Medium

The Office’s Child Support Division adequately monitored the YoungWilliams contract to verify that the contractor performed its assigned work.

During testing, auditors identified a service for which the contractor billed the Office that was not included in the contract. While the contract allows new services to be added as long as those services are within the contract’s scope, the Office did not formally document the new service being performed and the pricing for that service using the change management procedures specified in the contract.

The Office waived all financial remedies and did not request any corrective action plans when the contractor did not achieve the stated 100 percent performance standard. In addition, it did not formally modify the contract’s performance standard.

Low

As part of the contract’s closeout process, the Child Support Division and the contractor developed a plan for the transition of all services and operations from the contractor to the Office. In addition to the transition plan, the contract outlined the record retention policy and requirements that the contractor must adhere to after termination of contract and the process for the final month’s invoice.

Medium

As required by Texas Government Code, Section 2155.502, the Comptroller’s Office based TXMAS contracts on contracts that the federal government or other governmental entities had previously bid using a competitive process.

However, the Comptroller’s Office should strengthen its efforts to ensure that TXMAS contracts meet customers’ needs. For example, the Comptroller’s Office has not conducted annual studies of state agency purchases required by Texas Government Code, Section 2155.072, to determine whether the State would benefit by adding certain services to statewide contracting programs such as TXMAS. In addition, ensuring that state agencies submit required vendor performance reports for TXMAS purchases could help the Comptroller’s Office evaluate future contract proposals and assess whether TXMAS contracts meet customers’ needs.

High

The Comptroller’s Office should also strengthen its efforts to prevent unallowable purchases through TXMAS contracts and strengthen controls over the incidental charges associated with TXMAS purchases. For example:

• State agencies and certain governmental entities are required to follow Texas Government Code, Chapter 2254, to procure professional and consulting services. The procedures in that statute require awards to be based on factors such as demonstrated competence and vendor qualifications. However, TXMAS contracts are based on competitive awards. Auditors identified 9 state agencies that had ordered $15,695,081 in professional and consulting services through TXMAS contracts between June 1, 2014, and February 18, 2016.

• Incidental charges associated with TXMAS purchases are intended to be limited to installation, installation parts, inside delivery, or set-up. However, auditors identified inappropriate incidental charges for administrative fees and rebates that TXMAS contractors must pay the Comptroller’s Office, as well as the inappropriate use of incidental charges for items (such as chairs) that should have been purchased through a contractor’s catalog or contractor price quotes. Auditors identified instances in which the inappropriate use of incidental charges reduced the State’s rebate revenue and resulted in overcharges to customers.

While the Comptroller’s Office is not statutorily required to monitor how customers use TXMAS contracts, it has the information necessary to do so and has begun to make efforts to ensure that customers use TXMAS contracts appropriately.

Medium

The Comptroller’s Office sends invoices to TXMAS contractors for the administrative fees and rebates they owe (see Chapter 2 for additional information on administrative fees and rebates). As of February 19, 2016, the Comptroller’s Office had invoiced TXMAS contractors $2,160,043 for rebates and $6,067,770 for administrative fees on TXMAS sales in the TxSmartBuy ordering system between June 1, 2014, and February 18, 2016.

The Comptroller’s Office bases the invoice amounts on contractors’ sales to TXMAS customers. However, the Comptroller’s Office should strengthen controls to ensure that the sales information on which it bases invoices for administrative fees and rebates is complete .

The Comptroller’s Office should consistently send delinquency notifications to TXMAS contractors that do not pay administrative fees and rebates in a timely manner and, when necessary,prevent those contractors from selling items through TXMAS contracts.

Medium

The Commission had documented processes for monitoring deliverables for both contracts audited. However, it did not always follow those processes. Specifically:

- The Commission did not consistently document its required review and approval of expectations documentation.

- For the 9-1-1 Test Lab Services contract, the Commission did not consistently follow its process for authorizing the contractor to begin work on a deliverable.

- For the Poison Control Network contract, the Commission did not always ensure that deliverables were complete before accepting them. For the 9-1-1 Test Lab Services contract, the Commission’s project manager and a director verified that the deliverables met the acceptance criteria and approved all 21 deliverables tested. However, for the Poison Control Network contract, the Commission accepted incomplete deliverables for 2 (50 percent) of 4 deliverables tested.

In addition, the Commission did not monitor or maintain documentation related to the timeliness of any of the 21 deliverables tested for the 9-1-1 Test Lab Services contract. For the Poison Control Network contract, the Commission accepted all four deliverables by the contractually agreed-upon due dates.

Medium

The Commission established processes for monitoring ongoing services for both contracts audited, and its monitoring of ongoing services on the 9-1-1 Test Lab Services was adequate. However, auditors identified weaknesses in the Commission’s monitoring of the Poison Control Network contract. For example, the Commission did not establish a performance standard to ensure network optimization improvements were met; it also did not adequately monitor the contractor’s compliance with the performance standard for Poison Control Network application availability.

