SPS Annual Risk Assessment and Audit Plan - October 2011
Transcript of SPS Annual Risk Assessment and Audit Plan - October 2011
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
1/47
Seattle Public Schools
Annual Risk Assessment and Audit Plan
Presented ByThe Office of Internal Audit
October 11, 2011 through August 31, 2012
Issue Date: October 11, 2011
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
2/47
Seattle Public Schools Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
TABLE OF CONTENT
EXECUTIVE SUMMARY.. 1
Significant Risks
Assessment
Audit Plan
BACKGROUND INFORMATION. 4
Purpose
Scope
The Office of Internal Audit
Risk Considerations
Internal Controls
Internal Audit Process
PROCEDURES PERFORMED. 7Audit Universe
Compliance Impact
Financial Impact
Prior Audit Exceptions
Overall Risk Assessment
Planned Control Monitoring
Current or Planned Activities
Audit Plan
AUDIT PLAN....................... 12
Full-Scope AuditsFollow-Up Audits
Limited Site-Based Procedures
Other Projects
Calendar
Areas Not Selected for Audit
Appendices
Appendix AUniverse.. 17
Appendix BElimination of Low Risk Audit Areas. 25
Appendix C Risk Assessment and Audit Plan. 33
Appendix DAvailable Audit Resources.. 35
Appendix EInternal Audit Process Flowchart 36
Appendix FInternal Audit Staff Biographies.. 37
Appendix GAudit Plan Timeline. 38
Appendix HOrganization Chart.. 39
Appendix IInternal Audit Policy. 40
Appendix J Internal Audit Procedure.. 42
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
3/47
Executive Summary
The Office of Internal Audit conducts audits to support and promote integrity, openness and
transparency with respect to internal financial controls and compliance of the district. To accomplish
this goal, the Office of Internal Audit, adhering to Generally Accepted Government Auditing Standards,
shall identify areas of risk on an annual basis and test for compliance based on an annual audit plan.The following information summarizes the significant risks impacting the District, as well as the current
year audit plan.
Significant Risks
Decentralized Environment
One of the biggest risks to the District is its decentralized environment. This environment creates
situations where central office managers and supervisors are responsible for employees that they
rarely see because these employees are assigned to schools. It also means that several central office
functions, such as contract approval, equipment tracking, payroll, accounts payable, and risk
management, rely heavily on the procedures performed at outlying sites and schools. For example,
although accounts payable may process payments to vendors, they rely on individual departments
and schools to perform a thorough review of the vendors invoice. The centralized accounts payable
staff does not have direct knowledge of the transaction, so they rely on the responsible
departments and schools to determine if an invoice is appropriate to pay. This environment
increases the risk that employees will not follow procedures because they know that they are not
being adequately monitored. There is also the risk that central office staff will not effectively
communicate key control activity requirements to the outlying sites and schools, or provide them
with the resources they need to perform the control activity properly.
Leadership Turnover and Few Formalized Written Procedures
The majority of the Districts leadership team is new. Several key leaders are either new to the
District or are new to their current position. Also, a handful of leadership positions are still filled by
interim personnel. Although these leaders appear to be competent, accountable, and transparent,this situation still increases the risk that internal controls will not be clearly established, or that they
will not be assigned clear ownership. This environment is further complicated by the condition that
few formalized written procedures are available to the new leadership team. This increases the risk
that institutional knowledge held by previous leaders has left the District.
Budget Constraints and Reduction in Force
Due to budget constraints, reductions in force have occurred over the last several years. There is a
risk that control activities were not adequately transitioned to the remaining employees. In addition,
employees are now asked to take on an increased workload. Instead of rewarding high-performers
with additional compensation or benefits, they have been given the responsibilities previously
performed by someone else. Having more procedures performed by fewer people increases risk thatkey control activities will not be performed. Employees may not have sufficient time or resources to
perform their due diligence. Worse yet, employees may take advantage of the lack of monitoring
because they believe they are owed something for their increased workload. This situation can
also have a negative impact on employee retention, as high-performing employees begin to look for
more rewarding employment opportunities. This risk is only expected to increase with the States
recent negative economic projection.
Page 1 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
4/47
Assessment
The risks summarized above may not individually necessitate an internal audit, but they can all have a
negative impact on key internal controls. Due to the above risks, there is an increased likelihood that:
Key controls are not effectively designed
Key controls are not visibly communicated to staff
Key controls are not being performed properly
Key controls are not adequately monitored by District management
Key controls are not clearly prioritized against other job responsibilities
Due to this increased risk associated with key controls, the Office of Internal Audit has an obligation to
audit the areas where the key controls are actually performed. Even if an audit is being conducted of a
centralized function, internal audit best practices require that key controls and transactions be verified
at the source. Thus, any plan designed by the Office of Internal Audit should include procedures to verify
key controls where they are performed.
The significant risks identified above are also deemed to be universal, meaning they are not specific to
any one area within the District. Thus, the Office of Internal Audits effectiveness in mitigating risk is
diminished by the fact that any single audit will only mitigate the risks for that one specific area. In order
for the Office of Internal Audit to have a measurable impact on risk mitigation they should develop a
plan that provides coverage to as many different audit areas as possible.
Audit Plan
Based on the significant risks identified above, and their potential to negatively impact key internal
controls, this years audit plan will include procedures to verify key controls at the source, while also
providing coverage to multiple audit areas. The Office of Internal Audit has devised a plan to accomplish
this by combining the following types of engagements:
Full-Scope Audits Conducted of central administration functionsLimited Site-Based Procedures - Conducted at schools
Follow-Up Audits Conducted in audit areas where management recently remedied past audit
issues
These different types of audits will leverage off of one another, and will increase audit efficiency.
Although some procedures will be conducted at schools, the audits will have a holistic approach to the
overall system. The focus will be on improving entity-wide systems, and the audits will have an added
benefit of highlighting those areas where schools do not receive adequate support from central
administration.
As previously noted, key internal controls will need to be verified at the source. The Office of InternalAudit will leverage the time spent at a school by also gathering data and information related to a wide-
variety of activities. The limited procedures will cover multiple audit areas, but they will also have a
minimal impact on school staff. Although the audit scope of some areas will be limited, the different
audit areas that will be covered by this years audit plan include:
Page 2 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
5/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Human Resources
Centralized ASB
Technology Services
Inventory/Equipment Tracking
Personal Service Contracts
Transportation
Payroll and Leave Time Reporting
Enrollment/Student Counts
School Security
Risk Management
Grants and Fiscal Compliance
Purchasing & Contracting
Nutrition Services
Volunteering with SPS
Rentals/Facility Usage
Time & Effort Reporting
Donations
Athletics
Expense Reimbursements
Travel Expenditures
Kindergarten Tuition
ASB and Self Help at Schools
Class Fees & Student Fines
Loss Reporting to the SAO
Booster Clubs
The biggest benefit of performing site-based key control verifications in these areas is that it will allow
the Office of Internal Audit to identify potential problem areas now, rather than waiting until a Full-
Scope Audit can be performed sometime in the future. Even though the procedures will be limited, they
will still identify the key deficiencies that could be indicative of a major system weakness. Identifying
these risks sooner, rather than later, will provide the School Board, District Leadership, and the Office of
Internal Audit advanced warning of impending problem areas. In essence, the Limited Site-Based
Procedures are a proactive approach to prevent potential problem areas from going undetected for a
long period of time.
Specific details of this years audit plan can be found in theAudit Plansection of this document. The
Audit Plansection elaborates on the type of coverage each audit area will receive, and also documents
how the areas selected for a Full-Scope Audit were selected. A summary of the audit plan schedule is
also illustrated in a Gantt chart located atAppendix G.
Subsequent Years
As of today, this years plan is envisioned as having a multi-year aspect. Limited audit procedures will
continue to be conducted at schools with the results contributing towards entity-wide risk assessments
and any centralized audits that are also being performed. Ideally, the planning procedures performed
this year will only have to be refreshed for next years Annual Risk Assessment and Audit Plan. However,
the Office of Internal Audit will conduct a comprehensive risk assessment each year, and will alter the
plan as needed.
