OBM Office of Internal Audit · 2 Mission Statement The OBM Office of Internal Audit (OIA) will...

OBM Office of Internal Audit

Fiscal Year 2019 Annual Audit Plan

July 1, 2018 – June 30, 2019

1

Table of ContentsMission Statement, Introduction, and Purpose ............................................................................ 2FY 2019 Audit Prioritization Process .......................................................................................... .3Preliminary Audit Scope .............................................................................................................. 5Appendix A ............................................................................................................................... 15

Adjutant General (ADJ) .........................................................................................................16

Department of Administrative Services (DAS) ......................................................................17

Department of Aging (AGE) ..................................................................................................18

Department of Agriculture (AGR) ...........................................................................................19

Office of Budget and Management (OBM) .............................................................................20

Department of Commerce (COM) .........................................................................................21

Department of Developmental Disabilities (DDD) ..................................................................22

Development Services Agency (DSA) ...................................................................................23

Department of Education (ODE)………………………………………..….……………………….24

Environmental Protection Agency (EPA) ...............................................................................25

Department of Health (ODH) .................................................................................................26

Department of Higher Education (DHE) ......................... ……………..………………………....27

Department of Insurance (ODI) .............................................................................................28

Department of Job and Family Services (JFS) ......................................................................29

Ohio Lottery Commission (OLC) ...........................................................................................30

Department of Medicaid (ODM) ............................................................................................31

Department of Mental Health and Addiction Services (MHA) .................................................32

Department of Natural Resources (DNR) ..............................................................................33

Opportunities for Ohioans with Disabilities (OOD)……………………..………………………....34

Department of Public Safety (DPS)………………...……………………………………………....35

Public Utilities Commission (PUCO) .....................................................................................36

Department of Rehabilitation and Correction (DRC) ..............................................................37

Department of Taxation (TAX) ..............................................................................................38

Department of Transportation (DOT) .....................................................................................39

Department of Veterans Services (DVS) ...............................................................................40

Bureau of Workers’ Compensation (BWC) ............................................................................41

Department of Youth Services (DYS) ...................................................................................42

2

Mission StatementThe OBM Office of Internal Audit (OIA) will provide independent, objective assuranceand consulting activities designed to improve operations of state agencies obtaining OIAservices. OIA will help these state agencies accomplish their objectives by bringing asystematic, disciplined approach to evaluate and improve the effectiveness of riskmanagement, control and governance processes.

IntroductionOIA performed an audit prioritization of 27 state agencies’ (as required by Ohio RevisedCode section 126.47) risk environment in order to develop the audit plan for fiscal year2019. Development of the assessment was based on various risk factors to theorganization, as well as communications with various members of management andother stakeholders. Section 126.45 (A) requires OIA to conduct audits at 26 agencies;other state agencies, such as the Department of Education, may request this serviceper Section 126.45(D). As such, other agencies could be added throughout the year.

The goal of the audit prioritization and audit plan is to facilitate a process of continuousimprovement in both business processes and internal controls throughout theorganization with the ultimate goal of improving services to Ohio’s constituency.

PurposeThe purpose of internal audit is to provide an independent assessment of the adequacyof internal controls throughout the organization. The Institute of Internal Auditors (IIA)provides the following definition of internal auditing:

“Internal auditing is an independent, objective assurance and consulting activitydesigned to add value and improve an organization’s operations. It helps anorganization accomplish its objectives by bringing a systematic, disciplined approach toevaluate and improve the effectiveness of risk management, control, and governanceprocesses.”

The role of internal auditing includes the following activities:

· Evaluating and improving the adequacy and effectiveness of risk management,control, and governance processes;

· Evaluating the management process to determine whether reasonableassurance exists that management objectives and operational goals areachieved; and

· Providing process and managerial consulting to improve risk management,control and governance processes.

3

FY 2019 Audit Prioritization ProcessRisk Assessment MethodologyIn developing the audit plan, OIA performed a risk analysis for the 27 state agencies inOIA’s planned oversight utilizing seven risk factors. The objective of the riskassessment is to ensure optimized assignment of audit resources through anunderstanding of the audit universe and the risks associated with each universe item.

