Annual Internal Audit Plan for 2019-2020

Overview

Dallas County Community College District (DCCCD) Internal Audit conducts risk-based assurance engagements and investigations. The risk-based assurance engagement is an objective examination of evidence to provide an independent assessment of governance, risk management, programmatic effectiveness and the control systems within the District.

Additionally, as may be necessary by events occurring during any fiscal year, investigations are performed based upon requests received from key District management personnel and as may be necessary in response to a complaint or concern raised via the District’s Fraud Hotline.

Risk Assessment Process

Internal Audit utilized a survey process to solicit feedback from the Board of Trustees, Senior Management and the College Leadership Teams to develop this annual Audit Plan.

The survey collected information based upon the DCCCD Strategic Priorities as to the Mission of the District (Engagement and Impact Categories and Thematic Priorities); and considered the impact of Individuals, Communities, Employers, Organizations, Student Success, Employee Success, Community Engagement, Institutional Effectiveness on each of the following DCCCD Strategic Priorities:

Impact Income Disparity Throughout our Community

Target underserved communities and individuals with outreach strategies aligned with cultural contexts
Demonstrate the necessity and value of DCCCD education for living wages and careers
Provide education and scholarship support for skills development for high demand jobs including short-term training options leading to longer term career development
Strengthen the education pipeline through engagement with parents and students as well as through partnerships with school districts, community organizations, universities, and employers

Streamline Navigation to and Through Our System and Beyond

Design and implement student-centric guided pathways linking K-12, DCCCD, universities, and employers
Create consistency in information and processes
Remove barriers to participation and persistence

Implement the Integrated Higher Education Network

Invest in technology and software support
Redesign and staff organizational structures to support the network
Remove barriers to network deployment including assessing short-term and long-term facilities' needs
Reward performance within the network at the individual and organizational level

Serve as the Primary Provider in the Talent Supply Chain Throughout the Region

Align with business and industry workforce requirements
Support development, expansion and relocation of small, medium, and large businesses
Respond nimbly to skills gaps

Create a Diverse and Inclusive High-Performing Work and Learning Environment Leading to Employee and Student Success

Attract, develop, and retain a high-quality staff that reflects the communities we serve
Develop and implement a diversity and inclusion strategic plan
Design and initiate higher education guided career pathways programs for faculty, staff and administrators
Review and revise the employee evaluation system to incorporate best practices in feedback and recognition throughout the year

Each survey respondent then had the opportunity to evaluate risk based upon the following (applicable) areas:

Operational:

Code of Conduct, District Policy Compliance, Fixed Asset Control, Injury, Illness, Protection Plan, Litigation Management, Physical Security, Records Management, Regulatory Compliance, Reputation Risk, Risk Management/Loss Prevention, Constituency Relations, District Governance

Revenue:

Tuition Revenue, Cashiering Function, Billing Function, Accounts Receivable, Cash Receipts/Applications, Credit Collection/Bad Debts, Revenue Recognition

Expenditure:

Accounts Payable/Cash Disbursements, Capital Assets, Facilities Leases, Purchasing/Purchase Order, Receiving, Time and Expense Reporting, Travel Expense

Treasury/Investments:

Cash Management, Investment Management, Financing Arrangements, Regulatory Compliance

Budgeting/Forecasting:

General Ledger Closing, Management Reporting/MIS, Contracts and Grants Accounting

Information Technology (Campus Computing):

Application/Database Management, Business Continuity Planning, Data Privacy and Security, Key Business Application Management, Network Management, Project Management, System Strategy/Planning, Software Purchasing, Software Licenses

Payroll/Personnel:

Compensation & Benefits Management, Employee Evaluation/Satisfaction Monitoring, Employee Records Management, Payroll Processing, Talent Recruitment/Retention, Training

Other:

Student Financial Aid, Facilities Management, Public Safety and Security, Student Information Privacy and Security, Marketing Communications & Public Information, Institutional Research

