BACKGROUND The Office of Inspector General provides the Division of Emergency Management a central point for coordination of and responsibility for activities that promote accountability, integrity, and efficiency in government. Section 20.055(2), Florida Statutes, outlines the following responsibilities of the Inspector General: Provide direction for, supervise, and coordinate audits, investigations, and management reviews relating to the programs and operations of the Division. Review and evaluate internal controls to ensure fiscal accountability, efficiency and integrity of the Division s programs. Advise in the development of performance measures, standards, and procedures for the evaluation of Division programs. Assess the reliability and validity of the information provided by the state agency on performance measures and standards, and make recommendations for improvement Review actions taken by the Division to improve program performance. Conduct, supervise, or coordinate other activities carried out or financed by the Division for the purpose of promoting economy and efficiency in the administration of, or preventing and detecting fraud and abuse in, its programs and operations. Keep Division head informed concerning fraud, abuses, and deficiencies relating to programs and operations administered or financed by the Division, recommend corrective action concerning fraud, abuses, and deficiencies, and report on the progress made in implementing corrective action. Ensure effective coordination and cooperation between the Auditor General, federal auditors, and other governmental bodies with a view toward avoiding duplication. Review, as appropriate, rules relating to the programs and operations of the Division and make recommendations concerning their impact. Ensure that an appropriate balance is maintained between audit, investigative, and other accountability activities. Comply with the General Principles and Standards for Offices of Inspector General as published and revised by the Association of Inspectors General. These responsibilities are carried out by three positions within the Office of Inspector General: Deputy Inspector General and two Auditors (one full-time career service and one Other Personal Services employee). This plan was based on the results of: risk surveys conducted with Division management; risk assessment of subgrantees; review of previous audits performed; and review of Division financial information. Page 2 of 10
WORK PLAN LISTING The following is a listing of the FY2012-13 Work Plan, summaries concerning each item are provided on the pages below. Engagement Topics Department of Homeland Security Office of Inspector General Prior Audit Follow-up Review Performance Measure Review Subgrantee Contract Audits* Information Technology Prior Audit Findings Follow-up Management Requests and Investigations Single Audit Technical Assistance Single Audit Reviews (Federal and State) Single Audit Process Review External Audit Liaison State of Florida Auditor General Department of Homeland Security Office of Inspector General Other Value Added Services Computer Security Incident Response Team Catalog of State Financial Assistance Agency Annual Update 2014 Indirect Cost Allocation Plan (A-87) Audit and Fraud Awareness Training Chief Inspector General Enterprise Audit Topics Background Screenings* Computer Security Incident Response Teams* Long-term Engagement Topics Disaster Reservists Program* Contract Management* Procurement* Travel* Agreement processing* Vehicle Usage* Management and Administrative Costs* * Indicate the topic has been identified as an audit. Page 3 of 10
WORK PLAN SUMMARIES Office of Inspector General FY 2012-2013 Engagement Topics Topic Department of Homeland Security (DHS) Office of Inspector General (OIG) Prior Audit Follow-up Review Description The Department of Homeland Security Office of Inspector General issued 11 reports, during Fiscal Year 2011/12, concerning subgrants administered by the Division. Additionally, DHS OIG has seven on-going audits of Division subgrantees. A review will be conducted to determine if the root causes of their findings were adequately addressed by DEM Bureaus to mitigate future findings. Performance Measure Review Statutorily the Office of Inspector General is to advise in the development of performance measures, standards, and procedures for the evaluation of state agency programs. Also the OIG is to assess the reliability and validity of the information provided by the state agency on performance measures and standards, and make recommendations for improvement, if necessary, prior to submission of those measures and standards to the Executive Office of the Governor. A review of the Division s Long Range Program Plans performance measures will be conducted. Subgrantee Contract Audits Contract compliance audits will be conducted on the subgrantees listed below. These subgrantees were selected based on a risk assessment, which included Single Audit (A-133) results for the past three fiscal years, 2011 Fiscal Year expenditures, and DEM staff interviews. Miami, City of Miami-Dade County Orange County Port Orange, City of Broward County Page 4 of 10
Information Technology The Division s Information Systems Support was identified by Bureau management as an area of critical common reliance. The ISS section has undergone great changes and challenges during the past fiscal year, including changes to staff size and organizational placement. The Division s Agency for Enterprise Information Technology Security Risk Assessment, completed May 2012, identified 36 of 51 (70%) of questions were either Not Started, in the Planning Phase or Partially Implemented, as shown in the table below. AEIT Finding Implementation Status Description Count % 1 - Not Started 3 6% 2 - Planning Stages 9 17% 3 - Partially Implemented 24 47% 4 - Close to Completion 5 10% 5 - Fully Implemented 10 20% Totals 51 100% A review of the Division s status on implementation of these practices will be conducted. Additionally, an assessment will be made to determine if additional an operational review of all ISS services is warranted. Prior Audit Findings Follow-up According to 20.055, Florida Statutes, the inspector general shall monitor the implementation of the state agency s response to any report on the state agency issued by the Auditor General or by the Office of Program Policy Analysis and Government Accountability. As of June 30, 2012 there were 30 open findings requiring action, see table below. Additionally, there are 25 open Department of Homeland Security Office of Inspector General audit findings. Open Audit Findings Audit Conducted by: # of Findings Auditor General 21 DEM Inspector General 9 Total 30 Page 5 of 10