The OBM Office of Internal Audit recognizes that most state agencies are at an informalstage of enterprise risk management. OIA plans to engage agency management onenterprise risk and lead them to a maturity level where they can independently assesstheir enterprise risk management processes over time. In the current audit plan, weobtained agency input for two of the seven risk factors (changes in systems, processes,and people, and stakeholder concerns).

The audit prioritization process included the following activities:· Planning the assessment and identifying the audit universe· Conducting the risk assessment with agency management· Internal analysis of the results· Discuss draft heat map and planned audit areas with agency management.

Audit UniverseEach agency audit universe has multiple categories depending upon the state agency.The primary source for determining the categories is the biennial budget bill whichidentifies significant agency processes and functions. A secondary source iscollaboration with state agency management.

Enterprise risks are not presented separately since the State has one agency thatprovides services for central support functions which typically are part of each agencyaudit universe. The central support functions applicable to the state agencies underOIA’s purview include enterprise human resources, general services, IT enterpriseapplications/enterprise shared services, IT infrastructure services and IT security andprivacy (Department of Administrative Services) and budget development, debtmanagement, accounting operations, financial reporting and shared services (Office ofBudget and Management).

Risk FactorsThe seven risk factors utilized for the assessment were developed using IIA guidanceand historical knowledge of state government, as well as best practices in internalauditing. Each risk factor was scored based on likelihood of the risk and the measure ofconsequence of the event. The overall goal of the risk scoring approach is to ensureOIA audits high and moderate risk areas routinely with the consideration of work

4

performed by other auditors.

Once the various risk factors were rated, they were weighted in order to arrive at acomposite risk score for each area, which was used to determine areas to prioritize forthe fiscal year 2019 audit plan.

The seven risk factors and assigned weighting are as follows:

Risk Factors Weight Description

Control Design andEffectiveness 25%

The assessed reliability of the internal controlsystem is important in judging the likelihood oferrors in the system.

Materiality 25% This factor focuses on the financial size,complexity, or sensitive nature of auditable areas.

Changes: System, Process,and People 15%

A dynamic environmental change, in terms ofsystems/processes/people, increases theprobability of efficiencies as well as errorsoccurring. (Agency input obtained)

Stakeholder Concerns/Reputational Risk 10%

Management or other stakeholder concerns caninfluence the priority of an auditable area andcould take priority over other risk factors in somecases. The reputation of an agency can beimpacted by failures in certain sensitiveprocesses. (Agency input obtained)

Impact of Fraud, Waste,and Abuse 10%

The impact of illegal acts or wasteful spendingcan result in a heightened consequence withpublic funds regardless of the dollar amount.

Prior Audits 10%

The recency of prior audits (i.e. OIA, Auditor ofState, and State Inspector General) may moreaccurately predict the likelihood of futureoutcomes.

Financial/OperationalReporting 5% Accuracy of reported financial activity is magnified

through anticipated use by outside parties.

5

Preliminary Audit ScopeThe state agency heat maps in Appendix A identify the audit priorities and preliminaryscope for the 27 agencies based upon the seven risk factors. The audit universecategories are identified on a graph based upon likelihood and impact. The likelihood isthe measure of the probability of an unfavorable event occurring while impact is themeasure of the consequence of an unfavorable event occurring at the agency. Thoseareas in the upper right side corner of the heat map (red boxes) represent higher auditpriorities while those in the lower left side corner (green boxes) represent lower auditpriorities.

Based upon discussions with the Auditor of State (AOS), we have identified those areasplanned for audit by the AOS in fiscal year 2019. There are some areas planned foraudit by both OIA and AOS while some areas are not planned by either audit group.

For the Bureau of Workers’ Compensation (BWC) and Ohio Lottery Commission (OLC),OIA plans to leverage the audit work completed by the BWC and OLC internal auditteams. In order for OIA to rely upon this work, OIA will perform the following:

· Review the independence and objectivity of the BWC and OLC internal auditteams.

· Assess the competencies and qualifications of the BWC and OLC audit teams byverifying the professional experience, qualifications, and professionalcertifications of the audit teams.

