1% Special Request - Capital Contracting 80 2% Special Request - Use of Special Ed Funds 50 1% Development of Site-Based Audit Program 80 2% Human Resources System Audit 400 9% CSA - High School 150 3% CSA - Middle School 120 3% CSA - Elementary School 100 2% Inventory/Equipment Tracking System Audit 100 2% CSA - High School 150 3% CSA - Middle School 120 3% CSA - Elementary School 100 2% Personal Service Contracts System Audit 100 2% Centralized ASB System Audit 150 3% Technology Services System Audit (101 hrs this year) 400 9% Total Audit Projects 2674 58% Planned Carryover Hours (DoTS) -299 -6%
Page 35 of 45
Appendix E Internal Audit Process Flowchart
Page 36 of 45
Appendix F Staff Biographies Andrew Medina, CPA, CFE, Director of the Office of Internal Audit Andrew is a Certified Public Accountant (CPA), a Certified Fraud Examiner (CFE), and has over 18 years of audit experience. He joined Seattle Public Schools in August of 2011, after serving four years as a Senior Auditor for the Port of Seattle. Prior to joining the Port, Andrew was an internal auditor for the Clark County School District in Las Vegas, Nevada. He spent five years managing and conducting financial, operational, and compliance audits of the Nations fifth largest school district. As a Certified Fraud Examiner, Andrew was the department's fraud specialist, responsible for conducting the majority of the Districts fraud investigations, as well as providing training to management and staff on fraud awareness and prevention. His fraud case study based on actual elementary school events was published in Internal Auditor magazine in February 2009. Prior to joining the Clark County School District, Andrew was a senior auditor with the State of Nevada Gaming Control Board. For 10 years Andrew helped regulate the casino industry by managing and conducting compliance, money laundering, and financial audits of Nevadas largest casinos. Vacant Internal Auditor Vacant Internal Auditor
Page 37 of 45
Appendix G
Page 38 of 45
Appendix H
Organizational Chart 2011-12
School Board
206.252.0040
Director, Internal Audit Andrew Medina ajmedina
Superintendent Susan Enfield (Interim) saenfield

206.252.0167
Deputy Superintendent Noel Treat nrtreat

206.252.0110
Executive Directors of Schools
Assistant Superintendent Teaching & Learning Catherine Thompson ctthompson

206.252.0017
Exec. Director Partnerships, Policy & Strategic Communications Holly Ferguson haferguson
206.252.0124
Assistant Superintendent Operations Pegi McEvoy pmcevoy

206.252.0102
Assistant Superintendent Business & Finance Robert Boesche (Interim) rsboesche

206.252.0086
General Counsel Ron English (Interim) renglish
NE Region Phil Brockman pbrockman

206.252.0150
Exec. Director Research, Eval. Assessment & Development Mark Teoh Director, English Language Learners & International Programs Veronica Gallardo Coordinator, College & Career Readiness Janet Blanford
Exec. Director Special Ed Becky Clifford (Interim)
Chief Communications Officer Lesley Rogers larogers1

206.252.0198
Director, Logistics Bob Westgard
Director, Facilities Operations Bruce Skowyra
Exec. Director Finance Duggan Harman dharman

206.252.0057
Exec. Director Human Resources Paul Apostle
Central Region Nancy Coogan necoogan

206.252.0103
NW Region Marni Campbell macampbell

206.252.0396
Manager, Career & Technical Ed Shep Siegel
Manager School Family Partnerships Bernardo Ruiz Manager, School & Community Partnerships Courtney Cameron
Director, Capital Projects Lucy Morello
Exec. Director Technology Vacant
Manager, Risk Management & Insurance Richard Staudt
W. Seattle Region Aurora Lora aalora

206.252.0396
Director, Curriculum & Instruction Support Wendy London
Manager, Safety & Emergency Mgmt Larry Dorsey
Manager, School Security Ed Liebl
Manager, Enrollment Planning Tracy Libros
SE Region Michael Tolley mftolley

