The URL can be used to link to this page

Home My WebLink About08.b. Receive presentation introducing the concept of an internal audit function at Central SanPage 1 of 7 Item 8.b. AOL Central Contra Costa Sanitary District December 21, 2017 TO: HONORABLE BOARD OF DIRECTORS FROM: PHILIP R. LEI BER, DIRECTOR OF FINANCEAND ADMINISTRATION THERESA NIDETZ, TEMPORARY INTERNALAUDITOR REVIEWED BY: ANN SASAKI, DEPUTY GENERAL MANAGER ROGER S. BAILEY, GENERAL MANAGER SUBJECT: RECEIVE PRESENTATION INTRODUCING THE CONCEPT OF AN INTERNAL AUDIT FUNCTION AT CENTRAL SAN. REVIEWED BY ADMINISTRATION COMMITTEE. Attached is a presentation introducing the concept of an internal audit function at Central San. The Fiscal Year 2017-18 Strategic Plan indicates that Central San will complete three internal audits of designated high risk areas during this fiscal year. This presentation provides context for the audit work that is to be completed in this and future years. This material was presented to the Administration Committee on November 21, 2017. Strategic Plan Tie -In GOAL THREE: Be a Fiscally Sound and Effective Water Sector Utility Strategy 2 - Manage Costs ATTACHMENTS: 1. Internal Audit Introductory Presentation December 21, 2017 Regular Board Meeting Agenda Packet - Page 85 of 107 Page 2 of 7 12/12/2017 7 . INTERNAL AUDIT INTRODUCTION & FRAMEWORK PHIL LEIBER, DIRECTOR OF FINANCE & ADMINISTRATION THERESA NIDETZ, INTERNAL AUDITOR DECEMBER 21, 2017 INTERNAL CONTROLS STRUCTURE The Three Lines of Defense Mode! Senior Management 1st Line of Defense 2nd Line of Defense 3rd tine of Defense i Adapted from ECIINFERMA Guidance on the 81h EU Co?npany Law Oi ective, article 41 1 December 21, 2017 Regular Board Meeting Agenda Packet - Page 86 of 107 Page 3 of 7 12/12/2017 INTERNAL AUDIT DEFINITION AND MISSION Per the Institute of Internal Audits (IIA) • Definition of internal auditing: "An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes" • Mission of Internal Audit is: "To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight." WHO DECIDES WHAT TO AUDIT? ComplaintsEthics Ad Hoc Changes during year Annual Internal Audit Plan Internal Audits Completed Annually 2 December 21, 2017 Regular Board Meeting Agenda Packet - Page 87 of 107 Page 4 of 7 12/12/2017 CENTRAL SAN PRELIMINARY RISK INVENTORY OVERVIEW Number of Risks per Category zs 20 is io s o 1. Customer 2. Regulatory/ Legal 3. Fiscally Sound 6. Trained, Safe, 5. Operational 6. Technology, Service, /Contractual and Effective Utility Innovative Reliability Innovation, Reputational/ Workforce Environmental Ethics Sustainability • —75 risks identified through interviews with Central San managers • Risk = what could prevent us from achieving our strategic goals • Risks classified using the six strategic plan goal categories RISK ASSESSMENT • What and where is the risk? • Who is responsible for managing it? • How significant is it? (frequency * impact) • Inherent risk (without any mitigation measures and controls) • Residual risk (after mitigation measures and controls) • What else can be done to address the risk? • Additional controls • Internal audits or other reviews • Enterprise Risk Management: Manage the risks and report on progress 3 December 21, 2017 Regular Board Meeting Agenda Packet - Page 88 of 107 RISK ASSESSMENT -EXAMPLE ITEM Ref. ID Process Name Responsible Responsible Potential Areas of Division Manager Impact ss [ae Analyaia Aeg�larary far. scrteetel Aeg.,la�ry, r.n ancui, Aeaar.lw.. Risk Risk Description of Risk (Not listing actual occurances at Central San, just the risks we Risk Severity Likelihood/ Risk level face) Frequency Incomplete or ry lalsined 11.1aanalyses u negatively empa ct operations with reyulamrequlremenK and can damage Central San's M H 6 Iln addition, [en Val Mn may leve the a dlibation needed to eendueL Pune, thus, requiring tnting by third -pony, MniMrl=Nn.m.d.....rr.mlyn.Pln..7r•.rli..Iw.d..x r.. W«.. P[lr.a.lw.y.wra ar �� nr v,..ei.nr �� Fpek Pott•MltlyaGgn srypcedure l Nirk 5ere0y Pofk LlkellM1aadl Ank Cerci l Crequerrr yrrallty Assarancelgaallty Conpnl program In place to labe ndependenl review o! lah analyaen by wmeene er Ihan 11, !oared the rtmuemn. n�atois 1 eduktyh of lab analyses is Part the em plpyees' performance evaluaGpn. E nyupnmental Clipper .. with regularly re'.. Slat. Water Board H a Reg. M L 2 AP) lnsper=[lona- Compliance Starting in early 2018, a th lyd -party oonsalling firm will Manager wide advice and audlu ler temprran[e with TNI ndwds. Staff participation M TNI !raining. 1001111111111L - INTERNAL AUDIT RESOURCES & POTENTIAL COMMITTEE REPORTING RELATIONSHIP Resources Committee Reporting Options rAudit Committee • Current Scope Includes: Risk Management 2. Finance & Audit Committee • Current Scope Includes: Appropriate Levels of Internal Controls, Financial Reporting, Fiscal Regulatory Compliance F3. Audit Committee • Not currently in place Page 5 of 7 12/12/2017 4 December 21, 2017 Regular Board Meeting Agenda Packet - Page 89 of 107 Page 6 of 7 12/12/2017 POTENTIAL INTERNAL AUDIT EVOLUTION AT CENTRAL SAN EXPECTED FY2017-18 INTERNAL AUDITS Area Performed by • P -Cards Maze & Associates • Petty Cash Theresa Nidetz/District Internal Audit • Lab Controls Quality Assurance Solutions, LLC • Payroll Controls Review Theresa Nidetz/District Internal Audit • Revenue / Collections TBD/Still scoping 5 December 21, 2017 Regular Board Meeting Agenda Packet - Page 90 of 107 Maturing (Future Years) Integrated with other Risk Control Measures (consider Test and Build Function Enterprise Risk Look to practices at peer utilities Management, etc.) Adopt/refine staffing approach Starting (FY2017-18) (Yr1) Improve function, develop Possible Goals Introduce concept procedures Compliant with "Institute - Begin to establish a - Embed as routine part of Central of Internal Auditors' (IIA) Framework San Governance standards Complete 3-4 internal audits - Begin conversation on Enterprise Risk Management EXPECTED FY2017-18 INTERNAL AUDITS Area Performed by • P -Cards Maze & Associates • Petty Cash Theresa Nidetz/District Internal Audit • Lab Controls Quality Assurance Solutions, LLC • Payroll Controls Review Theresa Nidetz/District Internal Audit • Revenue / Collections TBD/Still scoping 5 December 21, 2017 Regular Board Meeting Agenda Packet - Page 90 of 107 Page 7 of 7 12/12/2017 QUESTIONS AND DISCUSSION December 21, 2017 Regular Board Meeting Agenda Packet - Page 91 of 107