· Ensure the work performed by the BWC and OLC audit teams are appropriatelyplanned, supervised, documented, and reviewed. Additionally, OIA will considerwhether the audit evidence is sufficient to determine the extent of use andreliance on the work.

· Determine that audit significant observations have been communicated to theBWC Board of Directors’ Audit Committee and OLC Audit Committee.Additionally, evaluate the follow-up procedures by the BWC and OLC auditteams to determine whether management has implemented therecommendations or assumed the risk of not implementing them.

· At least annually, OIA’s Chief of Quality Assurance will provide the State AuditCommittee with an assessment on the reliance of BWC and OLC’s internal auditfunctions.

6

Audit Priorities and ResourcesBased upon the audit prioritization process, OIA identifies audit areas with a focus onrotational audit coverage to include:

· High risk areas – every one to two years;· Moderate risk areas - every three to four years; and· Low risk areas - periodically, as appropriate.

To complete the financial and information technology engagements in this plan, OIAestimates approximately 34,650 audit hours (21,181 financial and 13,469 IT) will benecessary. The chart below depicts that OIA has the appropriate mix of financial and ITaudit staff to complete 85% of the planned engagements for fiscal year 2019. Based onprior year experience, OIA may not be able to perform some engagements due to otherpriorities at the agencies. Also, OIA may be able to gain efficiencies while completingthe engagements so that the audit completion percentage could exceed the 85% target.

OIA Employees(total hours/24 auditors)

%Total

Annual Audit Hours Available/Employee 2,080 100%

Less: Holiday Hours (80) (4%)

Less: Leave Hours (vacation, personal, sick,adoption/childbirth) (230) (11%)

Less: Training (internal/external) (50) (2%)

Less: Administrative time [non-bill (payroll, email,supervision), breaks (union employees)] (400) (19%)

Less: Staff Replacement/Turnover (est. 3/yr.) (60) (3%)

Budgeted Hours/Employee 1,260 61%

x 24 employees x 24

Estimated Audit Hours before Remediation 30,240

Less: Estimated Remediation Hours for Prior YearProjects (900)

Total estimated audit hours available 29,340

Total estimated plan hours 34,650

Estimated resources available to complete plan 85%

7

Planned Engagements

The following schedule represents planned audit areas based on an evaluation ofagency audit priorities from heat maps and discussions with agency management.

OIA may revise audit areas and schedules of the annual plan. Based on anticipatedchanges in agency risk profiles, unplanned audits, and OIA staff changes, OIA will addaudit areas that can be completed within OIA’s budget and add value to operationalprocesses. Also, OIA will perform validation testing to ensure management has takenappropriate corrective action on previously reported audit observations.

The OIA level of effort included in the audit areas is as follows:· Small – less than 300 audit hours· Medium – between 300 and 500 audit hours· Large – between 500 and 800 audit hours· Extra Large – greater than 800 audit hours

The planned audit areas for fiscal year 2019 are included below:

# Agency Audit Area Level ofEffort

Description of Audit Scope

1 ADJ National Guard Medium Assurance: Review agencycontrols over the Air GuardFirefighting CooperativeAgreement

2 DAS General Services Medium Assurance: Review agencycontrols over commercial leasebilling

3 DAS Equal Opportunity Division Medium Assurance: Review agencycontrols over the MBE certificationprogram

4 DAS DAS Operations (Internal) Medium Assurance: Review agencycontrols over accounts payable

5 DAS DAS Operations (Internal) Medium Assurance: Review agency ITsystem controls over dataclassification

6 DAS DAS Operations (Internal) Medium Assurance: Review IT agencysystem controls over patchmanagement

7 DAS Enterprise Applications/Enterprise Shared Services

Medium Assurance: Review agency ITsystem controls over EnterpriseGrants Management