Page 3 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
6/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
BACKGROUND INFORMATION
Purpose
The Office of Internal Audit is committed to conducting risk-based audits. This process increases the
likelihood that internal audits will be conducted in the areas with the greatest need. This Annual Risk
Assessment and Audit Plan is an effort by the Office of Internal Audit to assist the District in mitigating
risks. This document summarizes the risks impacting the District, and it includes an audit plan detailing
which areas will be audited this year.
Scope
This document covers the period from October 2011 through August 2012. In subsequent years the
audit plan will cover a full year Beginning September 1 and ending August 31.
The Office of Internal Audit
The Office of Internal Audit was created in 2011 to promote integrity and accountability. It is considered
an essential function of the District and reports directly to the Chair of the Audit and FinanceCommittee. This reporting structure was established to ensure that the Office of Internal Audit remains
independent of District Management. Independence is essential to ensure that audit results are
objective, and are communicated directly to the School Board. The Office of Internal Audit provides
recommendations only, and does not have any authority to implement operational policies or
procedures on behalf of the District. Upon completion of an audit, the results are communicated to the
Audit and Finance Committee, which ensures full transparency of the internal audit function. The Policy
and Procedure governing the Office of Internal Audit are included at Appendix I (Policy) and Appendix J
(Procedure)
The Office of Internal Audit also has an administrative reporting structure directly to the
Superintendant, which is necessary to accommodate paychecks, reimbursements, provisions for office
space, and approval of leave time. A flowchart showing the Office of Internal Audits reporting structure
is located atAppendix H.
The Office of Internal Audit is currently staffed by one Director, but is expected to expand to a staff of
three total employees during the current year. Staff biographies are located inAppendix F.Appendix D
illustrates the departments available resources, assuming two staff auditors begin employment with the
District on January 3, 2012.
Risk Considerations
A risk is a set of circumstances that can hinder an objective. Throughout the preparation of this
document, the Office of Internal Audit was aware of the following risks and circumstances that
contributed to our final risk assessment and audit plan. This list is not intended to be all-inclusive, but itis intended to illustrate the numerous considerations that have gone into this risk assessment.
Control Environment The attitudes, values, actions, philosophies, and policies that set the culture
for an organization. Sometimes referred to as the Tone at the Top.
Inherent Risks The risk that would exist even if no internal controls or mitigating factors were put
in place. For example, cash handling has a high inherent risk.
Page 4 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
7/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Control risks The risk that an internal control procedure will not be effective in mitigating risk.
Simply having a control in place does not ensure that it will be effective.
Reputational risk Risk that key customers and stakeholders will lose confidence in the
organization. This could have a negative impact on the Districts enrollment numbers and its chances
of passing future levies.
Compliance risk The risk of sanctions, financial loss, or loss of reputation resulting from failure to
comply with laws, regulations, codes of conduct, or standards. The District has a significant amount
of compliance requirements applicable to K-12 districts, and resulting from Federal, State, and grant
funding.
Financial risk The risk of losing funding or cash flow. There are a wide variety of circumstances that
could cause the District to lose public funds or property.
Operational risks The risk of loss resulting from a breakdown in internal controls, operations, or
procedures.
The following list identifies some of the risk considerations that are taken into account when assessing
risk. Each of the following situations would result in a higher risk rating:
Cash Areas that handle cash, or have a billing and collection function
Prior Audit Findings and Exceptions Areas prone to audit findings
Discretionary Budgets Areas that have large expenditures for contracts, purchases, or overtime
Turnover Areas that have recently experienced significant turnover
Policies and Procedures Areas without clearly defined and available written policies and
procedures
Certain significant risks associated with the District have been summarized in theExecutive Summary
section of this document. Throughout the preparation of this document, the Office of Internal Audit has
maintained a degree of professional skepticism, and will continue to do so as audits are conducted.
Internal Controls
In response to risks, organizations implement internal controls to mitigate those risks to an acceptable
level. The Office of Internal Audit has considered the Districts internal controls during the preparation
of this document.
The most widely used framework for internal control in the United States, and around the world, is
COSO. COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission and it
is dedicated to providing guidance to executive management and governance entities on critical aspects
of organizational governance. COSO defines internal control as a process, effected by an entity's board
of directors, management, and other personnel, designed to provide reasonable assurance regardingthe achievement of objectives in the following categories: a) Effectiveness and efficiency of operations;
b) Reliability of financial reporting; and c) Compliance with laws and regulations. COSO defines internal
control as having five components:
1. Control Environment - Sets the tone for the organization, influencing the control consciousnessof its people. It is the foundation for all other components of internal control.
Page 5 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
8/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
2. Risk Assessment - The identification and analysis of relevant risks to the achievement ofobjectives, forming a basis for how the risks should be managed.
3. Information and Communication - Systems or processes that support the identification, capture,and exchange of information in a form and time frame that enable people to carry out their
responsibilities.
4. Control Activities - The policies and procedures that help ensure management directives arecarried out.
5. Monitoring - Processes used to assess the quality of internal control performance over time.Internal Audit Process
Appendix Eshows the process of creating an annual plan, conducting audits, communicating with
District staff and management, and finally reporting audit results directly to the Audit and Finance
Committee. It is not intended to show reporting structure, but rather to summarize the process that the
Office of Internal Audit goes through.
Page 6 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
9/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
PROCEDURES PERFORMED
The following procedures were followed in the completion of this Annual Risk Assessment and Audit
Plan:
1. Create an Audit UniverseIn order to start assessing risks and identifying which areas to audit, it is necessary to first identify all
the areas that could be selected for an audit. The audit universe serves as a starting point for
selecting areas to audit, and it includes all departments, programs, systems, and activities of the
District. The creation of an audit universe has an added benefit of providing knowledge about the
different functions the District performs. The knowledge gained during this process will be
instrumental in assessing risks.
The audit universe is a constantly evolving document that will be updated throughout the year to
reflect the creation or deletion of District programs. The audit universe used for this years audit
planning is attached inAppendix A, and is considered current as of September 23, 2011. Thefollowing items were reviewed and evaluated in order to compile the audit universe:
Districts Public Internet Site
Districts Internal Intranet Site
Districts Organizational Charts
Financial Reports
Prior Audit Reports and Workpapers
District Publications
Districts Policies & Procedures
The Accounting Manual for Public School
DistrictsDistrict Training Material
Observation of District Facilities
The Audit Universe and Annual Plans for
Other School Districts
Internal Audit Guides and Publications
The Washington Association of School
Business Officials Website and
Publications
Media Communications
The Office of the Superintendant of PublicInstruction Website and Publications
In addition to reviewing the above items, meetings were also conducted with the following groups:
School Board Directors
District Leaders and Managers
The State Auditors Office
The City of Seattles Ethics and Elections
Commission
2. Eliminate Low Risk Audit AreasAs indicated above, the audit universe includes all departments, programs, systems, and activities of
the District. This includes all academic and partnership programs, which are not likely to have largediscretionary budgets or cash receipting functions. Since these types of programs consist mainly of
salaries and are focused primarily on the education of students, they are less likely to be selected for
audit this year. There is the potential to audit these academic areas in future years to evaluate their
efficiency and effectiveness; however, this years audit plan will focus heavily on financial controls
and compliance. The Internal Audit Policy(G.23.00) states that the Office of Internal Audit is, to
conduct performance audits to support and promote integrity, openness and transparency with
Page 7 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
10/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
respect to internal financial controls and compliance of the district. Thus, the audit universe can be
scaled back to only include those areas that involve financial controls and compliance.