Low

The Commission had an adequate payment review process for both contracts audited. All 34 payments tested on the 9-1-1 Test Lab Services contract and all 10 payments tested on the Poison Control Network contract were based on an approved invoice, priced the same as in the contract, and allowable per the terms of the contract.

High

For four of the five procurements tested for insurance coverage, the Agency did not ensure that each vendor met all minimum liability insurance coverage requirements in the contracts and contract amendments. Specifically, while Balfour-CMA had the insurance coverage required by the contract, the Agency did not ensure that the other four procurements met 20 (33.3 percent) of 60 minimum liability insurance coverage contract requirements. The Agency verified that Zachry-Excavation CMR obtained the bond coverage for the approved phase as required by the contract.

Low

The Agency had monitoring processes to help ensure that it received deliverables as required by the contracts and complied with most payment requirements. However, it did not ensure that certain payments reviews were documented.

Low

The Agency generally reported required contract information to the Legislative Budget Board; however, the Agency should strengthen its processes to ensure that it reports all information timely and reports vendor performance information to the Comptroller of Public Accounts as required.

Medium

The Commission adequately performed oversight activities related to the construction progress of the San Felipe Museum contract. However, the Commission did not (1) monitor the contractor for compliance with certain contract requirements, (2) ensure that contractor payments were sufficiently supported and accurate, or (3) ensure that the contract manager received the appropriate training and certification.

Low

The Department of Information Resources (Department) planned, procured, and formed the data center services contract with Atos Governmental IT Outsourcing Services LLC (Atos) in accordance with applicable requirements. However, the Department should improve certain aspects of its contract oversight. The Department had not updated its contract management plan or its risk assessment for the Atos contract since the contract was assigned to Atos in May 2015.

In addition, the Department’s contract monitoring system, Salesforce, did not have adequate controls for the approval and authorization for the payment of invoices for the Atos contract.

The Department also did not adequately control access to a network location where it maintained key invoice review spreadsheets.

Low

The entities that make purchases through Cooperative Contracts, such as the C&T contract, perform oversight activities related to fiscal monitoring and direct monitoring of contractor performance. However, the Department should implement procedures to monitor contractor compliance with applicable historically underutilized business (HUB) subcontracting requirements.

The C&T contract included directions for the contractor to submit the required progress assessment reports to both the Department and the entities that made purchases through the contract. However, the Department did not monitor payments to subcontractors under C&T’s HUB subcontracting plan, and it did not require submission of progress assessment reports.

Low

The Department established processes to monitor ACH. Specifically, it ensured that ACH met the startup phase requirements, financial requirements, utilization management policy requirements, and payment requirements for items tested.
The Department conducted a review to ensure that ACH had complied with certain contract requirements related to operational readiness, analyzed ACH’s financial information to determine whether ACH met certain contract requirements, and approved ACH’s utilization management policy. In addition, for a sample of 60 child placements that auditors tested, auditors confirmed that the number of days the Department paid ACH for each placement matched the information in ACH’s placement documentation

Medium

The Department developed a monitoring process for its contract with ACH that it based primarily on performance measures specified in its contract with ACH.

The Department’s monitoring process also included internal meetings and meetings with ACH to discuss performance. The Department conducted two site visits at ACH and prepared a monitoring report after each visit. However, the Department did not have documentation to show that it verified that ACH implemented its plan to monitor foster care providers.

Medium

The Department had processes and controls to help ensure that it reported accurate and complete results for 5 (83 percent) of the 6 performance measures tested. For the remaining performance measure tested, the Department relied on self-reported data that foster care providers submitted through the Department’s Performance Management Evaluation Tool (PMET) system. However, the Department did not ensure that ACH maintained support for or verified the accuracy or completeness of that data, nor did the Department verify the accuracy or completeness of the data.

High

The Commission implemented the System of Contract Operation and Reporting (SCOR) in September 2017 to provide one system of record for the management and reporting of all health and human services contracts. The Commission ensured that payment amounts were accurately reflected in SCOR. However, the Commission did not consistently use SCOR to manage its contracts as intended. Specifically, the Commission did not consistently (1) comply with its requirements for uploading documentation into SCOR or (2) use the features of SCOR designed to help it monitor its contracts.

Low

The Commission contracted with Fairbanks, LLC to support and maintain the State of Texas Automated Information Reporting System (STAIRS), the Commission’s web-based application for collecting and processing financial and statistical data. The Commission verified that the vendor performed according to the terms of the contract and that it received the contracted services.

