Annual Internal Audit Plan for 2019-2020

Overview

Dallas County Community College District (DCCCD) Internal Audit conducts risk-based assurance engagements and investigations. The risk-based assurance engagement is an objective examination of evidence to provide an independent assessment of governance, risk management, programmatic effectiveness and the control systems within the District.

Additionally, as may be necessary by events occurring during any fiscal year, investigations are performed based upon requests received from key District management personnel and as may be necessary in response to a complaint or concern raised via the District’s Fraud Hotline.

Risk Assessment Process

Internal Audit utilized a survey process to solicit feedback from the Board of Trustees, Senior Management and the College Leadership Teams to develop this annual Audit Plan.

The survey collected information based upon the DCCCD Strategic Priorities as to the Mission of the District (Engagement and Impact Categories and Thematic Priorities); and considered the impact of Individuals, Communities, Employers, Organizations, Student Success, Employee Success, Community Engagement, Institutional Effectiveness on each of the following DCCCD Strategic Priorities:

Impact Income Disparity Throughout our Community

  1. Target underserved communities and individuals with outreach strategies aligned with cultural contexts
  2. Demonstrate the necessity and value of DCCCD education for living wages and careers
  3. Provide education and scholarship support for skills development for high demand jobs including short-term training options leading to longer term career development
  4. Strengthen the education pipeline through engagement with parents and students as well as through partnerships with school districts, community organizations, universities, and employers

Streamline Navigation to and Through Our System and Beyond

  1. Design and implement student-centric guided pathways linking K-12, DCCCD, universities, and employers
  2. Create consistency in information and processes
  3. Remove barriers to participation and persistence

Implement the Integrated Higher Education Network

  1. Invest in technology and software support
  2. Redesign and staff organizational structures to support the network
  3. Remove barriers to network deployment including assessing short-term and long-term facilities' needs
  4. Reward performance within the network at the individual and organizational level

Serve as the Primary Provider in the Talent Supply Chain Throughout the Region

  1. Align with business and industry workforce requirements
  2. Support development, expansion and relocation of small, medium, and large businesses
  3. Respond nimbly to skills gaps

Create a Diverse and Inclusive High-Performing Work and Learning Environment Leading to Employee and Student Success

  1. Attract, develop, and retain a high-quality staff that reflects the communities we serve
  2. Develop and implement a diversity and inclusion strategic plan
  3. Design and initiate higher education guided career pathways programs for faculty, staff and administrators
  4. Review and revise the employee evaluation system to incorporate best practices in feedback and recognition throughout the year

Each survey respondent then had the opportunity to evaluate risk based upon the following (applicable) areas:

Operational: 

Code of Conduct, District Policy Compliance, Fixed Asset Control, Injury, Illness, Protection Plan, Litigation Management, Physical Security, Records Management, Regulatory Compliance, Reputation Risk, Risk Management/Loss Prevention, Constituency Relations, District Governance

Revenue: 

Tuition Revenue, Cashiering Function, Billing Function, Accounts Receivable, Cash Receipts/Applications, Credit Collection/Bad Debts, Revenue Recognition

Expenditure: 

Accounts Payable/Cash Disbursements, Capital Assets, Facilities Leases, Purchasing/Purchase Order, Receiving, Time and Expense Reporting, Travel Expense

Treasury/Investments: 

Cash Management, Investment Management, Financing Arrangements, Regulatory Compliance

Budgeting/Forecasting: 

General Ledger Closing, Management Reporting/MIS, Contracts and Grants Accounting

Information Technology (Campus Computing): 

Application/Database Management, Business Continuity Planning, Data Privacy and Security, Key Business Application Management, Network Management, Project Management, System Strategy/Planning, Software Purchasing, Software Licenses

Payroll/Personnel: 

Compensation & Benefits Management, Employee Evaluation/Satisfaction Monitoring, Employee Records Management, Payroll Processing, Talent Recruitment/Retention, Training

Other: 

