Regeg o aional Transportation Authority · Scope and Objective Highlights Conducted a system-wide (RTA, CTA, Metra, Pace) risk assessment • Service Boards and RTA identified their

Regional eg o aTransportation

AuthorityAuthority

Report of Risk Assessment ResultsFinal Report of Results

December 2011

Agenda

Topic Page

Background 2Background 2

Overview of System-wide Results from Facilitated Sessions 6

Detailed System-wide Results from Facilitated Sessions 11Detailed System wide Results from Facilitated Sessions 11

Appendix - RTA Five Year Audit Program 20

© 2011 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 50872CHI

1

BackgroundBackground

Scope and Objective Highlights

Conducted a system-wide (RTA, CTA, Metra, Pace) risk assessment• Service Boards and RTA identified their business risks for their entity which were combined into a

system-wide assessment.system wide assessment. • The risk assessment considered both incidental and inherent risks • The risk assessment is a point in time assessment and should be updated annually to reflect changing

risk environment • The assessment provides information needed for coordinating external audits with the service board’s• The assessment provides information needed for coordinating external audits with the service board s

internal audit teams

Defined a 5-year external audit program with four major categories of audits:• Ri k b d dit id tifi d b d th i k t• Risk-based audits identified based on the risk assessment• Regulatory audits identified based on new regulations and laws or noted compliance issues• Cycle-based audits identified based on common high risk areas, i.e., accounts payable• Ad-hoc audits are not identified specifically in the audit program, but may arise due to a specific issue


3

Process for developing the risk assessment

Task 1 – Developed Risk Assessment Approach & Model• Conducted kickoff meeting with RTA and Service Boards• Developed and confirmed risk assessment model and questionnaires• Reviewed key documentation• Developed and sent questionnaires to key staff - 36 surveys completed

Task 2 – Performed Risk Assessment with Each Entity • Performed 20 interviews with management to discuss and rank risks• Performed 20 interviews with management to discuss and rank risks• Identified and defined key business risks • Created preliminary risk portfolio and risk definitions• Performed facilitated sessions with each entity• Drafted system-wide risk universe and determined risk ratingsDrafted system-wide risk universe and determined risk ratings• Drafted internal audit program and confirmed with RTA management

Task 3 – Issued Report / Present Results • Updated preliminary risk assessment results based on RTA management review y g• Drafted and issued final report • Developed training plan and delivered training

Task 4 – Subsequent Annual Risk Assessment Updates (Future Date)


4

Process for rating risks and management effectiveness

Use of Anonymous Voting Technology - Resolver

• Attendees provided click pad – assigned anonymously / randomly distributed • Stated and defined Each Key Business RiskStated and defined Each Key Business Risk • Key was to level set understanding of the risk • Updated risk definitions as needed

Ranked Key Business Risk Based on Four Criteria Sets

• Impact – 5 is High and 1 is Low• Likelihood – 5 is Almost Certain and 1 is Rare Risk Score calculated by multiplying the Impact times Likelihood

• Management Effectiveness (Current State) – 5 is Optimized and 1 is InitialManagement Effectiveness (Current State) – 5 is Optimized and 1 is Initial• Management Effectiveness (Desired State) – 5 is Optimized and 1 is Initial• Risk Score calculated by multiplying the Impact times Likelihood Management Effectiveness Gap calculated by subtracting the Current State from Desired State The system-wide results an average of each entities results

Consensus Voting

• Determined the majority response for each criteria set


5

Note: Interview and survey results were key inputs into the facilitated session process, which resulted in the quantitative data contained in this report.

Overview ofOverview of System-wide Results from Facilitated SessionsFacilitated Sessions

System-wide risk portfolio

External Risk Factors

• Energy Costs • Funding Availability

• Labor Unions • Natural and Unnatural Disaster

• Public Official Relationships• Terrorist Acts

• State of the Economy

Internal Risk Factors

Strategic Human Capital Technology Operational

• Alternative Financing Options• Capital Program• Public Perception• Regional Planning

• Compensation and Benefits• Employee Performance

Management• Training and Development

• Business Continuity and Disaster Recovery

• IT Systems Implementation and Optimization

• Contract and Vendor Accountability

• Effectiveness and Efficiency • Fare Collectiong g

• Strategic Sourcing • Recruitment, Retention and Succession Planning

• Outdated Technology• Service Board IT System

Integration • User Access and Security

• Fare Management and Integration• Policies and Procedures • Positive Train Control• Rail/Bus/Train Operations • Resource Scheduling • Service MetricsService Metrics • State of Good Repair