8 DAS Enterprise Security &Privacy

Large Consulting: Assess agency ITsecurity plans

8



9 AGE Ombudsman Program Medium Consulting: Assess agencycontrols over the OmbudsmanProgram

10 AGR Meat Inspection Medium Assurance: Review agencycontrols over the Meat Inspectionprocess

11 AGR Soil & Water Medium Assurance: Review agencycontrols over Soil & Water Districts

12 OBM Shared Services Medium Assurance: Review agencycontrols over E-Supplier PortalSecurity

13 OBM Budget Development Medium Assurance: Review agencycontrols over the operating budgetprocess

14 COM Unclaimed Funds Medium Assurance: Review agencycontrols over the claims process

15 COM Liquor Control Medium Assurance: Review agencycontrols over the compliancefunction

16 COM Securities Medium Assurance: Review agencycontrols over the enforcementaction processes

17 COM IT Operations Medium Consulting: Assess agency ITsystem controls over projectmanagement

18 DDD Administration Medium Consulting: Assess agencycontrols over the CommunityCapital Funds process

19 DDD Residential Services / ICF Medium Assurance: Review agencycontrols over the private ICF billingreview process

20 DDD IT Operations Medium Assurance: Review agency ITsystem controls over databasesecurity

21 DSA Business & ResearchDevelopment

Medium Assurance: Review agencycontrols over tax credit monitoring

22 DSA Office of LoanAdministration, Business &Research Development, andState Programs –Community ServicesDivision

Medium Consulting: Assess controls overgovernance in the agency loanprograms

9



23 DSA IT Operations Medium Assurance: Review agency ITaccess controls

24 ODE Student Support Large Assurance: Review agencycontrols over the adult diplomaprogram; includes a RiskAssessment consulting objective

25 ODE Education Options Large Assurance: Review agencycontrols over the Jon PetersonSpecial Needs scholarshipprogram; includes a RiskAssessment consulting objective

26 ODE Operations Large Assurance: Review agency ITcontrols over cybersecurity

27 EPA Administration Medium Assurance: Review agencycontrols over revenue processing

28 EPA Environmental & FinancialAssistance

Small Consulting: Assess agencycontrols over proposed changes tothe grant cycle processes

3129 ODH Health Improvement andWellness

Medium Assurance: Review agencycontrols over the home visitingprogram

30 ODH Health Improvement andWellness

Medium Assurance: Review agencycontrols over the Ryan WhiteHIV/AIDS Treatment program

31 ODH Other Program Areas Medium Assurance: Assess agencycontrols over the physician anddental loan programs

32 ODH IT Operations Medium Assurance: Review agency ITsystem controls over databasesecurity

33 DHE State Scholarships, Grant, &Loan

Medium Assurance: Review agencycontrols over Choose Ohio First

34 DHE IT Operations Medium Assurance: Review agency ITsystem controls over changemanagement

35 JFS Adoption/Foster Care Large Assurance: Review agencycontrols over adult protectiveservices program

10



36 JFS Job Employment Services Large Consulting: Evaluate theimplementation effectiveness ofthe Comprehensive CaseManagement and EmploymentProgram

37 JFS Child Care Large Assurance: Review agencycontrols over the Child Carelicensing system

38 JFS IT Operations Large Consulting: Assess agencycontrols over the prioritization andresource assignment of requestedinternal IT projects

39 JFS IT Operations Large Consulting: Assess agency ITsystem controls over PaaS andSaaS cloud services

40 JFS IT Operations Large Assurance: Review agency ITgeneral controls over SETS,CRIS-E and OFIS/CFIS

41 OLC Administration Medium Assurance: Review agencycontrols over withheld taxes forprizes

42 OLC IT Operations Large Assurance: Review agency ITcontrols over incidentmanagement

43 OLC Assurance Review Small Assurance: Perform review ofLottery’s Internal Audit’s process,including audit plan, workingpapers, reports, and other items tosupport OIA audit reliance

44 ODM Fee for Services Programsand Managed Care

Medium Consulting: Assess agencycontrols over Medicaid enrollment

45 ODM Providers (Hospitals, HCAP,Nursing Facilities)

Medium Assurance: Review agencycontrols over the nursing facilitiescost reports

46 ODM Administration Medium Assurance: Review agencycontrols over the hospital costsettlement process

47 ODM IT Operations Medium Consulting: Assess agency ITalignment with Windows desktopCIS benchmark.

11



48 ODM IT Operations Medium Assurance: Review agency ITsystem controls over informationand security within the OhioBenefits environment.