Appendix Bshows those areas that are being eliminated from the audit universe because they are
deemed to be low risk with respect to financial controls and compliance. Areas predominately
associated with a financial statement audit are also eliminated, since the State Auditors Office
conducts a financial audit annually. Some of the attributes used to determine if an area should be
automatically excluded from this years audit plan include:
Lack of a Discretionary Budget
Lack of a Cash Handling or Billing Function
Limited Compliance Requirements
Goals & Objectives are Primarily Academic
3. Condense Audit Universe into Major Audit AreasIn order to make the audit universe more manageable for risk assessment purposes, it will be
condensed into major audit areas. The original audit universe contained numerous audit areas
within the same department. For example, the Department of Technology Services (DoTS) has morethan twenty different areas listed as potential audit candidates. However, if DoTS is ultimately
selected for audit, it will not include procedures for all twenty areas. Only those areas deemed to be
the most risky would be audited. The excluded areas would be considered for an audit in
subsequent years. The specific risk areas to be audited within one department will be determined
during the planning phase of that audit. SeeAppendix Efor an illustration of the planning process.
Based on the same procedures and meetings documented in step #1 above, the remaining audit
universe was condensed into major audit areas. These major audit areas are documented in the first
column ofAppendix C. Each major audit area is deemed to have a risk related to financial controls
and/or compliance. This condensed audit universe will be the basis for a formal risk assessment that
will determine which areas to include in this years audit plan.
4. Compliance ImpactColumn #2 ofAppendix Cassesses the compliance impact of each major audit area. An assessment
of Low, Medium, or High was made, depending on the volume of compliance requirements
associated with each area. The compliance requirements include District policies and procedures, as
well as Federal and State laws and regulations.
5. Financial ImpactColumn #3 ofAppendix Cassesses the financial impact of each major audit area. Each area is rated
as having a Low, Medium, or High financial impact to the District. An exact dollar threshold is not
utilized because there are many uncertainties and factors that can affect the financial impact.
Specifically, certain areas can have a large financial impact despite having a relatively small budget.
For example, rentals/facility usage is not a significant funding source for the District; however, the
potential financial impact associated with liability lawsuits resulting from an injury sustained on
District property, escalates this audit area to a high financial impact. Another example is District
volunteers. There is little financial impact with performing background checks on volunteers;
however, the potential impact associated with allowing someone with a criminal background to
interact with students is high. Since financial data alone cannot be used to assess the financial
impact to the District, these assessments were reviewed by a committee consisting of the Interim
Page 8 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
11/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Assistant Superintendant of Business of Finance, the Executive Director of Finance, the Risk
Management and Insurance Manager, the Audit Response Manager, and the Accounting Manger.
The assessments were first made by the Office of Internal Audit and were then reviewed by this
Committee. Adjustments were made where necessary, but the final assessment rests with the Office
of Internal Audit. In subsequent years, when the Office of Internal Audit is more knowledgeable of
the District, the Office of Internal Audit will take more ownership of this assessment to ensure its
ongoing independence.
6. Prior Audit ExceptionsIn addition to the Internal Audit Function, the District is audited frequently by various State and
Federal agencies, as well as the occasional independent contractor. Columns 4, 5, and 6 ofAppendix
Cidentify whether or not any exceptions were noted in these audits. The reporting agency is
identified in the year that the audit report was issued, and past audit exceptions include audit
findings, management letters items, or exit conference notifications. These columns are intended to
highlight those areas that may be prone to audit findings. They may also help identify those areas
that are audited frequently, but do not have any audit exceptions. The major programs audited bythe State Auditors Office during their Financial and Single Audit engagements are identified below.
If any exceptions were noted in these audits, that fact has been documented inAppendix C:
Major Program 2009 2010 2011
Title I Grants to Local Educational Agencies X X X
Special Education - Grants to States X X
Indian Education X X
Special Education - Preschool Grants X
ARRA - Title I Grants to Local Educational Agencies,
Recovery ActX
ARRA - Special Education Grants to States,Recovery Act
X X
ARRA - Special Education - Preschool Grants,
Recovery ActX
ARRA State Fiscal Stabilization Fund Education
State Grants,
Recovery Act
X X
Head Start X X X
ARRA - Head Start X
Child Nutrition Cluster X
Improving Teacher Quality X
Education and Human Resources XSafe and Drug Free Schools and Communities
State Grants
X
Reading First X
7. Overall Risk AssessmentBased upon all the information obtained to date, the Office of Internal Audit then assessed the
overall risk for each major audit area. This assessment is based on the items documented in
Page 9 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
12/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix C(Compliance Impact, Financial Impact, and exceptions noted in prior audit
engagements), and upon all the knowledge gained while performing each of the above procedures.
All of theRisk Considerationsdocumented in the Background section of this document play an
important role in the overall risk assessment. However, in the absence of any additional
information, the following table illustrates how risk is assessed if relying solely upon the financial
and compliance impact of each audit area:
Overall Risk Assessment
Financial
Impact High Medium High High
Medium Medium Medium Medium
Low Low Low Medium
Low Medium High
Compliance Impact
As this table illustrates, a slightly higher emphasis is placed on financial impact than compliance
impact.
8. Planned Control MonitoringThe Districts Board of Directors is taking a proactive approach to ensure adequate internal controls.
Several departments have been placed on a rotating schedule to appear before the School Boards
Oversight Work Session. During these sessions, the departments identify their key internal control
procedures, risks, and major initiatives. The Audit & Finance Committee also brings various
departments forward to discuss risks, controls, and initiatives. The schedule of upcoming and recent
sessions is documented in column #8 ofAppendix C. The departments presentations in these
sessions contain valuable information to the Office of Internal Audit, and will be used in ongoing risk
assessments. In addition, the dates of these sessions can impact the timing of internal audit
engagements. A department that has not gone through the practice of identifying risks and controls
may be in a greater need of an internal audit. On the other hand, a department that has already
presented their risks and controls may benefit from an audit soon after their presentation to
determine if their major initiatives are working as intended.
9. Current or Planned ActivitiesThe Districts leadership team is also taking the initiative in mitigating risks and ensuring adequate
internal controls. Column #9 inAppendix Cidentifies any current or planned activities that the
District is undertaking with respect to the major audit areas. This step was completed by the
Districts Audit Response Manager who is familiar with these initiatives, and was also reviewed by
the same committee identified in step #5 above. This column also identifies any future engagementsplanned by the State Auditors Office or other governing body. This information is helpful in planning
the timing of internal audit engagements. An area that is actively working to change and improve
their procedures may be best suited for an internal audit six to nine months after the improvements
are implemented. This would provide the audit area with valuable information as to whether or not
their procedures were adequate, and if they are working as intended.
Page 10 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
13/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
10.Audit PlanBased on the results of all planning procedures performed to date, the final step associated with
Appendix Cis to determine which areas to include in this years audit plan. An examination of
Appendix Creveals that 30 audit areas are rated as High Risk. However, given the Office of Internal
Audits available resources, as discussed in theBackground sectionof this document, only a few of
these high risk areas can be audited in the first year. In response to this limitation, the Office of
Internal Audit has developed a plan that will provide coverage to 15 high risk audit areas and 10
medium risk audit areas in the first year alone. The plan involves a hybrid approach between Full-
Scope Audits, Follow-Up Audits, and Limited Site-Based Procedures. Column #10 ofAppendix C
identifies the major audit areas that will be covered by each type of audit. Detailed information
about the different types of audits to be performed, and the areas selected for each type, is
included in theAudit Plansection of this document.
Page 11 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
14/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
AUDIT PLAN
Column #10 inAppendix Cidentifies the different types of audits that will be conducted this year,
along with the major audit areas to be covered by each engagement type. This section of the Annual
Risk Assessment and Audit Plan explains the different types of engagements, and also documentswhy each area was selected to be included in the final audit plan. Once approved, the final audit
plan will guide the Office of Internal Audits activities for the upcoming year. Any unforeseen
changes to the plan will be communicated to the Audit and Finance Committee as soon as possible.
If a school Board Member wishes to alter the approved audit plan, the proposal must be submitted
by two Board Directors, and ultimately approved by the Audit and Finance Committee. These
procedures will ensure the Office of Internal Audits independence and prevent the Office from
being used to promote a personal agenda.
Full-Scope Audits
The Full-Scope audits will involve a comprehensive review of the operation or system as a whole.
