Upload
voquynh
View
216
Download
0
Embed Size (px)
Citation preview
Audit Committee Meeting
Teacher Retirement System of Texas 1000 Red River Street, Austin, Texas 78701-2698
December 2016
NOTE: The Board of Trustees (Board) of the Teacher Retirement System of Texas will not consider or act upon any item before the Audit Committee (Committee) at this meeting of the Committee. This meeting is not a regular meeting of the Board. However, because the full Audit Committee constitutes a quorum of the Board, the meeting of the Committee is also being posted as a meeting of the Board out of an abundance of caution.
TEACHER RETIREMENT SYSTEM OF TEXAS BOARD OF TRUSTEES
AND AUDIT COMMITTEE
(Mr. Moss, Chairman; Ms. Charleston; Mr.Corpus; Dr. Gibson; and Ms. Palmer, Committee Members)
All or part of the September 23, 2016, meeting of the TRS Audit Committee and Board of Trustees may be held by telephone or video conference call as authorized under Sections 551.130 and 551.127 of the Texas Government Code. The Board intends to have a quorum physically present at the following location, which will be open to the public during the open portions of the meeting: 1000 Red River, Austin, Texas 78701 in the TRS East Building, 5th Floor, Boardroom.
AGENDA
December 2, 2016 – 9:30 a.m. TRS East Building, 5th Floor, Boardroom
1. Call roll of Committee members
2. Approve minutes of September 23, 2016 Audit Committee meeting – Christopher Moss
3. Receive independent audit reports on audits of the Comprehensive Financial Reports forFiscal Year 2016
A. TRS – Michael Clayton and Kelley Ngaide, State Auditor’s Office (SAO) B. TRS Investment Company (TRICOT) – Bhakti Patel, Grant Thornton
4. Receive review reports for TRS health plan and drug benefit administration for TRS-Careand TRS-ActiveCare – Yimei Zhao; Amy Quertermous, John Meka, Keith Gall, and CarolHamilton, Truven Health Analytics
A. Results overview of TRS-Care and TRS-ActiveCare health plan and drug administration review reports for September 1, 2013 to August 31, 2015
B. Review Report of TRS-Care health plan administration by Aetna for September 1, 2013 to August 31, 2015 and review of TRS-ActiveCare health plan administration by Aetna for September 1, 2014 to August 31, 2015
C. Review Report of TRS-ActiveCare drug benefit administration by Caremark Rx for September 1, 2014 to August 31, 2015
D. Review Report of TRS-Care drug benefit administration by ESI for September 1, 2013 to August 31, 2015
E. Review Report of TRS-Care Employer Group Waiver Plan (EGWP) drug benefit administration by ESI for September 1, 2013 to December 31, 2014
5. Receive Compliance reports – Heather Traeger
6. Receive Internal Audit reportsA. Quarterly Investment Compliance Testing (Agreed-Upon Procedures) – Hugh
Ohn and Heather Traeger B. 403(b) Program Audit – Hugh Ohn
NOTE: The Board of Trustees (Board) of the Teacher Retirement System of Texas will not consider or act upon any item before the Audit Committee (Committee) at this meeting of the Committee. This meeting is not a regular meeting of the Board. However, because the full Audit Committee constitutes a quorum of the Board, the meeting of the Committee is also being posted as a meeting of the Board out of an abundance of caution.
C. Follow-Up Audit on Outstanding Audit Recommendations (Records Management) – Jan Engler and Toma Miller
D. Prior audit and consulting recommendations; and, implementation status of Automation Best Ideas - Amy Barrett, Chris Bailey, and Scot Leith
E. Internal Audit Annual Report – Amy Barrett
7. Discuss or consider Internal Audit administrative reports and matters related to governance, risk management, internal control, compliance violations, fraud, regulatory reviews or investigations, fraud risk areas, audits for the annual internal audit plan, or auditors' ability to perform duties – Christopher Moss and Amy Barrett
December 2016 Board Audit Committee Meeting 1
TEACHER RETIREMENT SYSTEM OF TEXAS AUDIT COMMITTEE MEETING MINUTES
September 23, 2016
The Audit Committee of the Board of Trustees of the Teacher Retirement System of Texas met on September 23, 2016, in the boardroom located on the fifth floor of the TRS East Building offices at 1000 Red River Street, Austin, Texas.
Committee Members present: Mr. Chris Moss, Chair Ms. Karen Charleston Mr. David Corpus Ms. Anita Palmer Other Board Members present: Mr. Joe Colonnetta Mr. John Elliott Mr. David Kelly Ms. Dolores Ramirez Others present: Brian Guthrie, TRS Jan Engler, TRS Ken Welch, TRS Rodrigo Dominguez, TRS Carolina de Onis, TRS Cari Casey, TRS Amy Barrett, TRS Simin Pang, TRS Katrina Daniel, TRS Anandhi Mani, TRS Toma Miller, TRS Lih-Jen Lan, TRS Heather Traeger, TRS Michael Clayton, SAO Hugh Ohn, TRS Kelley Ngaide, SAO Dorvin Handrick, TRS Ted Melina Raab, Texas AFT Dinah Arce, TRS Philip Mullins, TSEU Art Mata, TRS LeRoy DeHaven, TRTA Katherine Farrell, TRS Audit Committee Chair Mr. Moss called the meeting to order at 8:05 a.m.
1. Call roll of Committee members.
Ms. Farrell called the roll. A quorum was present. Dr. Gibson was absent.
2. Consider the approval of the proposed minutes of the July 29, 2016 committee meeting – Committee Chair Mr. Chris Moss.
On a motion by Ms. Palmer, seconded by Ms. Charleston, the proposed minutes for the July 29, 2016 Audit Committee meeting were approved as presented.
December 2016 Board Audit Committee Meeting 2
3. Receive State Auditor’s Office presentation on the planned audit of TRS’ Comprehensive Annual Financial Report for fiscal year 2016 and results of the audit of TRS’ fiscal year 2015 Employer Pension Liability Allocation Schedules – Michael Clayton and Kelley Ngaide, State Auditor’s Office
Ms. Kelly Ngaide informed the committee that the State Auditor expected to release its opinion on the TRS’ financial statements for fiscal year 2016 on November 17. Ms. Ngaide noted the report on internal controls and compliance and other matters will be released at the end of November. She then reviewed new Governmental Accounting Standards Board (GASB) standards that will affect the audit. Mr. Clayton discussed in further detail the liability schedules. He indicated that when GASB 75, that is related to financial reporting of other postemployment benefits (OPEB), comes into play, it will have an effect similar to the 2014 GASB 68. Mr. Clayton noted the OPEB number is going to be a very large number and will probably garner a lot of interest. Mr. Clayton indicated that more guidance regarding the OPEB is expected and indicated there may be additional work required to produce the necessary schedules. Mr. Clayton said TRS staff did a good job with their outreach efforts on the pension liability schedules and it will be key to do that for OPEB as well.
4. Receive final report on the TRS-ActiveCare Open Enrollment Readiness Review and results of TRS Open Enrollment – Amy Barrett, Toma Miller, and Katrina Daniel
Ms. Daniel reported that as the enrollment progressed relatively few issues were seen. Ms. Daniel stated that every time something came up Aetna and WellSystems addressed it. Ms. Daniels indicated there will be a future discussions with Aetna about what went well during open enrollment and work needed to do in the future. Ms. Daniel stated the first full billing cycle is not complete but things have gone well so far. Mr. Greg Wood stated they recognized that just due to size and complexity that there would be some issues. He reported they positioned themselves to react and respond quickly to resolve the unexpected events and the teams performed well. Ms. Daniel concluded the next step is to review with Aetna the issues that came up from the districts during the enrollment process. She then said they would consult with some of the districts to determine what needs to be done for an even better enrollment cycle next year.
5. Receive Investment Compliance reports – Heather Traeger Ms. Barrett provided background as to the distinction between compliance and audit. Ms. Heather Traeger reported on the ethics and fraud monitoring. Ms. Traeger stated that, during the reporting period, her office had looked into four items, three of which had been concluded while one was still pending. Of these items, two were from Benefits, one from Human Resources and one from Legal. Ms. Traeger noted TRS is taking steps to enhance the visibility of the different avenues in which ethics and compliance issues can be raised. Ms. Traeger then reported on the Code of Ethics for Contractors (Code). She reminded the committee that the Board has revised the Code at its June 2016 meeting and put into place new processes for contractors to report any actual or potential conflict of interests. Ms. Traeger noted
December 2016 Board Audit Committee Meeting 3
that there had been three conflict determination requests from contractors, one of which had been withdrawn due to a transaction not moving forward. Ms. Traeger said the Executive Director and General Counsel had determined there was no conflict existed in the two remaining cases.
6. Receive Internal Audit reports A. Quarterly Investment Compliance Testing (Agreed-Upon Procedures) – Hugh
Ohn and Heather Traeger
Mr. Hugh Ohn reported on the results of the quarterly investment compliance testing. Mr. Ohn stated a couple of new areas tested during the quarter were the budget transfers, expenditures and the employees and Trustee annual ethics training. Mr. Ohn noted the results indicated that there were no compliance violations during this time period.
B. Second-Half Test Results of Investment Controls (Tactical Asset Allocation) – Hugh Ohn
Mr. Ohn reported on the results of the semiannual test of IMD controls related to the tactical asset allocations. Also covered were the derivatives instrument that the tactical asset allocation (TAA) group uses to execute their trade. Other IMD groups that provide support for the tactical, TAA portfolios, such as risk group, trading group, and investment operations group were covered. Mr. Ohn reported the results of the audit indicate that management controls are working effectively. Mr. Ohn stated they did recommend putting together written operating procedures for completing the complicated strategies running the models. He said management agrees with this recommendation.
C. Overall Opinion on Investment Management Division Internal Controls –
Hugh Ohn Mr. Ohn noted the opinion issued is similar to opinions in the past two fiscal years. And like the past two years, Mr. Ohn, stated the opinion is expressly based on 28 internal and external audits performed in the past three fiscal years. Mr. Ohn reported that overall IMD controls are effective to ensure that they are achieving their business objectives. Mr. Ohn said this opinion is based on the facts that significant controls are working at IMD as designed. In conclusion, Mr. Ohn remarked that since they had not identified any significant control weaknesses or deficiencies in the past three years, they are planning to deviate from the regularly scheduled audit cycle. Mr. Ohn stated they plan to lightly cover internal public markets as planned but also will try to cover the private markets a bit more.
D. Annual Testing of Benefit Payments (Agreed-Upon Procedures) – Amy
Barrett and Dorvin Handrick Ms. Barrett reported the results from testing benefits are excellent. Only one issue was found, and it was related to the calculation of final average salaries in the member’s favor.
E. Employer Audits – Dinah Arce and Art Mata
Mr. Art Mata reported the employer audit team completed the audits of Socorro ISD and Ysleta ISD, both districts are located in the El Paso area. Mr. Mata stated they audited the March 2016
December 2016 Board Audit Committee Meeting 4
contribution reports for these districts to confirm member eligibility and accuracy of contributions and also tested the census data of all the members. Mr. Mata noted that most of the districts reports were accurate and complete for the same that was tested. However, both districts in the summary reports were incomplete or inaccurate. Mr. Ohn said the statutory minimum report and the employment after retirement report for both districts contained errors. Ms. Dinah Arce reported on the two years that employer audits have been conducted. She noted in total eleven audits have been conducted with seven completed this past year. Ms. Arce reviewed the size of the schools and contributions reported. She said the schools are in the process of making corrections, seven schools having completed the corrections. Ms. Arce noted in the coming year there will be changes to the report in order to streamline it down and initiate efficiencies in order to accommodate the increase in number and to report quickly to schools. Ms. Barbie Pearson reported on the overall recovered or given credit for the whole year in which audits were performed. Audits only look at one month. Ms. Pearson said the net correction was a negative $17,294. New employee contributions made in error was why there was a net payout. In answer to Mr. Kelly’s inquiry, Ms. Barrett and Ms. Pearson said guidance to districts will be given through monthly newsletters and presentations.
7. Receive report on the status of prior audit and consulting recommendations – Amy
Barrett Ms. Amy Barrett reported they are scaling back in terms of what is focused on with the regular employer audits. Ms. Barrett stated they are to focus on what is not understood by the employer and pass along information to benefit reporting for communicating and educating. Ms. Barrett said they are going to do a separate audit to see if more can be done in just employment after retirement. Ms. Barrett said the third area is to develop an audit program for colleges and universities. Ms. Barrett reported on the outstanding audit recommendations as making good progress. The only one issue is in regards to TEAM being implemented in order to wrap that one up on strengthening controls.
8. Consider recommendations to the Board of Trustees – Amy Barrett
A. Proposed revisions to the Internal Audit Charter Ms. Amy Barrett brought forward two revisions to the Internal Audit Charter. Ms. Barrett stated the first change is driven by the Institute of Internal Auditors which have decided that the mission statement for Internal Audit is really a definition of Internal Audit. The Institute also recommended a list of ten principles for Internal Audit. Ms. Barrett recommended the Charter incorporate these changes. The other recommended change is to reflect the responsibility for the hotline to Compliance.
B. Proposed Audit Plan for Fiscal Year 2017
Ms. Amy Barrett noted how the plan was developed through risk assessment, feedback from various groups and interviews with Trustees. Ms. Barrett provided a summary of the plan and the audits that are proposed for the fiscal year 2017. Ms. Barrett reported there is sufficient resources to complete the annual audit plan.
December 2016 Board Audit Committee Meeting 5
On a motion by Mr. Moss, seconded by Mr. Corpus, the Committee unanimously approved to recommend that the Board of Trustees adopt the proposed revisions to the Internal Audit charter as presented by staff and to approve the proposed audit plan for the fiscal year 2017 as presented by staff.
9. Discuss or consider Internal Audit administrative reports and matters related to
governance, risk management, internal control, compliance violations, fraud, regulatory reviews or investigations, fraud risk areas, audits for the annual internal audit plan, or auditors' ability to perform duties – Christopher Moss and Amy Barrett
Ms. Barrett reported that they did get through the annual audit plan last year with all the assurance projects completed. Ms. Barrett noted data analysis activities were not completed. Ms. Barrett reported they met all of the performance measures for last year. Ms. Barrett then took the opportunity to introduce newest members of Audit and inform the Committee about reorganization and promotions within Audit. Without further discussion, the meeting adjourned at 9:55 a.m. APPROVED BY THE AUDIT COMMITTEE OF THE BOARD OF TRUSTEES OF THE TEACHER RETIREMENT SYSTEM OF TEXAS ON THE 2ND DAY OF DECEMBER 2016.
______________________________ _________________ Katherine H. Farrell Date Secretary of the TRS Board of Trustees
PRESENTATION TITLE >>> NAME FEB-09-15
PRESENTATION FOR THE AUDIT COMMITTEE BY TRUVEN HEALTH ANALYTICS
DECEMBER 2, 2016
Tab 4A
Background of Audited Plans
• Three self-funded plans:• ActiveCare 1-HD
• ActiveCare 2
• ActiveCare Select
• Health Plan Administrator: Aetna
• Pharmacy Benefits Manager: CVSHealth/Caremark
TRS-ActiveCare
• Three self-funded plans:• Care 1
• Care 2
• Care 3
• Health Plan Administrator:Aetna
• Pharmacy Benefits Manager:Express Scripts
TRS-Care
2
TRS Audit Changes
What changes were made?
• Procured a new audit firm:Truven Health Analytics, an IBM Company
• Full Claims Review vs. Sampling only
• Annual audits vs. every two years
• Increased focus on self-insured plans
Why were changes made?
• Truven brings full claim reprocessing, focused testing, and impact analysis based on error characteristics and root causes
• Increased assurance that our venders are implementing plan designs accordingly
• Shortened issue identification and resolution time
• Increased oversight of the self-insured plans and their vendors
3
More errors identified than in previous years is reflective of expanded auditing,
not declining vendor performance.
Audit Results
Good News Report
Vendor performance above industry standards
Affirmation of contractual obligations
4
TRUVEN HEALTH ANALYTICS - TRS AUDITS
• Audit Scope• Medical - Aetna
• TRS-Care (9/1/2013 – 8/31/2015)• TRS-ActiveCare (9/1/2014 – 8/31/2015)
• Rx - Caremark• TRS-ActiveCare (9/1/2014 – 8/31/2015)
• Rx - ESI• TRS-Care - EGWP (9/1/2013 – 12/31/2014)
• TRS-Care - Commercial (9/1/2013 – 8/31/2015)
• Claims Audit, Operational Review, Performance Guarantee Verification
5
TRUVEN HEALTH ANALYTICS – TRS AUDITS
• Audit Methodology - Claims
• Obtain Summary Plan Descriptions (SPD) and other Benefit Documentation
• Develop Benefit Templates Based on SPDs
• Obtain Claims Files From Administrators
• Use Proprietary Software to Re-adjudicate 100% of Claims• Benefit Determinations (Coinsurance, Copayments, Deductibles, etc.)• Industry Standards
Administrator Claim Count Paid
Aetna 9,741,865 $2,654,331,350
Caremark 4,331,150 $333,432,600
ESI - Commercial 5,990,979 $627,162,700
ESI - EGWP 6,164,874 $548,457,201 6
TRUVEN HEALTH ANALYTICS – TRS AUDITS
• Audit Methodology - Claims (continued)
• Group Potential Exceptions Into Various Categories
• Select Claims Samples from Exception Categories
• Test Claims Samples
• Medical - Onsite Audit
• Rx - Reviewed Remotely
• Evaluate Administrator Sample Responses
• Complete 100% Claims Analysis Based on Remaining Sample Exceptions
• “Agree To”
• “Agree to Disagree”7
TRUVEN HEALTH ANALYTICS - TRS AUDITS
• Audit Results, Key Findings and Observations
• Administrators Performing At or Above Acceptable Levels
• Medical – Aetna
• Overall claims findings are within Truven benchmark (1%-2%)• TRS-ActiveCare - 0.04%
• TRS-Care - 0.07%
• Opportunities to clarify benefit intentions• Ineligible Services
• Coinsurance Provisions
8
TRUVEN HEALTH ANALYTICS - TRS AUDITS
• Rx - Caremark
• Overall claims findings of 1.52% of Rx spend are within Truven benchmark (< 2%)
• Opportunities for improvements• Early Refill Claims
• Copayment Application
• Caremark addressing exceptions for VA claims and will reimburse TRS
9
TRUVEN HEALTH ANALYTICS - TRS AUDITS
• Rx - ESI-Commercial• Overall claims findings of 0.96% (FY2014) and 0.65% (FY2015) of Rx spend
are within Truven benchmark (< 2%)
• Opportunities for improvements• Duplicate and Early Refill Claims
• Quantity Limitation Clinical Program
• Rx - ESI-EGWP• Overall claims findings of 0.22% (CY2013) and 0.30% (CY2014) of Rx spend
are within Truven benchmark (< 2%)
• Opportunities for improvements• Early Refill Claims
• Quantity Limitation Clinical Program
10
Teacher Retirement System of Texas Review of Health Plan Administration by Aetna for September 1, 2013 to August 31, 2015
Plans: TRS-ActiveCare and TRS-Care
Prepared for: Teacher Retirement System of Texas Version F1.0.1 Submitted: September 23, 2016 Submitted by: Truven Health Analytics
©Truven Health Analytics Inc. Proprietary and Confidential Page 4 of 78
1 EXECUTIVE SUMMARY
1.1 Engag ement Overview and Scope The Teacher Retirement System of Texas (TRS) engaged Truven Health Analytics (Truven) to conduct a health claims review to:
Assess the administration of TRS’s self-funded employee health plans by Aetna. Determine if Aetna is in compliance with the terms of the Administrative Services Agreement
(ASA), Summary Plan Description (SPD), and other applicable documents.
This engagement primarily examined Aetna’s claims adjudication accuracy relative to all claims incurred by TRS’s plan members for TRS-Care plans from September 1, 2013 to August 31, 2015 and paid through November 30, 2015 and for TRS-ActiveCare plans from September 1, 2014 to August 31, 2015 and paid through November 30, 2015. In addition, we were engaged to perform an operational review to assess the policies, procedures, and controls that support the administration of TRS’s health plans. The health plans included in the review consist of the following:
TRS-ActiveCare 1-HD Fiscal Year 2015 TRS-ActiveCare 2 Fiscal Year 2015 TRS-ActiveCare Select Fiscal Year 2015 TRS-Care 1 Fiscal Years 2014 and 2015 TRS-Care 2 Fiscal Years 2014 and 2015 TRS-Care 3 Fiscal Years 2014 and 2015
1.2 Claims Review Result s Using our proprietary software, we analyzed 100% of the paid claims incurred by TRS’s members for the review period (for more information about the 100% claims analysis, see Section 2, Engagement Approach).
The proprietary software is designed to process and identify claim exceptions in the following categories:
Payments in compliance with the plan design. This includes plan customized edits to assure that benefits are paid in accordance with the SPD including items such as benefit limits, frequencies and maximums and the appropriate application of deductibles, copayments and coinsurance. The software assures that claims for benefit exclusions (ineligible services) are not paid and that emergency claims are correctly processed for in and out of network providers.
Payments only for eligible members. The software identifies claims paid for inactive members, as well as services paid prior to or after a member’s eligibility dates.
Industry Standard edits. This includes system control edits such as National Correct Coding Initiative edits (NCCI), identification of claims that may be other party liability and coordination of benefits such as Medicare, end stage renal disease (ESRD), subrogation and worker’s compensation, duplicate payments, assistant surgeon payments and anesthesia/surgical reduction claims. NCCI edits also include facility and physician up-coding and unbundling, incidental charges, medically unlikely and never events.