Priority

The Commission does not ensure that all new contract information entered into SCOR is complete and accurate. Specifically: - The Commission did not implement adequate controls in CAPPS to help ensure that contract information in SCOR is complete. In a one-time review that the Commission performed in September 2018, it identified more than 75 contracts in CAPPS that were missing from SCOR. - Contract information in SCOR was not always accurate. Only 5 (29 percent) of 17 active contracts tested were accurate and supported. - The Commission did not ensure that contract managers uploaded contract documents to SCOR as required. As of November 2018, 489 (14 percent) of 3,518 new contract records that were at least 30 days old in SCOR did not have any supporting documentation uploaded into the system, including an electronic version of the contract.

High

While the Commission made a significant effort to standardize and format the contract data that was migrated from its previous contract management systems, those processes were not sufficient to identify and correct all errors in that information. Specifically, only 7 (29 percent) of the 24 migrated contracts tested were accurate and supported. Additionally, 2,471 (14 percent) of the 18,264 migrated contracts in SCOR did not have any documents uploaded in SCOR, including the electronic version of the contract.

Medium

The Commission implemented a quality assurance process to help ensure the accuracy and completeness of certain data in SCOR. The quality assurance process successfully identified and updated certain errors in SCOR information. The Commission uses that information to report its contracts to the Legislative Budget Board. However, the Commission did not always correct records with errors that the quality assurance process identified through other types of reports. Reliance on the quality assurance process, which identifies errors after they occur, is not sufficient to ensure the accuracy and completeness of SCOR data caused by the issues discussed in Chapters 1-A and 1-B.

Medium

The Commission monitored vendor compliance and processed payments for the contracts tested. However, for its contract for business process redesign services, (1) it did not develop an enhanced monitoring plan as required and (2) it did not consistently ensure the adequacy of contract deliverables before payment.

Low

Contract execution. The Program executed and approved all 14 contracts tested in accordance with Texas Human Resources Code, Chapter 51, and Commission policies and procedures.

Contract expenditures. The Program made payments to contractors and appropriately identified overpayments in accordance with the terms of the contracts and applicable requirements. However, the Program should document its process for identifying and calculating overpayments.

Contract monitoring. The Program had processes to ensure that it sufficiently monitored Program contracts in fiscal year 2017; however, the Program should fully document those processes.

State plan. The Program coordinated with its administrative contractor to compile and publish the state plan required by Texas Human Resources Code, Section 51.0021.

Medium

The Program had controls in place to help ensure that it followed its contracting processes. For example, the Program developed spreadsheets to track contract payments, contract monitoring, and contract overpayments. Additionally, the Program developed checklists to help ensure that its employees follow its contracting processes.

However, the Program should strengthen some controls to help ensure continued compliance with its processes and contracting requirements. For example:

- Auditors identified areas in which the Program could strengthen its use of the spreadsheets and checklists.

- The Program maintained contract documentation in multiple locations, including in hard copy files, electronic files, or the assigned contract manager’s email, which increases the risk of that required documentation being lost, misplaced, or inadvertently deleted.

Priority

Auditors determined that a significant number of employees at and job postings for the State’s health and human services agencies2 (HHS agencies) were not properly classified according to the State’s Position Classification Plan. Specifically:

• Based on a list of 5,484 HHS agency managers and supervisors on January 15, 2016, 760 (13.9 percent) were misclassified with entry-level titles and other nonsupervisory titles.

• An audit conducted by the State Auditor’s Office’s State Classification Team determined that 356 (57.7 percent) of 617 program specialist employees at the Department of Aging and Disability Services were not classified correctly (see A Classification Compliance Audit Report on Program Specialist and Program Supervisor Positions at the Department of Aging and Disability Services, State Auditor’s Office Report No. 16-705, August 2016).

• Of the 149 job postings tested, 40 (26.8 percent) appeared to be incorrectly classified based on the duties described in the job description compared to information in the State’s Position Classification Plan.

Correct job classifications are essential in preventing underpaying or overpaying employees. Improper job classification can also lead to unqualified managers and supervisors. In addition, it may contribute to employee turnover.

Priority

The Commission did not have a comprehensive monitoring plan and a supporting risk assessment in place to help focus its monitoring of the contractor to determine whether the contractor provided the required services. A monitoring plan and risk assessment should identify the contract requirements to be monitored, how the requirements will be monitored, and who will perform the monitoring.

Priority

The Commission did not adequately document its interactions with the contractor. The lack of documentation associated with the Commission’s monitoring makes it difficult for the Commission to hold the contractor accountable for providing the services required in the contract.

High

The Commission should improve its monitoring of the information technology-related requirements in the contract. Neither the Commission nor the contractor had an adequate process to periodically review user access to the Commission’s human resources system or to ERS Online, which contains confidential employee data, and ensure that user accounts are disabled when users leave employment. In addition, the Commission did not adequately ensure that the contractor complied with information security best practices and the Commission’s security protocols and standards as required by the contract.

