A Performance Audit
An Audit Report on Financial Processes at the Public Utility Commission of Texas
July 2016
Summary Analysis
The Public Utility Commission of Texas (Commission) had processes and related controls in fiscal year 2015 and the first two quarters of fiscal year 2016 to ensure that it administered financial transactions in accordance with applicable statutes, rules, and Commission policies and procedures. However, it should improve certain controls over payroll and access to its accounting system and timekeeping system. It should also document its policies and procedures for its revenue processes.
The Commission had processes and related controls to ensure that the payments it made to retail electric providers from the System Benefit Fund were in accordance with the applicable rules, statutes, and Commission’s policies and procedures.
The Commission had processes and related controls to ensure that its contracting processes complied with applicable statutes, rules, and Commission policies and procedures. The Commission also had adequate controls over its contracting process to ensure that it solicited, formed, and administered contracts appropriately.
The Commission had processes and related controls in fiscal year 2015 and the first two quarters of fiscal year 2016 to ensure that it administered procurement transactions in accordance with applicable statutes, rules, and Commission policies and procedures. The Commission appropriately authorized, approved, and properly supported all 32 purchasing transactions tested totaling $849,708.
The Commission had adequate controls over the collecting, recording, and depositing of revenue. It adequately supported, correctly calculated and recorded, and appropriately deposited all 44 revenue transactions tested. However, the Commission should ensure that there is adequate segregation of duties over revenue collection and that policies and procedures for revenue are documented.
The Commission had processes and related controls to ensure that it made payroll payments in accordance with applicable statutes and Commission policies and procedures. However, the Commission should strengthen controls over personnel actions.
However, the Commission’s policy and procedures on personnel actions did not match its current process. The Commission’s documented policies and procedures stated that performance evaluations should be completed within six months prior to approving employees merit increases or one-time merit awards. However, the Commission’s current practice is to complete a performance evaluation within 12 months prior to approving a merit salary increase or one-time merit award to an employee.
The Commission uses CAPPS for all financial transactions. The Commission’s procedures for processing a purchase ensured that the data in CAPPS was complete and accurate. The Commission also used controls in CAPPS to help ensure the accuracy of data entered and that it processed payment vouchers only for valid purchase order items.
The Office of the Comptroller of Public Accounts (Comptroller’s Office) maintains the CAPPS system. However, the Commission did not have a formal, documented process for requesting access and monitoring its access to CAPPS, even though the Commission’s account management policy states that all accounts created must have an associated request and approval. Instead, the Commission relied on the Comptroller’s Office to designate access roles, user preferences, and required approvals in CAPPS. As a result, the Commission did not verify that the access provided was for roles that tracked changes made to financial data, and it did not ensure that there was adequate segregation of duties for employees involved in the purchasing process.
The Commission had adequate controls over the network supporting its Workforce Accounting System (WAS), the timekeeping system that the Commission uses to track employees’ time worked and benefits.
However, the Commission did not have sufficient controls within WAS to ensure that data was accurate and complete. Specifically:
• WAS did not have (1) application controls in the form of field edit checks, such as limiting data entry to minimum or maximum values, to prevent negative leave balances from accruing, or (2) audit trail capabilities to track changes made to data.
• While all users who had access to WAS were current employees and had valid reasons for their level of access, users with “timekeepers” and “administrator” roles had the ability to edit their own timesheets after their timesheets had been submitted and approved.
Graphics, Media, Supporting documents