©Truven Health Analytics Inc. Proprietary and Confidential Page 5 of 78
Case Management edits. This includes identification of claims which may benefit from case management and/or utilization review such as high risk obstetrical claims, rehabilitation claims and terminally ill member claims.
Payment Integrity edits. These include the identification of claims which may benefit from additional provider pattern analysis to identify fraud, waste and abuse. Examples of these edits include claims for ambulance trips that had no subsequent claim that same day for an emergency room, diagnosis or CPT conflicts with age or gender, new patient exams when a less expensive established exam should have been billed, incidental services and once in a lifetime services.
Contract review. In addition to the claim exceptions identified by the software algorithms, a sample of claims are reviewed to assure compliance with the provider contract. These represent large dollar claims which are reviewed manually during an onsite visit to assure payment for each service was made in accordance with the provisions of the provider contract.
Exception categories were developed based on rules customized to TRS specific plan benefits described in the SPDs, industry standards for coding, and claims processing best practices (e.g., duplicate claims).
From the population of potential exceptions, we selected a sample of 300 claims for onsite review that consisted of 150 claims for each plan, TRS-ActiveCare and TRS-Care. Of the 300 claims reviewed, we determined during the onsite review that 257 claims were processed and paid correctly. Of the remaining 43 exceptions, Aetna agreed with Truven’s assessment that there was an exception in processing the claim on 33 claims. On the remaining 10 claims, Aetna did not agree, but Truven considers these to be exceptions. Based on these 43 exceptions, Truven determined which types of exceptions represented systemic claims processing exceptions and for these exception categories 100% of the claims identified were considered to be exceptions. This process resulted in the identification of 6,910 claims and $1,440,423 in total exceptions with $1,266,198 in net overpayment exceptions for both plans. The following chart provides the breakdown of total exceptions by plan.
Plan Claim Exceptions Total Payment
Exceptions Net Overpayment
% of Total Paid as
Exceptions
TRS-ActiveCare 2,161 $521,967 $453,628 0.04%
TRS-Care 4,749 $918,456 $812,570 0.07%
Total 6,910 $1,440,423 $1,266,198 0.05%
1.3 Result s by Plan The sample results were analyzed by plan. The 300 claim sample contained 150 claims each from both the TRS-ActiveCare plans and the TRS-Care plans. For the TRS-ActiveCare plans there was an exception rate of 0.05% of paid dollars reviewed, while the TRS-Care plans had an exception rate of 0.07% of paid dollars reviewed. Both plans performed well when compared to audits of other third party administrators.
These results include claims that were both overpaid and underpaid by Aetna. The dollar figures shown for the exceptions reflect the combined total of overpayment and underpayment dollar amounts of the
©Truven Health Analytics Inc. Proprietary and Confidential Page 6 of 78
payment exceptions (not the net amount). It should also be noted that the sample exceptions are included in the final analysis. For further details on the exceptions by category and type, please refer to Section 3, Summary of Findings by Exception Area and Appendix A, Detailed Claims Findings
The absolute amount of the overall findings for both plans combined, irrespective of overpayments and underpayments is $1,440,423. The net dollar impact of all findings is an overpayment of $1,266,198, which represents potential recoveries and savings opportunities for TRS. $453,628 in net overpayments are identified for TRS-ActiveCare and $812,570 in net overpayments are identified for TRS-Care.
SPD Analysis – TRS-ActiveCare Plan Initial 100% Claims Analysis for SPD
Exceptions Claims Paid % Total Paid
Total claims analyzed 4,192,275 $1,274,098,289 100%
Claims passing Truven edits 3,564,953 $923,495,153 72.48%
Claims identified for further testing and analysis 627,322 $350,603,136 27.52%
Total claims selected for onsite review 102 $284,207 0.02%
Onsite Review Results Claims Financial Impact % of Sample
Total sample claims confirmed as correctly processed
82 $274,846 96.71%
Exceptions identified from sample 20 $9,361 3.29%
Exceptions agreed to by Aetna 16 $6,936 2.44%
“Agree to disagree” exceptions 4 $2,425 0.85%
Final 100% Claims Analysis Results Claims Financial Impact % Total Paid
Total exceptions identified in claims population 1,132 $200,146 0.02%
Administrative Services and Industry Standards and Best Practices Analysis – TRS-ActiveCare Plan
Initial 100% Claims Analysis for Industry Standards and Best Practices Claims Paid % Total Paid
Total claims analyzed 4,192,275 $1,274,098,289 100%
Claims passing Truven edits 4,191,338 $1,273,333,961 99.94%
Claims identified for further testing and analysis 937 $764,328 0.06%
Total claims selected for onsite review 48 $571,102 0.04%
Onsite Review Results Claims Financial Impact % of Sample
Total sample claims confirmed as correctly processed
40 $564,879 98.91%
Exceptions identified from sample 8 $6,223 1.09%
Exceptions agreed to by Aetna 5 $5,339 0.93%
©Truven Health Analytics Inc. Proprietary and Confidential Page 7 of 78
“Agree to disagree” exceptions 3 $884 0.15%
Final 100% Claims Analysis Results Claims Financial Impact % Total Paid
Total exceptions identified in claims population 1,030 $321,821 0.03%
SPD Analysis – TRS-Care Plan Initial 100% Claims Analysis for SPD
Exceptions Claims Paid % Total Paid
Total claims analyzed 5,549,590 $1,380,233,060 100%
Claims passing Truven edits 5,423,870 $1,292,230,130 93.62%
Claims identified for further testing and analysis 125,720 $88,002,930 6.38%
Total claims selected for onsite review 97 $175,784 0.01%
Onsite Review Results Claims Financial Impact % of Sample
Total sample claims confirmed as correctly processed
87 $173,602 98.76%
Exceptions identified from sample 10 $2,182 1.24%
Exceptions agreed to by Aetna 7 $1,795 1.02%
“Agree to disagree” exceptions 3 $386 0.22%
Final 100% Claims Analysis Results Claims Financial Impact % Total Paid
Total exceptions identified in claims population 3,542 $351,935 0.03%
Administrative Services and Industry Standards and Best Practices Analysis – TRS-Care Plan
Initial 100% Claims Analysis for Industry Standards and Best Practices Claims Paid % Total Paid
Total claims analyzed 5,549,590 $1,380,233,060 100%
Claims passing Truven edits 5,548,922 $1,378,441,219 99.87%
Claims identified for further testing and analysis 668 $1,791,841 0.13%
Total claims selected for onsite review 53 $912,891 0.07%
Onsite Review Results Claims Financial Impact % of Sample
Total sample claims confirmed as correctly processed
48 $909,909 99.67%
Exceptions identified from sample 5 $2,982 0.33%
Exceptions agreed to by Aetna 5 $2,982 0.33%
“Agree to disagree” exceptions - - 0.00%
Final 100% Claims Analysis Results Claims Financial Impact % Total Paid
©Truven Health Analytics Inc. Proprietary and Confidential Page 8 of 78
Total exceptions identified in claims population 1,207 $566,521 0.04%
1.4 Review Conclus ion s Based on the results of this review and our prior audit experience with other administrators, we determined Aetna is performing at an above-average level. Our experience is that, on an overall basis, the total dollars identified as exceptions range between 1% to 2% of the total dollars analyzed. The results of this review were that 0.05% of the total dollars analyzed were identified as exceptions. Unless specifically noted in the findings sections of this report, claims met the plan specific and industry standards for proper claims adjudication.
The results of our operational review indicated that generally Aetna has the proper organizational structure and processes in place to support your account. However, there were two observations made regarding Aetna processes for overpayment reporting and claims turnaround time. These observations will be discussed in detail in the Operational Review Observation section of this report.
Although performance was above-average there are several opportunities for improvement that would result in both short-term and long-term savings to TRS. Those opportunities are highlighted below.
1.5 Summ ary of Findin gs Aetna reported that approximately 84% of TRS-Care claims and approximately 87% of TRS-ActiveCare claims are auto-adjudicated, which is within and slightly above the industry average of 80% to 85%. Auto-adjudicated claims pass through all system edits, and benefits are then calculated based on the plan design features programmed in the system without claims examiner intervention. Therefore, any exceptions attributed to a discrepancy in the interpretation or loading of the benefits would impact all similar claims.
The following charts provide information on the overall review findings from a financial perspective.
SPD Exceptions – TRS-ActiveCare Plan
Exception Category Net Findings Over-
payment Under-
payment Total
Findings % of Total
100 Percent Coverage ($1,086) - $1,086 $1,086 0.5%
Coinsurance Application $7,201 $15,684 $8,483 $24,168 12.1%
Copayment Application $9,867 $34,467 $24,600 $59,067 29.5%
Ineligible Services $107,308 $107,308 - $107,308 53.6%
Visit Limitation $8,517 $8,517 - $8,517 4.3%
Grand Total $131,807 $165,977 $34,170 $200,146 100.0%
©Truven Health Analytics Inc. Proprietary and Confidential Page 9 of 78
Administrative Services and Industry Standards and Best Practices Exceptions – TRS-ActiveCare Plan
Exception Category Net Findings Over-
payment Under-
payment Total
Findings % of Total
Contract Review $4,726 $4,726 - $4,726 1.5%
Eligibility $884 $884 - $884 0.3%
Duplicate Claim Payment $260,752 $260,752 - $260,752 81.0%
Surgery Payments $55,459 $55,459 - $55,459 17.2%
Grand Total $321,821 $321,821 - $321,821 100.0%
SPD Exceptions – TRS-Care Plan
Exception Category Net Findings Over-
payment Under-
payment Total
Findings % of Total
100 Percent Coverage ($187) - $187 $187 0.1%
Coinsurance Application $197,748 $245,473 $47,725 $293,198 83.3%
Copayment Application ($4,328) $703 $5,031 $5,734 1.6%
Ineligible Services $41,577 $41,577 - $41,577 11.8%
Visit Limitation $11,239 $11,239 - $11.239 3.2%
Grand Total $246,049 $298,992 $52,943 $351,935 100.0%
Administrative Services and Industry Standards and Best Practices Exceptions – TRS-Care Plan
Exception Category Net Findings Over-
payment Under-
payment Total
Findings % of Total
Duplicate Claim Payment $444,132 $444,132 - $444,132 78.4%
Surgery Payments $122,389 $122,389 - $122,389 21.6%
Grand Total $566,521 $566,521 - $566,521 100.0%
For further details on the exceptions by category and type, please refer to Section 3, Summary of Findings by Exception Area and Appendix A, Detailed Claims Findings.
1.6 Except ion Categories Compared to Industry Bench marks
The following chart compares Aetna’s experience for the identified exception categories to that of other Health Plans (Benchmark Error Rate). The error rate identified on the Aetna claims is well below that of other commercial and government health plans audited by Truven.
©Truven Health Analytics Inc. Proprietary and Confidential Page 10 of 78
Benchmarks – TRS-ActiveCare Plan
Exception Category Benchmark Error Rate
Aetna Error Rate Aetna Score
100 Percent Coverage 1.70% 0.001% Below average error rate
Coinsurance Application 4.14% 0.003% Below average error rate
Copayment Application 4.28% 0.017% Below average error rate
Ineligible Services 0.35% 0.004% Below average error rate
Visit Limitation 0.11% 0.012% Below average error rate
Duplicate Claims Payment 0.03% 0.007% Below average error rate
Surgery Payments 0.07% 0.003% Below average error rate
Benchmarks – TRS-Care Plan
Exception Category Benchmark Error Rate
Aetna Error Rate Aetna Score
100 Percent Coverage 1.70% 0.003% Below average error rate
Coinsurance Application 4.14% 0.11% Below average error rate
Copayment Application 4.28% 0.002% Below average error rate
Ineligible Services 0.35% 0.10% Below average error rate
Visit Limitation 0.11% 0.006% Below average error rate
Duplicate Claims Payment 0.03% 0.007% Below average error rate
Surgery Payments 0.07% 0.006% Below average error rate
1.7 Recommendations Request and review financial and claim impact analyses for all “Agreed To” exceptions and other
exceptions where Aetna was not properly adjudicating claims according to the SPD language. Where applicable, recoveries should be pursued.
Work with Aetna to clarify the intent of all the plan design features identified as exceptions, with particular focus on non-covered (ineligible) services. Further clarifying language in the SPD related to ineligible services may be helpful. For services which are typically excluded but where approval for payment may be provided on an exception basis, a prior authorization requirement may be appropriate.
Aetna should address the issues identified that are related to the correct application of member liability such as coinsurance and copayment to assure that members are assessed the correct amount and that claims are paid correctly for claims that require coinsurance as well as claims that are covered at 100%.
©Truven Health Analytics Inc. Proprietary and Confidential Page 11 of 78
Aetna should institute edits in the claims processing system to assure chiropractic visits are paid only up to the specified limit.
There were two claims with procedural issues identified which did not have a financial impact but where a change is recommended. When allowed charges are assigned to multiple lines of a claim record or when a claim is processed for an outdated code, the allowed amount should be assigned only to lines for procedure codes representing covered services. This would allow editing software to better identify true errors and eliminate false positive results.
1.8 Aetna’s Response We recognize that the type of audit performed by Truven selects samples based on what they consider a high probability of being paid in error rather than as a statistical sampling. This type of audit is not a measure of overall quality or indicative of any trends. Details for all errors identified and overpayment recovery status are found in the sections below along with the service center responses. We have completed a thorough root cause analysis of all the agreed upon errors and educational feedback has been provided to ensure a thorough understanding of the impact of the errors identified. All affected claims have been referred for reprocessing with the exception of those claims that would result in member responsibility.
Aetna takes these audit results very seriously and recognizes that there is always room for improvement. We continue to focus on continuous quality review through the development of additional system enhancements, as well as conducting focused and refresher training sessions with Claim Benefit Specialists. These steps are vital to our success in quality improvement and are outlined as they relate to this audit in the action plan portion of our report.
Teacher Retirement System of Texas Review of Drug Benefit Administration by Caremark Rx for September 1, 2014 to August 31, 2015
Plan: TRS-ActiveCare
Prepared for: Teacher Retirement System of Texas Submitted: November 17, 2016 Submitted by: Truven Health Analytics
©Truven Health Analytics Inc. Proprietary and Confidential Page 4 of 41
1 EXECUTIVE SUMMARY
1.1 Engagement Ov ervi ew The Teacher Retirement System of Texas (TRS) engaged the services of Truven Health Analytics (Truven) to conduct a pharmacy claims review to assess Caremark Rx’s (Caremark's) administration of TRS’s self-funded pharmacydrug plans and determine if Caremark complies with the terms of the administrative agreement. This engagement encompassed an audit of Caremark to assess the accuracy and appropriateness of its fiduciary responsibility as the plan’s administrative agent including the prescription adjudication process, compliance with pricing agreements, contract terms, and review of quality control procedures. Truven performed an electronic audit of all claims adjudicated by Caremark from September 1, 2014 through August 31, 2015.
The pharmacy drug plans included in this review consist of the following:
TRS-ActiveCare 1 HD Fiscal Year 2015 TRS-ActiveCare 2 Fiscal Year 2015 TRS-Active Select Network Fiscal Year 2015
1.2 Claim s Review Scope Truven analyzed 100% of TRS’s claims incurred by TRS’s plan participants during the audit period and selected a sample of 160 claims for testing and review from Fiscal Year 2015. The sample was selected based on various exception areas identified in the population of claims processed during the audit period. These exception areas were based on standard administrative rules such as quantity limits, ample day supply, co-payments, and eligibility specific to the plan benefits described in the contract and other benefit documents
1.3 Audit Concl usions The sample claims were reviewed based on Caremark’s responses, and 25 exceptions were identified. We evaluated all 4,331,150 claims during the audit period based on Caremark’s responses and identified $5,055,126 in net payment exceptions. The following chart compares the total net cost of all exceptions identified by this audit against the total cost of TRS’s entire claims population.
Overall Audit Results Paid
Total cost of all employee prescription drug claims $333,432,600
Total cost of claims sampled (detail Claims Sample Results) $25,573
Total net exceptions identified in claims sample (detail Claims Sample Results) $746
Total net cost of all exceptions identified from the analysis of TRS’s entire claims population (based on the attributes and root causes of Truven’s claims sample findings)
$5,055,126
Additional discount shortfall using TRS’s contracted rates for mail and retail and specialty drugs (TRS previously received $7.1M based on Caremark’s reconciliation.)
$53,829
©Truven Health Analytics Inc. Proprietary and Confidential Page 5 of 41
The financial impact of all claim exceptions identified through this audit are net overpayments of $5,055,126 representing 1.52% of TRS’s total prescription drug plan spend. This includes approximately $5,430,000 in overpayments identified for early refills, which represents a future cost savings opportunity. This overpayment amount was primarily offset by underpayments found in the copayment category. Based on the results of the audit, we have several recommendations that we believe, if implemented, would improve the overall claims processing accuracy rate and could result in savings to TRS.
1.4 Summ ary of Key Find ings and Observ ation s & Recommendati ons
The following summarizes our key findings and observations and recommendations based on the results of the audit
1.4.1 Key Findings and Observations Discount Analysis: Based on our discount analysis, we determined that Caremark did not meet
the guarantee on all specialty claims. We have determined that claims were processed at a lower discount rate than indicated in TRS’s contract resulting in a shortfall of $53,829.
Copayment application: Claims were processed at copays other than outlined in the contract. Claims processed at Veteran Affair’s pharmacies and Retail 90 claims caused the majority of the copayment exceptions. According to Caremark, they are reviewing claims that adjudicated with the incorrect copayment during the impact period and will reimburse TRS at the conclusion of the audit.
Early Refill: Claims were filled outside of early refill parameters set in the contract. The majority of the findings were for retail claims that were filled prior to the plan design utilization of 75%.
Gender Conflicts: Although the results were minimal, we found instances where prescriptions were filled that conflicted with the member’s gender. A gender-specific edit is not in place in the plan design.
1.4.2 Recommendations TRS previously accepted Caremark's payment of $7,112,399 for not meeting contractual
obligations for discounts for mail and retail claims. Truven recommends TRS continue to work with Caremark to reconcile the specialty discount shortfall identified during this audit.
We recommend that TRS work with Caremark to resolve the copayment issues identified in the audit. Furthermore, we recommend TRS work with Caremark to determine if the Dispense as Written (DAW) penalty program is in line with client intentions.
A discussion of early refill parameters should be undertaken between Caremark and TRS. Specific parameters should be outlined in detail and agreed upon to ensure early refills occur for valid reasons such as vacation overrides, dosage changes or lost medication.
We recommend a gender-specific edit be considered as a future cost savings opportunity to ensure proper Drug Utilization Review (DUR), plan deductibles, maximum out of pockets, and that potential fraud is addressed.
©Truven Health Analytics Inc. Proprietary and Confidential Page 6 of 41
A discussion of plan excluded products should be undertaken between Caremark and TRS to ensure they are in line with client intentions. Specific parameters should be outlined in detail.
=
Teacher Retirement System of Texas Review of Drug Benefit Administration By Express Scripts Inc.
For September 1, 2013 to August 31, 2015
Plan: TRS-Care Prepared for: Teacher Retirement System of Texas Submitted: November 18, 2016 Submitted by: Truven Health Analytics
1 EXECUTIVE SUMMARY
1.1 Engagement Overview The Teacher Retirement System of Texas (TRS) engaged the services of Truven Health Analytics (Truven) to conduct a pharmacy claims review to assess Express Scripts, Inc.'s (ESI’s) administration of TRS’s self-funded prescription drug plans and determine if ESI complies with the terms of the administrative agreement. This engagement encompassed an audit of ESI to assess the accuracy and appropriateness of its fiduciary responsibility as the plan’s administrative agent including the prescription adjudication process, compliance with pricing agreements, contract terms, and review of quality control procedures. Truven performed an electronic audit of all claims adjudicated by ESI from September 1, 2013 through August 31, 2015.
The prescription drug plans included in this review consist of the following:
TRS-Care 2 Fiscal Years 2014 and 2015 TRS-Care 3 Fiscal Years 2014 and 2015 TRS-Care 1 Fiscal Years 2014 and 2015
1.2 Claims Review Scope Truven analyzed 100% of TRS’s claims incurred by TRS’s plan participants during the audit period and selected a sample of 38 claims for the fiscal plan year 2014 for testing and review and a sample of 21 claims for testing and review for fiscal plan year 2015. The sample was selected based on various exception areas identified in the population of claims processed during the audit period. These exception areas were based on standard administrative rules such as quantity limits, ample day supply, co-payments, and eligibility specific to the plan benefits described in the contract and other benefit documents.
1.3 Audit Conclusions The sample claims were reviewed based on ESI’s responses. We evaluated all 2,929,964 claims during the audit period FY2014 based on ESI’s responses and identified $2,838,401 in potential overpayments. We evaluated all 3,061,015 claims during the audit period FY2015 based on ESI’s responses and identified $2,172,991 in potential overpayments.
The following charts compare the total cost of all exceptions identified by this review against the total cost of the TRS’s entire claims population.