Low

The Payroll, Time, Labor, and Leave Department developed processes to adequately monitor contractor performance. That monitoring was designed to monitor contractor compliance with applicable service level agreements and significant requirements outlined in the contract.

Medium

The Commission reviewed all 35 of the contractor invoices and made payments from May 1, 2013, through February 2016 totaling $30.5 million. All of those payments were properly supported by the documentation, complied with the contract requirements, and were approved by authorized parties.

However, four payments totaling $3.5 million were charged to the prior contract for human resources and payroll services.

Medium

The Department performed certain contract oversight functions as required, including providing quarterly status reports on the development of TxEVER to the Quality Assurance Team. The Department also ensured that the assigned contract managers had required certifications and it developed an enhanced monitoring plan for the TxEVER contract as required by the Commission and its Contract Management Handbook. The Department also provided status reports on the development of TxEVER to the Commission’s executive commissioner in compliance with the Sunset Advisory Commission’s recommendations.

However, the Department did not ensure that certain contract monitoring reviews and other selected monitoring activities were performed as required by the Department’s enhanced monitoring plan for the contract.

While the Department generally processed payments to Genesis Systems Inc. in accordance with contract requirements, one payment that auditors tested was missing documentation to show that Department staff had received and accepted the associated deliverable. From June 2016 through August 2017, the Department processed 12 payments to Genesis Systems Inc. that totaled $4,126,161 in accordance with contract requirements. However, one payment that totaled $409,451 was processed without documentation to show that the associated deliverable had been received and accepted by the Department.

High

The Department of State Health Services (Department) did not sufficiently manage and monitor its pharmaceutical wholesaler contract with Morris & Dickson Company to verify that the contractor performed according to the terms of the contract.

The Department should sufficiently design payment processing controls for payments to Morris & Dickson Company for the contract audited.

The Department did not make payments within the time lines set by the contract or pay interest, and it paid service charges that were not included in the contract as a result of those late payments.

The Department did not have a contract manager assigned to the Morris & Dickson Company contract to oversee compliance with contract terms, and it did not always conduct and document certain monitoring activities.

The Department did not have documented contract management policies and procedures for governing certain aspects of vendor contracts that are primarily for goods.

Medium

The Department of State Health Services’ (DSHS) Use of Department of Information Resources’ (DIR) information technology staffing services contracts generally complied with state laws, rules, policies, and procedures. Auditors tested five DSHS purchase orders for information technology staffing services that totaled $2,695,670. The results of that testing identified opportunities to improve certain aspects of its contract management processes related to these contracts.

Low

The Coordinating Board administered the audited contract in accordance with applicable statutes and the State of Texas Contract Management Guide. Specifically, the Coordinating Board (1) performed contract planning activities necessary for determining the contract objectives; (2) identified the appropriate procurement method; (3) formed the contract with all key contract provisions required by the State of Texas Contract Management Guide; and (4) monitored key contract deliverables.

Low

The Agency properly approved invoices prior to payment and made payments to Tembo in a timely manner. The Agency also monitored Tembo’s initial progress on contract deliverables, met regularly with Tembo to discuss contract specifications and status, and provided feedback on Tembo’s preliminary designs.

Priority

The Agency’s contract did not tie payments with demonstrated progress on deliverables. Instead, the contract established a predetermined schedule of equal monthly payments. As a result, when it cancelled the contract in December 2017, the Agency had paid SPEDx $2.5 million but it received only one deliverable valued in the contract at $150,000.

High

While the Agency required SPEDx to execute a written agreement related to its access of confidential student information before it shared that information, it did not verify that SPEDx had appropriate data security controls in place.

High

The Agency had controls and processes related to payments for the ESC contracts audited, and it made payments in a timely manner and stayed within the contract budgets. However, it should require the ESCs to submit sufficient information with their invoices so that the Agency can determine whether services are received, expenditures are allowable, and invoices tie to contract tasks and deliverables.

Medium

The Agency planned the audited contracts in accordance with applicable statutes, rules, Office of the Comptroller of Public Accounts (Comptroller’s Office) requirements, and Agency policies and procedures. The Agency ensured that the associated statements of work contained all of the elements that the Comptroller’s Office required and that the bids were completed correctly. The Agency also completed a formal preliminary risk assessment for both contracts audited to determine the level, type, and amount of management, oversight, and resources required to plan and implement the contracts.

However, the Agency should improve certain contract and grant administration procedures related to procurement and oversight. Specifically, the Agency should improve its contract procurement process by ensuring that its purchasing staff are free of conflicts of interest and by reviewing solicitations when the Agency receives only one bid to determine whether the solicitations were overly restrictive. The Agency also should strengthen its contract and grant oversight processes by making sure it reviews documentation related to contract and grant deliverables.