The focus will be on whether or not the operation or system is meeting its compliance requirements
while also providing effective financial internal controls. Depending on the area audited, fieldwork
procedures may also involve sampling various outlying schools and locations. This may be necessary
since some of the key control procedures may be performed outside of the central administration
building. A prime example of this is the Payroll system. Although Payroll is a centralized system, the
central office staff does not have direct knowledge of most employees work schedules. As a result
they rely heavily on the outlying Managers and Principals to conduct a thorough review of their
staffs payroll entry. When sampling of outlying schools is necessary, the procedures will leverage
off of the Limited Site-Based Procedures discussed below. In short, the Limited Site-Based
Procedures will include tests of transactions that will directly relate to these Full-Scope audits.
The following audit areas have been selected to receive a Full-Scope Audit:
Human Resources
The Districts largest operating expenditures are salaries and benefits. Human resources is
not only responsible for the hiring of new employees, but they are also instrumental in
providing internal controls to ensure that only legitimate employees are entered into the
payroll system. They also administer the employee benefits contracts, and ensure
compliance with numerous Federal, State, and local requirements. Significant financial
implications could be caused by fines or litigation resulting from non-compliance with
requirements relating to fair labor standards, discrimination, harassment, or the Family
Medical Leave Act. The Human Resources function is also responsible for maintaining data
related to teacher experience and qualifications, which has a material impact on the
apportionment funding that the District receives from the State. All of these factors upholdthe notion that Human Resource has an extremely high compliance and financial impact to
the District.
In addition to the compliance and financial impacts noted above, the Human Resources
function has endured twelve different changes to the top leadership position during the last
thirteen years. This alarming rate of turnover in a key leadership position increases the risk
that responsibilities and expectations are not clearly understood or aligned with District
Page 12 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
15/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
initiatives. It also increases the risk that institutional knowledge has left the District with
these previous employees, and that current staff are unaware of key internal control
requirements. The current Executive Director of Human Resources is in the midst of
restructuring and improving the Human Resources function, but has also indicated that the
Office of Internal Audit can be of value at the same time.
Centralized ASB (Associated Student Body Fund)
Numerous interviews were conducted with District staff to determine where the Districts
significant risks are. The one audit area that was mentioned most frequently as an area of
concern was ASB funds. There is widespread belief that problems exist with ASB funds. This
is further substantiated by recent ASB fund exceptions noted by the State Auditors Office.
There is a high likelihood of errors noted with ASB funds; however, the financial impact is
less certain. The total value of the ASB fund is approximately $4 million, which is less than
1% of the Districts general fund amount. However, the ASB fund represents monies that are
generated by students. Finding cost savings in the ASB fund will not increase the available
resources to the District, because those funds belong to students. However, as a steward to
these funds, the District has an obligation to ensure they are safe. Also, failure to properly
account for these funds can negatively impact the Districts reputation. Reputational risk is
difficult to quantify, but the long term impact of negative publicity could impact future
enrollment numbers as well as the Districts ability to pass upcoming levies. Safeguarding
the Districts reputation is increasingly important, due to the negative publicity received
within the past year.
The Limited Site-Based Procedures conducted at schools will include procedures relating to
ASB funds, including a surprise cash count. The results of these school audits will be used to
support an audit of the centralized ASB system, which will be conducted during the summer
months when schools are on break. The focus of this centralized system audit will be to
determine if the central office is properly accounting for all school ASB funds, and to ensurethat Central Administration is adequately supporting the schools. The Interim
Superintendants 4thPillar of Success calls for Central Office Staff Serving and Supporting
Schools and Families. One way that the Office of Internal Audit will be contributing to this
initiative is by ensuring that other centralized functions are adequately supporting schools
as well.
Technology Services
The Department of Technology Services takes up a significant portion of the Districts
general fund. The department also has capital expenditures associated with the Building,
Technology, and Academics levy. An interim Director was recently appointed, and the
department is not currently scheduled for any appearances before the Audit and FinanceCommittee or the Oversight Work Sessions. In addition, there have not been any recent
audits completed in this area. All of these factors indicate that the Department of
Technology Services could benefit from an internal audit.
Follow-Up Audits
The Follow-Up Audits will focus solely on those problem areas identified in previous audit reports. A
good candidate for a Follow-Up Audit will be an audit area that has received significant or numerous
Page 13 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
16/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
prior audit exceptions, and has recently implemented corrective actions to resolve those exceptions.
The primary objective of a Follow-Up Audit will be to determine if the newly implemented corrective
action plans are working as intended.
The following audit areas have been selected to receive a Follow-Up Audit:
Inventory/Equipment Tracking
Personal Service Contracting
Limited Site-Based Procedures
The Limited Site-Based Procedures will focus on the key compliance and financial controls expected
to be completed at schools. In addition to providing data to support the Full-Scope Audits and the
Follow-Up Audits that are already scheduled, they will also include procedures to ensure compliance
and financial accountability in a wide variety of other areas. By overlapping these audits and
leveraging off of the time spent at schools, the Office of Internal Audit will increase efficiency and be
able to provide coverage to more audit areas while limiting the amount of time required fromschool-based employees.
These procedures will be limited in duration, and will overlap with the Full-Scope Audits and Follow-
Up Audits that are also being conducted. As indicated in theFull-Scope Audits section above,
auditing procedures will most likely involve visits to outlying schools in order to verify certain key
controls. Since schools must be visited anyway, the Limited Site-Based Procedures are going to
leverage off of these school visits. In addition to verifying the key controls specific to the current
Full-Scope and Follow-Up Audits, the time spent at schools will also include procedures to gather
information about other key controls that the schools are expected to be following. Essentially, the
Office of Internal Audit will be using the time spent at schools to accomplish more than one
objective. TheExecutive Summaryalso discusses the importance of verifying key internal controls at
the source.
An individual audit report will be issued after each school visit; however, the intent of the report is
not to highlight the deficiencies of specific schools, but rather to shed light on those areas that may
represent a system-wide failure of internal controls. In fact, these engagements will actually offer
the schools an opportunity to articulate the challenges they face, and identify the areas where they
do not get enough support from Central Administration.
The results of these engagements will also be tracked and summarized in the Office of Internal
Audits Annual Summary. These results will be used to identify potential audit areas in subsequent
years. This plan provides a great opportunity to identify those areas where key controls are not
being adequately followed, or perhaps have not been adequately communicated to the schools. Itcould also identify those situations where schools do not have the support they need from central
administration, or where insufficient resources are available to perform the control procedures
properly.
The biggest benefit of these site-based key control verifications is that it will allow the Office of
Internal Audit to identify these potential problem areas now, rather than waiting until a Full-Scope
Audit can be performed sometime in the future. Even though the procedures will be limited, they
Page 14 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
17/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
will still identify the key deficiencies that could be indicative of a major system weakness. Identifying
these risks sooner, rather than later, will provide the School Board, District Leadership, and the
Office of Internal Audit advanced warning of impending problem areas. Corrective action plans can
be put in place before these impending problem areas escalate even further. In essence, the Limited
Site-Based Procedures are a proactive approach to prevent potential problem areas from goingundetected for a long period of time.
A total of six site-based audits are planned for this year, and will be conducted at various schools
dispersed throughout the district. The Office of Internal Audit will attempt to select schools from
different regions, and will divide them equally among high schools, middle schools, and elementary
schools. The identity of the schools selected will be kept confidential until after the engagement has
begun. This will allow the Office of Internal Audit to begin each engagement with a surprise cash
count.