Fiscal Plan Year 2014 Overall Audit Results Paid
Total cost of all employee prescription drug claims for FY2014 $294,423,834
Total cost of claims sampled $44,653
Total exceptions identified in claims sample (detail Claims Sample Results) $2,375
Total cost of potential claims exceptions identified from the 100% analysis of the entire claims population for FY2014 (based on the attributes and root causes of Truven’s sample findings)
$2,838,401
The financial impact of all claims exceptions identified through this review for FY2014 is potential overpayments of $2,838,401 representing 0.96% of TRS’s total prescription drug plan spend. The financial impact of all exceptions is below our industry standard threshold of < 2%. Based on the results of our review, we have several recommendations that we believe, if implemented, would improve the overall claims processing accuracy rate and could result in savings to TRS.
Fiscal Plan Year 2015 Overall Audit Results Paid
Total cost of all employee prescription drug claims for FY2015 $332,738,866
Total cost of claims sampled $6,030
Total exceptions identified in claims sample (detail Claims Sample Results) $837
Total cost of potential claims exceptions identified from the 100% analysis of the entire claims population for FY2015 (based on the attributes and root causes of Truven’s claims sample findings)
$2,172,991
The financial impact of all claims exceptions identified through this review for FY2015 is potential overpayments of $2,172,991 representing 0.65% of TRS’s total prescription drug plan spend. The financial impact of all exceptions is below our industry standard threshold of < 2%. Based on the results of our review, we have several recommendations that we believe, if implemented, would improve the overall claims processing accuracy rate and could result in savings to TRS.
1.4 Summary of Key Findings and Observations & Recommendations
The following summarizes our key findings and observations and recommendations based on findings identified in the entire TRS claims population.
1.4.1 Key Findings and Observations Benefit Plan Administration:
o Duplicate Claims and Early Refill: Duplicate claims were filled for the same drug on the same day. Also, claims were filled prior to the refill utilization parameters set in the contract.
o Quantity Limitations: Claims were filled prior to quantity limit parameters set in the contract. ESI noted the “first fill at mail” logic as the reason for the claims being filled outside of plan parameters. Truven disagrees with this logic. Quantity limitations are set up based on the recommended daily dose from the Food and Drug Administration (FDA) for certain drugs. These parameters are designed to be a cost savings opportunity for TRS.
1.4.2 Recommendations Benefit Plan Administration:
o Duplicate Claims and Early Refills: We recommend TRS work with ESI to reconcile claims
processed outside of plan utilization parameters. In addition, a discussion of early refill and duplicate drug parameters should be undertaken between ESI and TRS. Specific parameters should be outlined in detail and agreed to. This should be discussed as a future cost savings opportunity.
o Quantity Limitations: We recommend TRS work with ESI to reconcile claims processed outside of plan parameters. In addition, a discussion of quantity limitations should be undertaken between ESI and TRS. Specific parameters should be outlined and agreed to. This should be discussed as a future cost savings opportunity.
Teacher Retirement System of Texas Review of EGWP Drug Benefit Administration by Express Scripts, Inc.
for September 1, 2013 to December 31, 2013 and January 1, 2014 to December 31, 2014 Plan: TRS-Care Prepared for: Teacher Retirement System of Texas Submitted: November 18, 2016 Submitted by: Truven Health Analytics
©Truven Health Analytics Inc. Proprietary and Confidential Page 4 of 37
1 EXECUTIVE SUMMARY
1.1 Engag ement Overview The Teacher Retirement System of Texas (TRS) engaged the services of Truven Health Analytics (Truven) to conduct a pharmacy claims review to assess Express Scripts, Inc.'s (ESI’s) administration of TRS’s self-funded prescription drug Employer Group Waiver Plan (EGWP) and determine if ESI complies with the terms of the administrative agreement. This engagement encompassed an audit of ESI to assess the accuracy and appropriateness of its fiduciary responsibility as the plan’s administrative agent including the prescription adjudication process, compliance with pricing agreements, contract terms, and review of quality control procedures. Truven performed an electronic audit of all claims adjudicated by ESI from September 1, 2013 through December 31, 2014.
The prescription drug plans included in this review consist of the following:
TRS-Care 2 Calendar Years 2013 (September – December) and 2014 TRS-Care 3 Calendar Years 2013 (September – December) and 2014
1.2 Claims Review Scope Truven analyzed 100% of TRS’s claims incurred by TRS’s plan participants during the audit period and selected a sample of 45 claims for the short plan year 2013 (September 1, 2013 through December 31, 2013) for testing and review and a sample of 41 claims for testing and review for calendar year 2014. The sample was selected based on various exception areas identified in the population of claims processed during the audit period. These exception areas were based on standard administrative rules such as quantity limits, ample day supply, co-payments, and eligibility specific to the plan benefits described in the contract and other benefit documents.
1.3 Audit Conclusi ons The sample claims were reviewed based on ESI’s responses, and various exceptions were identified. We evaluated all 1,475,803 claims during the audit period for the short plan year 2013 and all 4,689,071 claims for calendar year 2014. Based on ESI’s responses, we identified $272,965 as potential overpayments for the short plan year 2013 and $1,289,904 was identified as potential overpayments for calendar year 2014. The following charts compares the total cost of all exceptions identified by this audit against the total cost of TRS’s entire claims population.
1.4 Short Pla n Year 2013 Overall Audit Results Paid
Total cost of all employee prescription drug claims for SPY2013 $121,667,137
Total cost of claims sampled $21,125
Total dollar errors/exceptions identified in claims sample $941
Total cost of potential claim exceptions identified from the 100% analysis of the entire claims population for SPY2013 (based on the attributes and root causes of Truven’s sample findings)
$272,965
©Truven Health Analytics Inc. Proprietary and Confidential Page 5 of 37
The financial impact of all potential exceptions identified is overpayments of $272,965, representing 0.22% of TRS’s total prescription drug spend for EGWP for the short plan year 2013. The financial impact of all exceptions is below our industry standard threshold of < 2%. Based on the results of our review, we have several recommendations that we believe, if implemented, would improve the overall claims processing accuracy rate and could result in savings to TRS.
1.5 Calendar Year 2014 Overall Audit Results Paid
Total cost of all employee prescription drug claims CY 2014 $426,790,064
Total cost of claims sampled $38,572
Total dollar errors/exceptions identified in claims sample $878
Total cost of potential claims exceptions identified from the 100% analysis for the entire claims population for CY 2014 (based on the attributes and root causes of Truven’s sample findings)
$1,289,904
The financial impact of all potential exceptions identified through this review is overpayments of $1,289,904 representing 0.30% of TRS’s total prescription drug spend for EGWP for calendar year 2014. The financial impact of all exceptions is below our industry standard threshold of < 2%. Based on the results of our review, we have several recommendations that we believe, if implemented, would improve the overall claims processing accuracy rate and could result in savings to TRS.
1.6 Summ ary of Key Findin gs and Obser vations & Recommendations
The following summarizes our key findings and observations and recommendations based on the findings identified in the entire TRS claims population.
1.6.1 Key Findings and Observations Benefit Plan Administration:
Quantity Limitations: Claims exceeded quantity limitation parameters set in the contract. Quantity limitations are designed to be a cost savings opportunity for TRS. After further review of all information provided by ESI, we do not agree that ESI has provided sufficient documentation to support the claims being refilled early and exceeding the plan limitations in the contract.
Duplicate Claims and Early Refills: Claims were processed prior to the plan’s utilization contractual parameters. ESI stated that TRS has contractual language that allows members prescriptions to be refilled if member has less than 21 days supply on hand at mail. Truven disagrees with this rule being applied to claims in which member obtain 30 days supply of medication at mail. This rule would allow claims filled at mail for a 30-day supply to be refilled at 30% utilization. Truven has spoken with TRS and obtained confirmation that the rule stating members can obtain refill when member has less than 21-day supply on hand was intended for claims filled for a 90-day supply of medication.
©Truven Health Analytics Inc. Proprietary and Confidential Page 6 of 37
Recommendations Benefit Plan Administration:
Quantity Limitations: We recommend TRS work with ESI to reconcile claims processed outside of plan parameters. In addition, a discussion of quantity limitations should be undertaken between ESI and TRS. Specific parameters should be outlined and agreed to. This should be discussed as a future cost savings opportunity.
Duplicate Claims and Early Refill: We recommend TRS work with ESI to reconcile claims processed outside of plan utilization parameters. In addition, a discussion of early refill and duplicate drug parameters should be undertaken between ESI and TRS. Specific parameters should be outlined in detail and agreed to. This should be discussed as a future cost savings opportunity.
QUARTERLY INVESTMENT COMPLIANCE TESTING INVESTMENT POLICY STATEMENT (IPS), SECURITIES LENDING POLICY (SLP), PERFORMANCE INCENTIVE PAY (PIP) PLAN, WIRE
TRANSFER PROCEDURES, AND ETHICS POLICIES CALENDAR QUARTER ENDED SEPTEMBER 30, 2016, EXCEPT AS NOTED
Legend: Red - Significant to TRS Orange - Significant to Business Objectives Yellow - Other Reportable Exception Green - Positive Test Result/ No Exception
November 15, 2016 Project #17-302
1. Board Reports All required information is reported to the TRS Board of Trustees
2. Investment Selection and Approval Investments made are within delegated limits and established selection criteria
3. Other (IPS, SLP, PIP, wire transfers, other reporting) Risk limits are followed for other investment programs and activities
4. Ethics Policies Ethics filing and reporting requirements are met
Management Responses
Management Assertions
Test Results
Compare Board reports to IPS requirements
Trace sample information included in Board reports to supporting documentation
Obtain evidence of monitoring of the securities lending agent and the program performance
Verify wire transfers are authorized and supported
Test accuracy of Internal Public Markets PIP calculations for the quarter ended 6/30/2016.
Obtain senior management disclosure about known compliance violations
Obtain evidence that financial disclosures were made to the Texas Ethics Commission
Obtain evidence that financial service providers filed annual disclosure statements on conflicts of interest
Trace investments approved by the Internal Investment Committee (IIC) to supporting documentation
Compare approval limits of new investments with IPS
Obtain evidence that Placement Agent Questionnaires (PAQs) were received prior to investing
N/A
Business Objectives
Business Risks
Agreed-Upon Procedures
Board is not informed of key investment decisions or critical information
Risks exceed Board-established tolerances or management policies and procedures
All required information is reported to the Board
Programs are within risk limits and activities follow established policies and procedures
N/A
Ethics policy requirements are not completed or filed
Ethics policies and requirements are being followed
Approvals and fundings exceed delegated limits
Approvals and fundings are within delegated limits and made for qualified managers
All requirements of the IPS, SLP, PIP, and wire transfer procedures were met
N/A N/A
All ethics filing and reporting requirements tested were met
All reporting requirements were met
Documentation provided support for the reports tested
All investments tested were in compliance with approval limits
PAQs were obtained for all investments tested
TRS Internal Audit November 15, 2016 Quarterly Investment Compliance Testing Page 1
November 15, 2016 Carolina de Onis, TRS General Counsel Subject: Report on Independent Testing of Compliance We have completed the Quarterly Investment Compliance Testing for the quarter ended September 30, 2016, as included in the Fiscal Year 2017 Audit Plan. The scope of this engagement included the requirements of the Investment Policy Statement (IPS), Securities Lending Policy (SLP), Employee Ethics Policy, Board of Trustees Ethics Policy, Code of Ethics for Contractors, Wire Transfer Procedures, and Performance Incentive Pay (PIP) Plan. We performed the procedures that were agreed to by the TRS Legal Services division. These procedures include tests that supplement the current compliance monitoring procedures performed by State Street and the Chief Compliance Officer. This agreed-upon procedures engagement was performed in accordance with generally accepted government auditing standards contained in the Government Auditing Standards issued by the Comptroller General of the United States. The sufficiency of the agreed-upon procedures performed is solely the responsibility of the specified users of the report. Consequently, we make no representations regarding the sufficiency of the procedures described in Appendix A either for the purpose for which this report has been requested or for any other purpose. Our testing procedures and results are included in Appendix A. Internal Control Structure We were not engaged to and did not perform an examination of the internal controls nor the operating effectiveness pertaining to the subject areas tested. Accordingly, we do not express an opinion on the suitability of the design of internal controls nor the operating effectiveness of the subject areas tested. Had we performed additional procedures, or had we made an examination of the system of internal control, other matters might have come to our attention that would have been reported to you. This report relates only to the procedures specified below and does not extend to the internal control structure. This report is intended solely for information and use by TRS management, the Board of Trustees, and oversight agencies, and is not intended to be and should not be used by anyone other than those specified parties. However, this report is a matter of public record and its distribution is not limited.
TRS Internal Audit November 15, 2016 Quarterly Investment Compliance Testing Page 2
* * * * * We express our appreciation to management and key personnel of the Investment Management Division, Investment Accounting, and Legal Services for their cooperation and professionalism shown to us during this quarterly testing. _____________________________ _______________________________ Amy Barrett, CIA, CPA, CISA Hugh Ohn, CFA, CPA, CIA, FRM Chief Audit Executive Director of Investment Audit Services _____________________________ Rodrigo Dominguez Internal Auditor
TRS Internal Audit November 15, 2016 Quarterly Investment Compliance Testing Page 3
APPENDIX A
AGREED-UPON PROCEDURES AND RESULTS
STEP #
OBJ. # TEST PURPOSE TEST DESCRIPTION TEST RESULT MANAGEMENT RESPONSE
1 1 IPS Article 1.7a - 1.7o – Obtain evidence that all requirements were reported to Board of Trustees. Quarterly reporting requirements include investment performance, asset class exposures, and external investments under consideration. Semi-annual reports include outstanding derivatives, leverage, and liquidity positions, and risk limits
Obtain all information required to be reported to Board of Trustees and compare to reporting requirements per Investment Policy Statement (IPS)test
Information required to be reported to Board of Trustees complied with IPS requirements.
No response required
2 2 IPS Article 2.6 – Verify that Investment Management Division (IMD) evaluated hedge fund classification
Select sample of approved investments in hedge funds and external managers
Obtain analysis indicating whether each investment is hedge fund or not. If analysis is unavailable, inconclusive, or erroneous, report that result
For any analysis requiring Board approval of classification, obtain Board minutes to test whether approval was obtained
Each of approved investments in hedge funds and external managers tested had analysis indicating whether investment was a hedge fund or not. No Board approval was required.
No response required
3 2 IPS Article 2.7a – Verify that the Internal Investment Committee (IIC) approved all private and relevant public markets fund investments
For the private and public markets funds approved during the quarter, obtain existence of IIC approval
Inquire with Director of External Public Markets whether portfolios were adjusted for the purposes of rebalancing or adjusting risks
If funds added, test if such additional investments or allocations did not exceed 2% of Hedge Fund
IIC approval existed for all funds approved during the quarter. Funds added to previously approved investments or purposes of rebalancing or adjusting risk did not exceed 2% of associated portfolios.
No response required
TRS Internal Audit November 15, 2016 Quarterly Investment Compliance Testing Page 4
STEP #
OBJ. # TEST PURPOSE TEST DESCRIPTION TEST RESULT MANAGEMENT RESPONSE
IPS Article 2.7g – Verify funds added to previously approved investments for purposes of rebalancing or adjusting risk did not exceed 2% of associated portfolios
Portfolio, External Manager Portfolio, or Other Absolute Return Portfolio (as appropriate) per investment on a monthly basis
Obtain documentation from IMD staff supporting rebalancing analytics.
4 2 IPS Article 7 – Obtain evidence that new investments in emerging managers meet requirements
Test sample of approved investments to verify: Each is independent private investment
management firm with less than $2 billion Each has a performance track record as a firm of
less than 5 years, or both TRS commitment did not exceed 40% of fund
size
There were no emerging manager investments during the testing period.
No response required
5 2 IPS Article 12 - Obtain evidence of existence of placement agent questionnaire (PAQ) for each new investment selected for testing and test for inclusion in summary report to the Board
For each investment selected for testing, verify that IMD obtained responses to the questionnaire
Obtain evidence that IMD compiled responses to the questionnaires and reported all results to the Board at least semi-annually
Each investment tested had a completed questionnaire and was included in the summary report to the Board.
No response required
6 2 IPS Appendix B – Obtain evidence that investments approved are within policy limits
Select sample of approved investments and obtain tearsheet for each, observe the approved amounts are within authorized limits a) Initial allocation – .50% b) Additional or follow-on – 1% c) Total Manager Limits – 3% d) Total limit each manager organization – 6%
Obtain documentation from IMD staff that supports the calculations of the authorized limits
Inquire if any “Special Investment Opportunities” were made for the quarter
For the sample investments tested, no manager or partner organization exceeded the authorized limits and documentation existed for IMD staff calculations of authorized limits. There were no Special Investment Opportunities.
No response required
7 3 Quarterly Compliance Certification – Obtain evidence that all known
Confirm with the Chief Compliance Officer that she has received compliance certification from IMD profit center managers, Legal Investment
Obtained confirmation from the Chief Compliance Officer. No compliance
No response required
TRS Internal Audit November 15, 2016 Quarterly Investment Compliance Testing Page 5
STEP #
OBJ. # TEST PURPOSE TEST DESCRIPTION TEST RESULT MANAGEMENT RESPONSE
compliance violations have been reported by IMD managers and Investment Legal staff
staff, and CIO regarding any known compliance violations occurred during the testing period
exceptions were identified as a result of the quarterly compliance certification.
8 3 Wire Transfers – Verify wire transfers are authorized and properly supported
Obtain wire transfer reports for testing period, select sample of wire transfers, and test that supporting documentation, including manager authorizations, exists for each
All wire transfers tested were properly authorized and correct amounts were wired.
No response required
9 3 Securities Lending Policy – Obtain evidence that IMD staff monitored the progress of the securities lending program and performance of lender
Obtain evidence for the following securities lending policy requirements: Sec. 3.1. Securities eligible for lending Sec. 3.3 Collateral received
TRS loaned only eligible securities. All collateral received was cash or government securities.
No response required
10 3 Performance Incentive Pay Plan (PIP) – Verify that investment performance results used in quarterly Internal Public Markets (IPM) portfolio matches data from TRS financial applications and custodian bank and that the excess return calculations for individual portfolio managers and sector managers are correct
Trace quarterly IPM individual component calculation spreadsheet to TRS financial performance application data and TRS custodian bank data.
Test whether employee assignments were approved by Senior Director in TRS IPM prior to quarter start by obtaining approval email from Senior Director in TRS IPM to Investment Operations Performance Analyst. If any assignment changes are included in the approval, compare the approved changes to the assignments in the quarterly IPM individual component calculation spreadsheet.
Test whether formulas in the quarterly IPM individual component calculation spreadsheet are correct by recalculating investment return totals by portfolio manager and sector manager, and comparing total investment returns to returns provided by the TRS Custodian Bank.
There were no data, employee assignment, or formula errors included in the quarterly IPM individual component calculation spreadsheet. Thus, excess return calculations for individual portfolio managers and sector managers for the IPM portfolio were correct for the quarter ended June 30, 2016.
No response required
11 4 Employee Ethics Policy – Obtain evidence that the
Obtain evidence that the TRS Executive Director filed a personal financial statement with the
The Executive Director’s 2015 personal financial statement was filed with the
No response required
TRS Internal Audit November 15, 2016 Quarterly Investment Compliance Testing Page 6
STEP #
OBJ. # TEST PURPOSE TEST DESCRIPTION TEST RESULT MANAGEMENT RESPONSE
Executive Director filed a personal financial statement with the Texas Ethics Commission
Texas Ethics Commission for the year ended December, 31, 2015. Ensure that that the filing was made prior to the April 30th deadline.
Texas Ethics Commission. The document was dated prior to the April 30th deadline.
12 4 Code of Ethics for Contractors – Obtain evidence that all TRS brokers, financial advisors, and financial service providers filed annual disclosure statements with TRS General Counsel.
Sec. III.B. Obtain evidence that all TRS brokers, financial advisors, and financial service providers complied with the Code of Ethics for Contractors by filing annual disclosure statements with the TRS General Counsel. Annual filing deadline is April 30th.
All TRS brokers, financial advisors, and financial service providers filed required annual disclosure statements by the due date.
No response required
Note: Testing procedures for the Investment Policy Statement (IPS), Securities Lending Policy (SLP), Employee Ethics Policy, Code of Ethics for Contractors, and Wire Transfer Procedures are for the activities for the quarter ended September 30, 2016. Testing procedures for the Performance Incentive Pay Plan are for the quarter ended June 30, 2016.
AUDIT OF TRS ADMINISTRATION OF 403(b) PROGRAM November 18, 2016
TRS Internal Audit Department
Project #: 17-601
Companies not meeting certification criteria included in TRS company list
Products not meeting qualification criteria included in TRS product list
Uncertified companies selling products to participants
No or delayed referral on complaints received
No investigation of complaints by regulatory agencies
TRS not informed of complaint resolution
TRS not taking proper action based on resolution
Fee caps not established Fee caps established not
competitive Product fees charged
exceeding the fee caps 403(b) fees collected by
TRS are credited to other funds
Fees collected are used for non-403(b) expenses
Board adoption of fee caps Use of consultant for market
studies on investment product fees
Administration cost analysis 403(b) program budget Financial report on 403(b)
program 403(b) expense monitoring
Financial strength checks completed by Texas Department of Insurance
TRS staff’s company checks on State Securities Board website
Certification and qualification forms required
Publication of certified companies and qualified products on TRS website
Board adoption of fee caps Administration cost analysis 403(b) program budget Financial report on 403(b)
program
Financial strength checks TRS staff’s company
checks Certification and
qualification forms required annual demonstration by
providers
Management controls are operating effectively. However, controls related to determining administration cost for fee-setting purposes could be improved.
Management controls are operating effectively. However, controls related to annual demonstration of provider’s qualifications could be improved.