49 MHA Hospital Services Medium Consulting: Assess agencycontrols over the proposedchanges to the hospital auditprograms

50 MHA Community & RecoveryServices

Medium Assurance: Review agencycontrols over the grant process

51 MHA IT Operations Medium Consulting: Assess agencycontrols over hospital IToperations alignment

52 DNR Oil and Gas/Geo Survey Medium Assurance: Review agencycontrols over orphan well plugging

53 DNR Forestry Medium Assurance: Review agencycontrols over timber fee revenue

54 DNR IT Operations Medium Assurance: Review agency ITaccess controls

55 OOD Independent Living Medium Assurance: Review agencycontrols over Community Centersfor the Deaf

56 OOD Independent Living Medium Assurance: Review agencycontrols over the Personal CareAssistance program

57 OOD IT Operations Medium Assurance: Review agencycontrols over IT governance

58 DPS Traffic Safety/ Education Medium Assurance: Review agencycontrols over the Ohio TrafficSafety Office’s grant awardingprocess

59 DPS Bureau of Motor Vehicles Medium Assurance: Review agencycontrols over the processing ofBMV remittance payments

60 DPS IT Operations Medium Assurance: Review agencycontrols over IT governance

61 DPS IT Operations Medium Consulting: Assess agency ITcontrols over hardware inventoryand deployment process

12



62 PUC Ohio Power Siting Board Medium Consulting: Assess OPSB controlsover financial processes reliedupon by the agency

63 PUC Assessments / GeneralAdministration

Medium Assurance: Review agencycontrols over accounts receivableand revenue processes

64 DRC Community NonresidentialPrograms

Small Consulting: Assess agencycontrols over governance

65 DRC Ohio Penal Industries Medium Consulting: Review agencycontrols over sale of manufacturedgoods process

66 TAX Administration Medium Consulting: Assess themethodology utilized in the CostAllocation study

67 TAX Personal Income Taxes Medium Assurance: Review agencycontrols over the processing ofpass-through entity returns

68 TAX IT Operations Medium Assurance: Review agency ITcontrols over softwaredevelopment

69 TAX IT Operations Medium Assurance: Assess agency ITcontrols over changemanagement

70 DOT Other Transportation Medium Assurance: Review agencycontrols over the Ohio RailDevelopment Commission’sbilling/payment process

71 DOT Other Transportation Medium Assurance: Review agencycontrols over airport grants

72 DOT District Operations Medium Consulting: Assess agencycontrols over force accounts

73 DOT IT Operations Large Assurance: Review agency ITgeneral controls

74 DVS Ohio Veterans’ Homes Medium Assurance: Review agencycontrols over pharmacy operations

75 BWC General Accounting &Financial Reporting

Medium Consulting: Assess agencycontrols over the internal auditprocess

76 BWC IT Security Controls Large Assurance: Review agency ITcybersecurity identify controls

13



77 BWC IT Security Controls Large Assurance: Review agency ITcybersecurity protect and recovercontrols

78 BWC IT Operations Medium Assurance: Review agency ITcontrols over softwaredevelopment

79 BWC IT Operations Medium Consulting: Assist the agency withdeveloping a succession plan

80 BWC IT Operations Small Assurance: Review agencycontrols over Social Media(carryover from FY 18)

81 BWC Assurance Review Small Assurance: Perform review ofBWC’s Internal Audit’s process,including audit plan, workingpapers, reports, and other items tosupport OIA audit reliance

82 DYS County CommunityCorrectional Facilities

Medium Assurance: Review agencycontrols over bed utilization

83 DYS Parole Operations Small Assurance: Review agencycontrols over professional servicesupplier payments

Each state agency is provided a memorandum of understanding (MOU) at thebeginning of the fiscal year which identifies OIA’s planned scope, audit fees, and othergeneral provisions. The MOU will include an area for remediation to reflect OIA’sfollow-up procedures on the agency’s previously issued observations. In addition, OIAmay perform additional audit areas if time allows.

14

Appendix A

Agency RiskHeat Maps

15

ADJUTANT GENERALFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low

Low Minor Moderate Major High

Impact

No. Audit Universe Description Past Coverage Planned Coverage2017 2018 2019 2020

1 Billeting and Event Facilities2 Central Administration ü AOS3 National Guard OIA4 Property and Fleet Management ü OIA5 Armory Board Funds ü

Note: All IT systems and networks at ADJ are owned and managed by the federal government;therefore, the IT systems are not under OIA oversight.