Student Financial Aid, Facilities Management, Public Safety and Security, Student Information Privacy and Security, Marketing Communications & Public Information, Institutional Research

Core Audit Plan

DCCCD Internal Audit has identified certain critical areas for inclusion in the Core Audit Plan to ensure that adequate coverage is provided over a reasonable time. The critical areas for Core Audit Plan inclusion are:

  • Colleges
  • District Operations
  • Grants (Audits and Compliance Monitoring)
  • Financial Management
  • Information Security & Technology
  • Student Services

Fiscal Year 2019-20 Audit Plan

The 2019-20 Audit Plan focuses on delivering value to DCCCD with an emphasis on the following risk areas: strategic, operational, programmatic, financial, compliance and IT. If new topics emerge during the Audit Plan period that require more immediate attention, reconfiguration of the plan can be undertaken to accommodate these changes. DCCCD Internal Audit’s goal is to complete 85 percent of the Audit Plan. As each audit is undertaken, risks will be re-evaluated to ensure proper audit coverage with due consideration given to confidentiality, integrity, and availability.

DCCCD Internal Audit utilizes numerous electronic information systems (e.g., document images, financial, data analytics warehouses) in the performance of our audit projects.

Planned EngagementOverviewRisk Area
Grant Compliance MonitoringDedicated resource performing ongoing monitoring of Grants for compliance with grant regulations and provisions and District policies and procedures so management can take proactive corrective action.Grants
Physical Assets Inventory ObservationObserve and test physical inventory and procedures pertaining to changes in inventory records.Financial
Cash CountsReview and test control over cash on hand accounts and Compliance with business procedures. (Unannounced)Financial
Richland Collegiate High SchoolAudit for compliance with Texas Education Agency attendance verification requirements.Student Services
Information Technology General Controls - LocationsAudit for general controls and environment of the information technology operations at District College Locations.Information Security - Technology
Non-Teaching StipendsAudit for compliance with District policies and procedures.Financial
Tax Sheltered Annuities ContributionsAudit for compliance with IRS Regulations as to the maximum allowable contributions.Financial
Day Teaching Non-Faculty EmployeesAudit of expenditures and compliance with District policies and procedures.Financial
Dallas County PromiseAudit of eligibility of student and compliance with District policies and procedures.Student Services
Veterans ServicesAudit for compliance with Veterans Affairs Regulations and District policies and procedures. Review will include the timeliness of the application of funds received and training of District personnel.Financial and Student Services
Student TravelAudit for compliance with District policies and procedures regarding student travel trips and expenditures.Financial and Student Services
AthleticsAudit of expenditures and compliance with Athletics organizations and District policies and procedures.Financial and Student Services

Grants - United States Department of Education (USDE) Texas Higher Education Coordinating Board (THECB)

Planned EngagementOverviewRisk Area
Brookhaven CollegeUSDE Grant: HSI Title V (15-20) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
Cedar Valley CollegeUSDE Grant: STEM (P382A150037) – Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
Eastfield CollegeUSDE Grant: HSI C-STEM (P031C160113) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
El Centro CollegeUSDE Grant: HSI STEM IPSS (P031C160035) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
Mountain View CollegeUSDE Grant: HSI Bilingual Education Center (P031S170019) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
North Lake CollegeUSDE Grant: TRIO SSS (P042A161469) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
Richland CollegeUSDE Grant TRIO Upward Bound (P047A171489) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
District OfficeTHCEB Grant CB/College Readiness & Success Models (Grant#17431, 19074) - Audit for compliance with grant regulations and provisions and District policies and procedures.Compliance - Financial
District OfficeUSDE Grant Adult Education and Literacy (Divisions #536082, 536083, 586084) - Audit for compliance with grant regulations and provisions and District policies and procedures.
Compliance - Financial

Special Projects and Annual Audit Activities

ActivityOverview
Special ProjectsInvestigate fraud, waste, and abuse allegations.
Audit Follow-upReview status of implementation of prior and outstanding audit recommendations and management corrective action plans.
External Audit Coordination/ WorkManage and serve as the liaison for all external audit services including contracted and regulatory-imposed audits. Perform audit work under the direction of the external auditors as requested.
Quality AssuranceDCCCD Internal Audit will undergo an internal mid-year review of its Quality Assurance and Improvement program to assess operations and practices with applicable standards. Additional effort will go into internal assessment to ensure the most effective and efficient procedures are in place and identify means of improving overall performance.