206.252.0150
Exec. Director, Merit & School Improvement Grants Scott Whitbeck
Manager, Early Learning Kimberly Kinzer
Manager, School Board Office Erinn Bennett
Director, Athletics Eric McCurdy
Exec. Director Coordinated School Health

(VACANT)
SE Region Bree Dusseault bndusseault

206.252.0103
Manager, Advanced Learning Robert Vaughan
Traffic Education
Email address: Use the user name as listed followed by @seattleschools.org

Page 39 of 45
A double line indicates Superintendents Cabinet

Revised 8/17/11
Appendix I
INTERNAL AUDIT POLICY
G 23.00 Adopted July 9, 2008 Revised May 18, 2011 Page 1 of 2
It is the policy of the Seattle School Board that the district shall establish and maintain an Office of Internal Audit to conduct performance audits to support and promote integrity, openness and transparency with respect to internal financial controls and compliance of the district. The Office shall be staffed by an Internal Auditor and such other employees as are approved. The Internal Auditor and his or her staff shall report to and take direction from the Audit & Finance Committee. The Internal Auditor shall be evaluated by the Chair of the Audit & Finance Committee, with input from all Board Directors. The Superintendent shall perform only administrative personnel functions related to the Internal Auditor such as leave approval, provision of office space and supplies, and issuance of paychecks and reimbursements. The Office of Internal Audit shall serve independently from district management to identify areas of risk and test for compliance and strong internal controls by: Developing and implementing an annual internal audit timeline and work plan, based on an assessment of risks and best practice, that shall direct the activities of the Office; Assisting the School Board in the effective discharge of its oversight of management responsibilities; Ensuring fiscal accountability through evaluation of financial controls in high risk areas to strengthen the management and oversight of Seattle Public Schools; Helping Seattle Public Schools accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, internal controls, and governance processes; Providing the Board, the Superintendent, and management with analysis, appraisals, recommendations, advice, and other information concerning the activities reviewed; Updating the Audit & Finance Committee on a monthly basis on the status of the work; Providing audit reports, findings, and recommendations to the Audit & Finance Committee once they are completed; and
Adopted: July 9, 2008 Revised: May 11, 2011 Cross Reference: G23.01 Related Superintendent Procedure: N/A Previous Policies: N/A Legal Reference: Management Resources:
Page 40 of 45
Appendix I
INTERNAL AUDIT POLICY
G 23.00 Adopted July 9, 2008 Revised May 18, 2011 Page 2 of 2
Submitting an annual report to the School Board indicating the audits completed, major findings, recommendations, corrective actions taken by the district, and significant findings that have not yet been fully addressed.
It is the policy of the Seattle School Board that internal audit findings and recommendations shall become the basis for corrective actions to be taken by the district management team. It is a job expectation of all Seattle Public Schools employees that corrective action be taken in response to an internal audit finding. The internal audit function shall be considered an essential element in achieving the mission, goals, and objectives of the district.
Adopted: July 9, 2008 Revised: May 11, 2011 Cross Reference: G23.01 Related Superintendent Procedure: N/A Previous Policies: N/A Legal Reference: Management Resources:
Page 41 of 45
Appenidx J
INTERNAL AUDIT PROCEDURE
G 23.01 Adopted May 18, 2011 Page 1 of 4
School Board Adopted Procedure School Board Adopted Policy G 23.00, Internal Audit Policy, established and defined the role of the Office of Internal Audit as supporting and promoting, integrity, openness and transparency with respect to internal financial controls and compliance of the district. The purpose of this Procedure is to establish the internal audit process and the action steps required to address any internal audit findings. The goal of any internal audit is to ensure that findings have clear accountability and will result in process and procedural revisions to address the finding. Internal Audit Process: Each year, the Internal Auditor shall develop an annual risk-based audit work plan identifying areas or departments for review and shall submit that work plan for approval to the Audit & Finance Committee; o The annual audit work plan shall be designed with the input of Board members and senior staff; o The annual audit plan shall be presented to the Audit & Finance Committee for approval and communicated to the district; o Revisions to the annual audit work plan shall be reviewed and approved by the Audit & Finance Committee; o Audit Requests from Board members: Any request must be made by at least two Board members before it may be presented to the Audit & Finance Committee for consideration. The Audit & Finance Committee shall review the requests and determine whether any revision to the annual audit plan shall be made. Before starting each audit, the Internal Auditor shall develop a timeline and work plan for that audit and brief appropriate staff; Each month, the Internal Auditor shall update the Audit & Finance Committee and appropriate staff; Audits will be performed in accordance with Generally Accepted Government Auditing Standards (GAGAS). Upon completion of the audit, the Internal Auditor shall create a draft audit report, using GAGAS, that includes observations, findings, and recommendations. The Internal Auditor shall share the draft with the appropriate Superintendents Leadership Team member;
