A Performance Audit
An Audit Report on Financial Processes at Texas Woman's University
January 2020
Summary Analysis
For its $42.0 million contract for Hubbard Hall renovations and additions, Texas Woman’s University (University) planned, formed, and monitored that contract in compliance with requirements tested. The University also developed a Contract Administration and Management Handbook that complied with most applicable requirements. However, the University should strengthen its processes to ensure that conflict of interest and nepotism disclosures are completed as required.
In addition, the University established processes and controls to ensure that its purchases complied with policies and procedures and were approved as required. However, it should strengthen those processes to ensure that it consistently obtains and retains supporting documentation and complies with the State’s Prompt Payment Act.
The University also should strengthen its reviews of purchases made with procurement cards. Specifically, the University did not identify purchases that were not in compliance with its requirements. When it did identify noncompliance, the University did not always document the corrective action taken.
In addition, the University should improve its information technology controls over its financial system and its change management processes.
The University planned and formed the Hubbard Hall contract in accordance with the requirements tested. It also paid the contractor in compliance with the contract terms and the University’s Contract Handbook.
The University did not ensure that conflict of interest and nepotism disclosures were completed as required for the Hubbard Hall contract. In addition, the University did not ensure that the proposals were appropriately scored and reviewed.
- Conflict of interest disclosures. None of the nine employees involved in the procurement and management of the contract completed conflict of interest disclosure forms
- Nepotism disclosures. Eight (88.9 percent) of the 9 employees involved in making the purchasing decision for the contract did not complete the nepotism disclosure forms, as required by Texas Government Code, Section 2262.004.
When scoring the vendor proposals, 25 (89.3 percent) of the 28 score sheets completed by the 7 evaluators were accurate and used the same evaluation criteria. However, the other 3 score sheets incorrectly awarded points for previous experience. Although the errors did not change the final result and the University selected the appropriate contractor based on the evaluation criteria, similar evaluation errors and lack of an adequate review could result in the University awarding a contract to a vendor that is not the best qualified for the job.
The University developed a contract management handbook that was consistent with the State of Texas Procurement and Contract Management Guide, as required by Texas Government Code, Chapter 2261.
The University should develop purchasing accountability and risk analysis procedures as required by the Texas Government Code, Chapter 2261.
The University established processes and controls to initiate, review, and approve its purchases. However, it should strengthen its processes by obtaining and retaining sufficient documentation to demonstrate that required approvals were obtained, vendors paid did not have outstanding liabilities to the State, and payments were in compliance with the State’s Prompt Payment Act.
- The University followed its processes for 54 (90.0 percent) of 60 purchases tested. For the remaining 6 (10.0 percent) purchases, the required support was not complete.
- Texas Government Code, Section 403.055, prohibits payments to a vendor with outstanding liabilities to the State. However, for 5 of the 60 purchases tested, the University did not have documentation verifying that the vendor did not have an outstanding debt to the State.
- The University’s process did not ensure compliance with the Prompt Payment Act. Therefore, the University could not show that it made any of the 60 payments that auditors tested within 30 days of initial receipt as required.
The University developed policies and a process to manage its procurement card purchases; however, it should improve its review processes to ensure that purchases that do not comply with University policy are consistently identified and appropriate action is taken.
The University implemented a review process for procurement card purchases. However, some purchases identified through testing did not comply with University requirements, and the University’s review process did not identify that noncompliance.
According to the University’s procurement card policies, its Procurement and Contracting Services department should document noncompliance in a tracking database to identify reoccurring or excessive violations. However, the University did not ensure that instances of noncompliance were recorded in that database.
From April 2018 to July 2019, the University had 17 instances of noncompliance documented in its tracking database. However, the University did not consistently include whether it provided required notices of identified violations or what corrective actions it took.
While the University implemented certain controls over the processing of transactions in its financial system, the University should improve controls over (1) logical access to systems containing its financial data and (2) change management for its financial system.
- The University did not ensure that access to its financial system was appropriately restricted.
- In addition, the University’s access to the State’s accounting system did not provide for proper segregation of duties and included access to functions that were not required for the account owners to complete their job duties.
- The University did not always ensure that changes to its financial system were properly tested and approved prior to implementation, and that it had appropriate segregation of duties while migrating those changes to the live system.
Graphics, Media, Supporting documents