High

Although Agency staff were in frequent communication with the Region 10 ESC and its subcontractor regarding work related to the TxVSN, the Agency did not require sufficient supporting documentation to allow it to verify that services were received prior to payment and expenditures were allowable. In addition, the Agency did not require Region 10 ESC to submit a monthly list of tasks and activities performed with the invoice as required by the contract or provide other documentation allowing the Agency to tie the invoices to work performed related to contract deliverables.

As a result, auditors could not determine whether (1) the Agency verified that services had been received prior to payment, (2) the reimbursements were for allowable expenditures, and (3) payments coincided with the Region 10 ESC and its subcontractor’s work on the deliverables. In addition, the Agency did not complete a risk assessment for the fiscal year 2015 TxVSN contract that could have helped ensure that the Agency adequately monitored the performance of the Region 10 ESC and its subcontractor, and it did not complete all required documentation and procedures when renewing and closing out the fiscal year 2015 TxVSN contracts.

Low

Although the University performed contract monitoring processes, it should strengthen some of those processes to ensure that it complies with applicable statutes, rules, and contract requirements.

For the construction services contract, the University conducted contractually required weekly meetings to discuss and update the status of the work after construction had begun. However, the University did not ensure that the construction services contractor submitted all contractually required documentation in a timely manner or as specified in the contract.

For the architectural services contract, the University conducted contractually required regular meetings to discuss and update the status of the work as the plans progressed through the various phases of the project. In addition, it reviewed the contractor’s proposed and completed designs throughout the project.

The University did not comply with requirements in Title 34, Texas Administrative Code, Section 20.285, to obtain updated HUB subcontracting plans when the contractors added new subcontractors to the projects.

Medium

The audited universities did not provide evidence showing that they had performed the required risk analysis process for the contracts audited.

High

Texas A&M International University (TAMU International) should improve its process to oversee procurement of special projects under the FSSA. Additionally, TAMU International should ensure that employees who administer FSSAs obtain required contract training and certifications.

Medium

The audited universities did not provide evidence showing that they had performed the required risk analysis process for the contracts audited.

Low

Texas A&M University Central Texas (TAMU Central Texas) had sufficient processes to monitor the FSSA contractor performance and its payment processes.

Medium

The audited universities did not provide evidence showing that they had performed the required risk analysis process for the contracts audited.

Low

Texas A&M University – Commerce (TAMU Commerce) performed FSSA performance and fiscal monitoring and oversight of a procurement of a special project under the FSSA, but it should consistently perform required quarterly surveys to monitor the FSSA.

Medium

The audited universities did not provide evidence showing that they had performed the required risk analysis process for the contracts audited.

Priority

Texas A&M University - San Antonio (TAMU San Antonio) should (1) document its monitoring processes of FSSA contractor performance and (2) enhance its fiscal monitoring and FSSA change approval process to ensure that it pays the correct amount for services it receives. In addition, TAMU San Antonio should ensure that employees who administer FSSAs obtain the required contract training and certifications.

Medium

The System had processes to ensure that contract change orders were approved and that the contracts were closed out in accordance with its policies. However, the System should strengthen its review of contract payments.

High

The University had some effective contract monitoring and oversight processes in place, but it did not consistently submit timely payments to the contractor or include interest charges on overdue payments as required by Texas Government Code, Section 2251.025. It also lacked documentation of ongoing monitoring activities related to the basketball arena contract and lacked policies and procedures for contract closeouts.

Low

The System performed monitoring activities to ensure compliance with contract terms related to construction of the Interdisciplinary Research Building. Additionally, payments to the contractor were accurate, allowable, and supported. However, it should improve certain monitoring activities, such as reconciling the dollar amounts paid to subcontractors with corresponding supporting documents, verifying that the contractor obtained all required bonds, and ensuring that the contractor used E-Verify.

High

The Alliance did not enforce the terms of its monitoring provisions in the audited contracts. The Alliance includes a monitoring provision in all of its contracts with suppliers that requires quarterly business reviews and identifies the key business and performance metrics that must be met, when a corrective action plan is necessary, and the outcomes of not meeting a corrective action plan. Those terms also specify when the quarterly business reviews should be performed and the information that should be provided by suppliers during those reviews. However, the Alliance did not consistently perform those quarterly reviews or obtain the required supplier-submitted reports for the audited contracts.

Medium

The Department had processes to monitor the four state jail contracts audited to ensure compliance with the contract terms. Those processes included (1) having an onsite contract monitor at each state jail, (2) conducting onsite compliance reviews, and (3) performing monthly desk reviews.