The major audit areas to be covered by these Limited Site-Based Procedures include:
Transportation
Payroll and Leave Time Reporting
Enrollment/Student Counts
School Security
Risk Management
Grants and Fiscal Compliance
Purchasing & Contracting
Nutrition Services
Volunteering with SPS
Rentals/Facility Usage
Time & Effort Reporting
Donations
Athletics
Expense Reimbursements
Travel Expenditures
Kindergarten Tuition
ASB and Self Help at Schools
Class Fees & Student Fines
Loss Reporting to the SAO
Booster Clubs
Other Projects
In addition to the audits noted above, the Office of Internal Audit will have other projects to complete as
well. Some of these projects, such as maintaining a department website and preparing an annual
summary for the School Board, will be ongoing projects from year to year. However, other projects, such
as hiring new staff auditors and creating a department Policy and Procedures Manual, are one-time
projects associated with setting up a new department. The following list is presented to identify the
non-audit projects that will incur internal audit resources this year:
Hiring of New Staff Members
Supervision of Staff Auditors
Continuing Professional Education Training
Special Requests and Investigations
Creating Protocols for Accepting Special Requests
Developing Department Mission, Goals, and Objectives
Developing Department Policy and Procedures Manual
Documenting Generally Accepted Government Auditing Standards (Yellow Book) Compliance
Creating & Maintaining a Department Website
Preparing the Internal Audit Annual Summary
Page 15 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
18/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Developing Subsequent Years Annual Risk Assessment and Audit Plan
With regard to Special Requests and Investigations, the Office of Internal Audit will include a customer
service aspect in its audit plan. Resources will be made available to support schools should they
encounter a situation that requires internal audit expertise. Offering this service will accomplish twoobjectives. First, it will support the Interim Superintendants 4
th Pillar or Success Central Office Staff
Serving and Supporting Schools and Families. Second, it will serve to break down the barriers associated
with audits, and demonstrate to schools that the Office of Internal Audit can be viewed as a resource
and a partner. However, to ensure independence and the proper use of internal audit resources, special
requests must demonstrate why internal audits expertise or objectivity is necessary.
Calendar
Appendix Gis a Gantt chart illustrating the timing of this years audit plan. The calendar is simply an
estimate based on certain facts and assumptions as of October 2011. Updates to the calendar will be
made as necessary.
Areas Not Selected for Audit
One high risk area that is not selected for audit at this time is Capital. Although Capital is rated as a high
risk area, and has had recent audit findings cited, it is not included in this years audit plan due to timing.
The District is currently making significant changes to the Capital department, and is contracting with
the Educational Service District (ESD) to provide restructuring recommendations. The ESD is providing
consulting services related to the department reorganization, and is also conducting reviews of potential
problem areas. An internal audit conducted during this transitional phase would likely identify problem
areas that are already known to exist, and have already been identified for corrective action. A better
alternative would be to audit this area once a majority of the restructuring is complete, and the
department has had some time to implement and modify its new procedures. In addition, the State
Auditors Office has indicated Capital is going to be a main area of focus for their current audit. An
internal audit at this point could be a duplication of efforts, and would be an unnecessary burden to theCapital department employees.
Page 16 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
19/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix A Audit Universe
Audit Universe
The audit universe serves as a starting point for selecting areas to audit, and it includes all departments,
programs, systems, and activities of the District.
Department/Program
Superintendants Office
Administration
Control Environment (Strategic Plan and Tone at the Top)
Reflected in staffing decisions, budgets, and dept goals, objectives, & procedures?
Policies and Procedures, internal communication, safety, evaluations, etc
Academics/Teaching & Learning
Executive Director Offices
Research, Evaluation & Assessment-SISO
Reliability and usefulness of data in analyzing program effectiveness
MAP Assessment
Student Information Services Office (SISO)
Testing Integrity
Enrollment Reporting/Student Counts
e-SIS Phase Out Plan
English Language Learners (ELL)
Bilingual Family Center
Migrant Education
Refugee Impact
International Education
Special EducationAdministration/Contracting
Reporting/Compliance
Student Discipline
Individualized Education Plan (IEP)
Physical Therapy
School Psychologists
Speech Language Pathology Audiology
Career & Technical Education
Agriculture, Arts, Media, Science, & Engineering
Business, Marketing, & IT
Special Population City Campus CounselingHealth & Human Services and Family & Consumer Science
Career Academics
Counselor Nontraditional
Program Analyst
Auto Shop
College & Career Readiness
Curriculum & Instruction
Page 17 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
20/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Math & Science
Science Materials Center
Literacy & Social Studies
Library Services & TechnologyInstructional Support
Head Start
Physical Ed & Health Literacy
Professional Development & PLC
Native American Education (Federal Funding)
Visual & Performing Arts
Merit & School Improvement Grants
Early Learning
Advanced Learning
Alternative Programs (Southlake, Interagency, Pinehurst, Pathfinder)
Alternative Learning Experience
Adequate documentation to support funding?
Traffic Education
All City Band
Approved Instructional Materials Catalog
Professional Library
Huchoosedah Indian Education
Booster Clubs
STAR Program
ASB at Schools
Cash Handling
Classes, Clubs, Private Monies
AthleticsClass fees
Graduation Requirements
Effectiveness of Academic Programs(Working or can they be cut entirely?)
Intervention ProgramsDoes an intervention program such as math really improve a students
performance?
KNHC Radio
Instructional Broadcast Center
Partnerships, Policy, & Communications
School & Community Partnerships
Community Schools Grant CoordinatorAcceptable Expenditures Out of Community Schools
Alignment Initiative Coordinator
Supplemental Education Services
Communications Office
Board Office
Board Policies
School Family Partnerships
Page 18 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
21/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Outreach & Training Specialist
Readiness to Learn
Family & Community Engagement
Building and Ground UseRental/Lease Rates
Outside organization in the classroom and after school programs
Volunteering with SPS
Background checks
Government Relations
PDC Reports and Quarterly L-5s
Operations
Logistics/ Procurement & Distribution Services
Purchasing
Contracting Services/Bid Compliance
Warehouse & Distribution
Mail Services
Fleet Management
Vehicle Usage
Transportation
Operations/Efficiency
ORCA Cards
Enrollment & Customer Services
Open Enrollment
Facilities Operations
Operations (Property Mgmt/Grounds)
MaintenanceInter-dept billing
Prioritizing Projects 1st come/1st served, or based on need or ability to pay?
Custodial Services
Rentals/Facility Usage
Buildings and Grounds Use (Also related to Partnerships, Policy, & Communications)
Insurance Requirement
Self Help
Energy Conservation (Reduction of utility costs)
Environmental Services
Surplus Warehouse
Major Preventive MaintenanceWork Management System (WMS)
Capital Projects & Planning
Capital Facilities
Capital Project Management
Capital Planning Coordination
Capital Facilities Communication
Capital Document Control
Page 19 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
22/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Capital Financial Controls
Building Excellence (BEX)
Buildings, Technology & Academics (BTA)
Small Works
Capitalization/ValuationCIP
Appropriate Usage of Capital Funds
Staffing
Supplies and textbooks
Storage of Furniture and Portables
Technology
Board Disclosure Public Bids/Splitting of Contracts/Change Orders
Project Planning/Design
Current capacity vs. future need
Change Orders
Disclosure of Known Conditions Upfront
Planning for Unknown Conditions
Impact of Enrollment Projections
Levy Planning Process
Overpayments to Vendors
Invoice Standardization
Asset Management
Technology Services (DoTS)
Tech Plan Long term strategies for upgrades and replacement
System Security & Access
Backup & Recovery Procedures
Data Disaster Recovery (Also relates to Continuity of Operations)
Equipment PurchasingEquipment Tracking
Equipment Surplus
Software Licenses
Publishing Services
Project Management
Application Services
Customer Support/TechLine
Operations/Network Services
Web Publishing Support
Classroom Technology
Proper Use of Capital FundsUse of Contractors vs. Hiring of Employees
Telephones (Telecommunications)
Voicemail
Standard Course Catalog Search
eSIS Student Reporting System
Records Management
Archives (Legal?)
Page 20 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
23/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
School Record Retention
Student Records
Safety & Emergency Management
Emergency Communications
Alarm ResponseFingerprinting
School Security
Key Inventory
Athletics
Gate Receipts
Tournaments
Rentals/Facility Usage
Fundraising/ASB Compliance
Recruiting
Academic Integrity
Coordinated School Health
School Nurses
Nutrition Services
Cash Handling
Expenditure Cycle
Fixed Assets
Inventory Controls
Inter-dept billing
Federal and State Health Regulations Compliance
Centralized Cooking Did it reduce costs? Did it also reduce sales?