Adopted: May 18, 2011 Revised: N/A Cross Reference: G 23.00 Related Superintendent Procedure: N/A Previous Policies: N/A Legal Reference: Management Resources:
Page 42 of 45
Appenidx J
Using the draft audit report, the appropriate department management team member shall begin to develop a Corrective Action Plan; If appropriate, the Superintendents Leadership Team member responsible for the department receiving the finding and recommendations should engage the Communications department staff to develop a communications plan for any audit findings and recommendations; The Internal Auditor shall make any required notifications to the State Auditors Office or other oversight agencies if there are any known or suspected losses or illegal activity. The Internal Auditor shall make any necessary notifications to the Ethics Officer who may notify the Ethics Commission. The Assistant Superintendent for Business and Finance shall make any further notifications to the State Auditors Office or other oversight agencies if there are any known or suspected losses or illegal activity. The Superintendents designated staff member shall acknowledge the findings and recommendations and outline a summary of the managements Corrective Action Plan, which shall be included in the Management Response section of the audit report. After notification to staff and the verification of the audit findings, the Internal Auditor shall finalize the audit report and provide the Audit & Finance Committee with the final report and a full briefing; The staff member designated by the Superintendent shall share the Corrective Action Plan with the Audit & Finance Committee at the next scheduled committee meeting; The Superintendents staff shall have 30 days from the date of the Audit & Finance Committee briefing to develop the Corrective Action Planfull resolution of the audit finding must be in place within 120 days after the Corrective Action Plan is complete. Recognizing that some findings may be of greater complexity and that more than 120 days may be required to complete the Correction Action Plan, staff may request a waiver from the Audit & Finance Committee. The waiver request must be made at the time of the presentation of the Corrective Action Plan, unless extenuating circumstances are presented to the Audit & Finance Committee. The waiver request shall not extend the total time for resolution longer than 6 months (including the original 120 days) unless it has the Assistant Superintendent for Business and Finances approval; Once the audit is complete, the Audit & Finance Committee Chair or Board President shall announce the findings at the next scheduled School Board meeting, including the Corrective Action Plan timeline; The Audit & Finance Committee shall be briefed by staff each month until the Corrective Action Plan is complete and the issue is resolved;
Page 43 of 45
Appenidx J
The Office of Internal Audit shall update the Internal Audit work plan to include a follow up on the audit findings within 12 months of the final report being provided to the Audit & Finance Committee; The Office of Internal Audit shall maintain a website which includes the annual audit schedule, audit work plans, published internal audit reports, and the status of internal audit resolution; The Internal Auditor shall submit an annual report to the School Board within 90 days of the school year calendar end indicating audits completed, major findings, corrective actions taken by administrative managers, and significant findings which have not been fully addressed by management.
The Audit Report must include the following: A statement that the audit was conducted in compliance with Generally Accepted Government Auditing Standards (GAGAS); Must be in writing; Documentation of audit request, including date, scope and identification of requester; History or background to set context; Description of audit approach; Executive Summary of observations and recommendations; Documentation of findings and detailed recommendations, including rationale; and Management Response section that acknowledges the findings and outlines a summary of managements Corrective Action Plan. Report of Irregularities If during an audit the Internal Auditor becomes aware of losses, abuse or illegal acts or omissions or indications of such acts or omissions that could affect Seattle Public Schools, the Internal Auditor shall report the irregularities to the Audit & Finance Committee, the Superintendent, and the State Auditors Office. If the Superintendent is believed to be a party to abuse or illegal acts, the auditor shall report the acts directly to the School Board. If it appears that the irregularity is criminal in nature, the auditor shall immediately notify the appropriate prosecuting authority, in addition to those officials previously cited. The Internal Auditor shall make any necessary notifications to the Ethics Officer who may notify the Ethics Commission.
Page 44 of 45
Appenidx J
Department Authority The Office of Internal Audit has unrestricted access to all functions, records, property, and personnel relevant to the subject being reviewed. The Office of Internal Audit shall not be authorized to perform operational duties for the District or initiate or approve accounting transactions external to the Office of Internal Audit. Employment Structure of Director of Internal Audit The Internal Auditor shall be hired in accordance with an employment contract which shall include the opportunity for the School Board to terminate the employment relationship without cause. Quality Assurance On a periodic basis, the function of internal auditing shall be reviewed by an independent team determined by the Audit & Finance Committee. The intent of the review is to ensure that the internal audit function is performing as planned and is conducting audits objectively and independently.
Page 45 of 45