However, the Department should improve certain processes within its onsite compliance reviews. Specifically, the Department should ensure that it (1) completes an onsite compliance review at each state jail for all 27 applicable contract terms each year or creates a risk assessment to effectively allocate monitoring resources and (2) maintains complete copies of the review checklists it uses during the onsite compliance reviews.

Medium

The Department conducted and documented weekly conference call meetings with the contractor and the counties that use JCMS regarding system changes and issues.

While the Department’s contract with the Texas Conference of Urban Counties contained service level agreements, which outline required service availability and incident response times, the Department did not have a process to ensure that the contractor met those service requirements.

As of February 2019, the Department had made six payments totaling $3,028,250 for the contract audited. Auditors tested all six payments and verified that all were timely and had the required approvals.

Medium

Auditors tested the Department’s four monitoring activities of TrueCore: Monitoring and Inspections (M&I) annual site visits; quarterly risk management reviews for site safety and security; annual health services reviews; and monthly case management site visits for fiscal years 2018 and 2019. For three of those monitoring activities, the Department had sufficient documentation that the monitoring activities were performed and that identified issues were corrected.

While the Department ensured that its payments to TrueCore were approved as required, some payments were late and did not include the interest that accrued as a result of those late payments.

High

The Department did not apply rebates and credit card fraud refunds to its payments to the fuel card vendor and, therefore, it paid the fuel card vendor $503,496 more than the invoiced amount during the scope of this audit. After auditors brought this matter to its attention, the Department provided documentation indicating that it had reduced a subsequent payment to the fuel card vendor by $437,423 to begin to address that issue. The Department also incurred penalties because it did not make payments to the fuel card vendor in a timely manner. Additionally, the Department did not incorporate the results of supervisory reviews of employees’ fuel card charges into its payment process.

High

In addition, the Department did not adequately monitor its employees’ use of fuel cards by reconciling charges that employees self-reported on monthly logs with available data from the fuel card vendor. It also did not implement an alternative process to validate its employees’ fuel card charges before it paid the fuel card vendor’s invoices. As a result, auditors identified:

• Fuel card charges that employees did not report, including out-of-state fuel card charges that Department employees asserted they did not make.

• Instances in which fuel cards and driver identification numbers (driver IDs) were used by Department employees other than the employees to whom those fuel cards and driver IDs were assigned (including former employees).

The issues above increase the risk that the Department could pay for fuel purchases that do not support state business.

Medium

The Department should strengthen its monitoring of the FAST contract to ensure that the contractor adequately protects clients’ personal information, provides quality services that are accessible across the state, and complies with its HUB subcontracting plan. Not adequately monitoring the contract increases the risk that the Department may not be aware of potential contractor issues and may be unable to take corrective action when necessary.

Low

The Commission on Environmental Quality (Commission) effectively monitored the selected Superfund contract with URS Corporation/AECOM Technical Services, Inc. and the waste removal contract with Philotechnics, Ltd. to help ensure that the contractors were performing the work required by the contracts and work orders. The Commission also ensured that it paid for the item amounts and quantities approved and authorized by the contracts and work orders.

Medium

The Office followed applicable requirements in its planning, procurement, and formation of Hurricane Harvey-related contracts for the PREPS and CDBG-DR programs. However, it did not always report contracts to the Legislative Budget Board (LBB) in accordance with General Appropriations Act (85th Legislature) requirements. Additionally, while the Office had monitoring processes in place, it should strengthen those processes to ensure that monitoring is sufficient and adequately documented. Specifically, the Office should implement an oversight process to ensure that all monitoring activities it determines to be necessary are performed and documented.

High

The Department did not consistently report all contracts to VPTS required by statute. Specifically, from September 1, 2017, through December 31, 2018, the Department reported vendor performance to VPTS for 75 contracts. However, it should have reported vendor performance for a total of 573 contracts valued at $25,000 or more that were completed or terminated during that same time period. The Department followed the Comptroller’s Office’s VPTS reporting procedures for the 20 vendor performance reports tested with a grade from A to D; however, the Department did not follow those procedures for the two reports it submitted with an F grade. The Department submitted 36 (48 percent) of 75 vendor performance reports from September 1, 2017, through December 31, 2018, more than 30 days after completion or termination of the contract. Those reports were submitted from 1 day to more than 2 years late. The Department did not retain adequate support for 4 (18 percent) of 22 vendor performance reports tested. As a result, the Department could not demonstrate that the report grades assigned to the vendors were accurate.

Low

The Division had processes and related controls to help ensure that it administered and monitored the design and construction contracts tested in accordance with applicable requirements.

Low

The Division had policies and procedures that addressed the key areas from the State of Texas Contract Management Guide related to contract closeout and liquidated damages. Seven of the 23 projects tested were closed, and the Division obtained the required closeout review and approvals for 6 of those projects.