Performance Audits and Operational Reviews (also known as Management Advisory Reviews)

On August 6, 2019, the Board of Trustees approved the annual DCCCD Fiscal Budget for 2019-20. The approved budget included the addition of up to two full-time equivalents within the Internal Audit Department. Upon hiring of the Chief Internal Auditor, these positions will be recruited and hired, and the following areas are potential opportunities to expand the Internal Audit group into the performance of additional management advisory reviews. These areas are subject to further review and modification by the DCCCD Senior Leadership team and the Chief Internal Auditor.

Audit Resources

The Audit Plan for fiscal year 2019-20 is based on professional staffing of 5 full-time equivalents (FTEs) - Chief Internal Auditor (open position), Assistant Director (currently serving as the Chief, Interim Internal Auditor), 2 Internal Auditors and a Grant Compliance Monitor.

Approximately 75 percent of DCCCD Internal Audit’s available resources are committed to the completion of planned audit projects and investigations.

DCCCD Internal Audit conducts follow-up audit procedures throughout the year to ensure that management is implementing controls as described within their responses to audit report recommendations.

Planned EngagementOverviewRisk Area
Bond Program (2019 - $1.1 Billion)The purpose of this ongoing review will be to report on the financial/operational status and compliance of the Bond issuance program.Financial - Compliance
Marketing and CommunicationsThe purpose of this review will be to evaluate the efficiency and effectiveness of the Marketing and Communications activities within DCCCD against the stated goals and strategies of the District.District Operations
Innovation – Security AssessmentsThe purpose of this review will be to evaluate the efficiency and effectiveness of the security assessment process currently implemented at DCCCD. The review will also evaluate the information standards and procedures for compliance with State of Texas laws and regulations.Information Security -Technology & Compliance
Dallas County PromiseThe purpose of this review will be to evaluate the controls and effectiveness of the platforms that collect and share data for the organizations in this cohort by reviewing/recommending the data security assessments.Information Technology
Student Information Privacy & SecurityThe purpose of this review will be to evaluate the controls ensuring compliance with Laws, Regulations and District policies.Compliance
Achieving the DreamThe purpose of this review will be to evaluate the efficiency and effectiveness of the Achieving the Dream movement within DCCCD.Student Services
Level UpThe purpose of this review will be to evaluate the efficiency and effectiveness of the Level Up movement within DCCCDStudent Services
Cyber Security ContractsThe purpose of this review will be to evaluate the efficiency and effectiveness of the cyber security contracts/vendors currently in place at DCCCD.Information Security - Technology
GRANTS (additional)The purpose of these reviews will be to evaluate the efficiency and effectiveness of grant controls for compliance with grant regulations and provisions and District policies and procedures.Grants
New Systems ImplementationThe purpose of these reviews will be to evaluate the efficiency and effective of controls of new systems being implemented at DCCCD prior to go-live.Information Security - Technology
Student ClubsThe purpose of these reviews will be to evaluate the efficiency and effective of controls over student club organizations at DCCCD.Student Services

Audit resources are allocated as follows:

  • 53 percent of the DCCCD Internal Audit’s available resource days are committed to the completion of planned audit projects and follow-up audit procedures.
  • 10 percent to accommodate requests from management and consultations with DCCCD Departments and Colleges.
  • 10 percent to conduct investigations into fraud, waste, and abuse allegations.
  • 10 percent for employee professional development, internal quality improvement projects, and other internal administrative functions.
  • 17 percent for compensated absences such as annual, sick, and holiday leave.