Core Audit Plan

DCCCD Internal Audit has identified certain critical areas for inclusion in the Core Audit Plan to ensure that adequate coverage is provided over a reasonable time. The critical areas for Core Audit Plan inclusion are:

Colleges
District Operations
Grants (Audits and Compliance Monitoring)
Financial Management
Information Security & Technology
Student Services

Fiscal Year 2019-20 Audit Plan

The 2019-20 Audit Plan focuses on delivering value to DCCCD with an emphasis on the following risk areas: strategic, operational, programmatic, financial, compliance and IT. If new topics emerge during the Audit Plan period that require more immediate attention, reconfiguration of the plan can be undertaken to accommodate these changes. DCCCD Internal Audit’s goal is to complete 85 percent of the Audit Plan. As each audit is undertaken, risks will be re-evaluated to ensure proper audit coverage with due consideration given to confidentiality, integrity, and availability.

DCCCD Internal Audit utilizes numerous electronic information systems (e.g., document images, financial, data analytics warehouses) in the performance of our audit projects.

Planned Engagement	Overview	Risk Area
Grant Compliance Monitoring	Dedicated resource performing ongoing monitoring of Grants for compliance with grant regulations and provisions and District policies and procedures so management can take proactive corrective action.	Grants
Physical Assets Inventory Observation	Observe and test physical inventory and procedures pertaining to changes in inventory records.	Financial
Cash Counts	Review and test control over cash on hand accounts and Compliance with business procedures. (Unannounced)	Financial
Richland Collegiate High School	Audit for compliance with Texas Education Agency attendance verification requirements.	Student Services
Information Technology General Controls - Locations	Audit for general controls and environment of the information technology operations at District College Locations.	Information Security - Technology
Non-Teaching Stipends	Audit for compliance with District policies and procedures.	Financial
Tax Sheltered Annuities Contributions	Audit for compliance with IRS Regulations as to the maximum allowable contributions.	Financial
Day Teaching Non-Faculty Employees	Audit of expenditures and compliance with District policies and procedures.	Financial
Dallas County Promise	Audit of eligibility of student and compliance with District policies and procedures.	Student Services
Veterans Services	Audit for compliance with Veterans Affairs Regulations and District policies and procedures. Review will include the timeliness of the application of funds received and training of District personnel.	Financial and Student Services
Student Travel	Audit for compliance with District policies and procedures regarding student travel trips and expenditures.	Financial and Student Services
Athletics	Audit of expenditures and compliance with Athletics organizations and District policies and procedures.	Financial and Student Services

Grants - United States Department of Education (USDE) Texas Higher Education Coordinating Board (THECB)

Planned Engagement	Overview	Risk Area
Brookhaven College	USDE Grant: HSI Title V (15-20) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
Cedar Valley College	USDE Grant: STEM (P382A150037) – Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
Eastfield College	USDE Grant: HSI C-STEM (P031C160113) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
El Centro College	USDE Grant: HSI STEM IPSS (P031C160035) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
Mountain View College	USDE Grant: HSI Bilingual Education Center (P031S170019) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
North Lake College	USDE Grant: TRIO SSS (P042A161469) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
Richland College	USDE Grant TRIO Upward Bound (P047A171489) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
District Office	THCEB Grant CB/College Readiness & Success Models (Grant#17431, 19074) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial
District Office	USDE Grant Adult Education and Literacy (Divisions #536082, 536083, 586084) - Audit for compliance with grant regulations and provisions and District policies and procedures.	Compliance - Financial

Special Projects and Annual Audit Activities

Activity	Overview
Special Projects	Investigate fraud, waste, and abuse allegations.
Audit Follow-up	Review status of implementation of prior and outstanding audit recommendations and management corrective action plans.
External Audit Coordination/ Work	Manage and serve as the liaison for all external audit services including contracted and regulatory-imposed audits. Perform audit work under the direction of the external auditors as requested.
Quality Assurance	DCCCD Internal Audit will undergo an internal mid-year review of its Quality Assurance and Improvement program to assess operations and practices with applicable standards. Additional effort will go into internal assessment to ensure the most effective and efficient procedures are in place and identify means of improving overall performance.