Family Support Program
Health Intervention
TruancyDiscipline
Intervention
Homelessness
Health Network
Operations Analysis & Special Projects
Management Systems
Professional Development
Tracking & Compliance
Administration/Course Offerings
Data Analysis-Grants Management
Asst Superintendant Business & Finance
Accounting/Finance
Audit Response
Budget Office
Development
Monitoring
Transfers
Page 21 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
24/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Personal Service Contracts
Scope of Work
Management of Contract/Invoice Review
Insurance/Liability
Accounts PayableEmployee Expense Reimbursements (Avenue to bypass purchasing procedures?)
Travel Agent & Expenditures
Purchasing Cards???
Payroll and Leave Time Reporting
Billing
Accounts Receivable/Collections
General Ledger/Financial Reporting
Grant Accounting
Cash Collection
Treasury/Investment Management (King County)
Centralized ASB Procedures
Purchasing (1/1/12)
Contracting Services/Bid Compliance (1/1/12)
Debt Service Fund
Bonds
Kindergarten Tuition
Loss Reporting to the SAO
Furlough Administration
Risk Management
Enterprise Risk Management
Insurance Claims & Processing
Safety DOSH Compliance
Workers Compensation (Also related to HR)Administration
Disability Payments
School Health Rules DOH
Student Safety
Insurance WORMP
Incident/Accident Reviews
Safe Routes to School
DOT Random drug/alcohol screening
Medicare Secondary Payout
On-school Activities (Bouncy Houses, Dunk Tanks, etc)
Fire PreventionHIV/AIDS Education Compliance
School Site Emergency Mgmt Plan/Critical Incident Mgmt for School Training
Asbestos Management Plan
Continuity of Operations
Plan in place for disasters, loss of facilities, pandemics, loss of key personnel?
Enrollment
Planning and Projections
Page 22 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
25/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Impact on Staffing (# of Teachers Impact to Principals and HR)
Impact on zoning, construction, & school resources (equip, lunches, books)
Local Levies
Time & Effort Reporting Federal Funds
Deputy Superintendants Office
General Counsel
Public Records Requests
Section 504 Coordinator
Contracting
Human Resources and Employment
Recruitment & Selection
Position Control
Staff Mix S-275 Reporting
Transfers & Promotions
Performance Evaluations
Terminations/Retirements
Temporary Contracts (Are they really an employee?)
Personnel Records
Professional Certification
Employee Labor Relations/Discipline
Timeliness of investigations/resolutions
Quality of investigations
Severance Packages
Substitutes
Compensation
Benefits
Regular bidding of providers and administrator contractsEmployee Assistance Program (EAP)
Compliance (FMLA, Harassment, etc)
Adding/Removing Employees from Payroll System
File Room
Professional Growth & Leadership
Teacher Consulting
SIG Schools
Principal Consulting
Teacher Incentive Fund (TIF)
Career Advancement, Growth and Support
Office of Internal Audit
Internal Audit Peer Review
Additional Audit Areas (Not Identified on the Org Charts)
Grants and Fiscal Compliance(Part of Teaching & Learning Merit & School Improvement
Grants or part of Partnership, Policy, & Communications Community Schools Grant
Coordinator or part of Operations Data Analysis Grants Mgmt?)
Page 23 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
26/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Inventory(Part of Nutrition Services, warehouse, or ICT? What is accountings role?)
Physical Inventories/Tracking
Valuation
Surplus/Retirements
Small and Attractive AssetsScrap Metal
National Board Certification(Part of Teaching & Learning or HR?)
Service Learning
Inter-department billing
Source
Teach for America
Reduction in Force Planning
Self Help Accounting
Contract Negotiations (An audit could be valuable in an area is due for negotiation soon.)
Seattle Schools Scholarship Fund Outside Agency
Alliance for Education Outside Agency
Public Education Foundations???
DonationsIs there a centralized donation office? Does central office know when a school receives
a donation?
Other Projects to Include in the Audit Plan
1. Special Requests, investigations, and hotline referrals2. SAO Loss Reporting and Restitution Agreements3. Hiring of new staff members4. Developing department Mission, goals, and objectives5. Developing department policy and procedures manual6. Documenting GAGAS (Yellow Book) compliance7. Department Website creation8. Audit Plan Development9. Annual Summary for School Board10. Internal Audit Administrative Duties11.Professional Development
Page 24 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
27/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix B
Appendix B shows those areas that are being eliminated from the audit universe because they are
deemed to be low risk with respect to financial controls and compliance. Areas eliminated are lined out:
Department/Program
Superintendants Office
Administration
Control Environment (Strategic Plan and Tone at the Top)
Reflected in staffing decisions, budgets, and dept goals, objectives, & procedures?
Policies and Procedures, internal communication, safety, evaluations, etc
Academics/Teaching & Learning
Executive Director Offices
Research, Evaluation & Assessment-SISO
Reliability and usefulness of data in analyzing program effectiveness
MAP Assessment
Student Information Services Office (SISO)
Testing Integrity
Enrollment Reporting/Student Counts
e-SIS Phase Out Plan
English Language Learners (ELL)
Bilingual Family Center
Migrant Education
Refugee Impact
International Education
Special Education
Administration/ContractingReporting/Compliance
Student Discipline
Individualized Education Plan (IEP)
Physical Therapy
School Psychologists
Speech Language Pathology Audiology
Career & Technical Education
Agriculture, Arts, Media, Science, & Engineering
Business, Marketing, & IT
Special Population City Campus Counseling
Health & Human Services and Family & Consumer ScienceCareer Academics
Counselor Nontraditional
Program Analyst
Auto Shop
College & Career Readiness
Curriculum & Instruction
Math & Science
Page 25 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
28/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Science Materials Center
Literacy & Social Studies
Library Services & Technology
Instructional SupportHead Start
Physical Ed & Health Literacy
Professional Development & PLC
Native American Education (Federal Funding)
Visual & Performing Arts
Merit & School Improvement Grants
Federal Grants/Title 1
Early Learning
Advanced Learning
Alternative Programs (Southlake, Interagency, Pinehurst, Pathfinder)
Alternative Learning Experience
Adequate documentation to support funding?
Traffic Education
All City Band
Approved Instructional Materials Catalog
Professional Library
Huchoosedah Indian Education
Booster Clubs
STAR Program
ASB at Schools
Cash Handling
Classes, Clubs, Private Monies
AthleticsClass fees
Graduation Requirements
Effectiveness of Academic Programs(Working or can they be cut entirely?)
Intervention ProgramsDoes an intervention program such as math really improve a students
performance?
KNHC Radio
Instructional Broadcast Center
Partnerships, Policy, & Communications
School & Community Partnerships
Community Schools Grant CoordinatorAcceptable Expenditures Out of Community Schools
Alignment Initiative Coordinator
Supplemental Education Services
Communications Office
Board Office
Board Policies
School Family Partnerships
Page 26 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
29/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Outreach & Training Specialist
Readiness to Learn
Family & Community Engagement
Building and Ground UseRental/Lease Rates
Outside organization in the classroom and after school programs
Volunteering with SPS
Background checks
Government Relations
PDC Reports and Quarterly L-5s
Operations
Logistics/ Procurement & Distribution Services
Purchasing
Contracting Services/Bid Compliance
Warehouse & Distribution
Mail Services
Fleet Management
Vehicle Usage
Transportation
Operations/Efficiency
ORCA Cards
Enrollment & Customer Services
Open Enrollment
Facilities Operations
Operations (Property Mgmt/Grounds)
MaintenanceInter-dept billing
Prioritizing Projects 1st come/1st served, or based on need or ability to pay?