1

2

34

5

16

DEPARTMENT OF ADMINISTRATIVE SERVICESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Enterprise Human Resources ü ü AOS AOS

2 IT Enterprise Applications/EnterpriseShared Services

ü ü OIA/AOS AOS

3 General Services ü ü OIA OIA4 IT Infrastructure Services ü ü OIA5 Central Services Agency ü ü AOS AOS6 Equal Opportunity Division OIA7 IT Enterprise Security & Privacy ü ü OIA/AOS OIA/AOS8 OIT Enterprise Management ü OIA9 DAS Operations (internal) ü ü OIA/AOS AOS

1

2

3

45

7

6

8

9

17

DEPARTMENT OF AGINGFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Passport and Assisted Living Waivers OIA2 Other Federal Grants AOS3 State Grants ü

4 Ombudsman Program OIA5 Administration ü ü AOS AOS6 IT Operations ü

1

2

35

6

4

18

DEPARTMENT OF AGRICULTUREFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Animal Health ü

2 Food Safety OIA3 Meat Inspection OIA4 Administration ü ü AOS AOS5 Plants and Pesticides ü

6 Amusement Ride Safety OIA7 Consumer Protection Labs OIA8 Soil & Water OIA9 Dairy OIA

10 IT Operations ü ü

Note: The Auditor of State performs a general revenue audit each year.

3

2 1

4 57

8

9106

19

OFFICE OF BUDGET AND MANAGEMENTFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Administration ü AOS2 Shared Services ü OIA3 Accounting Operations ü OIA4 Budget Development OIA5 Financial Reporting ü ü AOS AOS6 Debt Management ü

7 Controlling Board ü AOS8 IT Operations ü OIA

Note: The Auditor of State performs a financial statement audit each year.

1

2

3 4

5 6

7

8

20

DEPARTMENT OF COMMERCEFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact

No. Audit Universe DescriptionPast Coverage Planned Coverage2017 2018 2019 2020

1 Unclaimed Funds ü OIA2 Division of Financial Institutions ü

3 State Fire Marshal ü OIA4 Real Estate ü

5 Securities OIA6 Industrial Compliance ü OIA7 Liquor Control ü OIA8 Administration ü AOS AOS9 Medical Marijuana Control Program AOS OIA

10 IT Operations ü ü OIA OIA

Note: Medical Marijuana Program new in fiscal year 2018.

1

2

34

5

6

7

8

9 1000

21

DEPARTMENT OF DEVELOPMENTAL DISABILITIESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Community Social Service Programs ü ü AOS OIA2 Medicaid Waiver Program ü ü AOS AOS

3 Residential Services/Intermediate CareFacilities

OIA OIA

4 Developmental Centers ü OIA5 Central Administration ü AOS/OIA AOS6 IT Operations ü ü AOS/OIA

4

5 1

3

2

6

22

DEVELOPMENT SERVICES AGENCYFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 State Programs-Community Svc Division ü OIA OIA2 Business and Research Development ü OIA3 Federal Programs-Community Svs Div ü AOS OIA4 Tourism Ohio ü5 Office of Loan Administration ü ü OIA/AOS AOS6 Administration ü7 IT Operations ü OIA OIA

1

4

5

2

7

3

6

23

DEPARTMENT OF EDUCATIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Curriculum & Assessment ü OIA2 Student Support ü ü OIA/AOS3 Education Options ü OIA4 Accountability & Contin. Improvement ü AOS OIA5 Teaching Profession ü

6 School Funding ü ü AOS AOS7 Operations ü ü OIA/AOS AOS

61

2

5

4

3

7

24

ENVIRONMENTAL PROTECTION AGENCY FISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Administration ü ü OIA/AOS AOS2 Materials and Waste Management ü