In addition, auditors tested the 11 construction and design contracts associated with the 7 closed projects to determine whether the Division maintained documentation showing that it followed its contract closeout process. Auditors determined that:

- The Division maintained applicable documentation (such as the final invoice, contract closeout routing slip, and certificate of final completion) for all four of the six design contracts tested for which that requirement was applicable.

- For 4 (80 percent) of the 5 construction contracts tested, the Division maintained all documentation (final invoice, performance summary report, contract closeout routing slip, and certificate of final completion) necessary to support the final payment voucher.

For the five construction contracts discussed above, the Division had documentation showing that the contracts were completed within agreed-upon time frames.

Medium

The Commission performed monitoring activities to ensure that Pollard complied with the contract requirements. For each individual instant ticket game that auditors tested, the Commission’s monitoring activities ensured that (1) the Commission received the correct quantities and quality of instant tickets and (2) the instant tickets were tamper-resistant and compatible with the Commission’s instant ticket information systems.

However, the Commission should improve certain aspects of its monitoring to ensure that Pollard meets other contract requirements. Specifically, the Commission should improve its monitoring to ensure that it records correct delivery truck seal numbers, consistently performs required background checks on key contractor personnel, verifies that Pollard provides all required reports, and verifies that Pollard complies with test game submission requirements.

Low

The Commission adequately monitored the IGT contract through monitoring activities it contracted to Grant Thornton LLP (Grant Thornton) and direct monitoring activities.

Low

For both contracts audited, the Commission complied with requirements in the State of Texas Contract Management Guide, its policies and procedures, and specific terms in the contracts to verify that contractor invoices were valid, properly supported, and approved.

Additionally, the Commission appropriately supported, authorized, and reduced payments to the contractors based on sanctions that the contracts allowed.

Although invoices were valid, properly supported, and approved, one Commission employee had access rights to the Uniform Statewide Accounting System (USAS) that would allow the employee to both enter and release USAS transactions. That represented a weakness in segregation of duties.

Medium

The Department performed monitoring activities of its contract with License Plates of Texas, LLC, doing business as My Plates (My Plates), which included (1) monitoring progress towards the guaranteed revenue to the State of $15 million, (2) reviewing the annual marketing plan, and (3) participating in monthly meetings with My Plates. However, the Department should perform a risk assessment and develop a monitoring plan to strengthen its monitoring of other key contract deliverables to help ensure that they were being met. For example, the Department should strengthen its monitoring to ensure that the State receives the correct license plate sales revenue amounts and that the third-party license agreements contain all of the required provisions.

Low

The Department complied with most applicable requirements to plan, procure, form, and monitor the Insight Public Sector (Insight) contract. However, it should ensure that all provisions in the contract are consistent with the solicitation documents and the vendor submits all Historically Underutilized Business (HUB) subcontracting plans and reports as required.

Low

The Department required contractors to obtain performance and payment bond coverage and complied with statutory reporting requirements.

High

The Department’s Facilities Section does not have a comprehensive set of approved policies and procedures for its administration of facilities-related contracts, including planning, procurement, formation, and oversight. Having detailed policies and procedures for all aspects of the Facilities Section’s planning, procurement, formation, and oversight processes would help ensure that facilities-related contracts are administered in a consistent and effective manner.

High

The Facilities Section uses a spreadsheet to manually track the details of its facilities-related contracts. Auditors reviewed the information in the Department’s financial accounting system (PeopleSoft Financials) and identified 47 facilities-related State Let contracts, with a total value of $18.3 million, that were not included in the spreadsheet. Auditors also identified a significant number of data fields in the spreadsheet that were incomplete or contained inaccurate information. The Facilities Section uses the data in that spreadsheet to produce key management reports, including its master budget for facilities and its quarterly report to the Joint Oversight Committee on Government Facilities. As a result, Department management and state officials could potentially make decisions based on incomplete or inaccurate information.

Medium

The Department’s Facilities Section performed monitoring activities for its $1.85 million contract with Vincent’s Roofing Inc. However, the Facilities Section should improve its monitoring of (1) payment processing, (2) change orders, and (3) contract closeouts.

High

The Department did not sufficiently monitor the vendor’s delivery of outsourced services to verify that the services it received complied with the contract’s terms. According to the Department’s Negotiated Contracts Procedures Manual, the contract manager and the managing division within the Department are supposed to determine the monitoring method for each contract situation and type of service procured. However, the Department’s Information Management Division did not have documented policies and procedures describing the processes it would use to monitor the contract audited for this report. Without a documented, comprehensive monitoring process, the Department limited its ability to verify that it received all outsourced services and whether the quality of those services complied with the contract.

Low

The Department implemented a monitoring process to help ensure that the vendor invoices and service level agreements were accurate. However, the Department’s monitoring did not include a process to help detect and correct inappropriate changes to either the help desk system reports or the data used to generate the service level compliance reports.