Require records of provider’s verification of license and qualification as part of annual demonstration
Start tracking the cost of program administration for fee-setting purpose
Will consider this recommendation as part of administrative rule review
TRS rules and polices on complaint reporting
Records of complaints received and referred maintained
Quarterly reporting requirement from Texas Department of Insurance
Records of complaints received and referred maintained
Quarterly reporting requirement from Texas Department of Insurance
Management controls are operating effectively to achieve business objective.
None
NA
Legend of Results: Red - Significant to TRS Orange - Significant to Business Objectives Yellow - Other Reportable Issue Green - Positive Finding or No Issue
Business Objectives
Business Risks
Management Controls
Results
Recommended Actions
Management Responses
Ensure that fee caps of investment products are competitive to the market and that TRS fees to investment companies reflect administration costs
Controls Tested
Maintain lists of certified 403(b) companies and products that meet the requirements of governing laws and rules
Refer complaints received to appropriate regulatory agencies and ensure that they are properly addressed
Agrees – Has already begun tracking staff time to capture the cost of administration
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 1
November 18, 2016 Audit Committee, Board of Trustees Brian Guthrie, Executive Director
EXECUTIVE SUMMARY We have completed the audit of the 403(b) Program, as included in the Fiscal Year 2017 Audit Plan. Primary business objectives related to TRS’ administration of the 403(b) Program are as follows:
To maintain lists of qualified 403(b) companies and products that meet the requirements of governing laws and TRS rules
To refer complaints received to appropriate regulatory agencies and ensure that they are properly addressed
To ensure that fee caps of investment products are competitive as compared to the market and that TRS fees to investment companies reflect administrative costs
Based on our audit results, we determined that management controls are operating effectively to achieve business objectives. We did not identify any significant issues. However, we identified an opportunity to improve controls related to: (a) annual demonstration of provider’s qualifications; and (b) determination of administration cost for fee-setting purposes. As part of this audit, we did not test the business objective related to ensuring that the fee caps of investment products are competitive as compared to the current market rates since management is currently working with an outside firm to assess the current fee caps adopted by the TRS Board of Trustees in May 2002. Results of our procedures are presented in more detail in the Results and Recommendations section. The audit objective, scope, methodology and conclusion are described in Appendix A.
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 2
BACKGROUND 403(b) Plan Overview
A 403(b) plan, authorized under Section 403(b) of Internal Revenue Code, is a tax-deferred retirement savings plan offered for employees of public schools, employees of certain tax-exempt organizations, and certain ministers. Individual 403(b) accounts are established and maintained by eligible employees. Accounts under a 403(b) plan can be one of the following three types:
An annuity contract provided through an insurance company; these 403(b) annuity plans are also known as tax-sheltered annuities (TSAs) and tax-deferred annuities (TDAs).
A custodial account provided through a retirement account custodian; investments are limited to regulated investment companies, such as mutual funds.
A retirement income account, for which investments options are either annuities or mutual funds.
The employer, like school district, may determine the financial institution(s) at which individual employees may maintain their 403(b) accounts, which in turn determines the type of 403(b) accounts that the employees may establish and fund. Generally, these annuities are funded by elective deferrals made under salary reduction agreements and non-elective employer contributions. 403(b) plans are very similar to 401(k) plans offered by for-profit businesses. Just like with a 401(k) plan, a 403(b) TSA plan lets employees defer some of their salary. In this case, their deferred money goes to a 403(b) plan sponsored by the employer. Generally, these deferred funds are not taxed until distributed. 403(b) plans offer the following benefits for participants:
Contributions to a 403(b) plan reduce taxable income since they are made on a before-tax basis,
Earnings on the retirement money are tax deferred, The annuity transfers with the participant when he/she changes employers or retires, Paying less tax on assets is likely as distributions usually occur during retirement, when a
participant may be in a lower tax bracket, and The 403(b) plans allow participants to take out loans from their accounts.
403(b) Plans for Texas School District Employees
In Texas, the Legislature has set requirements for companies and products that are eligible to receive 403(b) contributions from school employees. Beginning June 2002, Texas school districts and open enrollment charter schools can enter into a 403(b) salary reduction agreement with a company only if the company has certified to the TRS Board of Trustees. In addition, beginning January 2008, products offered for 403(b) salary reduction agreements in Texas must generally be registered with TRS. The school districts direct the participants’ contributions to specific 403(b) investment products selected by each participant from among the options available in their district or charter school. In
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 3
Texas, public school employees may only invest in 403(b) products that are: (a) offered by a TRS-certified company; and (b) registered with TRS. TRS maintains a list of certified 403(b) companies and a list of registered 403(b) investment products on its website as required by State law. Currently, 74 companies are certified by TRS to offer 403(b) investment products in Texas. The TRS List of 403(b) Certified Companies classifies these companies into three categories: annuity, non-annuity and/or platform. These classifications indicate what type of investments the company offers.
Annuity companies offer proprietary annuities Non-annuity companies offer proprietary mutual funds Platform companies offer non-proprietary mutual funds from various other certified
companies Several of the companies on the TRS certified list offer investments in more than one category. The products registered with TRS, including information on all fees charged, can be accessed from the TRS website. Responsibilities under Governing Statute
The 403(b) program administered by TRS is governed by Tex. Rev. Civ. Stat. Art. 6228a-5 (Annuities or Investments for Certain Public Employees; Salary Reductions) and Chapter 53 of the Texas Administrative Code (Certification by Companies Offering Qualified Investment Products). These governing laws and rules require several parties involved to perform different duties with regard to the 403(b) program. Primary parties involved in the administration of the 403(b) program in Texas include TRS, Texas Department of Insurance (TDI), State Securities Board (SSB), Texas Department of Banking (TDB), providers/companies of 403(b) products, and Educational Institutions (including school districts) as plan sponsors. Each party’s responsibilities include the following:
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 4
TRS TDI/SSB/TDB Provider/Company Educational Institution
Establish and maintain a list of companies that have been certified
Establish and maintain a list of qualified investment products
Adopt the form and content of the registration process
Make the lists of certified companies and qualified investment products available on TRS’ website
Establish the maximum amount of fees, costs, or penalties on investment products offered by companies
Refer all complaints to other regulatory state agencies
Collect a fee from a company not to exceed the administrative cost of TRS
Cooperate with TRS in the administration of the 403(b) program
Investigate a complaint received from TRS
If determined that a violation may have occurred, forward the results of the investigation to state or federal regulatory agency
Submit a quarterly report to TRS that provides the status of any enforcement action taken or investigation on referral made by TRS regarding a product or a company
Promptly notify TRS of any final enforcement order issued regarding the product or company.
Certify to TRS to offer qualified annuity contract if it is authorized to issue annuity contracts in Texas, does not assess fees, cost, or penalties that exceed TRS rules, and comply with the relevant standards
Meet the eligibility criteria to be included in TRS Certified Company List
Submit an application to TRS (to register a product) and pay the registration fee.
Notify TRS if, at any time, the product is not an eligible qualified investment
Provide toll-free telephone transferring privileges each business day
Hold a license issued by TDI, is registered as a securities dealer or agent or investment advisor with SSB, or is a financial institution
Demonstrate annually to TRS that each of its representatives are properly licensed and qualified, by training and continuing education, to sell and service the company’s eligible qualified investments
Enter into a salary reduction agreement with an employee if the offered investment product is an eligible qualified investment and is registered with TRS
Not require or coerce an employee’s attendance at any meeting at which qualified investment products are marketed
Not limit the ability of an employee to initiate, change, or terminate a qualified investment product at any time the employee chooses
No grant exclusive access to an employee by discriminating against or imposing barriers to any agent, broker, or company
Not accept any benefit from a company or from an agent or an affiliate of a company
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 5
BUSINESS OBJECTIVES, RISKS, AND CONTROLS For the audit of the 403(b) program, we obtained information about the following three business objectives, as well as the related risks and the controls management established to mitigate these risks (including information on the controls we tested):
Business Objective
Inherent Risks (without considering
controls)
Management Controls (Existing and Potential)
Controls Tested
1. To maintain lists of qualified companies and products which meet requirements of laws and TRS rules
(1) Uncertified companies selling products to participants or unregistered products sold to participants
A) Availability of a list of certified companies in TRS website
B) Availability of list of registered investment products in TRS website
C) Communication of TRS company and product lists to school districts (e.g., TRS Update newsletter)
D) Recertification required (every five years)
List of certified companies in TRS website
List of registered investment products in TRS website
Recertification required
(2) Companies included in the TRS lists not meeting certification criteria (e.g., financial strength)
A) Checks completed by TDI at time of application
B) Notification from TDI or SSB throughout the year (not required under the current statute)
C) TRS staff’s checks on SSB website D) TRS Form 615 (Certification
Application) E) Ability to revoke certification
Checks completed by TDI
TRS staff’s checks on SSB website
TRS Form 615
(3) Outdated or inaccurate lists of certified companies or qualified products
A) TRS staff’s review of information submitted by companies
B) TRS Form 615 (Certification Application) required
C) Checks completed by TDI D) TRS staff’s checks on SSB website E) Recertification required F) Limited access to company and
product files (e.g., IT controls) G) Notification requirement about
changes from providers
TRS Form 615
Checks completed by TDI
TRS staff’s checks on SSB website
Recertification required
Limited access to company and product files
Notification requirement about changes from providers
(4) Certified companies or registered products not available or accessible in TRS
A) IT department’s monitoring of TRS website’s unavailability
B) Availability of TRS staff’s assistance to school districts
C) School districts’ and providers’ access to TRS website
No controls selected for testing
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 6
Business Objective
Inherent Risks (without considering
controls)
Management Controls (Existing and Potential)
Controls Tested
website (including IT system-down issue)
D) IT Department’s regular backup of company list and product list
(5) TRS’ failure to adopt the form and content of the registration application
A) Statutory provisions readily available
B) Dedicated TRS staff for 403(b) program
No controls selected for testing
(6) TRS’ company certification rules not consistent with statutes
A) Statutory provisions readily available
B) TRS Form 615 (Certification Application)
C) TRS Form 634 (Product Registration Application)
TRS Form 615
TRS Form 634
(7) companies whose certification was denied, suspended, or revoked remaining on the list
A) Checks completed by TDI B) TRS staff’s checks on SSB website C) TRS rules and policies
Checks completed by TDI
TRS staff’s checks on SSB website
TRS rules and policies
(8) TRS not informed of certified companies whose licenses have been revoked or denied
A) Coordination with TDI and SSB B) Information available in SSB website C) TRS staff’s checks in SSB website as
part of recertification
TRS staff’s checks in SSB website
(9) Certified companies not notifying TRS about changes or non-compliance
A) 403(b) statutes and TRS rules B) Communication thru TRS Update C) Recertification required D) Notification requirement (including
30-day deadline) and related sanctions for non-compliance
Recertification required
(10) Involved state agencies not clearly understanding statutory responsibilities or not cooperating with TRS
A) Agencies’ responsibilities specified in governing statutes
B) Interagency contact or memorandum of understanding (MOU) established between agencies
Interagency contract or MOU
(11) Noncompliance with laws, regulations, or policies
A) Dedicated TRS staff for 403(b) B) Availability of Legal Services staff C) Ability to revoke certification for
non-compliance
No controls selected for testing
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 7
Business Objective
Inherent Risks (without considering
controls)
Management Controls (Existing and Potential)
Controls Tested
(12) Certification renewal period exceeding the limit (i.e., five years)
A) Spreadsheet tracking certification expirations
Spreadsheet tracking certification expirations
(13) Registration period not offered or designated
A) TRS rules B) Announcement of open registration
periods in TRS website
No controls selected for testing
(14) School districts offer uncertified companies or unregistered products to employees
A) TRS lists available in website B) Communication in TRS Update C) Complaints filed by providers or
participants D) Centralized, single agency
administration model (which would require statutory changes)
TRS lists available in website
Complaints filed by providers or participants
(15) Not receiving information for annual demonstration (of representative’s license and training) or not taking action for no completion of annual demonstration
A) Statutory requirement for companies to demonstrate representative’s license and qualifications
B) Use of TRS Form 616 (Annual Demonstration of Licensure and Qualification)
C) TRS’ verification of provider’s evidence of meeting annual demonstration requirements
D) TRS staff’s tracking and disclosure of annual demonstration status
TRS Form 616
TRS’ verification of provider’s evidence of meeting annual demonstration requirements
TRS staff’s tracking and disclosure of annual demonstration status
(16) TRS not denying, suspending, or revoking company certification or product registration
A) Statutory provision giving authority to TRS
B) TRS rules and policies adopted, including different levels of offenses and related sanctions
TRS rules and policies adopted, including different levels of offenses and related sanctions
(17) Making changes to certified lists without supporting documentation
A) Policy requiring supporting documentation
B) Segregation of duties between 403(b) program and IT Department
Policies requiring supporting documentation
(18) Fraud risk, including false information submitted to TRS and companies making misrepresentations to school districts or participants
A) Verification with TDI and SSB B) Screening by school districts C) Complaints that can be filed by
school districts or participants
Verification with TDI and SSB as part of recertification
Complaints filed by school districts or participants
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 8
Business Objective
Inherent Risks (without considering
controls)
Management Controls (Existing and Potential)
Controls Tested
2. To refer complaints to appropriate regulatory agencies and ensure that they are properly addressed
(1) Complaints not referred to appropriate regulatory agencies
A) Statutory provisions on complaints B) TRS policy on complaint reporting C) Tracking of complaints TRS referred
to TDI or SSB
TRS policy on complaint reporting
Tracking of complaints TRS referred to TDI or SSB
(2) Complaints not investigated by regulatory agencies
A) TRS records of complaints referred to TDI or SSB
B) Involvement of multiple state agencies
C) Designation of complaint processing departments or individuals at TDI and SSB
TRS records of complaints referred to TDI or SSB
(3) TRS not informed of complaint resolution (that TRS filed)
A) TRS records of complaints filed B) Quarterly reporting requirements
from TDI C) SSB ListServ available for sign-up
TRS records of complaints filed
Quarterly reporting requirements from TDI
(4) TRS not taking proper action based on the outcome of the investigation of a complaint
A) Complaint policy B) Policy on corrective action levels
Policy on corrective action levels
(5) TRS not informed of complaints filed with regulatory agencies (by others)
A) Information available at SSB website
B) SSB ListServ available for sign-up C) Reporting required from regulatory
agencies (which would require statutory changes)
No controls selected for testing
3. To ensure that: fee caps of investment products are competitive as compared to the market rates; and
(1) TRS not established fee caps
A) Statutory authority B) TRS rules adopted C) IT system alerts (if fee caps are
exceeded)
IT system alerts
(2) Fee caps established are not competitive or in line with the market (e.g., too high or too low)
A) Outside expertise available B) Availability of market information C) Feedback from school districts or
participants
No controls selected for testing
(3)Fee information not included in TRS qualified investment product list
A) TRS Form 634 (Product Registration Application)
B) IT design to capture fee information
TRS Form 634
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 9
Business Objective
Inherent Risks (without considering
controls)
Management Controls (Existing and Potential)
Controls Tested
TRS fees to investment companies reflect administrative costs
(4) Vendor fees charged for products exceeding the cap established by TRS
A) Fee caps established by TRS B) IT system on fee alerts C) Availability of fee cap information in
TRS website D) Communication of fee cap
information in TRS Newsletter E) Fee checks by school districts
Fee caps established by TRS
IT system on fee alerts
(5) TRS charging administrative fees in excess of $5,000 limit
A) Awareness of statutory fee cap B) TRS rules and policies
No controls selected for testing
(6) TRS product registration fees not reflective of the cost of administration
A) Administrative cost analysis B) Knowledge of recertification dates
Administrative cost analysis
(7) TRS fees collected are not credited to 403(b) trust fund
A) TRS accounting policy B) 403(b) program budget C) Collection report at the time of
receipt D) Financial reports on 403(b) program
403(b) program budget
Financial report on 403(b) program
(8) TRS fees collected are used for non-403(b) related expenses
A) TRS accounting policy B) 403(b) program budget C) Expense monitoring (e.g., thru
monthly financial report)
403(b) program budget
Expense monitoring
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 10
RESULTS AND RECOMMENDATIONS OVERALL RESULTS Based on the audit test results, we determined that management controls are operating effectively to achieve the business objectives. No significant issues were identified. The positive test results as well as opportunities for management to improve annual demonstration of provider’s qualifications and fee-setting controls are described below. Additionally, a separate memo was issued to management for other less significant matters related to the business objectives that we observed during fieldwork. POSITIVE RESULTS Example of the positive results we noted from our testing included the following: A. Controls Related to Company Certification and Product Registration
Financial strength checks were completed on the annuity providers included in the TRS Certified Company List.
TRS staff checked a company’s registration status for investment products in the State Securities Board’s website.
TRS made the lists of certified companies and registered products available on the website. TRS staff tracks the expiration date of each company’s certification and as a result, no
company’s certification status passed the five-year limit. TRS forms for company certification and product registration are consistent with statutory
requirements. TRS staff tracks and discloses the status of each company’s submission of the affirmation
form for annual demonstration of licensure and qualifications. B. Controls Related to Complaints Referrals
TRS staff tracks the complaints filed and referred to the TDI or SSB. TRS staff maintains the records of complaints referred to the TDI or SSB.
C. Controls Related to Fee Caps of Investment Products and TRS Fees for Company Certification
and Product Registration
As required by the statute, fee caps have been established for each registered 403(b) product. TRS Information Technology system captures fees information and generate alerts if fee caps
of investment products are exceeded. A separate budget of the 403(b) program is established as a trust fund.
SIGNIFICANT RESULTS1 No significant issues and recommendations were identified.
1 A significant result is defined as a control weakness that is likely to create a high risk of not meeting business objectives if not corrected.
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 11
OTHER REPORTABLE RESULTS 1. Require Records of Provider’s Verification of License and Qualification As Part of Annual
Demonstration State statute requires that a certified company/provider shall demonstrate annually to TRS that each of its representatives are properly licensed and qualified, by training and continuing education, to sell and service the company’s qualified investments. However, TRS does not require companies to submit any records or evidence of these requirements. TRS only requires the companies to affirm in a box included in Form 616 (Annual Demonstration of Licensure and Qualification by 403(b) Certified Company) whether the company meets these requirements or not. Some of the responses to our survey of providers indicated that they maintain and verify records of their representatives’ license status and continuing education hours completed. Thus TRS could require the certified companies to submit the evidence of how they met this requirement, such as the names of representatives, their license status, and the number of continuing education or training hours completed each year. Recommendation We recommend that TRS require the providers to submit the records of the verification of the representatives’ license status and the number of continuing education or training hours completed as part of the provider’s annual demonstration.
Management Responses Management will consider this recommendation for potential inclusion in the administrative rules. Currently, management is conducting the statutorily required review of the 403(b) administrative rules. As part of this rule review, management will determine if there is a useful and practical level of evidence to require from providers as part of their annual demonstration. A potential concern is that TRS does not have the authority to set qualification requirements, including minimum training hours. Those requirements are set by several different state and federal regulating entities depending on the type of certified company. While, certified companies must assert to TRS annually that their agents are properly licensed and qualified, TRS is not apprised of the minimum continuing education or training requirements for the different licensing agencies. Moreover, TRS is not apprised as to which types of licensure and training requirements apply to the different agents of the various certified companies. So, if TRS were to get a list of agents and the number of training hours completed for each agent, TRS would not be able to interpret if the hours were sufficient or lacking. Management is open to exploring as part of the rule review whether these concerns can be addressed and whether this information can be required in a manner and form that is productive and useful. 2. Start Tracking the Cost of Program Administration For Fee-Setting Purpose State statute states that TRS may collect a fee not to exceed the administrative cost to the TRS from a company that certifies or recertifies or that registers a qualified investment products, without exceeding $5,000. Statute further states that the fee for registration of a qualified investment products must be set by TRS in the reasonable amount necessary to recover the cost of the administration of the 403(b) program. TRS currently charges $3,000 each for company certification
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 12
and product registration and the total amount of net asset for the 403(b) program was approximately $268,000 as of August 31, 2016. According to 403(b) program staff, this fee rate which was set many years ago was determined mainly based on the amount of fund balance available at the time without considering the cost of the program administration. In addition, when the fee amount was initially set, the program was very small with no significant direct or indirect costs. However, the program has expanded in the past with additional staff and administrative support from IT Department and Legal Services. Therefore, before resetting the fee amount for company certification and product registration, TRS should consider the cost of administering the 403(b) program by tracking staff time, allocating direct and indirect costs, and estimated costs of infrequent special projects. Recommendation We recommend that TRS start tracking the direct and indirect costs of the 403(b) program administration to set the fee amount in a manner consistent with statutory provisions. Management Responses Management agrees with the recommendation. The 403(b) program team has already begun tracking the amount of time it spends on 403(b) related work as opposed to work on pension or health care related matters. In years past, the 403(b) program did not require a large amount of resources as evidenced by the lowering of the administrative fee from $5,000 to $3,000 in 2006. Recently, however, complexities in the 403(b) market have resulted in the program requiring more resources. Management will work with General Accounting to start tracking the direct and indirect costs of administering the program for fee-setting purposes and to help ensure the proper and equitable allocation of resources. Management recognizes that these cost allocations might not be well defined because 403(b) program staff can be working on other programs outside the 403(b) program, involvement by support groups such as the IT Department and Legal Services is needed at times, and ad hoc projects requiring resources could arise. In consideration of these factors, management will develop a methodology to capture the cost of program administration in a systematic and consistent manner. The target implementation date to develop this methodology is August 31, 2017, with the effective application date of September 1, 2017. Other Observation One of the TRS Board of Trustees’ responsibilities under the 403(b) statutes is to set the maximum rates (i.e., fee caps) for the annuities and investment products that the providers should not exceed. These fee caps, first adopted in May 2002, have not been changed since. Thus they may no longer be aligned with the current industry or market rates. TRS management is currently seeking outside expertise to obtain market information to assess the current fee caps and therefore, we did not assess the competitiveness of these caps as part of our audit.