3 Environmental and Financial Assistance OIA4 Surface Water OIA

5 Clean Water and Drinking WaterPrograms

AOS

6 Air Pollution OIA7 Environmental Education8 IT Operations ü

1 2

3

4

5

7

8

6

25

DEPARTMENT OF HEALTHFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Health Improvement and Wellness ü ü OIA OIA2 Health Assurance and Licensing ü OIA3 Women, Infants, and Children AOS4 Other Program Areas ü ü OIA/AOS5 Administration ü ü AOS OIA/AOS6 IT Operations ü ü OIA

2

5

6

3

1

4

26

DEPARTMENT OF HIGHER EDUCATIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 State Scholarship, Grant & LoanPrograms

ü OIA

2 Federal Scholarships & Grant Program ü

3 Post-Secondary Adult Career - Tech Ed ü

4 State Share of Instruction ü AOS OIA/AOS5 Academic Affairs ü

6 Consortiums OIA7 Ohio Tuition Trust Authority ü ü AOS AOS8 Administration ü ü AOS OIA/AOS9 IT Operations ü OIA

123

4

56 7 8

9

27

DEPARTMENT OF INSURANCEFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Administration ü ü AOS AOS2 Licensing ü

3 Risk Assessment OIA4 IT Operations ü OIA

Note: OIA will add a project for the Department of Insurance later in FY 2019.

1

23

4

28

DEPARTMENT OF JOB AND FAMILY SERVICESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Temporary Assistance for Needy Families ü ü AOS AOS/OIA2 Child Care ü ü OIA/AOS AOS3 Child Support ü ü AOS AOS4 Food Assistance ü ü AOS AOS/OIA5 Adoption/Foster Care ü ü OIA/AOS AOS6 Job Employment Services ü ü OIA/AOS AOS7 Unemployment Services ü ü AOS AOS/OIA8 Administration ü ü AOS AOS9 IT Operations ü ü OIA/AOS AOS/OIA

2

1

3

4

5

6

7

8

9

29

OHIO LOTTERY COMMISSIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Administration ü ü AOS/OIA/OLC AOS2 Prize Payments ü ü AOS AOS3 Contracts ü OIA4 Games and Drawings ü ü OLC AOS5 Compliance and Inspections ü ü OLC6 Video Lottery Terminals OIA7 IT Operations ü ü AOS/OIA/OLC AOS

123

4

6

5

7

30

DEPARTMENT OF MEDICAIDFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Unified Medicaid – Sister Agencies ü ü AOS AOS2 Program Integrity OIA3 Home & Community Based Services OIA4 Fee for Services Programs ü ü OIA/AOS AOS5 Managed Care ü ü OIA/AOS AOS6 Providers (Hospitals/HCAP/Nursing Fac.) ü ü OIA/AOS AOS7 Administration OIA8 IT Operations ü ü OIA/AOS OIA/AOS

1

23

4

56

7

8

31

MENTAL HEALTH AND ADDICTION SERVICESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Moderate

Unlikely

Low


Impact


1 Central Administration/Program Mgt ü ü AOS AOS2 Hospital Services OIA3 Ohio Pharmacy Service Center ü OIA4 Community & Recovery Services ü ü OIA/AOS AOS5 Prevention Services OIA6 IT Operations ü OIA OIA

1

23

4

6

5

32

DEPARTMENT OF NATURAL RESOURCESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Mineral Resources Management ü ü AOS AOS2 State Forest OIA3 Parks and Watercraft ü ü

4 Oil and Gas/Geo Survey ü OIA5 Coastal ü

6 Water OIA7 Wildlife AOS OIA8 Administration ü AOS AOS9 IT Operations ü OIA OIA

Note: The Auditor of State plans to perform a general revenue audit each fiscal year.