SPS Annual Risk Assessment and Audit Plan - October 2011

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SPS Annual Risk Assessment and Audit Plan - October 2011

Uploaded by

Copyright:

Available Formats

Seattle Public Schools Annual Risk Assessment and Audit Plan

Presented By The Office of Internal Audit

October 11, 2011 through August 31, 2012

Issue Date: October 11, 2011

Low Medium Medium High Compliance Impact

Appendix C Risk Assessment and Audit Plan

Previous Audit Exceptions * 2009

Overall Risk Rating

Planned Control Monitoring

Current or Planned Activities

2011/2012 Audit Plan

SAO SAO SAO SAO SAO

SAO SAO SAO SAO SAO

High High High

Improved process Improved procedures

OWS 2/8/12 OWS 10/26/11

High High High High

SAO SAO SAO SAO

High High High High

SAO SAO SAO

SAO SAO SAO SAO SAO

SAO SAO SAO

Appendix C Risk Assessment and Audit Plan

Previous Audit Exceptions * 2009

Overall Risk Rating

Planned Control Monitoring

Current or Planned Activities

2011/2012 Audit Plan

SAO SAO SAO SAO SAO

SAO SAO SAO SAO

High High High High High Medium

SAO SAO SAO SAO SAO

Director, Internal Audit Andrew Medina ajmedina

Superintendent Susan Enfield (Interim) saenfield

Deputy Superintendent Noel Treat nrtreat

Executive Directors of Schools

Assistant Superintendent Teaching & Learning Catherine Thompson ctthompson

Assistant Superintendent Operations Pegi McEvoy pmcevoy

Assistant Superintendent Business & Finance Robert Boesche (Interim) rsboesche

General Counsel Ron English (Interim) renglish

NE Region Phil Brockman pbrockman

Exec. Director Special Ed Becky Clifford (Interim)

Chief Communications Officer Lesley Rogers larogers1

Director, Logistics Bob Westgard

Director, Facilities Operations Bruce Skowyra

Exec. Director Finance Duggan Harman dharman

Exec. Director Human Resources Paul Apostle

Central Region Nancy Coogan necoogan

NW Region Marni Campbell macampbell

Manager, Career & Technical Ed Shep Siegel

Director, Capital Projects Lucy Morello

Exec. Director Technology Vacant

Manager, Risk Management & Insurance Richard Staudt

W. Seattle Region Aurora Lora aalora

Director, Curriculum & Instruction Support Wendy London

Manager, Safety & Emergency Mgmt Larry Dorsey

Manager, School Security Ed Liebl

Manager, Enrollment Planning Tracy Libros

SE Region Michael Tolley mftolley

Exec. Director, Merit & School Improvement Grants Scott Whitbeck

Manager, Early Learning Kimberly Kinzer

Manager, School Board Office Erinn Bennett

Director, Athletics Eric McCurdy