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 13
* * * * * We appreciate 403(b) Program management and staff for their cooperation, courtesy, and professionalism extended to us during this audit. We also appreciate support provided by IT and Legal Services staff. _____________________________ ___________________________________ Amy Barrett, CIA, CPA, CISA Hugh Ohn, CIA, CPA, CFA, FRM Chief Audit Executive Director of Investment Audit Services _____________________________ ___________________________________ Anandhi Mani, CIA, CPA Rodrigo Dominguez Senior Investment Auditor Internal Auditor
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 14
APPENDIX A
AUDIT OBJECTIVE, SCOPE, METHODOLOGY, AND CONCLUSION We conducted this performance audit in accordance with generally accepted government auditing standards contained in the Government Auditing Standards issued by the Comptroller General of the United States and the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors, Inc. These standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our audit findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. AUDIT OBJECTIVE The audit objective was to determine whether internal controls are in place and are working effectively to achieve the business objectives stated below and mitigate significant risks to meeting those objectives.
To maintain lists of qualified 403(b) companies and products that meet the requirements of governing laws and TRS rules
To refer complaints received to appropriate regulatory agencies and ensure that they are properly addressed
To ensure that fee caps of investment products are competitive as compared to the market and that TRS fees to investment companies reflect administrative costs.
SCOPE The scope of the audit included the TRS’ administration of the 403(b) program as specified in Vernon’s Texas Civil Statutes Relating to 403(b) Certification, §§4-13, Article 6228a-5. The focus of our audit was on the responsibilities of TRS under the governing statutes, including coordination with other entities, such as TDI, SSB, school districts, and providers/companies of investment products. Our sample testing focused more on the most recent information, covering the time period from 2015 and 2016 to-date. The audit scope did not include other parties’ responsibilities regarding the administration of 403(b) program, including school districts and providers of 403(b) products. The scope also did not include any review of competitiveness of the current fee levels as compared to the market. Furthermore, our scope did not include any comparison of 403(b) plan with other tax deferred plan offered by school districts such as 457 plan. METHODOLOGY Our methodology included obtaining information on management’s business objectives and risks, and focused on key processes and monitoring controls that management has established to address significant risks. Our methodology generally included validation of controls in place through
TRS Internal Audit November 18, 2016 Audit of TRS Administration of 403(b) Program Page 15
observations, sample testing of transactions, documentation of supporting documents, interviews with school district staff, and a survey of providers. Specifically, we performed the following procedures:
Obtained information about tax-sheltered retirement plans authorized by federal laws Reviewed reports on tax-sheltered retirement plans, including Government Accountability
Offices’ (GAO) review of retirement savings Reviewed state law governing the State of Texas 403(b) program Met with representatives of the Texas Department of Insurance (TDI) and the State Securities
Board (SSB) Interviewed the Executive Director, Deputy Director, Director of Strategic Initiatives,
Director of 403(b) Program and staff, Budget staff, and Legal Services staff Traced a sample of 403(b) certified companies to the application forms (i.e., TRS Form 615) Traced a sample of 403(b) registered products to the application forms (i.e., TRS Form 634) Surveyed TRS-certified providers of 403(b) products in Texas to find out about their
practices, including information on how to meet annual demonstration requirements Obtained information about fees charged 403(b) products, including the fee caps established
by the TRS Board of Trustees Obtained budget information and sample financial reports on TRS 403(b) program
CONCLUSION Based on the audit test results, we determined that management controls are operating effectively to achieve the business objectives. No significant issues were identified. However, we identified opportunities to improve controls related to annual demonstration of provider’s qualifications and tracking of 403(b) program administration for fee-setting purpose.
TRS Internal Audit Summary of Prior Audit Recommendations
November 16, 2016
Project 17-410
RECORDS MANAGEMENT AUDIT
Issue Type Recommendation Status Reported by Management
Reported Implementation
Date
Management Response Addressed
Recommendation?
Management Response
Fully Implemented?
Implementation Current?
Significant
Records Management staff should perform routine enterprise-wide records retention schedule assessments to identify problems such as non-compliance or areas where focused training or consultation is needed.
Implemented 9/25/2015 Partially Yes Yes
Significant
Records Management staff should ensure that management and staff receive adequate records management training that includes well-defined guidelines for users of electronic record systems, including electronic mail and calendar systems. Records Management staff’s increased records management awareness efforts should be visible throughout TRS.
Implemented 9/25/2015 Yes Yes Yes
Significant
TRS should require terminating employees and contract workers to formally certify that they do not have any TRS records.
Implemented 3/2/2016 Partially Yes Yes
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 1
November 16, 2016 Audit Committee, Board of Trustees Mr. Brian Guthrie, Executive Director
EXECUTIVE SUMMARY We have completed the Records Management Follow-Up Audit, which is one of the areas identified in Internal Audit’s Fiscal Year 2017 Audit Plan. The audit objective was to verify management’s implementation actions taken to address the significant finding and audit recommendations made during the Records Management Audit conducted in Fiscal Year 2015, and to answer the following questions:
1. Did management responses fully address the original audit recommendations? 2. Were management responses implemented? 3. Is the implementation current?
The significant finding reported by Internal Audit was related to instances of non-compliance with established record retention periods which identified a need for more training, well-defined guidance, and routine monitoring to address TRS’ records management needs now and in the future. As a result of our follow-up audit work, we concluded:
1. One of the management responses fully addressed the audit recommendation, while two partially addressed audit recommendations.
2. All three management responses were fully implemented. 3. Implementation of management’s stated action plans is current.
Results of our procedures are presented in more detail in the Audit Results section and the audit objective, scope, methodology and conclusion are described in Appendix A. A Summary Report of the FY 2015 Records Management Audit is included in Appendix B.
BACKGROUND In 2015, Internal Audit conducted a Records Management Audit and issued a report in September of that year. The audit objective was to determine whether TRS records management practices aligned with state requirements and guidelines, TRS internal policy and procedures, and generally accepted recordkeeping principles and best practices. Results of the audit determined that while TRS has a mature records management function and experienced Records Management department leadership and staff, records management practices did not always align with state requirements and guidelines, TRS internal policy and procedures, and generally accepted recordkeeping principles and best practices.
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 2
Testing found that oversight and monitoring of compliance with records retention schedules and records management program understanding did not occur by Records Management staff. Individuals within both TRS management and general staff reported that they were unsure of roles and responsibilities regarding the creation, maintenance, and disposition of records, whether hardcopy or electronic. Auditors also determined that a lack of understanding of records management requirements could increase the risk that terminating employees and contract workers might intentionally or unintentionally take TRS records when they terminate employment. Testing identified instances where records were maintained past their retention period and other instances where records were discarded prior to their retention period. Additionally, some electronic records could not be located during testing and others were filed in multiple locations. The audit resulted in one significant finding and three other reportable findings. Management agreed with all recommendations included in the audit report and has indicated that actions have been implemented to mitigate the identified risks. The objective of this follow-up audit was to verify the implementation actions taken by management in addressing the three recommendations related to the one significant finding reported in the prior audit.
AUDIT RESULTS OVERALL RESULTS Audit fieldwork focused on the three recommendations made during the prior audit that were related to the one significant finding. These recommendations were:
1. Records Management staff should perform routine enterprise-wide records retention schedule assessments to identify problems such as non-compliance or areas where focused training or consultation is needed.
2. Records Management staff should ensure that management and staff receive adequate records management training that includes well-defined guidelines for users of electronic record systems, including electronic mail and calendar systems. Records Management staff’s increased records management awareness efforts should be visible throughout TRS.
3. TRS should require terminating employees and contract workers to formally certify that they do not have any TRS records.
Results of audit fieldwork found the following:
One of the management responses fully addressed the audit recommendation, while two partially addressed audit recommendations.
All three management responses were fully implemented. Implementation of management’s stated action plans is current.
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 3
DETAILED RESULTS Regarding the first recommendation, we found that management is in the final stages of contracting with a vendor to perform a comprehensive, enterprise-wide review of recordkeeping practices including the establishment of electronic records repositories and a revision of departmental record retention schedules. This process is expected to take approximately 2 years to complete. While management’s plan is very thorough in the approach that will be taken during the enterprise-wide assessment, we found that it did not include a plan for conducting on-going monitoring activities to ensure compliance with the revised departmental record retention schedules and newly established processes. When this concern was addressed with management, they committed to several actions to improve their planned monitoring and compliance function. The Records Management Policy, currently undergoing revision, will specifically designate the Records Management Officer as being responsible for monitoring and enforcing compliance with records management policies. The revision will also include an annual certification requirement for management to certify the completeness of their records retention schedule. Further, Records Management will, by the Fiscal Year 2018 purge cycle, revise its procedures associated with the annual purge to include:
More detailed analysis of purge activity to monitor whether all records that are eligible for destruction are in fact being purged.
Providing a “report card” to division directors on their area’s performance in the purge and the level of compliance exhibited recognizing areas of exemplary performance as well as areas needing improvement.
Conducting follow-up spot checks of retention schedule completeness and level of compliance in selected departments based on the results observed during the purge.
Lastly, management has committed to consulting with the vendor contracted to perform the agency-wide records retention assessments regarding any additional routine monitoring activities that management could perform to identify areas of non-compliance and opportunities for focused training or consultation with individual departments. These new monitoring activities will be performed in addition to the current review processes related to the annual purge and monitoring of e-records metrics. Regarding the third recommendation, we found that management’s response and subsequent actions only addressed the development and implementation of a process for exiting TRS employees to certify that they do not have any TRS records. The need for contract workers to certify was not addressed. During the follow-up audit, management developed, and is in the process of implementing, a certification form that requests the contract vendor, rather than the contract worker, to certify that all records have been returned to TRS. The certification form will be implemented by the Contract Management department as part of the contract close-out process. The form will be implemented for all contracts initiated after January 1, 2017.
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 4
Additionally, the Records Management Policy is being revised to include a requirement that upon departure, all staff certify that working documents and final records have been returned to TRS. The Records Management Policy is one of several TRS policies that new employees and contract workers receive during the onboarding process. They are required to complete a form acknowledging that they have reviewed the policies and agree to abide by them. The updated Records Management Policy is expected to be finalized by December 31, 2016. The table below provides a summary of management’s implementation status of the significant audit recommendations from the FY 2015 Records Management Audit.
Rec # Original Recommendation
Implementation Status (As determined by Follow-up Audit)
Notes Management Response Fully
Addressed Recommendation
Management Response
Fully Implemented
Implementation is Current
1 Records Management staff should perform routine enterprise-wide records retention schedule assessments to identify problems such as non-compliance or areas where focused training or consultation is needed.
Partially
Yes Yes Auditor Note Management response did not address the need for on-going monitoring activities to ensure compliance with record retention schedules. Management Response Management has agreed to address this risk by taking the following actions: Updating language in the
Records Management Policy to clearly assign responsibility for monitoring and enforcing compliance with records management policies to the Records Management Officer
Adding additional analysis, monitoring, and reporting features to the existing purge process
Conducting spot checks of retention schedule completeness and compliance
Consulting with the vendor hired to conduct the agency-wide records
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 5
Rec # Original Recommendation
Implementation Status (As determined by Follow-up Audit)
Notes Management Response Fully
Addressed Recommendation
Management Response
Fully Implemented
Implementation is Current
management assessments regarding any additional routine monitoring activities that management could perform to identify areas of non-compliance and opportunities for focused training and consultation
2 Records Management staff should ensure that management and staff receive adequate records management training that includes well-defined guidelines for users of electronic record systems, including electronic mail and calendar systems. Records Management staff’s increased records management awareness efforts should be visible throughout TRS.
Yes
Yes
Yes
Auditor Note Management has worked with Human Resources and Organizational Change Management to develop a training schedule and will continue to work with them to develop the necessary materials to provide focused training to staff at all levels across the agency.
3 TRS should require terminating employees and contract workers to formally certify that they do not have any TRS records.
Partially Yes Yes Auditor Note Management response did not address the implementation of a certification process for exiting contract workers. Management Response Management has developed a certification form that will request contract vendors to certify that all records have been returned to TRS. Use of the certification form will be implemented by the Contract Management
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 6
Rec # Original Recommendation
Implementation Status (As determined by Follow-up Audit)
Notes Management Response Fully
Addressed Recommendation
Management Response
Fully Implemented
Implementation is Current
department during the contract close-out process for contracts initiated after January 1, 2017. Additionally, the Records Management Policy is being updated to include language stating that all staff are required to return all working documents and final records to TRS upon departure from the agency.
* * * * * We appreciate the cooperation, courtesy, and professionalism extended to us during this follow-up audit by TRS Records Management department management and staff. _____________________________ ______________________________ Amy Barrett, CIA, CPA, CISA Toma Miller, CIA, CGAP Chief Audit Executive Senior Internal Auditor _ ____________________________ Jan Engler, CIA, CISA, CFE Director of Benefit Audit Services
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 7
APPENDIX A
AUDIT OBJECTIVE, SCOPE, METHODOLOGY, AND CONCLUSION We conducted this audit in accordance with generally accepted government auditing standards contained in the Government Auditing Standards issued by the Comptroller General of the United States and the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors, Inc. These standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our audit findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. AUDIT OBJECTIVE The audit objective was to verify management’s implementation actions taken to address audit recommendations related to the significant finding made during the Records Management Audit conducted in Fiscal Year 2015, and to answer the following questions for each recommendation:
1. Did management responses fully address the original audit recommendations? 2. Were management responses implemented? 3. Is the implementation current?
SCOPE The scope of the follow-up audit included three audit recommendations related to the one significant finding reported in the FY 2015 Records Management Audit. METHODOLOGY The audit methodology included obtaining information on management’s implementation actions for each recommendation within the scope of the audit. To determine the implementation status, the auditor conducted interviews, reviewed documents, and reviewed departmental procedures. CONCLUSION During the Records Management Audit, Internal Audit identified one significant finding related to the need for more training, well-defined guidance, and routine monitoring in order to address TRS’ records management needs now and in the future. Three recommendations were made related to this finding. During the follow-up audit, we concluded:
1. One of the management responses fully addressed the audit recommendation, while two partially addressed audit recommendations.
2. All three management responses were fully implemented. 3. Implementation of management’s stated action plans is current.
TRS Internal Audit November 16, 2016 Records Management Follow-up Audit Page 8
APPENDIX B
Summary Report of FY 2015 Records Management Audit Findings and management responses that are in the red-line box are covered in the project scope of this follow-up audit
TRS Internal Audit Summary of Audit Recommendations Status
November 2016
December 2016 Board Audit Committee Meeting 1
Project Recommendation Status Issue Type Estimated Date
Revised / Actual Date
16-301 Overall IMD Opinion Audit
Improve the travel process to ensure justification for excess lodging expenses for foreign travel Implemented Other
Reportable 8/2016 10/2016
Enhance written operating procedures for TAA process Implemented Other Reportable 12/2016 10/2016
16-303 Performance Incentive Payment Calculations
Qualitative Award for Transferred Employees Implemented Other Reportable 9/2016 9/2016
Significant to Business Objectives Other Reportable Past original estimated completion date No management action plan or No progress on management action plan Past original estimated completion date Progress on management action plan Original estimated completion date has not changed Progress on management action plan
Satisfactory implementation of management action plan or Acceptance of risk by management
Implementation of management action plan pending Internal Audit validation
Past original or first revised estimated completion date No management action plan or No progress on management action plan Past original or first revised estimated completion date Progress on management action plan Within original or first revised estimated completion date Progress on management action planSatisfactory implementation of management action plan or Acceptance of risk by management
TRS Internal Audit Summary of Audit Recommendations Status
November 2016
December 2016 Board Audit Committee Meeting 2
Status of Reporting Entity Audit Recommendations
Statuses:
Under Legal Services Review – TRS Benefits team has requested Legal Services review before taking any further action In Progress – TRS Benefits team is working with RE on corrections/adjustments Closed – TRS Benefits team has resolved all RE audit findings No Audit Findings – the audit resulted in no audit findings
Audit Project # Audit Report Date Reporting Entity (RE) Status
1 16-401 A 1/15/2016 Manor ISD In Progress
2 16-401 D 5/13/2016 Daingerfield-Lone Star ISD Closed
3 16-401 E 8/3/2016 Socorro ISD In Progress
4 16-401 F 8/3/2016 Ysleta ISD In Progress
TRS Internal Audit Summary of Audit Recommendations Status
November 2016
December 2016 Board Audit Committee Meeting 3
State Auditor’s Office (SAO) Audit Recommendations
Project Recommendation Status Issue Type Estimated Date
Revised / Actual Date
15-305 SAO Audit of Fiscal Year 2014 Comprehensive Annual Financial Report
Strengthen controls over census data In Progress Significant 8/2016 9/2017
16-030 SAO Audit of Incentive Compensation
Strengthen Controls over Incentive Compensation Calculation and Review Processes In Progress Other
Reportable 9/2016 1/2017
TRS Internal Audit Status of Top 10+1 Innovation Ideas
As of October 2016
December 2016 Board Audit Committee Meeting 1
Description Status Estimated
Implementation Date
Top 10+1 Innovation Ideas presented to the Board in February 2016
1 Explore an automate tool to ensure accuracy and protect the Incentive Pay Calculation
The Iconixx has been selected and are in the development stage. It is expected to be used to perform this year’s incentive pay calculations. 1/2017
2 Expand Use of ERM Technology to entire TRS
Continuing to test LogicManager for annual updates of agency-wide BIA and BCP data. Planning to test the tool for follow-up on risk-related action items and strategic plan status updates. Identified additional support needed from both TRS IT and the vendor. This initiative is on track.
12/2017
3 Testing the Entire Population of Data in REs Audits
This project is deferred until the TEAM Phase 1B implementation when full payroll data is available. 9/2018
4 Development of a Financial Data Hub
The Information Systems Architecture (ISA) team has completed contract data architect/modeler interviews and will select a candidate around mid-October. Requirements gathering should begin the first part of November. The ISA and General Accounting teams will work with the new contractor to develop a project schedule for this 3rd phase of the financial data hub.
9/2017
5 Expand the use of K2 Blackpearl for improved workflow automation
Below are the updates for Expanding the use of K2 Blackpearl: 1. Continue to make enhancements to the Purchase Requisition (TRS146) form as well as
the IT Service Request form.2. Successfully implemented the Exiting Employees (E-Records) process using K2 and
EasyVista.3. Actively working on developing K2 forms for a better user experience for the following
HR forms: Employee Name Change, Employee Transfer, New Hire Setup, ContractorSetup
4. Kicking off the Inventory Management Process project
9/2017
6 Automate Board members Eligibility Assessment and Nomination Process
Purchasing will soon issue an RFP for board election management services. ICommunications has included in that RFP's scope of work an option where the contractor would manage a new process whereby members and retirees who wish to nominate someone to appear on a TRS board election ballot could do so online.
9/2018
TRS Internal Audit Status of Top 10+1 Innovation Ideas
As of October 2016
December 2016 Board Audit Committee Meeting 2
Description Status Estimated
Implementation Date
7 Use In-House Resources for IT Security Monitoring
IT Security team is validating the existing security controls for security monitoring of TRS network. Updates to all monitoring tools would help determine their validity. The validation checks should be completed by Fall 2016.
9/2019
8 Implement HR Dashboard using Automatic Tool
HR has started an initial discussion about various software products, but decision has not been made. 9/2019
9 Central Repository for Employee Information
FSR Team project is currently on hold. HR is exploring other technology opportunities 9/2019
10 TEAM 2.0 - Continue Improving TEAM Program
TRS will be taking on development and maintenance of a new Health Care application as well as assuming responsibility for CRM and Workflow development. In addition, TRS is building some of our own functionality to get more experience maintaining the application
9/2019
11 Expand the Use of E-Signature
General Accounting is coming up to speed with eSignLive system and working on processes and procedures for using e-signature for TRS contracts.
IT Team continues planning activities for other e-signature proof of concepts such as automating the TRS138/Medical Board process. During the month of October, the team should be doing some initial requirements gathering with eSignLive professional services to help scope out the TRS138 effort and provide high-level solution. The eSignLive professional services team will assist with some of the integration needs.