1

2

3

9

76

5

4

8

33

OPPORTUNITIES FOR OHIOANS WITH DISABILITIESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Vocational Rehabilitation ü AOS OIA2 Independent Living ü OIA3 Business Enterprise Program ü

4 Disability Determination ü AOS OIA5 Administration ü ü AOS AOS6 IT Operations ü OIA

1

2

4

5

6

3

34

DEPARTMENT OF PUBLIC SAFETYFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Traffic Safety/Education OIA2 Bureau of Motor Vehicles ü OIA3 State Highway Patrol ü ü OIA4 Homeland Security5 Emergency Medical Services ü

6 Emergency Management Agency OIA7 Criminal Justice Services ü OIA8 Administration ü ü AOS AOS9 IT Operations ü ü OIA

1

23

4

5

6

7 8

9

35

PUBLIC UTILITIES COMMISSIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Assessments ü ü OIA/AOS AOS2 Utility Regulation OIA3 Transportation Regulation OIA4 Ohio Power Siting Board OIA5 General Administration ü OIA/AOS AOS6 IT Operations ü OIA

12

3

4

5

6

36

DEPARTMENT OF REHABILITATION AND CORRECTIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact

* See explanation on page 41.


1 Institutional Operations ü ü AOS AOS2 Community Nonresidential Programs OIA3 Community Residential Programs OIA4 Parole and Community Operations ü OIA5 Correctional Health Care ü

6 Ohio Penal Industries OIA7 Administration * ü ü AOS AOS8 IT Operations * ü

1

2

4

3

6

5

7

8

37

DEPARTMENT OF TAXATIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Personal Income Taxes ü ü OIA/AOS AOS2 Sales Taxes ü ü AOS AOS3 Commercial Activity Taxes ü ü AOS AOS4 Excise & Other Taxes ü OIA5 Gasoline Excise (Motor Vehicle Fuel) ü ü AOS AOS6 Municipal Net Profit Tax (new) OIA7 Permissive Tax Distribution ü ü AOS AOS8 Revenue Distribution ü ü AOS AOS9 Administration ü ü OIA/AOS AOS

10 IT Operations ü ü OIA/AOS OIA/AOS

1

2

3 4

5

6

7

9

10

8

38

DEPARTMENT OF TRANSPORTATION FISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Highway Construction – State Managed ü ü AOS AOS/OIA2 Highway Construction – Local Managed ü ü AOS AOS3 Highway Construction – Infrastructure Bank ü

4 Transportation Planning and Research ü

5 Other Transportation (Public, Rail, Aviation) OIA

6 Administration ü ü AOS AOS/OIA7 State Infrastructure Assets ü ü AOS AOS8 District Operations ü OIA9 IT Operations ü ü OIA OIA

1

5

4

2

6 7 9

8

3

39

DEPARTMENT OF VETERANS SERVICESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 State Operations/Administration ü ü AOS AOS2 Ohio Veterans’ Homes OIA3 Veterans Benefits AOS AOS4 IT Operations ü OIA

2

1

4

3

40

BUREAU OF WORKERS’ COMPENSATIONFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 Revenues: Fees and Assessments ü ü AOS AOS2 Capital Assets3 Cash and Investments ü ü BWC/AOS BWC/AOS4 Payroll ü AOS AOS5 Expenditures ü ü AOS AOS6 Claims ü ü BWC BWC7 General Accounting & Financial Reporting ü ü OIA/AOS AOS8 Self-Insurance ü ü BWC BWC9 Reserves/Actuarial Reviews ü ü BWC BWC10 Rate-Making ü ü BWC BWC11 Fraud & Investigative Services12 Managed Care Organizations ü ü BWC BWC13 IT Operations ü ü OIA OIA14 IT Security Controls ü ü OIA OIA

5

1

6

8

13

2

4 9

3

10

12

14

7

11

41

DEPARTMENT OF YOUTH SERVICESFISCAL YEAR 2019 AUDIT PRIORITIES

Like

lihoo

d

High

Likely

Moderate

Unlikely

Low


Impact


1 State Correctional Facilities – Payroll andNon-Payroll

ü AOS OIA/AOS

2 Parole Operations OIA3 County Community Correctional Facilities OIA4 Court, County and Community Subsidies ü

5 Administrative Operations * ü ü AOS AOS6 IT Operations * ü ü OIA

* DRC and DYS will be sharing services in FY 19: Information Technology will be ledby DYS, and Finance/Construction Management will be led by DRC.

1

3

2

4

5

6

OBM Office of Internal Audit · 2 Mission Statement The OBM Office of Internal Audit (OIA) will...

Documents

Transcript of OBM Office of Internal Audit · 2 Mission Statement The OBM Office of Internal Audit (OIA) will...