Internal Auditor Reblog: The Conditions in Which You Think

The unwitting participants in the study were eight parole judges in Israel. They spend entire days reviewing applications for parole. The cases are presented in random order, and the judges spend little time on each one, an average of 6 minutes. (The default decision is denial of parole; only 35% of requests are approved. The exact time of each decision is recorded, and the times of the judges’ three food breaks — morning break, lunch, and afternoon break — during the day are recorded as well.) The authors of the study plotted the proportion of approved requests against the time since the last food break. The proportion spikes after each meal, when about 65% of requests are granted. During the two hours or so until the judges’ next feeding, the approval rate drops steadily, to about zero just before the meal. As you might expect, this is an unwelcome result and the authors carefully checked many alternative explanations. The best possible account of the data provides bad news: tired and hungry judges tend to fall back on the easier default position of denying requests for parole. Both fatigue and hunger probably play a role.

Mike Jacka writing for Internal Auditor explores the effect that our working conditions and environment have on our thinking, and the different roles that fast and slow thinking play in our work. He asks that the reader be aware of how the conditions in which they are thinking can affect (often unintentionally) the decisions they make.

As auditors (and as humans), honing a degree of self-awareness about how we are affected by the weather (or the bad traffic, or the argument we had last week with a family member, or the timing of lunch- whatever it may be) will help us look critically at our own thoughts. Are we actually making sound decisions? Or are we making rash and unfair decisions? What effect might this have on our work? And just as importantly, how can we counterbalance our fast thinking with slow thinking to make better decisions?

Read more here.

Accountability and Media Featured

Audit Release: Severe Deficiencies in Disaster Recovery Program and Insufficient Information Technology Planning Pose Substantial Risks to Beneficiaries and the State


Report Highlights

The agency charged with administering the Public Employees Retirement System, or PERS, should improve Information Technology (IT) strategic planning efforts to ensure that IT investments return the most value and minimize risk. Additionally, PERS should immediately correct deficiencies with existing disaster recovery plans so the agency can effectively respond to catastrophic events that would prevent the use of existing IT hardware and software. PERS is working to update current plans and implement a recovery site, but a more urgent effort is needed.

This audit includes an assessment of critical security controls and the agency’s IT security management practices. PERS should improve security management roles and training, as well as correct weaknesses in inventory management, configuration change management, vulnerability management, and controlling administrative accounts.

Background

PERS has over 365,000 members and is responsible for administering employee pension programs for state agencies as well as approximately 900 local governments. PERS provides $310 million in retirement benefits each month. The agency’s Information Services Division provides PERS with information technology, such as pension benefit calculation software, to support agency operations.

Purpose

The purpose of this audit was to determine whether PERS could improve IT security and IT strategic planning efforts and to assess the agency’s preparedness to restore critical IT systems in response to a disaster.

Key Findings

PERS’s IT strategic planning lacks sufficient detail to help ensure IT investments return the most value, pose the least amount of risk, and are completed timely. Insufficient planning has contributed to mismanagement of some agency initiatives.

While PERS has identified a method to issue most pension payments in the event of a disaster, it has not fully addressed changes in payment processing by the Oregon State Treasury. The agency’s disaster recovery plans pose serious risks because they are insufficient to restore critical IT systems. Furthermore, the agency has not tested those plans and has not yet complied with legislative mandates to acquire an alternative recovery site and improve disaster recovery planning. The agency’s strategy to re-issue the prior month’s payments poses risk of benefit payment errors and has never been tested.

Recommendations

Our report includes ten recommendations to PERS to implement improved IT strategic planning and to take immediate action to remedy weaknesses in its disaster recovery plans. In addition, we make six recommendations to PERS and the Office of the State Chief Information Officer related to Critical Security Controls.

PERS agreed with all of our recommendations. The agency’s response can be found at the end of the report.

Read full report here.

Featured New Audit Release

Association of Local Government Auditors ReBlog: Auditing in the dark corners

A police officer sees a drunken man closely searching the ground near a lamppost and asks if he can help. The man replies that he is looking for his keys. After a few minutes of looking the officer asks whether the man is certain he dropped his keys near the lamppost. “No,” he says, “I lost the keys somewhere across the street.” “Then why are we looking here?” asks the officer. “The light is much better,” the man responds.

That’s a very old joke, and it’s also a parable for auditors.

Do you audit where the light is better? Where you know the data is reliable? Where procedures are established? Where clear criteria exist? Where you’ve audited before? Do you choose your audit topics sitting at your desk without exploring around the agency?

Gary Blackmer (who needs no introduction in the auditing community. But, for those not ‘in the know,’ he has a long and storied career in public auditing in Oregon and most recently served as the Director of the Secretary of State Oregon Audits Division.) speaks to the need for auditors to peer into the darkest, most frustrating corners to identify the most serious problems that agencies and the communities they serve face. He encourages fellow auditors not to be lured and lulled by the prospect of a quick and easy audit. The smoothest path may not yield the biggest reward. After all, it’s been traveled many times before.

There is no doubt that groping around in the dark is difficult and unpleasant, but it often produces the biggest audit impacts. Conducting surprise inspections of adult care homes was emotionally difficult, but resulted in several negligent homes getting shut down. Tabulating deployment of 500 patrol officers for four months was pure drudgery, but it pointed out the mismatch with workload. It required patience and perseverance to interview a dozen agencies to learn why they were accomplishing more, but showed a pathway to success for the collections agency.

Read more here, and learn a bit about ALGA here!

Accountability and Media Featured

GAO Reblog: Key trends with a major impact on our nation and its government

On September 13th, GAO shared their five-year strategic plan, which addresses 8 trends identified as having potentially negative effects on our society and government.