Medium

The Department outsourced the delivery of the transformation projects to the vendor without sufficient Department oversight of the cost of the projects. The Department’s transformation project development process relied on the vendor to provide the Department with detailed project costs. However, the Department did not have a process to verify that those detailed project costs were reasonable.

Medium

The Department did not ensure that it and/or the vendor developed and retained all Department required project documentation. The Department did not have comprehensive, documented, and approved policies and procedures for the delivery and monitoring of contracted services, including the delivery of transformation projects. As a result of the lack of detailed policies and procedures, the Department did not ensure that it had complete documentation for certain transformation projects.

Medium

The Department did not receive three report deliverables and one service deliverable even though the vendor was contractually required to provide the deliverables.

Low

Auditors identified areas in which the Department could improve the effectiveness and efficiency of its procurement process for design-build projects. The Department should consider the following opportunities to improve the effectiveness and efficiency of its use of the design-build method.

• The Department should consider establishing an approved template that specifies the form, substance, and standard provisions for design-build contracts.

• The Department should consider documenting a policy or procedure to ensure that descriptive information related to the alternative technical concepts is redacted before the price proposals are evaluated.

• The Department should consider reviewing the membership of its evaluation committees and subcommittees to ensure adequate segregation in the membership.

• The Department should consider documenting policies and procedures to establish a process for performing a postmortem review during the close-out of a design-build project.

Low

In general, the Department reviewed, approved, and processed payments to the design-build contractors as required.

Low

Auditors examined other aspects of the Department’s oversight of the construction of design-build projects, including the Department’s approval of changes to key personnel, monitoring of quality control activities, and completion and acceptance process.

Key Personnel

Auditors determined that contractors’ approved key personnel were actively involved for the three audited design-build projects with executed contracts. Additionally, appropriate Department personnel approved all the changes to contractors’ key personnel on the three design-build projects audited.18 However, the Department did not always approve changes to key personnel in a timely manner.

Monitoring of Quality Control

The Department did not consistently require the design-build contractors to document and submit quality control deliverables required by the contract provisions.

Completion and Final Acceptance

Of the four audited projects, only the Energy Sector Roadway Repair project was complete as of June 2016. Auditors examined 5 of the 30 roadway segments repaired during the Energy Sector Roadway Repair project and determined that the Department adequately monitored the processes related to substantial completion and final acceptance.

High

The Commission did not report all contracts to VPTS required by statute. Specifically, from September 1, 2017, through December 31, 2018, the Commission reported vendor performance for 1 contract and 6 purchase orders. However, the Commission should have reported vendor performance for a total of 29 contracts and 1,020 purchase orders valued at $25,000 or more that were completed or terminated during that same time period. Statute requires state agencies to submit reports on vendors’ performance to VPTS. The Commission reported incorrect grades for 4 (27 percent) of 15 vendor performance reports it submitted to VPTS from September 1, 2017, through December 31, 2018. For 3 (43 percent) of the 7 required vendor performance it submitted from September 1, 2017, through December 31, 2018, the Commission did not submit the reports within 30 days after the completion or termination of a purchase order or contract as required. Those reports were submitted from 96 days to more than 1 year late. The Commission did not retain support for 14 (93 percent) of 15 vendor performance reports submitted from September 1, 2017, through December 31, 2018. As a result, the Commission could not demonstrate that the reported performance was accurate.

Medium

The Texas Workforce Commission’s (TWC) use of DIR information technology staffing services contracts generally complied with state laws, rules, policies, and procedures. Auditors tested five TWC purchase orders for information technology staffing services that totaled $768,310. The results of that testing identified opportunities to improve certain aspects of its contract management processes related to those contracts.

Low

The Texas Board of Nursing (Board) performed monitoring processes for its contract with the Texas Nurses Foundation (Foundation), such as meeting regularly with Foundation staff, ensuring receipt of Texas Peer Assistance Program for Nurses (Program) reports, reviewing and approving contract payments, and reviewing revenue received to fund the Program.

High

The Board should address significant weaknesses in its other contract monitoring processes to ensure that it adequately monitors the Foundation’s performance and analyzes the reports that the Foundation submits for the Program. The Board did not have documentation that it used those reports to inform its decisions related to the contract, and the Board did not have a process in place to verify the accuracy or completeness of the information that the Foundation submitted. Additionally, the Board’s monitoring of the contract was decentralized and not always sufficiently documented.

Medium

ACH generally monitored foster care providers as required by conducting desk reviews and/or onsite visits to determine whether the foster care providers complied with contract requirements and minimum standards. However, it should improve its compliance with annual monitoring requirements and certain aspects of its desk reviews and onsite visits.