Custodial Services
Rentals/Facility Usage
Buildings and Grounds Use (Also related to Partnerships, Policy, & Communications)
Insurance Requirement
Self Help
Energy Conservation (Reduction of utility costs)
Environmental Services
Surplus Warehouse
Major Preventive MaintenanceWork Management System (WMS)
Capital Projects & Planning
Capital Facilities
Capital Project Management
Capital Planning Coordination
Capital Facilities Communication
Capital Document Control
Page 27 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
30/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Capital Financial Controls
Building Excellence (BEX)
Buildings, Technology & Academics (BTA)
Small WorksCapitalization/Valuation
CIP
Appropriate Usage of Capital Funds
Staffing
Supplies and textbooks
Storage of Furniture and Portables
Technology
Board Disclosure Public Bids/Splitting of Contracts/Change Orders
Project Planning/Design
Current capacity vs. future need
Change Orders
Disclosure of Known Conditions Upfront
Planning for Unknown Conditions
Impact of Enrollment Projections
Levy Planning Process
Overpayments to Vendors
Invoice Standardization
Asset Management
Technology Services (DoTS)
Tech Plan Long term strategies for upgrades and replacement
System Security & Access
Backup & Recovery Procedures
Data Disaster Recovery (Also relates to Continuity of Operations)Equipment Purchasing
Equipment Tracking
Equipment Surplus
Software Licenses
Publishing Services
Project Management
Application Services
Customer Support/TechLine
Operations/Network Services
Web Publishing Support
Classroom TechnologyProper Use of Capital Funds
Use of Contractors vs. Hiring of Employees
Telephones (Telecommunications)
Voicemail
Standard Course Catalog Search
eSIS Student Reporting System
Records Management
Page 28 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
31/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Archives (Legal?)
School Record Retention
Student Records
Safety & Emergency ManagementEmergency Communications
Alarm Response
Fingerprinting
School Security
Key Inventory
Athletics
Gate Receipts
Tournaments
Rentals/Facility Usage
Fundraising/ASB Compliance
Recruiting
Academic Integrity
Coordinated School Health
School Nurses
Nutrition Services
Cash Handling
Expenditure Cycle
Fixed Assets
Inventory Controls
Inter-dept billing
Federal and State Health Regulations Compliance
Centralized Cooking Did it reduce costs? Did it also reduce sales?
Family Support ProgramHealth Intervention
Truancy
Discipline
Intervention
Homelessness
Health Network
Operations Analysis & Special Projects
Management Systems
Professional Development
Tracking & Compliance
Administration/Course OfferingsData Analysis-Grants Management
Asst Superintendant Business & Finance
Accounting/Finance
Audit Response
Budget Office
Development
Page 29 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
32/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Monitoring
Transfers
Personal Service Contracts
Scope of WorkManagement of Contract/Invoice Review
Insurance/Liability
Accounts Payable
Employee Expense Reimbursements (Avenue to bypass purchasing procedures?)
Travel Agent & Expenditures
Purchasing Cards???
Payroll and Leave Time Reporting
Billing
Accounts Receivable/Collections
General Ledger/Financial Reporting
Grant Accounting
Cash Collection
Treasury/Investment Management (King County)
Centralized ASB Procedures
Purchasing (1/1/12)
Contracting Services/Bid Compliance (1/1/12)
Debt Service Fund
Bonds
Kindergarten Tuition
Loss Reporting to the SAO
Furlough Administration
Risk Management
Enterprise Risk ManagementInsurance Claims & Processing
Safety DOSH Compliance
Workers Compensation (Also related to HR)
Administration
Disability Payments
School Health Rules DOH
Student Safety
Insurance WORMP
Incident/Accident Reviews
Safe Routes to School
DOT Random drug/alcohol screeningMedicare Secondary Payout
On-school Activities (Bouncy Houses, Dunk Tanks, etc)
Fire Prevention
HIV/AIDS Education Compliance
School Site Emergency Mgmt Plan/Critical Incident Mgmt for School Training
Asbestos Management Plan
Continuity of Operations
Page 30 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
33/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Plan in place for disasters, loss of facilities, pandemics, loss of key personnel?
Enrollment
Planning and Projections
Impact on Staffing (# of Teachers Impact to Principals and HR)Impact on zoning, construction, & school resources (equip, lunches, books)
Local Levies
Time & Effort Reporting Federal Funds
Deputy Superintendants Office
General Counsel
Public Records Requests
Section 504 Coordinator
Contracting
Human Resources and Employment
Recruitment & Selection
Position Control
Staff Mix S-275 Reporting
Transfers & Promotions
Performance Evaluations
Terminations/Retirements
Temporary Contracts (Are they really an employee?)
Personnel Records
Professional Certification
Employee Labor Relations/Discipline
Timeliness of investigations/resolutions
Quality of investigations
Severance PackagesSubstitutes
Compensation
Benefits
Regular bidding of providers and administrator contracts
Employee Assistance Program (EAP)
Compliance (FMLA, Harassment, etc)
Adding/Removing Employees from Payroll System
File Room
Professional Growth & Leadership
Teacher Consulting
SIG SchoolsPrincipal Consulting
Teacher Incentive Fund (TIF)
Career Advancement, Growth and Support
Office of Internal Audit
Internal Audit Peer Review
Page 31 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
34/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Department/Program
Additional Audit Areas (Not Identified on the Org Charts)
Grants and Fiscal Compliance(Part of Teaching & Learning Merit & School Improvement
Grants or part of Partnership, Policy, & Communications Community Schools Grant
Coordinator or part of Operations Data Analysis Grants Mgmt?)Inventory(Part of Nutrition Services, warehouse, or ICT? What is accountings role?)
Physical Inventories/Tracking
Valuation
Surplus/Retirements
Small and Attractive Assets
Scrap Metal
National Board Certification(Part of Teaching & Learning or HR?)
Service Learning
Inter-department billing
Source
Teach for America
Reduction in Force Planning
Self Help Accounting
Contract Negotiations (An audit could be valuable in an area is due for negotiation soon.)
Seattle Schools Scholarship Fund Outside Agency
Alliance for Education Outside Agency
Public Education Foundations???
DonationsIs there a centralized donation office? Does central office know when a school receives
a donation?
Other Projects to Include in the Audit Plan
12.Special Requests, investigations, and hotline referrals13.SAO Loss Reporting and Restitution Agreements14.Hiring of new staff members15.Developing department Mission, goals, and objectives16.Developing department policy and procedures manual17.Documenting GAGAS (Yellow Book) compliance18.Department Website creation19.Audit Plan Development20.Annual Summary for School Board21. Internal Audit Administrative Duties22.Professional Development
Page 32 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
35/47
Appendix C Risk Assessment and Audit Plan
1 2 3 4 5 6 7 8 9 10
Audit Area
Compliance
Impact
Financial
Impact
Previous Audit
Exceptions *Overall
Risk
Rating
Planned
Control
Monitoring
Current or Planned
Activities
(Non-Internal Audit)
2011/2012
Audit Plan2009 2010 2011
Human Resources High High SAO SAO SAO High OWS 3/21/12 Review and restructuringFull-Scope
AuditCentralized ASB Procedures High Medium SAO High Increased training
Technology Services High High High
Inventory/Equipment Tracking High Medium SAO SAO SAO High A&F Annual Improved process Follow-up
AuditPersonal Service Contracting High Medium SAO SAO SAO High Improved procedures
Transportation High High SAO SAO High OWS 2/8/12 New service model
Limited Site-
Based
Procedures
(Procedures
will verify that
key controls
specific to
these areas are
be performed
at 6 schools.
The results of
these audits
will also
support the
Full-Scope
Audits and the
Follow-Up
Audits.)