6/2017
Solution: Iconixx Software
• Austin-based company
• Provides web-based solutions to manageincentive compensation, salescompensation and merit planning
• Solution is stand alone and does notrequire integration with a financial or HRsystem
• Primary users are Investment Accountingand Human Resources
TRS Gains
• Automated solution to track and maintain data
• Increased audit capabilities
• System helps formalize our internal workflowsand processes
• Once implemented, system will provide testdatabase to model potential plan changes
• Dashboards and reports will improve TRS’ abilityto track and analyze data
• System will create automated compensationstatements for IMD employees
Incentive Compensation Software Update
December 2016 Board Audit Committee Meeting 3
Timeline
• April – Demo and initial meeting• May – Activation scope meetings• June – Signed agreement and project
preparation• July – Project kick-off and requirements
gathering• August/September – System
configuration• October – Validate 2014-2015 incentive
data• November – Testing and begin loading
2015-2016 data• December – Finish calculations, review
and audit results• January – Process incentive payments
Next Steps
• Phase I – Basic incentive calculations
• Phase II – Develop dashboards and analyticsgrid
• Phase III – Configure system for 2016-2017calculations
Incentive Compensation Software Update
December 2016 Board Audit Committee Meeting 4
Internal Audit Annual Report
Fiscal Year 2016
Teacher Retirement System of Texas 1000 Red River Street, Austin, Texas 78701-2698
October 2016
TEACHER RETIREMENT SYSTEM OF TEXAS
BOARD AUDIT COMMITTEE (As of October 15, 2016)
Christopher Moss, Chair T. Karen Charleston
David Corpus Greg Gibson
Anita Smith Palmer
BOARD MEMBERS (As of October 15, 2016)
R. David Kelly, Chair Dolores Ramirez, Vice Chair
T. Karen Charleston Greg Gibson John Elliott
Joe Colonnetta David Corpus
Christopher Moss Anita Smith Palmer
EXECUTIVE DIRECTOR
Brian Guthrie
INTERNAL AUDIT DEPARTMENT
Amy L. Barrett, CIA, CISA, CPA, Chief Audit Executive Jan Engler, CIA, CISA, CFE, Director of Benefit Services
Lih-Jen Lan, CIA, CPA, CISA, CISSP, CCSA, Information Technology (IT) Audit Manager
Hugh Ohn, CFA, CPA, CIA, FRM, Director of Investment Audit Services Dinah G. Arce, CIA, CPA, CFE, CIDA, Senior Auditor
Toma Miller, CIA, CGAP, Senior Auditor Dorvin Handrick, CISA, IT Audit Manager
Simin Pang, CIA, CISA, Senior IT Auditor Anandhi Mani, CIA, CPA, Senior Investment Auditor
Art Mata, CEBS, CPM, Senior Internal Audit Benefit Consultant Carol Casey, CPM, Internal Audit Benefit Consultant
Rodrigo Dominguez, Investment Auditor
October 15, 2016 Honorable Greg Abbott, Governor Members of the Legislative Budget Board Members of the Sunset Advisory Commission Ms. Lisa R. Collier, CPA, First Assistant State Auditor Mr. R. David Kelly, Chair, TRS Board of Trustees Mr. Christopher Moss, Chair, TRS Board Audit Committee Members of the Board of Trustees, Teacher Retirement System of Texas Mr. Brian Guthrie, Executive Director, TRS Attached is the annual report of the Internal Audit department of the Teacher Retirement System of Texas (TRS). This report provides information on the audit plan, assurance, consulting, and advisory projects completed, and other Internal Audit activities. It also meets the annual reporting requirement of the Texas Internal Auditing Act (Texas Government Code, Chapter 2102.009 and Texas Government Code, Sections 2102.015 and 2102.0091). This report includes the following State Auditor’s Office reporting guidelines:
I. Compliance With Texas Government Code, Section 2102.015: Posting the Internal Audit Plan, Internal Audit annual report, and Other Audit Information on Internet Website
II. Internal Audit Plan for Fiscal Year 2016 III. Consulting Services and Nonaudit Services Completed IV. External Quality Assurance Review (Peer Review) V. Internal Audit Plan for Fiscal Year 2017 VI. External Audit Services Procured in Fiscal Year 2016 VII. Reporting Suspected Fraud and Abuse
The work performed by TRS Internal Audit contributes toward accountability, integrity, and good management practices within TRS operations. Fiscal year 2016 projects contributed to the improvement of risk management, control, and governance processes. Internal Audit (or those engaged by Internal Audit) issued 10 assurance and 8 agreed-upon procedures reports, followed-up and reported quarterly on the status of all outstanding audit recommendations, and performed advisory services in various areas including TEAM (TRS Enterprise Application Modernization) Program initiatives. For further information about the contents of this report or to request copies of Internal Audit reports, please contact Amy Barrett at (512) 542-6559. Sincerely, Amy L. Barrett, CIA, CISA, CPA Chief Audit Executive
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
I. Compliance With Texas Government Code, Section 2102.015:
Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit Information on Internet Website
Teacher Retire Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016 I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal Audit
Plan, Internal Audit Annual Report, and Other Audit information on Internet Web site
Texas Government Code, Section 2102.015 requires state agencies and institutions of higher education, as defined in the statute, to post agency internal audit plans and internal audit annual reports on the agency’s internet website within 30 days of approval. The statute also requires entities to update the posting on the Internet to include a.) a detailed summary of the weaknesses, deficiencies, wrongdoings, or other concerns raised by the audit plan or annual report and b.) a summary of the actions taken to address concerns, if any, that are raised by the audit plan or annual report.
TRS Internal Audit follows the following procedures to ensure compliance with the requirements of Texas Government Code, Section 2102.015:
The TRS Annual Internal Audit Plan is approved each fiscal year by the TRS Board of Trustees as recommended by the TRS Audit Committee. The annual audit plan, as approved by the TRS Board of Trustees, is provided by Internal Audit staff to the TRS Website coordinators and posted to the TRS Website within 30 days of approval.
The TRS Internal Audit Annual Report is prepared annually by Internal Audit staff in accordance with the Texas State Auditor’s Office guidelines by the required deadline. This report, once approved by the Chief Audit Executive, is submitted to the Governor, the Legislative Budget Board, the Sunset Advisory Commission, the State Auditor’s Office and the TRS’ Board of Trustees by November 1st of each fiscal year. The annual report is provided by Internal Audit staff to the TRS Website coordinators to post to the TRS Website.
Summaries of the weaknesses, concerns, and actions taken to address concerns in the audit plan or annual report are provided by Internal Audit in the quarterly TRS Audit Committee materials. The audit committee materials provide audit reports completed during each quarter, quarterly status reports on management action on outstanding audit recommendations, and the status of the current fiscal year audit plan. The individual audit reports provide the results, recommendations, and management actions taken to address the audit recommendations. The TRS Audit Committee materials are posted to the TRS Website, after dissemination to TRS Board of Trustees, through an administration process of board and committee materials prior to the scheduled board meeting.
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
II. Internal Audit Plan for Fiscal Year 2016
Fiscal Year 2016 Audit Plan Status As of August 2016
September 2016 Board Audit Committee Meeting 2
Title and Project # Type Status Executive and Finance
Actuarial Data Controls (15-402) Audit Complete
State Auditor’s Office (SAO) Financial (CAFR) Audit Coordination Advisory Complete
Internal Ethics and Fraud Hotline Administration Advisory Complete. Transferred to Compliance
Meetings Participation Advisory Ongoing
Special Requests and Emerging Issues
Innovation Best Ideas (16-605) - Board Chair Request
Audit/Consulting/Advisory Consulting
Complete
Testing of Executive Performance Incentive Pay Calculations Agreed-Upon Procedures Complete
TEAM Program TEAM Program Internal Controls Assessment Advisory In Progress
TEAM Security and Access Controls Assessment Advisory In Progress
TEAM Independent Program Assessment (IPA) Vendor Support Advisory Ongoing
TEAM Committees and TEAM Projects Participation Advisory Ongoing
Pension Benefits
Benefits Testing for State Auditor’s Office (SAO) Audit of Comprehensive Annual Financial Report (CAFR) (16-100)
Audit Complete
Annual Benefits Testing (16-101) Agreed-Upon Procedures Complete
Reporting Entity Audits (6-8) and Investigations (16-401) Audit Complete
(Completed 7 REs)
TRS Reporting Entity Website Audit Information Advisory Complete
Benefits Data Analysis Pilot Project Advisory Deferred to FY17
Health Care
Health Care Audit Risk Assessment Follow Up Consulting Complete
Open Enrollment and Billing Readiness Review Consulting Complete
Health Care Vendor Selection Observation Advisory Complete
Health Care Vendor Update Meetings Advisory Ongoing
Fiscal Year 2016 Audit Plan Status As of August 2016
September 2016 Board Audit Committee Meeting 3
Title and Project # Type Status
Information Technology
SharePoint Governance and Security Audit (16-501) Audit Complete
Wireless Network Security Assessment (16-502) Agreed-Upon Procedures Complete
Data Protection Project Advisory Complete
Disaster Recovery, Network Penetration Tests; Security Risk Assessment Review Advisory Ongoing
Investment Management
Overall Internal Control Opinion on Investment Activities (16-301) Audit Complete
Quarterly Investment Compliance, Incentive Pay, Ethics Policies and Budget Testing (16-302) Agreed-Upon Procedures Complete
Annual Incentive Compensation Plan Testing (16-303) Agreed-Upon Procedures Complete
Coordination of SAO Audit of Incentive Pay Advisory Complete
Investments Data Analysis Pilot Project Advisory Complete
Investment Committees Attendance Advisory Ongoing
Coordinate the TRICOT Financial Audit Advisory In Progress
Internal Audit Department
Annual Internal Audit Report (16-603) Audit Complete
Data Analytic Development Project Advisory In Progress
Quarterly Audit Recommendations Follow-up Audit Ongoing
External Quality Assurance Review Audit Complete
Internal Quality Assurance Review (16-602) Advisory Complete
Fiscal Year 2017 Audit Plan Advisory Complete
Internal Audit Vendor Request for Qualifications (RFQ) Advisory Complete
Audit Committee Meetings Preparation Advisory Ongoing
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
Deviations from Fiscal Year 2016 Audit Plan As Approved by TRS Board of Trustees in the April 2016 Board Meeting
Project Proposed Change Reason
Semi-Annual Benefits Testing (Agreed- Upon Procedures)
Change to Annual Benefits Testing
• To reduce reporting requirement to once per year instead of twice per year. The project will cover the same time-period as the semiannual testing, but results will only be reported once. (Completed August 2016)
Testing of Executive Performance Incentive Pay Calculations (Agreed-Upon Procedures)
Added Management request as a result of overall discussion with the Board of Trustees. (Completed July 2016)
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
III. Consulting Services
and Nonaudit Services Completed
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016 III. Consulting Services and Nonaudit Service Completed
During fiscal year 2016, Internal Audit conducted (or hired consultants to conduct) the following
consulting (nonaudit services) projects resulting in formal recommendations to management.
1. Special Requests and Emerging Issues – Innovation Best Ideas
(Project #16-605, PowerPoint presentation to Board, December 14, 2015)
Objective: Gathered information on TRS manual processes to make recommendations for
processes to be automated in the next two years.
Obtained information on current manual processes, researched best practices to identify
ways in which TRS can become more efficient through those processes being automated.
2. TRS-ActiveCare enrollment and billing readiness review
(PowerPoint presentation to the Board, dated August 14, 2016)
Objective: Assessing the design effectiveness of the controls implemented by Aetna at
WellSystems to address completeness and accuracy of electronic file transmissions,
discrepancy identification and resolution, and customer quality monitoring.
The following elements were completed:
A. Performed inquiry and testing to assess the root cause of identified enrollment and
billing issues.
B. Performed inquiry and testing to assess whether or not known issues in the enrollment
and billing process have been remediated by the action plans implemented by
WellSystems and Aetna Inc. (Aetna).
3. Health Care Audit Risk Assessment Follow Up
(Project #16-201, PowerPoint presentation to Health Insurance Benefits (HIB), May 5,
2016)
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
Objective: In 2015 Protiviti was engaged to update the risk assessment and provide action
plan recommendations to Health Insurance Benefit Management.
The proposed action plans could provide a higher sense of assurance to TRS that risks
inherent to healthcare are effectively monitored and controlled.
Internal Audit also performed various advisory (nonaudit services) as listed in section II.
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
IV. External Quality Assurance Review (Peer Review)
INTERNAL AUDIT QUALITY ASSURANCE SELF-ASSESSMENT March 22, 2016
Teacher Retirement System Internal Audit Department
Project 16-602
Legend of Results: Red - Does not conform Yellow - Partially conforms Green - Generally conforms
Best Practices
Inherent Risks Without Controls
Results
Update TeamMate (the electronic project work paper application) project templates to ensure documentation of:
Opportunities for making improvements to risk management/control processes Protocols to follow if fraud activities are suspected Assessment of IA’s ability to perform non-audit services Various understandings between auditor and client, for agreed-upon
procedures engagements and include the word “independent” in the report title of these engagements
Audits may not address significant organizational risks Audit processes may be inefficient and ineffective Assurance could be unreliable without effective quality control
Internal Audit Responses
IA “generally conforms” with professional auditing standards, related codes of ethics, Texas state law, and Internal Audit’s Quality Assurance and Improvement Program. Many best practices were identified. Opportunities for additional improvement were identified.
Internal Audit Controls
Recommended Actions
Internal Audit charter, organizational chart, board minutes Job descriptions, resumes, training records, performance evaluations Work papers, work programs, reports, quality control processes Annual risk assessment, audit plan IA policies and procedures TRS Internal Audit Quality Assurance and Improvement Program
The Chief Audit Executive agrees with the recommendations and will ensure that the TeamMate project templates are updated by August 31, 2016.
Tests Performed
To determine whether Internal Audit (IA) function generally conforms with professional auditing standards, Texas Internal Auditing Act, auditor codes of ethics, and Internal Audit’s Quality Assurance and Improvement Program (QAIP). (Professional audit standards consider Internal Audit function authority, independence, proficiency, quality assurance and improvement program, and how the audits are planned, performed, communicated, managed, and resolved.)
Conducted self-assessment to validate Internal Audit activities conform with applicable professional standards and state law using the self-assessment tool developed by the State Agency Internal Audit Forum (SAIAF). These tests included steps to assess implementation of Internal Audit’s QAIP.
Business Objectives
Board approved TRS Internal Audit Charter Achievement of professional requirements for annual training Supervisory review of all audit working papers Management involvement in annual audit planning IA Strategic Plan alignment with TRS Strategic Plan
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
VI. Internal Audit Plan for Fiscal Year 2017
Fiscal Year 2017 Audit PlanSeptember 23, 2016
_______________________ _______________________Amy Barrett, CIA, CISA, CPA Christopher S. MossChief Audit Executive Chair, Audit Committee, Board of Trustees
_______________________ _______________________Brian Guthrie R. David KellyExecutive Director Chair, Board of Trustees
Fiscal Year 2017 Audit Plan
September 23, 2016
Executive Summary
Professional and Statutory Requirements
This document provides the Fiscal Year 2017 Audit Plan (Audit Plan) as required by professional auditing standards, the Texas Internal Auditing Act (Act), and the Texas Government Code 2102.008 for the Teacher Retirement System of Texas (TRS). The Act requires state agencies to conduct a program of internal auditing that includes an annual audit plan that is prepared using risk assessment techniques and identifies individual audit projects to be conducted during the year. The Audit Plan is required to be evaluated and updated annually for recommendation of approval by the TRS Audit Committee of the Board of Trustees (Audit Committee) to the TRS Board of Trustees (Board). Internal Audit is independent of management and provides objective assurance and consulting services designed to add value and improve TRS’ operations.
Audit Plan Development and Scope
Our Audit Plan is designed to provide coverage of key risks, given the existing staff and approved budget. See the Appendices for information regarding the internal audit budget, performance measures, and audit universe.
Changes Subsequent to Approval
Interim changes to the Audit Plan will occur from time to time due to changes in business risks, timing of TRS’ initiatives, and staff availability. We will report Audit Plan changes to senior management and present changes to the Audit Committee at the following quarterly Audit Committee meeting. Amendments to the approved Audit Plan deemed to be significant (based on discussions with the executive director and audit committee chair) will be submitted to the Audit Committee for recommendation to the Board for approval. The State Auditor’s Office also requires notification of material changes to the Audit Plan.
September 2016 Audit Committee Meeting 2
Risk Assessment & Audit Planning Approach
September 2016 Audit Committee Meeting 3
Interviews of TRS executives and external service providers, risk assessment surveys from the prior year, and the current Stoplight Report developed by the Enterprise Risk Management (ERM) team were used to identify areas of risk and potential internal audit projects. This information was combined into an overall audit plan designed to address critical risks to achieving TRS objectives while being sensitive to operational requirements. The Audit Plan also includes hours for ad hoc projects and special requests. The following approach was taken in creating the Audit Plan:
Information Gathering and Scoping Risk Analysis
Development and Vetting of Internal
Audit PlanNext Steps
A. Gained understanding of industry trends and current environmental risks through discussions with industry personnel, reading publications, and attending relevant training
B. Read technical guidance from GASB and AICPA to identify changes to audit and accounting requirements
C. Gained understanding of TRS’ strategic objectives and key initiatives by reading the strategic plan
D. Updated audit universe based upon changes in organizational structure, information from TEAM, and input from staff
A. Interviewed members of the TRS executive team to obtain various points of view on risks
B. Reviewed prior year surveys of executives and selected leadership team members on their assessment of risk in the categories of fraud, compliance, materiality, complexity, suspected concerns, and emerging risks
C. Obtained latest ERM Stoplight Report to identify additional areas of risk
A. Developed a proposed Audit Plan based on interviews, risk assessments, resource availability, budget, and division coverage
B. Met with Risk Oversight Committee to discuss proposed audit plan
C. Updated TRS Internal Audit Charter to ensure alignment with proposed audit activities and standards
A. Review and discuss the proposed Audit Plan with the Audit Committee
B. Obtain Audit Committee recommendation and Board approval of Audit Plan
Types of Projects to Cover Risk Areas
September 2016 Audit Committee Meeting 4
An important part of the Audit Plan is that the identified processes, systems, and initiatives should receive differing types and levels of review based on their importance, perceived risk, and most efficient approach. Our suggested levels of review activities are as follows:
• Audit Focus: Assess evidence available in order to conclude on an audit objective• Deliverable: Audit report for public distribution unless protected by statute• Estimated level of effort per project: 400 - 500 hours
Audit
Formal Consulting
• Consulting Focus: Respond to requests for formal study or assessment with recommendations; no assurance provided• Deliverable: Consulting report or memo for limited distribution; significant material weaknesses identified would be
reported to executive management and the Audit Committee as required by professional auditing standards• Estimated level of effort per project: 100 - 200 hours
Informal Consulting (Advisory)
• Advisory Focus: Participate in activities in a non-voting capacity, e.g., provide training and input on policies and procedures
• Deliverable: Verbal discussion or a brief memo to management• Estimated level of effort per year: 10 – 100 hours
• Agreed-Upon Procedures Focus: Determine specific steps to test with management’s agreement and report on results; used for data analytics and quarterly testing of specific data and transactions
• Deliverable: Agreed-upon procedures report for public distribution (use is limited to those with understanding of procedures performed)
• Estimated level of effort per project: 100 - 300 hours
Agreed-Upon Procedures
Audit Plan: Pension Benefits and Employer Audits
September 2016 Audit Committee Meeting 5
The tables on this page and the following pages provide the name of each project, type of project, and preliminary scope of workto be performed. Scope of work will be finalized as part of each project’s formal planning phase.
Title Type Preliminary ScopeAnnual Benefits Testing Agreed-Upon
ProceduresRecalculate a sample of benefit payments annually and determine whether documentation on file supports the calculation; scope in other tests related to benefits as agreed-upon with management
Employer Audits (6-10 Independent School Districts)
Audit Determine whether information reported to TRS is complete and accurate, especially in the areas of eligibility, compensation, contributions, surcharges (pension and healthcare), and premiums paid
Employer Audit of Pension and TRS-Care Surcharges
Audit Conduct a desk audit across multiple entities targeted at surcharge reporting and collections with the goal of collecting significantly underreported amounts to the trust.
Employer Audit Follow-Up Audit Follow-up and report on the status of outstanding audit recommendations related to reporting entities
Higher Education Pilot and Audit Program Development
Advisory Select a higher education institution to pilot an audit in order to develop an audit program for future audits and for requesting internal auditors at higher education institutions to conduct
TRS Reporting Entity Website Audit Information and Communication
Advisory Update audit-related information and tools on the TRS employer (reporting entity) website. Information may include self-audits, audit programs, audit results, technical guidance, and frequently asked questions about reporting entity audits.
Audit Plan: Health Care
September 2016 Audit Committee Meeting 6
Title Type Preliminary Scope
Health Insurance Portability and Accountability Act (HIPAA) Gap Assessment and Validation
Audit Conduct a gap assessment and validation of TRS' compliance with HIPAA, especially in the areas of privacy, breach notification, and IT security. Incorporate assessment of third party monitoring of business associates and their subcontractors and cybersecurity risks and controls.
Trust Expense Allocation Audit Audit Assess reasonableness of expenses allocated between pension and health care trusts
TRS-ActiveCare Open Enrollment Readiness Assessment Follow-Up
Audit Follow up on outstanding action items significant to open enrollment
TRS-ActiveCare Eligibility Pilot and Audit Program Development
Advisory Conduct a second pilot audit of a school district to determine whether any dependents are ineligible for participating in TRS-ActiveCare. Provide results to management to determine whether audits on a larger scale are beneficial.
Health Care Vendor Update Meetings
Advisory Attend quarterly meetings with health care vendors to understand results, issues, and TRS management’s monitoring controls
Health Care Vendor Selection Observation
Advisory Observe selection process of large vendor and service providers, when applicable
Audit Plan: Investment Management
September 2016 Audit Committee Meeting 7
Title Type Preliminary Scope
Private Equity Fees Audit Verify the accuracy of private equity fees and compliance with investment management agreements for 1 – 2 private equity funds.