Read more here, or watch the video below to learn more.

 

Accountability and Media Featured

TEDx Reblog: The 5 types of mentors you need in your life

Everyone can use a mentor. Scratch that — as it turns out, we could all use five mentors. “The best mentors can help us define and express our inner calling,” says Anthony Tjan, CEO of Boston venture capital firm Cue Ball Group and author of Good People. “But rarely can one person give you everything you need to grow.”

At the Oregon Audits Division, we give all our staff, both new and well-worn, the opportunity to participate in mentoring relationships with others in the division. These relationships allow the person being mentored to grow by tapping into the wisdom and experience of others, and gives the mentor a chance to help develop the proficiency of those around them- and by extension, the whole office.

Mentoring relationships can be formal or informal, and as Julia Fawal writing for TEDx explains, can cover a broad array of development, learning, and support needs for all those who take part. When it comes to mentoring, more is more.

Read more here, or watch the video below.

 

 

Accountability and Media Featured

Audit Release: Opportunities Exist to Increase the Impact of State Agency Internal Audit Functions


Report Highlights

When internal audit functions are properly structured and resourced, they are a valuable asset for mitigating risks and improving agency performance and accountability. However, internal auditing has not been a priority in Oregon. Although the Department of Administrative Services (DAS) has the authority to create policy and a legal requirement to support audit functions, the agency has not strategically promoted the role of internal audit functions due to a number of factors. DAS has not effectively monitored, coordinated, or reported on internal audit function impacts, challenges, and resource needs to state legislators and other stakeholders.

Background

Internal audit functions help organizations achieve their objectives and improve performance. The Oregon Legislature determined internal audit activities within state government should be coordinated to promote effectiveness, and directed DAS to adopt rules and set standards to ensure the integrity of internal auditing.

Purpose

The purpose of this audit was to determine the steps DAS should take to more effectively coordinate state internal audit functions, and what actions can be taken to increase the impact of these critical functions.

Key Findings

  1. The effectiveness of an agency’s internal audit function is defined by the tone at the top. In general, the internal audit function at state agencies in Oregon is not prioritized or well understood by agency management and the Legislature. Many current challenges and deficiencies have persisted for more than two decades.
  2. Internal audit independence and impact is directly influenced by the effectiveness of the audit committee and the committee’s relationship with agency leadership. Internal audit functions in some state agencies do not follow important elements of professional audit standards that ensure independence from management. These deficiencies reduce the effectiveness of the functions and leave agencies more vulnerable to fraud, wasted taxpayer dollars, and other substantial risks.
  3. Poor guidance and a lack of strategic management and effective coordination from DAS has contributed to internal audit challenges at state agencies. DAS reporting on statewide internal audit activities and impact could be a valuable tool for both internal auditors and policymakers, but DAS reports are often inaccurate, confusing, and uninformative.
  4. Many internal audit functions are staffed by well-trained, qualified professionals who make contributions to the agencies they serve despite governance and resource challenges. With additional emphasis and resources they could increase their value and return on investment potential.

Recommendations

We include 16 recommendations to DAS intended to enhance the value and impact of state agency internal audit functions. DAS agreed with 13 of 16 recommendations. The agency declined to say whether it agreed or disagreed with three recommendations.

 

Read full report here.

Featured New Audit Release Performance Audit

Audit Release: Energy Trust Administrative Costs are Generally Reasonable, but the Public Utility Commission Can Improve Oversight of These Costs


Report Highlights

The Oregon Public Utility Commission (PUC) has designed controls to ensure administrative and program support costs at Energy Trust of Oregon are reasonable. Energy Trust is a nonprofit organization and is not subject to state administrative cost requirements. However, PUC could strengthen its oversight of Energy Trust administrative costs by more clearly defining what constitutes reasonable costs, revising key performance metrics, and clarifying financial reporting requirements.

Background

Energy Trust is a nonprofit organization funded by a grant agreement with PUC to develop and administer energy efficiency and renewable energy programs in certain utility service territories in Oregon. The grant funding comes from three separate charges on bills of customers of electric and natural gas utilities regulated by PUC.

Purpose

The purpose of the audit was to determine whether Energy Trust administrative costs are reasonable and whether PUC has reasonable controls in place to oversee Energy Trust’s administrative costs.

Key Findings

  1. Energy Trust complies with PUC’s administrative cost control requirements. We found these controls to be reasonable, and Energy Trust has consistently spent below the established administrative cost cap of 8% of revenue per year. However, Energy Trust’s administrative costs increased from $1.6 million to $10.1 million between 2002 and 2017, as its annual revenues increased from $30.6 million to $194.2 million during the same period. Improved oversight could help PUC better ensure that Energy Trust makes reasonable administrative spending decisions.
  2. We determined Energy Trust’s administrative costs are generally reasonable. However, we identified a small percentage of questionable administrative costs that do not align with state agency standards or the grant guidelines that govern Energy Trust operations. PUC could improve its oversight by providing guidance for acceptable administrative costs.
  3. Increased clarity and detail in financial reporting would improve transparency and stakeholder oversight. PUC monitors Energy Trust’s administrative costs through an enforced spending cap and public budget and reporting processes. Revised reporting methodologies would increase the transparency of Energy Trust’s administrative costs and spending trends.

Recommendations

Our report includes recommendations to PUC regarding the clarity of its grant agreement with Energy Trust, revision of performance metrics, and reporting of administrative costs.

PUC generally agreed with our recommendations. The agency’s response can be found at the end of the report.

Read the full report here.

Featured New Audit Release