Payroll and Leave Time Reporting High High SAO SAO SAO High OWS 10/26/11 Improved procedures
Enrollment/Student Counts High High SAO SAO SAO High Improved procedures
School Security High High High
Risk Management High High High OWS 6/6/12
Grants and Fiscal Compliance High High SAO SAO SAO High
Purchasing & Contracting High High High OWS 8/17/11
Nutrition Services High High SAO High OWS 11/30/11 Centralized production
Volunteering with SPS High High High
Rentals/Facility Usage Medium High SAO SAO High OWS 2/1/12
Time & Effort Reporting High Medium SAO SAO Medium Training
Donations High Medium Medium
Athletics High Medium SAO Medium OWS 11/30/11
Expense Reimbursements High Medium Medium
Travel Agent & Expenditures High Medium SAO SAO Medium Revised procedure
Kindergarten Tuition High Medium SAO Medium Centralized billing function
ASB and Self Help at Schools High Medium SAO SAO Medium Increased training
Class Fees & Student Fines High Medium Medium
Loss Reporting to the SAO High Low SAO SAO SAO Medium Revised procedure
Booster Clubs Medium Low Medium
OWS = Oversight Work Session *Includes Audit Findings, Management Letter Items, and Exit Items, as
well as recommendations from Performance Audits and Special
Investigations.
SAO = State Auditors Office
A&F = Audit & Finance Committee
ESD = Educational Service District
Page 33 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
36/47
Appendix C Risk Assessment and Audit Plan
1 2 3 4 5 6 7 8 9 10
Audit Area
Compliance
Impact
Financial
Impact
Previous Audit
Exceptions *Overall
Risk
Rating
Planned
Control
Monitoring
Current or Planned
Activities
(Non-Internal Audit)
2011/2012
Audit Plan2009 2010 2011
Capital Projects & Planning High High SAO SAO SAO High OWS 4/4/12ESD 112 review &
SAO Audit-Winter2011/2012
Future Audit
Engagement
Based on
Subsequent
Years Risk
Assessment
Enrollment Planning & Projection High High High OWS 3/7/12
Special Education High High SAO SAO High
Staff Mix High High SAO SAO High
Federal Programs (Head Start, Title1, Native American Education)
High High SAO SAO SAO High
Treasury/Investment Mgmt High High SAO High
Safety & Emergency Mgmt High High High OWS 5/23/12
Maintenance Medium High SAO High OWS 2/1/12
Accounts Payable Medium High SAO SAO SAO High OWS 10/26/11 Improved procedures
Budget Development Medium High High
General Counsel High High High OWS 6/20/12
Reduction in Force Planning Medium High High
Custodial Services Medium High High OWS 2/1/12
Energy Conservation Low Medium Medium
Central Office Cash Collection High Medium SAO Medium
Property Management High Medium SAO Medium OWS 2/1/12 Improved procedures
Purchasing Cards High Medium SAO Medium
Alternative Learning Experience High Medium MediumGL/Financial Reporting High Low SAO SAO Medium OWS 10/26/11 Improved process
Billing, A/R, & Collections Medium High Medium
Overall Control Environment Medium Medium Medium
Traffic Education Medium Medium Medium
Warehouse & Distribution Medium High Medium OWS 8/17/11
Fleet Management Medium Medium Medium
Enrollment & Customer Services Medium Low Medium
School & Community Partners Medium Medium Medium
Surplus Warehouse Medium Medium Medium
Environmental Services Low Medium Medium
Enterprise Risk Management Low Medium Medium New Function - A&F Quarterly & OWS 6/6/12
Page 34 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
37/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix D - Available Resources
The following information is based on the Director of Internal Audit being available for audit work on
October 12, 2011, and the two Internal Audit staff members being available on January 3, 2012. Resources
are calculated through August 31, 2012:
Description Hours
% of Total
Time Available
Total Contract Hours 4648 100%
Less Total Leave Time 565 12%
Net Hours Available 4083 88%
Less General Administration (10%) 408 9%
Hours Available for Project Scheduling: 3674 79%
Department-Wide Projects:
Supervision of Staff Auditors (45% of Staff Project Time) 886 19%
District/New Employee Training (5 days per person) 120 3%
CPE Training (40 hrs per person annually) 93 2%
Special Request Protocols 24 1%
Hiring of New Staff Members 40 1%
Developing Department Mission, goals, and Objectives 16 0%
Developing Department Policy and Procedures Manual 40 1%
Documenting GAGAS (Yellow Book) Compliance 40 1%
Department Website Creation & Maintenance 40 1%
Total Dept-Wide Projects: 1299 28%
Audit Projects:
Audit Plan Development 120 3%
Special Requests (12% of Available Project Time) 414 9%
Internal Audit Annual Summary 40 1%
Special Request - Capital Contracting 80 2%
Special Request - Use of Special Ed Funds 50 1%
Development of Site-Based Audit Program 80 2%
Human Resources System Audit 400 9%
CSA - High School 150 3%
CSA - Middle School 120 3%
CSA - Elementary School 100 2%
Inventory/Equipment Tracking System Audit 100 2%
CSA - High School 150 3%CSA - Middle School 120 3%
CSA - Elementary School 100 2%
Personal Service Contracts System Audit 100 2%
Centralized ASB System Audit 150 3%
Technology Services System Audit (101 hrs this year) 400 9%
Total Audit Projects 2674 58%
Planned Carryover Hours (DoTS) -299 -6%
Page 35 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
38/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix E Internal Audit Process Flowchart
Page 36 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
39/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix F Staff Biographies
Andrew Medina, CPA, CFE,Director of the Office of Internal Audit
Andrew is a Certified Public Accountant (CPA), a Certified Fraud Examiner (CFE), and has over 18 years of
audit experience. He joined Seattle Public Schools in August of 2011, after serving four years as a SeniorAuditor for the Port of Seattle. Prior to joining the Port, Andrew was an internal auditor for the Clark
County School District in Las Vegas, Nevada. He spent five years managing and conducting financial,
operational, and compliance audits of the Nations fifth largest school district. As a Certified Fraud
Examiner, Andrew was the department's fraud specialist, responsible for conducting the majority of the
Districts fraud investigations, as well as providing training to management and staff on fraud awareness
and prevention. His fraud case study based on actual elementary school events was published in Internal
Auditormagazine in February 2009. Prior to joining the Clark County School District, Andrew was a
senior auditor with the State of Nevada Gaming Control Board. For 10 years Andrew helped regulate the
casino industry by managing and conducting compliance, money laundering, and financial audits of
Nevadas largest casinos.
Vacant Internal Auditor
Vacant Internal Auditor
Page 37 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
40/47
Office of Internal Audit
Annual Risk Assessment and Audit Plan
2011-2012
Appendix G
Page 38 of 45
-
8/2/2019 SPS Annual Risk Assessment and Audit Plan - October 2011
41/47
Organizational Chart2011-12
SuperintendentSusan Enfield
(Interim)saenfield
206.252.0167
Assistant SuperintendentTeaching & LearningCatherine Thompson
ctthompson206.252.0017
AssistanO
P
2
Director,Logistics
Bob Westgard
Director,Capital Projec
Lucy Morello
Manager, SafetEmergency Mg
Larry Dorsey
School Board206.252.0040
Director,Internal Audit
Andrew Medina
ajmedina
Executive Directorsof Schools
NE RegionPhil Brockman
pbrockman206.252.0150
Central RegionNancy Coogan
necoogan206.252.0103
NW RegionMarni Campbell
macampbell206.252.0396
W. Seattle RegionAurora Lora
aalora206.252.0396
SE RegionMichael Tolley
mftolley206.252.0150
SE RegionBree Dusseault
bndusseault206.252.0103
ManagerSchool FamilyPartnerships
Bernardo Ruiz
Manager, School &CommunityPartnerships
Courtney Cameron
Manager, SchoolBoard OfficeErinn Bennett
Director, AthletEric McCurdy
Exec. DirectorResearch, Eval.Assessment &Development
Mark Teoh
Exec. DirectorSpecial Ed
Becky Clifford(Interim)
Director, EnglishLanguage Learners
& InternationalPrograms
Veronica Gallardo
Manager,Career & Technical
EdShep Siegel
Coordinator,College & Career
Readiness
Janet Blanford
Director, Curriculum& Instruction Support
Wendy London
Exec. Director,Merit & School
Improvement GrantsScott Whitbeck
Manager,Early Learning
Kimberly Kinzer
Manager,Advanced Learning
Robert Vaughan
Traffic Education
ChiefCommunications
OfficerLesl