Minutes — November 2016 Audit Committee Meeting

2016 Council and Committee Meetings

Attendance

Committee Members Present

  • Kristen Cox, Chair
  • Mary Durheim, Council Chair
  • Scott McAvoy
  • John Thomas

Committee Members Absent

  • Amy Sharp

Guests Present

  • Daniel Graves, Weaver and Tidwell

Staff Members Present

  • Beth Stalvey, Executive Director
  • Martha Cantu
  • Cynthia Ellison
  • Jessica Ramos
  • Joshua Ryf
  • Koren Vogel

Call To Order

The Audit Committee of the Texas Council for Developmental Disabilities convened on Wednesday, November 2, 2016, at the Sonesta Bee Cave-Austin, 12525 Bee Cave Parkway, Bee Cave, TX 78738. Committee Chair Kristen Cox called the meeting to order at 2:06 PM.

  1. Introductions
    Committee members, staff and guests were introduced. Committee member Amy Sharp participated as a non-voting member through conference call.

  2. Public Comments
    No public comments were offered to the Committee.

  3. Consideration of Minutes
    The Committee reviewed the minutes from the October 13, 2015, Committee meeting. No revisions were offered.

    MOTION: To approve the minutes of the October 13, 2015, Audit Committee meeting as presented.
    MADE BY: Mary Durheim
    SECOND: Scott McAvoy
    The motion passed without opposition.

  4. Review of FY 2016 Findings and Observations for Website Maintenance
    Daniel Graves, Senior Manager from Weaver & Tidwell LLP discussed internal audit activities and noted that he planned to change the order of the agenda based on his presentation. Graves first presented the findings from the 2016 internal audit on TCDD Website Maintenance. An overall assessment rating of “satisfactory” was awarded. Graves explained the audit focused on current procedures in place for appropriate risk and regulatory coverage and compliance to ensure efficient and effective processes. Key functions and sub-processes that were reviewed included Content Management, Reporting, and Accessibility. The objectives of the audit were:

    1. Determine whether internal controls in the Website Maintenance process are designed to ensure that consistent processes are implemented for content management, reporting and accessibility.

    2. Ensure that selected controls in the Website Maintenance processes are operating efficiently, effectively, and resulting in accurate information.

    A total of 20 controls were identified to be in place for website maintenance and were found to be generally operating as designed. Weaver made six recommendations to assist management in improving the website maintenance process. Of the six recommendations, three contained a moderate risk rating and three contained a low risk rating.

    The recommendations included:

    1. Formalize the process of logging, tracking, and documenting the approvals of changes to the agency’s website. (Moderate)

    2. Implement access administration procedures to document approval of user access permissions and a periodic review of user access rights. (Moderate)

    3. Develop a test environment to pilot software updates and patches prior to publishing them to live website. (Moderate)

    4. Document the review and approval of external links prior to posting them to TCDD’s website. (Low)

    5. Standardize procedures to document the performance of accessibility testing of website content. (Low)

    6. Require the website hosting vendor to provide regular website availability reports, backup space reports, and security reports to demonstrate compliance with contract terms. (Low)

    Graves discussed the response plans that TCDD management have drafted for the findings. He noted that action for findings 2 and 6 were implemented by September 30, 2016, action for findings 3 and 5 will be implemented by December 30, 2016, and action for findings 1 and 4 will be implemented by March 31, 2017.

  5. Consideration of the FY 2016 Annual Internal Audit Report
    Graves next discussed the FY 2016 Annual Internal Audit Report which is due to the State Auditor’s Office (SAO) and must be posted on the TCDD website in November 2016. While the official deadline for submission to the SAO is November 1, TCDD received an extension until November 7 to allow for the timing of the board meeting to obtain Council approval. The report is in the format prescribed by the SAO and includes an overview of FY 2016 Internal Audit Activities, consulting and non-audit services performed for TCDD, Internal Audit Quality Assurance Report, overview of the FY 2017 Internal Audit Plan, external audit services.

    MOTION: To recommend Council approval of the FY 2016 Internal Audit Report.
    MADE BY: Scott McAvoy
    SECOND: John Thomas
    The motion passed unanimously.

  6. Review of FY 2017 Audit Plan
    Graves next reviewed the FY 2017 Audit Plan noting that the planned audit area will be Grant Management and Administration. Activities to be evaluated will include the request for proposals (RFP) process, grant awards, grant issuance, grantee monitoring, sub-recipient monitoring, and grant reporting. The internal audit will also perform follow-up procedures to the FY 2015 and FY 2016 findings to ensure corrective action has been taken.

  7. Update — FY 2015 Audit of Controls and Procedures
    Graves reported that TCDD management is diligent in addressing the findings of the FY 2015 Audit of Controls and Procedures and that most will close with follow-up procedures. This concluded Graves’ participation in the meeting and he left at this time.

  8. Discussion of RFP Process to Select Internal Auditors for FY 2018 — FY 2021
    Operations Director Martha Cantu reported that the contract with Weaver and Tidwell will conclude in November 2017. TCDD will need to go through the bid process to obtain a new internal auditor. Cantu briefly reviewed the history of TCDD internal audit activities since 2002 as well as determined risk areas. Cantu discussed timelines for this process, noting that it will begin in April 2017 with a one-month posting to the Electronic State Business Daily website. The evaluation process, oral presentations and negotiation process will take place during the summer of 2017 so that a recommendation can be made to the Council at the August 2017 meeting. The new contract would begin September 1, 2017 at the beginning of FY 2018.

    Committee members agreed that the RFP should be similar in scope to the previous posting. John Thomas and Scott McAvoy agreed to help review the proposals.

  9. Other Updates
    No further topics were offered for Committee discussion.

Adjourn

Committee Chair Cox adjourned the Audit Committee at 3:12 PM

Beth Stalvey, Secretary to the Council