Performance Audits and Operational Reviews (also known as Management Advisory Reviews)

On August 6, 2019, the Board of Trustees approved the annual DCCCD Fiscal Budget for 2019-20. The approved budget included the addition of up to two full-time equivalents within the Internal Audit Department. Upon hiring of the Chief Internal Auditor, these positions will be recruited and hired, and the following areas are potential opportunities to expand the Internal Audit group into the performance of additional management advisory reviews. These areas are subject to further review and modification by the DCCCD Senior Leadership team and the Chief Internal Auditor.

Audit Resources

The Audit Plan for fiscal year 2019-20 is based on professional staffing of 5 full-time equivalents (FTEs) - Chief Internal Auditor (open position), Assistant Director (currently serving as the Chief, Interim Internal Auditor), 2 Internal Auditors and a Grant Compliance Monitor.

Approximately 75 percent of DCCCD Internal Audit’s available resources are committed to the completion of planned audit projects and investigations.

DCCCD Internal Audit conducts follow-up audit procedures throughout the year to ensure that management is implementing controls as described within their responses to audit report recommendations.

Planned Engagement	Overview	Risk Area
Bond Program (2019 - $1.1 Billion)	The purpose of this ongoing review will be to report on the financial/operational status and compliance of the Bond issuance program.	Financial - Compliance
Marketing and Communications	The purpose of this review will be to evaluate the efficiency and effectiveness of the Marketing and Communications activities within DCCCD against the stated goals and strategies of the District.	District Operations
Innovation – Security Assessments	The purpose of this review will be to evaluate the efficiency and effectiveness of the security assessment process currently implemented at DCCCD. The review will also evaluate the information standards and procedures for compliance with State of Texas laws and regulations.	Information Security -Technology & Compliance
Dallas County Promise	The purpose of this review will be to evaluate the controls and effectiveness of the platforms that collect and share data for the organizations in this cohort by reviewing/recommending the data security assessments.	Information Technology
Student Information Privacy & Security	The purpose of this review will be to evaluate the controls ensuring compliance with Laws, Regulations and District policies.	Compliance
Achieving the Dream	The purpose of this review will be to evaluate the efficiency and effectiveness of the Achieving the Dream movement within DCCCD.	Student Services
Level Up	The purpose of this review will be to evaluate the efficiency and effectiveness of the Level Up movement within DCCCD	Student Services
Cyber Security Contracts	The purpose of this review will be to evaluate the efficiency and effectiveness of the cyber security contracts/vendors currently in place at DCCCD.	Information Security - Technology
GRANTS (additional)	The purpose of these reviews will be to evaluate the efficiency and effectiveness of grant controls for compliance with grant regulations and provisions and District policies and procedures.	Grants
New Systems Implementation	The purpose of these reviews will be to evaluate the efficiency and effective of controls of new systems being implemented at DCCCD prior to go-live.	Information Security - Technology
Student Clubs	The purpose of these reviews will be to evaluate the efficiency and effective of controls over student club organizations at DCCCD.	Student Services

Audit resources are allocated as follows:

53 percent of the DCCCD Internal Audit’s available resource days are committed to the completion of planned audit projects and follow-up audit procedures.
10 percent to accommodate requests from management and consultations with DCCCD Departments and Colleges.
10 percent to conduct investigations into fraud, waste, and abuse allegations.
10 percent for employee professional development, internal quality improvement projects, and other internal administrative functions.
17 percent for compensated absences such as annual, sick, and holiday leave.

Download the 2019-2020 Audit Plan (PDF - 284 KB)