Management Requests and Investigations Responding to unplanned management requests and investigations are part of the Office of Inspector General responsibilities. Management priorities, as well as risks are not always static, so audit staff must be available to ensure timely response when request are made and investigations are warranted. Single Audit Technical Assistance Topic Single Audit Reviews (Federal and State) Description The Division is required by Florida Statute to review subgrantee financial reporting packages (Single Audits) including the management letters and corrective action plans, to the extent necessary to determine whether timely and appropriate corrective action has been taken with respect to audit findings and recommendations pertaining to state financial assistance that are specific to the Division. The Office of Inspector General is the Division s organizational unit responsible for receiving and reviewing the Single Audit reports submitted. During FY2012, the OIG conducted 357 technical reviews of submitted packages. Single Audit Technical Reviews will be continued as a service to the Division. Single Audit Process Review The oversight of single audits is a shared responsibility between the Bureaus, Office of Finance and Administration, and the Office of Inspector General. Each area has different roles and responsibilities. The Division s single audit process will be mapped and formalized to ensure these different roles and responsibilities are clearly outlined. Page 6 of 10
External Audit Liaison Topic State of Florida Auditor General Department of Homeland Security Office of Inspector General Description During FY 2013 the State Auditor General will conduct an annual audit of the Division s compliance and internal controls over financial reporting and federal awards. Additionally, it is likely the Auditor General will initiate a bi-annual Operational Audit of the Division. The Department of Homeland Security Office of Inspector General is expected to continue to actively review the Division s subgrantee s to identify questioned costs related prior hurricanes. As of July 2012 the DHS OIG had 7 on-going audits. Other Value Added Services Topic Audit and Fraud Awareness Training Catalog of State Financial Assistance Agency Annual Update 2014 Indirect Cost Allocation Plan (A-87) Computer Security Incident Response Team Description A fraud awareness training pertinent to the emergency management environment will be developed and delivered to Division staff. The Department of Financial Services annually requires a recertification of the Division s Catalog of State Financial Assistance information. The OIG facilitates and reviews the annual submission. The Division is required to have an approved cost allocation plan. The OIG in close coordination with the Bureau of Finance and Administration facilitate the development of the Indirect Cost Allocation Plan. Florida Administrative Code Rule 71A identifies the Office of Inspector General as a required member of the Division s Computer Security Incident Response Team. Page 7 of 10
CHIEF INSPECTOR GENERAL ENTERPRISE AUDIT PLAN The Governor s Chief Inspector General (CIG) asked agency inspectors general and audit directors to participate in the identification of potential enterprise audit topics by meeting with their agency heads and identifying areas of concern with an enterprise impact. Twenty-eight potential enterprise audit topics were identified and inspectors general along with audit directors were asked to participate in assessing risk associated with each of those potential projects. The group identified 6 topics for inclusion in the 2012-2013 CIG Enterprise Audit Plan. Two of the six topics, listed below, will have a potential impact on the Division. To plan for both agency specific audit projects and enterprise projects, each agency inspector general was asked to allocate twenty percent of their direct audit hours to enterprise projects. Background Screenings FY 2012-2013 Chief Inspector General Enterprise Audit Topics At varying levels, every state agency performs background screenings for employees, contractors, and/or providers. A review will be conducted to determine current processes used by each state agency in performing this enterprise-wide task to identify opportunities for efficiencies, cost savings, and best practices. Computer Security Incident Response Teams Rule 71A-1.014, Florida Rule 71A-l.014, Florida Administrative Code, provides that each agency shall establish a Computer Security Incident Response Team (CSIRT) to respond to suspected computer security incidents by identifying and controlling the incidents, notifying designated CSIRT responders, and reporting findings to agency management. We propose to evaluate whether agencies have properly established CSIRTs and whether the Teams possess the required technical and procedural skills and resources to appropriately handle computer security incidents. Also, we propose to determine if the Teams have established roles, responsibilities, and communication procedures to respond to computer security incidents which may occur. Page 8 of 10
LONG-TERM WORK PLAN TOPICS Office of Inspector General Based on the available number of resources, we placed the auditable topics into our shortterm Audit Plan. Anything that did not fit into our short-term Audit Plan was placed on our long-term Audit Plan. Long-Term Work Plan Topics Topic Disaster Reservists Program Contract Management Procurement Travel Description Disaster Reservist program. The Disaster Reservist program quickly provides additional human resources to support the State of Florida s actions during and after disaster. This program is activated as needed after a presidential declaration of a disaster. contract management processes, including a review of fund encumbrance, state contract use, monitoring subgrantees to ensure work is progressing timely, and contract manager training. procurement process for appropriateness and compliance with Division policies and the Reference Guide for State Expenditures. This will include a review of both competitive and non-competitive procurement processes. travel charges recorded for appropriateness and compliance with Section 112.061, Florida Statutes as well as the reconciliation processes used by the Department. The project will include an evaluation of the overall internal control environment resulting from the current processes, an evaluation of the effectiveness and efficiency of current processes, and detailed testing of selected reimbursement requests. Page 9 of 10
Agreement processing Management and Administrative Costs Vehicle Usage process for entering into agreements with local entities. This will include a review of the routing process and an analysis of the timeliness of various parties processing time. process for allocating management and administrative costs to various federal projects, including compliance with time and effort reporting pursuant to OMB Circular A-87. This project would potentially review the controls over the Division s fuel consumption, tracking of vehicle usage, and fleet parts inventory. Page 10 of 10