Soft Dollars and Commission Sharing Arrangements (CSA’s)
Audit Assess compliance with soft dollar policies; assess effectiveness and efficiencies of processes for accounting and reporting soft dollars and CSA's. Assess compliance with TRS travel policies
Quarterly Investment and Ethics Policies Compliance Testing
Agreed-Upon Procedures
Assess compliance with TRS ethics policies and the Investment Policy Statement (IPS) requirements
Annual Testing of Investment Incentive Pay Plan
Agreed-Upon Procedures
Prior to payment, recalculate the investment incentive compensation award amounts to determine if they are calculated in accordance with plan provisions; reconcile performance to the service provider, and calculated in accordance with plan provisions
Investment Fiduciary Audit Coordination
Advisory Coordinate the audit of the auditors hired by the SAO to assess TRS' fiduciary activities around real assets
Investment Committees Attendance
Advisory Stay current on Investment Management Division initiatives by attending the Internal Investment Committee, Derivatives Operations, monthly staff, and other meetings such as the Annual Town Hall meeting
Audit Plan: Finance
September 2016 Audit Committee Meeting 8
Title Type Preliminary Scope
Comprehensive Annual Financial Report (CAFR) testing of annuity payments
Audit Conduct pension benefits testing on behalf of the State Auditor’s office(SAO) to be used in completion of the CAFR audit
CAFR Audit Coordination (SAO, auditors)
Advisory Coordinate activities of the SAO to ensure deadlines are met; coordinate quarterly update meetings with executive management and the SAO; maintain SAO document request SharePoint site
Teacher Retirement Investment Company of Texas (TRICOT) Financial Audit Coordination (Grant Thornton, auditors)
Advisory Coordinate a financial audit of TRICOT, a wholly-owned subsidiary of TRS in London
Audit Plan: Executive
September 2016 Audit Committee Meeting 9
Title Type Preliminary ScopeRecords Management Audit Follow-Up
Audit Follow up on outstanding action items significant to records management
403(b) Program Controls Assessment, including Provider Compliance
Audit Assess the design and effectiveness of controls at TRS in meeting 403(b) program objectives, including 403(b) providers’ compliance with program requirements
Contractor Onboarding and Off-boarding Processes
Audit Assess sufficiency of processes for onboarding and off-boarding contractors
Federal Labor Standards Act (FLSA) Compliance
Consulting Analyze hourly and salaried employees and compare with requirements of the FLSA
Executive Incentive Pay Agreed-Upon Procedures
Independent recalculate executive incentive pay in order to test the accuracy of the calculation by management
The University of Texas at Austin (UT) Student Project
Consulting Assess a TRS policy and provide recommendations for enhancing it.
Enterprise Risk Management (ERM) Fraud Risk Assessment
Advisory Partner with ERM to update the TRS fraud risk assessment and identify mitigating controls
Special Requests and Emerging issues
Advisory or Consulting
Set aside time to address special requests and emerging issues during the year as requested by management
Meetings Participation Advisory Participate (non-voting) in various TRS-wide meetings such as Executive Council, Leadership Team, and Risk Oversight Committee
Audit Plan: TEAM and Technology
September 2016 Audit Committee Meeting 10
Title Type Preliminary Scope
TEAM Independent Program Assessment (IPA) Vendor Support
Advisory Coordinate and facilitate activities of the IPA vendor and ensure direct access to executive management and the board
TEAM Committees, Projects,and Controls Assessment Participation
Advisory Participate in TEAM Executive Steering Committee (ESC) and other committees and requirements gathering sessions in a non-voting capacity, and provide advisory services related to TEAM project activities as outlined in the TEAM charter of internal audit activities. Provide input into controlsidentification projects. In FY 16, Internal Audit participated in the following TEAM committees and projects:- Executive Steering Committee- TEAM Budget Committee- Organizational Change Management Advisory Groups- Business Procedures and Training Project- Decommissioning Project- Enterprise Security Team meetings- Monthly meetings with TEAM program manager and HPE executives
Disaster Recovery, Network Penetration Tests; Security Risk Assessment Review
Advisory Obtain, read, and follow-up on any issues identified during the network disaster recovery, penetration tests, and the security risk assessment conducted by the TRS Information Security Officer
Audit Plan: Internal Audit Activities
September 2016 Audit Committee Meeting 11
Title Project Description
Internal Quality Assurance Review Assess Internal Audit’s Quality Assessment and Improvement Program
ERS Audit Quality Assurance Review
TRS participates in a state program to receive and provide audit quality assessment reviews (QAR) required by auditing standards. ERS has requested that TRS lead its required QAR
Annual Internal Audit Report Prepare annual report of audit activities in accordance with SAO instructions
Quarterly Audit Recommendations Follow-Up
Follow-up and report on the status of outstanding audit recommendations
Data Analysis Processes Continue to build out data analysis skills of audit staff; incorporate into audit projects and annual audit plan development; and pilot analysis projects in various business units
Fiscal Year 2018 Audit Plan Prepare annual audit plan based on a documented risk assessment in accordance with professional auditing standards and the Texas Internal Auditing Act
Internal Audit Strategic Plan Update
Bi-annual update of the Internal Audit Strategic Plan to consider changes in the department and continuing alignment with the TRS strategic plan
Audit Committee Meetings Preparation
Prepare communications and attend Audit Committee and Board Meetings
Audit Plan: High Risk Areas (High, Elevated, or Caution) and Ares of Interest to the SAO (Procurement and IT Security)
excluded from the Audit Plan
September 2016 Audit Committee Meeting 12
Area Reason for Exclusion
Purchasing Compliance Audit Allow time for more health care procurements to be processed under new legislative requirements
September 2016 Audit Committee Meeting 13
Fiscal Year 2017 Audit Plan
Appendix A
Internal Audit Operating Budget
Appendix AInternal Audit Operating Budget
September 2016 Audit Committee Meeting 14
Line ItemBudgetFY 2017
BudgetFY 2016
000 – Salaries $1,086,970 $998,762
000 – Benefits 279,344 226,847200 – Professional Fees (Increase due to investment fiduciary audit) 950,000 681,500
505 – Travel-In-State 13,500 14,500
510 – Travel-Out-of-State 23,000 18,000
705 – Dues, Fees, and Staff Development 25,000 22,500
710 – Subscriptions and Reference Materials 2,000 4,500Total Operating Budget(excluding indirect costs such as computers, office space, and utilities) $2,379,814 $1,966,609
Full Time Equivalent (FTE) Positions (excluding interns) 12.0 11.0
Resources are sufficient to complete the annual audit plan.
September 2016 Audit Committee Meeting 15
Fiscal Year 2017 Audit Plan
Appendix B
Internal Audit Performance Measures
Appendix BInternal Audit Goals and Performance Measures
September 2016 Audit Committee Meeting 16
For the internal audit function, the FY 2017 goals and performance measures are as follows:
Goal 1: Ensure Effectiveness of Internal Audit Organization Performance Measures
a. Spend a minimum of 75% of total available department hours (excludes uncontrollable leave) for professional staff on direct assurance, consulting, and advisory services
b. Complete an internal assessment and report the results of the Quality Assurance and Improvement Program
Goal 2: Develop and Implement Internal Audit Annual Audit Plan based on Formal Risk AssessmentPerformance Measures
a. Prepare an annual audit plan based on a documented risk assessment and obtain input from trustees and staff
b. Execute 80% of audit and agreed-upon procedures projects (80% allows for flexibility due to changes in TRS business practices and special requests)
c. Update the formal reporting entity risk assessment to identify reporting entities for audit
Goal 3: Enhance Internal Audit Staff Skills and Knowledge in Assurance PracticesPerformance Measures
a. Update data analytics roadmap identified by external advisor and complete year 2 activities
b. Collaborate with an institution of higher education to pilot a reporting entity audit program; develop and distribute the audit program to other higher education auditors and request that they conduct these audits
Appendix BInternal Audit Goals and Performance Measures
September 2016 Audit Committee Meeting 17
Goal 4: Support Activities of External Service Providers Performance Measures
a. Facilitate coordination of TEAM Independent Program Assessment (IPA) Vendor by coordinating meetings with Executive Director, Executive Steering Committee (ESC) and Core Management Team (CMT), quarterly presentations to the TRS Board of Trustees, and other contractual activities
b. Facilitate timely completion and success of State Auditor’s Office (SAO) audits, fiduciary audits, and Grant Thornton financial audit of TRICOT in fiscal year 2017 by effectively providing audit support, coordinating meetings, reserving facilities and gathering schedule and documentation requests
Goal 5: Enhance Participation in Professional and Peer Organizations Performance Measures
a. Participate in professional organizations (APPFA, IIA, ISACA, ACFE, SAIAF, CFA Institute) through monthly chapter meetings and participation in leadership roles in at least one professional organization
b. Support staff in obtaining additional certifications such as the CFA, CPA, and CIA certifications and have all staff obtain a minimum of 24 continuing professional education hours in a fiscal year and a minimum of 80 hours for a two year period
(continued)
Appendix C Audit Universe
September 2016 Audit Committee Meeting 19
Executive and Finance Divisions; Records Management IMD ProcessesGovernance, Strategy, and Risk
Management Workforce Continuity Accounting & Reporting Governance - IMD
Board governance (FY13) Employee recruiting and hiring practices (FY10) Accounts receivable Investment Governance and
Management (FY16)Strategic planning and performance measures (FY13) Employee training compliance (FY11) Accounts payable (FY15) IMD Processes
Enterprise Risk Management Internal policy setting and monitoring Travel (FY16) Internal Public Markets (FY14)
Information technology governance (FY10) Communications and External Relations Federal withholdings/tax compliance External Public Markets (FY16)
Open Government Social media Inventory Private Equity (FY15)
Open meetings compliance Information and communication Budget Real Assets (FY15)
Open records request compliance 403(b) Budget process and reporting (FY10) Trade Management (FY14)
Ethics and Fraud Prevention 403(b) certification process Purchasing and Contracts Emerging Manager Program (FY13)
Employee ethics policies (FY16) Records Management Vendor file, encumbrance, purchasing (FY14) Energy/Natural Resources (ENR) (FY14)
Fraud risk detection and prevention controls (FY15) Records retention (FY15)
Contract administration and monitoring (FY14) Strategic Partners (FY14)
Contract worker onboarding, monitoring and compliance (FY14)
Strategic Asset Allocation/Stable Value (FY14)Regulatory, Compliance, & Litigation Accounting & Reporting
Compliance: Pension Trust (FY15) Financial/CAFR reporting including, new accounting pronouncements, reconciliations, general ledger, closing process (FY16)
HUB program compliance and reporting Tactical Asset Allocation (FY16)
Compliance: Health Care Trusts (FY13) Facilities and Facilities Planning Risk Management (FY16)
Litigation risk management Other reporting (non-financial / CAFR) Facility planning and maintenance Performance Analytics and Operations (FY14)
Business Continuity Employee leave, timekeeping, and payroll (FY12)
Mail room operations (FY10) Information Systems (FY15)
Business continuity plan (FY09) Security (FY12) Business Center, Reporting, HR, Incentive Pay (FY16)
Risk management (health and safety, insurance) (FY12) Cashier (FY10) Government Relations and Legislation Investment Accounting (FY16)
(FY #) - indicates last year audited
Appendix C Audit Universe
September 2016 Audit Committee Meeting 20
Benefits and Customer Service Information Technology (IT) Processes and TEAM
Pension Benefit Administration Pension Benefit Administration and Customer Service Governance - IT IT Processes
1099R Statistical reporting (actuarial) (FY15) Project prioritization (FY10) Change & Configuration Management
Annuity payroll (FY16) Web self service IT risk management Applications (FY12)Benefit adjustments (FY16) Work flow (Imaging) IT Strategy & Planning Databases
Benefit calculations (FY16) TRS employee benefit administration (administered separately from non-TRS employees)
Asset management Infrastructure
Benefit estimates Human resources Data Center Operations
Cash receipts (FY10) IT Security and Confidentiality Archive management (FY13)
Check payments (FY16) Telephone Counseling Center (FY14) Identity and access management (FY14)
Facilities management (TAC202) (FY12)
Contact management Employer Reporting Threat and vulnerability management (FY16) Technology Management
Death benefits (FY16) Employer setup, enrollment, and reporting (FY16) Security awareness and training (FY11) Standards
Disability benefits (FY16) Health Care Administration Security configuration management Technology upgrades
Legal orders (FY13) TRS-Care vendor selection and contract monitoring (FY13) Virtualization User and Vendor Support
Member account maintenance (FY09) TRS-Care TRS Administration (FY13) Cloud based computing (FY14 Consulting) Problem management
Member statements TRS-ActiveCare vendor selection and contract monitoring
Mobile device security (FY14 Consulting) Incident response
Optional Retirement Plan TRS-ActiveCare TRS Administration (FY16) Disaster Recovery Plan TEAM
Refunds (FY15) TRS-Care Funding Co-location (FY14 Consulting) Independent Program Oversight (FY16)
Retirement application process TRS-Care Finance (FY10) Disaster Recovery Management (FY09) Internal Controls Assessment, including security controls
Retirement system transfer TRS-ActiveCare AffordabilityService credit calculation and purchase TRS-ActiveCare Finance (FY10) (FY #) - indicates last year audited
2015 - 2019 TRS’ Internal Audit Strategic Plan
Looking Towards the Future
Trusted Assurance,
Valued Advice
TRS
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 2
Our Mission The mission of the Internal Audit department is to provide independent, objective assurance and consulting services designed to add value and improve the organization's operations. Internal Audit helps the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ��
Our Vision
We strive to provide trusted assurance and valued advice through our services to the Board of Trustees, the
Audit Committee, and executive management:
Assurance that TRS’ risk management, governance, and control processes support achievement of TRS mission and business objectives
Advice and consultation for improving processes through business partnerships and collaboration
Our Stakeholders One of our priorities is to assess key stakeholder expectations, identify gaps, and implement a comprehensive
strategy for improvement. Our primary stakeholders include:
TRS Board of Trustees, and the Board Audit Committee
Executive Director
Executive Management
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 3
STRATEGIC GOALS
Our four strategic goals were developed to ensure that Internal Audit supports the changing needs of TRS’ stakeholders in achieving business goals and objectives. These goals represent a strategy for enhancing our contribution to the TEAM Program success, supporting effective Audit Committee governance processes, improving internal audit business expertise, and integrating TRS core values into internal audit processes. Goal 1 Assist with the Success of the TRS Enterprise Modernization Application (TEAM) Program Goal 2 Support Audit Committee Governance Goal 3 Enhance Internal Audit Staff’s Competence and Expertise in Support of TRS Risk Management,
Control, and Governance Processes Goal 4 Support Agency Culture Initiatives
The table on the following pages identifies the objectives and related strategies and tactics for each goal.
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 4
GOAL 1: ASSIST WITH THE SUCCESS OF THE TRS ENTERPRISE APPLICATION MODERNIZATION (TEAM) PROGRAM
Objective 1: Facilitate independent oversight for Board and external oversight agencies
Strategy Tactics
S1. Provide contract oversight and monitoring of Independent Program Assessment (IPA) vendor
T1: Obtain deliverables, schedule required meetings, and approve invoices for payment T2: Monitor hours incurred and contract performance
S2. Coordinate communication process between IPA vendor and key stakeholders
T1: Obtain and address feedback from stakeholders and IPA regarding communications process and access requests
T2: Clarify audit’s role relating to IPA in Internal Audit Charter update
S3. Coordinate with State Auditor’s Office (SAO) for testing of Financial System Replacement (FSR) software application for financial and other future audits
T1: Participate in status update and key decision-making meetings on FSR T2: Communicate documentation requirements for SAO future audits T3: Review sufficiency of documentation in preparation for SAO future audits
Objective 2: Provide input and assistance during development and implementation of TRUST (new Benefits system)
Strategy Tactics
S1. Define involvement in TEAM program related to TRUST system
T1: Participate in TEAM committees and other activities, as requested, and ensure Internal Audit (IA) role is stated clearly in TEAM documents such as project charters
T2: Allocate resources in annual audit plan to provide coverage of significant committees and projects activities
T3: Participate in review of documents by established TEAM deadlines
S2. Assist management in evaluating key internal controls incorporated in TRUST system and business processes
T1: Allocate/schedule IA resources in annual audit plan T2: Obtain list of key controls from management where assistance in validation is desired T3: Assist management in evaluating selected key controls, participate in controls testing,
review test results and follow-up on test exceptions T4: Formally communicate observations from testing participation to project
management
S3. Assist management in evaluating key security controls incorporated in TRUST system and business processes
T1: Allocate/schedule IA resources in annual audit plan T2: Obtain list of key security controls from management where assistance in validation is
desired T3: Assist management in evaluating selected key security controls, participate in controls
testing, review test results, and follow-up on test exceptions T4: Formally communicate observations from testing participation to project
management
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 5
Objective 3: Use TRUST in future audits
Strategy Tactics
S1. Obtain training on using TRUST T1: Coordinate with Business Process Managers (BPMs) to ensure Internal Audit (IA) training needs are identified and scheduled
T2: Allocate/schedule IA resources in annual audit plan for TEAM training T3: Augment IA TEAM training with internal meetings as needed by IA Subject Matter
Experts T4: Maintain IA repository for “training” documents as a permanent file for future use
S2. Utilize data analytics and continuous auditing T1: Participate in TEAM program requirements gathering and detailed reviews to ensure that the TRUST system has the capability of providing data to perform data analysis
T2: Based on knowledge obtained from training, identify potential new data analytic tests in the TRUST system
T3: Incorporate data analytics and continuous auditing into projects associated with TRUST system
Objective 4: Provide input during development and implementation of the Financial System Replacement (FSR) software application
Strategy Tactics
S1. Define involvement in TEAM program related to the FSR software application
T1: Participate in TEAM committees and other activities, as requested, and ensure Internal Audit (IA) role is stated clearly in TEAM documents such as project charters
T2: Allocate resources in annual audit plan to provide coverage of significant committees and projects activities
T3: Participate in review of documents by established TEAM deadlines
S2. Assist management in evaluating key internal controls incorporated in the FSR software application and business processes
T1: Allocate/schedule IA resources in annual audit plan T2: Obtain list of key controls from management where assistance in validation is desired T3: As Assist management in evaluating selected key controls, participate in controls
testing, review test results and follow-up on test exceptions T4: Formally communicate observations from testing participation to project
management
S3. Assist management in evaluating security controls incorporated in the FSR software application and business processes
T1: Allocate/schedule IA resources in annual audit plan T2: Obtain list of key security controls from management where assistance in validation is
desired T3: Assist management in evaluating selected key security controls, participate in controls
testing, review test results, and follow-up on test exceptions T4: Formally communicate observations from testing participation to project
management
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 6
Objective 5: Use FSR software application in future audits
Strategy Tactics
S1. Obtain training on using new FSR software application T1: Coordinate with Business Process Managers (BPMs) to ensure Internal Audit (IA) training needs are identified and scheduled
T2: Allocate/schedule IA resources in annual audit plan for TEAM training T3: Augment IA TEAM training with internal meetings as needed by IA Subject Matter
Experts T4: Maintain IA repository for “training” documents as a permanent file for future use
S2. Utilize data analytics and continuous auditing T1: Participate in TEAM program requirements gathering and detailed reviews to ensure that the FSR application has the capability of providing data to perform data analysis
T2: Based on knowledge obtained from training, identify potential new data analytic tests in the FSR application
T3: Incorporate data analytics and continuous auditing into projects associated with the FSR application
GOAL 2: SUPPORT AUDIT COMMITTEE GOVERNANCE
Objective 1: Provide assurance to the Audit Committee and executive management on risk mitigation activities related to the pension and healthcare trusts
Strategy Tactics
S1. Conduct assurance activities relating to the completeness and accuracy of Reporting Entity information submitted to TRS
T1: Conduct audits and investigations of Reporting Entities as requested or as scheduled on the annual audit plan based on an objective risk assessment
T2: Conduct internal audits of controls maintained by TRS or its vendors over completeness and accuracy of Reporting Entity data
T3: Communicate to Reporting Entities regarding issues found during audits via presentations, the TRS website, and direct communication
T4: Coordinate with the SAO to facilitate their audit of the TRS financial statements and with other interested organizations conducting reporting entity audits
T5: Monitor changes in auditing requirements of professional organizations and the SAO
S2. Provide assurance on investment risk mitigation activities T1: Issue an overall opinion annually on the effectiveness of internal controls relating to investment activities for the past three years
T2: Test investment compliance, cash transfers, and ethics controls quarterly T3: Continuously monitor changes to the investment environment by analyzing
investment data, attending important meetings, reading relevant documents, utilizing consultants, networking, attending relevant training, and maintaining certifications
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 7
Strategy Tactics
S3. Provide assurance on health care risk mitigation activities T1: Stay current on legislative changes impacting TRS health plans and associated risks T2: Utilize TRS and vendor health care risks assessments to develop a reasonable and
flexible approach for performing routine audits of the health care trusts T3: Procure health care expertise to execute risk-based audit plans, if needed T4: Obtain training for dedicated Internal Audit staff on health care risks and compliance
requirements
S4. Coordinate with Enterprise Risk Management (ERM) on risk assessment activities
T1: Enhance collaboration with ERM through regular meetings and information sharing T2: Utilize risk assessments developed by management through the ERM program as the
basis of the annual audit plan T3: Provide feedback after each audit to ERM about the completeness of management’s
risk assessments for future consideration T4: Participate in internal Risk Oversight Committee meetings
Objective 2: Improve Internal Audit communication
Strategy Tactics
S1. Refine report format of Internal Audit reports and Audit Committee materials
T1: Review current materials for possibilities for improvement T2: Survey Audit Committee members and management on report format and
incorporate feedback T3: Review other entities’ presentations for ideas
S2. Improve delivery of information T1: Survey Audit Committee and management for improvement on delivery of information and incorporate feedback
T2: Identify and participate in public speaking training/opportunities T3: Maintain Internal Audit intranet and internet sites
Objective 3: Provide information on effective Audit Committee practices
Strategy Tactics
S1. Obtain and provide information to the Audit Committee on best practices of audit committees
T1: Designate a portion of the spring meeting to Audit Committee education during legislative session years
T2: Provide Audit Committee orientation to new trustees
S2. Consider using Audit Committee self-evaluation tool T1: Present and explore concept of self-evaluation with the Audit Committee chair T2: Develop a self-evaluation tool for consideration by the Audit Committee chair
S3. Explore sharing governance resources through Diligent T1: Meet with Diligent owner to discuss ideas and potential resources T2: Discuss idea of sharing information with the Audit Committee chair
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 8
Objective 4: Improve governance on fraud awareness, prevention, and detection activities
Strategy Tactics
S1. Develop fraud detection activities T1: Document standard procedures for Internal Audit fraud investigations T2: Provide input into updates to the TRS Fraud Policy T3: Provide assistance in investigations as formally requested T4: Incorporate control tests in assurance projects to ensure controls are there to prevent
or timely detect unusual “fraud” red flag activity
S2. Improve fraud awareness and prevention program T1: Administer the TRS Fraud and Ethics Hot Line, including updating promotional materials
GOAL 3: ENHANCE INTERNAL AUDIT STAFF’S COMPETENCE AND EXPERTISE IN SUPPORT OF TRS RISK MANAGEMENT, CONTROL, AND GOVERNANCE PROCESSES
Objective 1: Cultivate in-house Subject Matter Experts
Strategy Tactics
S1. Deepen knowledge of TRS laws (federal and state), rules, and internal policies
T1: Pilot new auditor rotation into operational functions T2: Participate in internal training in business units T3: Hold lunch-and-learn knowledge transfers sessions at audit meetings T4: Analyze other audit reports and share best practices identified in those reports T5: Leverage knowledge transfer from contractors
S2. Broaden foundational skills in data analytics T1: Prepare and present training programs (e.g., Audit Command Language, Microsoft Access, Computer-Aided Audit Tools) to Internal Audit (IA) staff
T2: Add a project scoping step in TeamMate to include data analytics on every project T3: Identify data analytics mentors for IA staff T4: Attend and apply external data analysis training in projects
Objective 2: Ensure continued competence and expertise of Internal Audit
Strategy Tactics
S1. Develop workforce continuity plans T1: Work with Human Resources to develop a continuity plan for Internal Audit (IA) T2: Establish a cross training policy within IA T3: Participate in the TRS Leadership Development Program
TRS INTERNAL AUDIT STRATEGIC PLAN FY2015 – 2019
September 2014 Board Audit Committee Meeting 9
GOAL 4: SUPPORT AGENCY CULTURE INITIATIVES
Objective 1: Integrate TRS Core Values into Internal Audit activities
Strategy Tactics
S1. Explore opportunities and methods to tie audit findings into TRS core values
T1: Recognize Internal Audit and client actions that demonstrate TRS core values T2: Identify in audit activities when positive findings directly demonstrate a TRS core
value
S2. Integrate TRS Core Values into IA policies and procedures T1: Incorporate TRS core values into the internal Ethics and Fraud Hot Line materials T2: Update job descriptions and performance evaluations to include TRS core values
(Human Resources led initiative)
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
VI. External Audit Services Procured in Fiscal Year 2016
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
VI. External Audit Services Procured in Fiscal Year 2016
External Audit Services
Procured and Outsourced by Internal Audit
Provided by
Report Date
Wireless Network Security Assessment Myers and Stauffer LC 11/09/2015
SharePoint Governance and Security Audit Myers and Stauffer LC 11/17/2015
External Audit Services
Procured by TRS
Provided by
Report
Date
Review of Health Plan Administration Truven Health Analytics 9/23/2016
Comprehensive Annual Financial Report (CAFR) – Fiscal Year 2015
State Auditor’s Office
11/16/2015
Comprehensive Annual Financial Report (CAFR) – Fiscal Year 2016
State Auditor’s Office
In Progress
TRS Investment Company (TRICOT) Financial Audit Grant Thornton In Progress
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016
VII. Reporting Suspected Fraud and Abuse
Teacher Retirement System of Texas Internal Audit Annual Report for Fiscal Year 2016 VII. Reporting Suspected Fraud and Abuse TRS has taken the following actions to implement the fraud detection and reporting requirements of Section 7.09 of the General Appropriations Act and Section 321.022 of the Texas Government Code:
• Updated in July 2016, TRS Fraud, Waste, and Abuse Policy establishes a fraud, waste, and abuse prevention awareness program that includes employee training and guidelines for reporting suspected fraud, waste, and abuse. Key elements of the policy include definitions, covered acts, reporting procedures of detected or suspected fraud, waste, or abuse, detection and investigation, awareness training, and corrective action.
