The URL can be used to link to this page

Home My WebLink About04.c. Receive presentation introducing the concept of an internal audit function at Central SanPage 1 of 12 Item 4.c. S Central Contra Costa Sanitary District November 21, 2017 TO: ADMINISTRATION COMMITTEE FROM: PHIL LEIBER, DIRECTOR OF FINANCE &ADMINISTRATION THERESA NIDETZ, TEMPORARY INTERNAL AUDITOR REVIEWED BY: ANN SASAKI, DEPUTY GENERAL MANAGER ROGER S. BAILEY GENERAL MANAGER SUBJECT: RECEIVE PRESENTATION INTRODUCING THE CONCEPT OF AN INTERNALAUDIT FUNCTIONAT CENTRAL SAN Attached is a presentation introducing the concept of an internal audit function at Central San. The FY 2017-18 Strategic Plan indicates that Central San will complete three internal audits of designed high risk areas during this fiscal year. This presentation provides context for the audit work that is to be completed in this and future years. Strategic Plan Tie -In GOAL THREE: Be a Fiscally Sound and Effective Water Sector Utility Strategy 2 - Manage Costs ATTACHMENTS: 1. Internal Audit Introductory Presentation November 21, 2017 Regular ADMIN Committee Meeting Agenda Packet - Page 47 of 59 INTERNAL AUDIT FRAMEWORK _EIBER, DIRECTOR OF FINANCE & ADMINISTRATION .November �. ,r ADMI .. THERESA NIDETZ, INTERNAL AUDIT NOVEMBER 21, 2017 IN L1 VA w IK 0 Senior Management ;l• Governing Body / Board / Audit Committee rn x C co DQ c, c Financial Control m Security C Management Internal Risk Management Internal Contrl Controls MeasuresQualit y Audit Inspection Compliance INTERNAL AUDIT DEFINITION AND MISSION Per the Institute of Internal Audits (IIA) Definition of internal auditing: "An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes" Mission of Internal Audit is: "To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight." WHO DECIDES WHAT TO AUDIT? Ad Hoc Changes ` during year Annual Internal Audit Plan Internal Audits Completed Annually CENTRAL SAN PRELIMINARY RISK INVENTORY OVERVIEW 25 20 15 10 5 0 Central San Preliminary Risk Inventory: Number of Risks per Category 5. Operational Reliability 6. Technology, Innovation, Environmental Sustainability -75 risks identified through interviews with Central San managers Risk = what could prevent us from achieving our strategic goals Risks classified using the six strategic plan goal categories s s a .i � b.1 -F.qr r 1. Customer 2. Regulatory/ Legal 3. Fiscally Sound 4. Trained, Safe, Service, / Contractual and Effective Utility Innovative Reputational / Workforce Ethics 5. Operational Reliability 6. Technology, Innovation, Environmental Sustainability -75 risks identified through interviews with Central San managers Risk = what could prevent us from achieving our strategic goals Risks classified using the six strategic plan goal categories s s a .i � b.1 -F.qr r RISK ASSESSMENT What and where is the risk? Who is responsible for managing it? How significant is it? (frequency * impact) Inherent risk Residual risk (after mitigation measures and controls) Then, what else can be done to address the risk? Additional controls Internal audits or other reviews Enterprise Risk Management: Manage the risks and report on progress 4 1 - -F.qr r RISK ASSESSMENT- EXAMPLE ITEM Ref. ID Process Name Responsible Responsible Potential Areas of Division Manager Impact Lab- Comply with Regulatory, 69 new accreditation Regulatory Lori Schectel Financial Standard Raw, Unmitigated Risk Risk Description of Risk (Not listing actual occurances at Central San,justthe risks we Risk Severity Likelihood/ Risk level face) Frequency If laboratory cannot comply with accreditation standard, laboratory test M M 4 would need to be sent out for analysis by TNI accredited lab. Mitigation/Remedies currently in place/practice (and not in place but could be) 1. Training onTNI 2016Standard. 2. Audit laboratory with TNI checklists from State of Virginia. 3. Hire well-qualified supervisors and staff. Effectiveness at Responsible Preventing Problem Individual Risk Post -Mitigation Procedure (L, M, H) Risk Severity Risk Likelihood/ Risk level Frequency H Esparza, M L 2 Schectel RNAL AHDIT HF.R0111; Consultants / Contracted Internal Auditors Accounting Firm Resources Internal Audit Work Central San Staff POTENTIAL INTERNAL AUDIT EVOLUTION AT CENTRAL SAN Starting (FY2017-18) (Yr1) - Introduce concept - Begin to establish a Framework - Complete 3-4 internal audits Maturing (Future Years) -Integrated with other Risk Control Measures (consider Test and Build Function Enterprise Risk - Look to practices at peer utilities IManagement, etc.) - Adopt/refine staffing approach - Improve function, develop procedures - Embed as routine part of Central San Governance - Begin conversation on Enterprise Risk Management Possible Goals -Compliant with "Institute of Internal Auditors" (IIA) standards EXPECTED Fy?nl 7-18INTERNAL AUDITS Area Performed by P -Cards Maze & Associates Petty Cash Theresa Nidetz/District Internal Audit Lab Controls Quality Assurance Solutions, LLC Payroll Controls Review Theresa Nidetz/District Internal Audit Revenue / Collections TBD/Still scoping QUESTIONS AND DISCUSSION Page 1 of 1 Item 6.a. TUESDAY, DECEMBER 12, 2017 AT 8:30 A.M. 2018 MEETING DATES TO BE DETERMINED This item has no backup material November 21, 2017 Regular ADMIN Committee Meeting Agenda Packet - Page 59 of 59