• The TRS Internet site includes the contact number of the State Auditor’s Office Hotline and a link for reporting instructions.
• Links are available on the TRS Intranet for both the State Auditor’s Office Hotline and the TRS Internal Fraud and Ethics Hotline.
• Administration of the TRS Internal Fraud and Ethics Hotline moved from Internal Audit to the Chief Compliance Officer & Compliance Counsel during fiscal year 2016.
• In compliance with the reporting requirement of fraud, waste, and abuse, TRS reports all instances of suspected fraud, waste, and abuse to SAO.
December 2016 Board Audit Committee Meeting 1
Teacher Retirement System of Texas December 2016 Audit Committee Agenda Items Mapped to TRS Stoplight Report
403(b)
Agenda Items 6B
Accounting & Reporting
Agenda Items 3A-B
Budget
Business Continuity Communications & External Relations
Credit
Customer Service Employer Reporting
Ethics & Fraud Prevention
Facilities Management & Planning
Governmental / Association Relations &
Legislation
Health Care Plans Administration
Agenda Item 4A-4E
Information Security & Confidentiality
Investment Accounting
Agenda Items 6A
Investment Operations
Agenda Items 6A
Legacy Information
Systems
Liquidity / Leverage
Market
Open Government
Agenda Items 6C-E, 7
Pension Benefit Administration
Pension Funding
Purchasing & Contracts
Records Management
Regulatory, Compliance
& Litigation
Agenda Item 5
Talent Continuity
TEAM Program TRS-ActiveCare Affordability
TRS-Care Funding
Fiscal Year 2017 Audit Plan Status As of November 2016
December 2016 Board Audit Committee Meeting 2
Title and Project # Type Status
Executive and Finance
Records Management Audit Follow-Up (17-410) Audit Complete
403(b) Provider Compliance (17-601) Audit Complete
Federal Labor Standards Act (FLSA) Compliance Consulting
State Auditor’s Office (SAO) Financial (CAFR) Audit Coordination Advisory Complete
Teacher Retirement Investment Company of Texas (TRICOT) Financial Audit Coordination (Grant Thornton)
Advisory Complete
Testing of Executive Performance Incentive Pay Calculations Agreed-Upon Procedures
The University Of Texas at Austin Student Project Consulting Complete
Enterprise Risk Management (ERM) Fraud Risk Assessment Advisory In Progress
Meetings Participation Advisory Ongoing
Special Requests and Emerging Issues Advisory
TEAM Program
TEAM Independent Program Assessment (IPA) Vendor Support Advisory Ongoing
TEAM Committees, Projects and Controls Assessment Participation Advisory Ongoing
Pension Benefits Annuity Payment Testing for State Auditor’s Office (SAO) Audit of Comprehensive Annual Financial Report (CAFR) (17-100)
Audit Complete
Annual Benefits Testing (17-101) Agreed-Upon Procedures
Reporting Entity Audits (6 to 10 ISDs) (17-401) Audit In Progress
Employer Audit Follow-up Audit In Progress
Employer Audit of Pension and TRS-Care Surcharges Audit
Higher Education Pilot and Audit Program Development Advisory
TRS Reporting Entity Website Audit Information and Communication Advisory Ongoing
Fiscal Year 2017 Audit Plan Status As of November 2016
December 2016 Board Audit Committee Meeting 3
Health Care Health Insurance Portability and Accountability Act (HIPAA) Gap assessment and Validation (17-501)
Audit In Progress
Trust Expense Allocation Audit Audit
TRS-ActiveCare Open Enrollment Readiness Assessment Follow-Up Audit
TRS-ActiveCare Eligibility Pilot and Audit Program Development Advisory Deferred to FY18
Health Care Vendor Selection Observation Advisory
Health Care Vendor Update Meetings Advisory Ongoing
Information Technology
Contractor onboarding and off boarding (17-502) Audit
Disaster Recovery, Network Penetration Tests; Security Risk Assessment Review Advisory Ongoing
Investment Management
Private Equity Fees Audit
Soft dollars and Commission Sharing Arrangements Audit
Quarterly Investment and Ethics Policies Compliance Testing (17-302) Agreed-Upon Procedures 1st Qtr Complete
Annual Testing of Investment Incentive Pay Plan Agreed-Upon Procedures
Investment Fiduciary Audit Coordination Advisory In Progress
Investment Committees Attendance Advisory Ongoing
Internal Audit Department
Annual Internal Audit Report Audit Complete
Data Analysis Processes Advisory In Progress
Quarterly Audit Recommendations Follow-up Audit Ongoing
ERS Audit Quality Assurance Review Audit Complete
Internal Quality Assurance Review Advisory Ongoing
Fiscal Year 2018 Audit Plan Advisory
Internal Audit Strategic Plan Update Advisory Ongoing
Audit Committee Meetings Preparation Advisory Ongoing
December 2016 Board Audit Committee Meeting 4
Internal Audit Advisory Services1 Fiscal Year 2017 – 1st Quarter
BENEFIT SERVICES
Participated in the TEAM Program
Executive Steering Committee Organizational Change Management Advisory Group Business Procedures and Training Monthly meetings with TEAM Program Manager and vendor personnel Reporting Entity Outreach (REO) Core Team TRS Website Redesign Committee TEAM Enterprise Security Team meetings Independent Program Assessment (IPA) Vendor Coordination Made presentation at Texas Association of School Business Officials (TASBO)
HEALTH INSURANCE BENEFITS (HIB)
Attended the Health Plan Administrator (HPA) and Pharmacy Benefit Manager (PBM) Vendor Quarterly Update Meetings
Participated in the TRS-Care Medicare Advantage PBM Request for Proposal (RFP) meeting (non-voting)
INVESTMENT MANAGEMENT DIVISION (IMD)
Attended Internal Investment Committee (IIC) meetings Participated in Proxy Voting Committee meeting Participated in Securities Lending monitoring calls Reviewed and discussed the Investment Policy Statement and other investment policies proposed
changes Liaison for investment fiduciary review
FINANCIAL SERVICES
Liaison for the State Auditor’s Office (SAO) Fiscal Year 2016 TRS Comprehensive Annual Financial Report (CAFR) audit
Liaison for financial statement audit of Teacher Retirement Investment Company of Texas (TRICOT - London Office)
EXECUTIVE
Facilitated SAO’s Quarterly Update Meetings Participated in the Risk Oversight Committee Participated in Health and Safety Committee Quarterly Meetings Collaboration with Enterprise Risk Management on the upcoming enterprise-wide fraud risk
assessment
INFORMATION TECHNOLOGY (IT)
Participated in the Enterprise Risk Management (ERM) Data Protection Project Disaster Recovery Exercise Planning Incidents Response Plan Update
1 Advisory Services (non-audit services) - The scope of work performed does not constitute an audit under Generally Accepted Government Auditing Standards (GAGAS).
Internal Audit Goals and Performance Measures - Fiscal Year 2017 1st Quarter Ending November 2016
December 2016 Board Audit Committee Meeting 5
Target Performance Activity Status
Goal 1: Enhance Effectiveness of Internal Audit Organization
1. Spend a minimum of 75% of total available department hours (excludes uncontrollable leave) for professional staff on direct assurance, consulting, and advisory services
Achieved 73% for 1st quarter of fiscal year 2017. We are slightly below the target but still on track. On Task
2. Complete an internal assessment and report the results of the Quality Assurance and Improvement Program
The assessment is scheduled for completion in the 4th quarter
On Task
Goal 2: Develop and Implement Internal Audit Annual Audit Plan based on Formal Risk Assessment
3. Prepare an annual audit plan based on a documented risk assessment and obtain input from trustees and staff
The audit planning and risk assessment is scheduled for the 4th quarter
On Task
4. Execute 80% of audit and agreed-upon procedures projects (80% allows for flexibility due to changes in TRS business practices and special requests)
Planned audit and agreed-upon procedures projects are on schedule and assigned to staff On Task
5. Update the formal reporting entity risk assessment to identify reporting entities for audit.
The update of the formal reporting entity risk assessment is in progress
On Task
Goal 3: Enhance Internal Audit Staff Skills and Knowledge in Assurance Practices 6. Update data analytics roadmap identified by external advisor and
complete year two activities The data analytics roadmaking and implementation plan is on schedule
On Task
7. Collaborate with an institution of higher education to pilot a reporting entity audit program; develop and distribute the audit program to other high education auditors and request that they conduct these audits
Two institutes of higher education have formally agreed to participate in the pilot On Task
Goal 4: Deliver Value-Added Consulting and Advisory Activities
8. Facilitate coordination of TEAM Independent Program Assessment (IPA) vendor by coordinating meetings with Executive Director, Executive Steering Committee (ESC) and Core Management Team (CMT), quarterly presentations to the TRS Board of Trustees, and other contractual activities
Coordination and support of IPA vendor is ongoing as planned. On Task
Internal Audit Goals and Performance Measures - Fiscal Year 2017 1st Quarter Ending November 2016
December 2016 Board Audit Committee Meeting 6
Target Performance Activity Status
9. Facilitate timely completion and success of State Auditor’s Office (SAO) audits in fiscal year 2017 by effectively providing audit support, coordinating meetings, reserving facilities and gathering schedule and documentation requests
Internal Audit staff has provided support and coordination for the following SAO audits: Audit of FY 2016 Comprehensive Annual
Financial Report (CAFR) Investment Fiduciary Audit
On Task
Goal 5: Enhance Participation in Professional and Peer Organizations 10. Participate in professional organizations (APPFA, IIA, ISACA,
ACFE, SAIAF, CFA Institute) through monthly chapter meetings and participation in leadership roles in at least one professional organization.
The CAE is secretary for APPFA and IT Audit Manager is the web administrator for APPFA. One audit manager is on the Board of Governors for the Austin Chapter of the IIA. Participation in professional organizations is ongoing.
On Task
11. Support staff in obtaining additional certifications such as the CFA, CPA, and CIA certifications and have all staff obtain a minimum of 24 continuing professional education hours in a fiscal year and a minimum of 80 hours for a two year period.
Staff planned and attended professional development training this quarter On Task
Legend: Target Status
Target not achieved Behind in achieving target or partially complete On task to achieve target Achieved target
CAE Performance Goals – FY 2017
TRS Strategic Plan CAE Goals Key Performance Indicators
1 TRS Goal 1:
Sustain a financially
sound pension trust
fund (investments)
Support an effective investment
governance structure
Perform regular investment audit and
consulting activities.
Facilitate and coordinate the external audits of the TRS Investment Company of
Texas (TRICOT – London Office), Investment Fiduciary Review of Real Assets, and
Comprehensive Annual Financial Report (CAFR) Audit.
Pilot one to two audits of private equity funds to assess accuracy of fees,
compliance with contractual provisions, and support for investment valuations.
Provide assurance on compliance with soft dollar policy, Investment Policy
Statement, TRS ethics policies, and incentive pay plan.
Continue buildout of internal investment audit dashboard for soft dollar
expenditures, private market fees, and other areas as resources permit.
December 2016 Board Audit Committee Meeting 7
CAE Performance Goals – FY 2017
TRS Strategic Plan CAE Goals Key Performance Indicators
2 TRS Goal 2:
Continue to improve
benefit delivery
(pension).
Facilitate TEAM oversight
function
Identify cost recovery
opportunities at employers
Obtain greater audit
coverage at higher education
employers
Perform regular pension
audit and consulting
activities
Enable full access of TEAM independent program assessment vendor to people and
documents
Participate in TEAM and TEAM committees as an advisor on internal controls.
Identify opportunities for recovery of underpayments for employment after retirement
(EAR) surcharges by conducting targeted audit of EAR for multiple entities
Pilot two university audits to develop an audit program to disseminate to higher
education internal auditors
Provide assurance to TRS members and retirees by validating the accuracy of annuity
payments and manual payments
Assist TRS management in its oversight of 403(b) providers by providing assurance on
internal controls and compliance with statutes
December 2016 Board Audit Committee Meeting 8
CAE Performance Goals – FY 2017
TRS Strategic Plan CAE Goals Key Performance Indicators
3 TRS Goal 3:
Facilitate access to
competitive, reliable health
care benefits for our
members (health care)
Perform regular healthcare
audit and consulting
activities
Assist TRS in assessing its preparedness for undergoing a federal HIPAA audit by
conducting a gap assessment of HIPAA compliance (HIPAA Security Rule, Privacy Rule,
and Breach Notification Rule)
Obtain evidence that Aetna and Wellsystems have implemented requested controls
related to open enrollment
Provide feedback on the reasonableness of expense allocations to healthcare trusts
December 2016 Board Audit Committee Meeting 9
CAE Performance Goals – FY 2017
TR Strategic Plan CAE Goals Key Performance Indicators
4 TRS Goal 4:
Attract, retain, and
develop highly competent
staff
Update the internal audit
strategy and activities
Develop managers and staff
Implement an auditor
recognition program
Enhance leadership skills
Update departmental goals and activities:
a. Update the internal audit strategic plan using the internal audit capability maturity
model with significant input for audit staff
b. Update the annual audit plan using risk assessment techniques and feedback from
key stakeholders
Implement staff development goals:
a. Develop an auditor staffing plan that links the auditor competency framework, skills
inventory, and training plans
b. Identify areas of expertise where internal audit can serve as a resource for TRS
stakeholders and professional organizations. Continue to develop competencies in
areas identified such as data analysis skills.
c. Form an audit management team to steer the direction of the audit department and
provide for optimal decision-making and communication among teams.
d. Simplify auditor evaluations and provide more feedback after each project. Link
annual evaluations to merit pay.
e. Develop and communicate career paths for staff within the department and link to
the departmental succession plan
f. Implement a staff recognition program that recognizes excellent work of others and
encourages high achievement
( Continue on next slide)
December 2016 Board Audit Committee Meeting 10
CAE Performance Goals – FY 2017
TRS Strategic Plan CAE Goals Key Performance Indicators
4 TRS Goal 4:
Attract, retain, and
develop highly competent
staff
Update the internal audit
strategy and activities
Develop managers and staff
Implement an auditor
recognition program
Enhance leadership skills
(Continued)
Implement personal development goals:
a. Serve on the Association of Public Pension Fund Auditors (APPFA) board, lead the
ERS audit quality assessment review, participate in the advisory committee for the
State Agency Internal Audit Forum’s (SAIAF) Internal Audit Leadership Development
Program (IALDP), and encourage staff to take leadership positions in professional
organizations.
b. Study frameworks for organization performance excellence through online
resources, training participation, and discussion with other organizations who have
implemented them. Consider adopting a framework for the Internal Audit
Department and gathering information in conjunction with TRS Strategic Planning
staff to identify elements which might be beneficial for TRS to incorporate.
c. Learn more about staff, peers, and audit clients through asking open-ended “power”
questions and applying emotional intelligence techniques.
d. Practice active listening and summarizing meeting discussions to ensure input of
participants is understood and incorporated.
e. Continue personal recovery through regular physical therapy, exercise, and
mindfulness techniques.
December 2016 Board Audit Committee Meeting 11
December 2016 Board Audit Committee Meeting 12
Jan Engler is one of the recipients of TRS Golden Apple Award for FY 2016. She is the
first TRS employee to receive this award twice. She received her first award in FY 2006.
The TRS Employer Audit team consisting of Jan Engler, Dinah Arce, Art Mata, and Cari Casey, have continued participation in presentations hosted by the Texas Association of School Business Officials (TASBO) at Sugarland, Allen, and Austin. The presentations include topics such as identifying upcoming changes in reporting requirements, audit testing scope and methodology, common errors in reporting, and TRS employer website information and resources.
Hugh Ohn, Lih-Jen Lan, and Amy Barrett attended the Association of Public Pension Fund Auditor (APPFA) Conference.
Toma Miller attended a four-day Healthcare Information Technology Training course.
Anandhi Mani and Rodrigo Dominguez attended the Investment Training and Consulting Institute Inc. (ITCI) – Understanding and Audit Investment Activities, 2016 Fall Series.
Art Mata, Cari Casey, and Anandhi Mani attended the Public Pension Financial Forum (P2F2) Conference.
Internal Audit Staff Quarterly Accomplishments
December 2016 Board Audit Committee Meeting 13
Jan Engler (center) is one of the recipients of TRS Golden Apple Award for FY 2016. She is the first TRS employee to receive this award twice. She received her first award in FY 2006.
The TRS Employer Audit team consisting of Jan Engler, Cari Casey, Dinah Arce, and Art Mata, have continued participation in presentations hosted by the Texas Association of School Business Officials (TASBO) at Sugarland, Allen, and Austin.