Compliance Organizational Culture Passengers/Riders Financial

• Department of Homeland Security F d l T it/R il d

• Conflicts of Interest• Ethical Decision Making

• Call Center • Customer Service and

C i ti

• Accounting • Budgeting and Forecasting

• Federal Transit/Railroad Administration

• National Transportation Safety Board

• Occupational Safety and Health Administration

• Other Federal State and Local

• Fraud and Unauthorized Acts• Governance• Interagency Communication and

Coordination• Process Change Management

and Efficiency

Communication• Emergency Communication

and Response• Multi-modal Service

Coordination• Safety and Security

• Cash Position • Energy Cost Hedging • Equipment and Facility Financing• Financial Reporting • Grant Management • Inventory Management


7

Other Federal, State, and Local Requirements

Inventory Management • Pension Obligations

This is a summary of the risk portfolio based on results from interviews, surveys, the facilitated sessions and engagement team industry experience.

System-wide risk portfolio by risk category

Compliance, 5, 9%Technology, 5, 9%

External, 7, 12%Strategic, 5, 9%

Passenger/Riders, 5, 9%

Financial, 9, 16%

Organizational Culture, 6, 11%

Human Capital, 4, 7%

,


8

This chart details how the overall risk portfolio is distributed across risk categories. The count of the number of risks in each risk category is also stated.

Operational, 10, 18%

Top 20 key business risks (based on facilitated session results)

1. Funding Availability

2. State of Good Repair

11. Interagency Communication & Coordination

12. Safety and Security

3. Recruitment, Retention & Succession Planning

4. Public Perception

5. Public Official Relationships

13. Federal Transit/Railroad Administration

14. Cash Position

15. Terrorist Actsp

6. Fare Management & Integration

7. Customer Service and Communication

8 Compensation and Benefits

16. Service Board IT System Integration

17. State of Economy

18 Labor Unions8. Compensation and Benefits

9. Policies and Procedures

10. Outdated Technology

18. Labor Unions

19. Natural and Unnatural Disasters

20. Governance


9

The combined results were calculated by adding the total Risk Score of each entity and dividing by four (the number of entities included in the risk assessment)

Top 10 risk scores and management effectiveness gaps – System-wide

Ranking Risk Factor Risk Score

ManagementEffectiveness

Gap

1 Funding Availability 21.0 1.4

2 State of Good Repair 19.1 0.9

3 Recruitment, Retention and Succession Planning 15.8 1.4

4 Public Perception 13.2 1.0p

5 Public Official Relationships 11.3 0.9

6 Fare Management & Integration 10.8 0.9

7 Customer Service and Communication 10.8 0.9

8 C ti d B fit 10 3 1 58 Compensation and Benefits 10.3 1.5

9 Policies and Procedures 8.1 0.7

10 Outdated Technology 7.2 0.8


10

“Risk Score” is calculated by multiplying impact times likelihood“Management Effectiveness Gap “ is calculated by subtracting the management effectiveness current state from the management effectiveness desired state

DetailedDetailedSystem-wide Results from Facilitated SessionsFacilitated Sessions

System-wide average scores

Ranking Risk Factor Risk Category Impact LikelihoodRisk

Score

ME –Current

State

ME –Desired

State Gap1 Funding Availability External 4.6 4.5 21.0 2.9 4.3 1.42 State of Good Repair Operational 4.4 4.4 19.1 3.1 4.0 0.93 Recruitment, Retention and

Succession PlanningHuman Capital 4.0 4.0 15.8 2.4 3.8 1.4

4 Public Perception Strategic 3.5 3.8 13.2 3.0 4.0 1.05 Public Official Relationships External 3.8 3.0 11.3 3.0 3.9 0.96 Fare Management & Integration Operational 3.1 3.5 10.8 2.9 3.8 0.97 Customer Service and

CommunicationPassenger/Riders

3.4 3.1 10.8 3.2 4.1 0.9

8 Compensation and Benefits Human Capital 3.2 3.2 10.3 1.7 3.1 1.59 Policies and Procedures Operational 2.7 3.0 8.1 2.0 2.7 0.7

10 Outdated Technology Technology 2.7 2.7 7.2 2.2 3.1 0.811 Interagency Communication &

CoordinationOrganizational Culture

2.5 2.7 6.6 2.1 2.8 0.7

12 Safety and Security Passenger/Riders

2.6 2.3 6.1 2.8 3.1 0.3

13 F d l T it/R il d C li 2 4 2 3 5 6 2 6 2 9 0 313 Federal Transit/Railroad Administration

Compliance 2.4 2.3 5.6 2.6 2.9 0.3

14 Cash Position Financial 2.1 1.9 4.0 1.6 2.1 0.515 Terrorist Acts External 2.2 1.5 3.4 1.7 2.1 0.5


12

This slide is ordered left to right based on system-wide risk scores.Average risk score is calculated by adding the Risk Score of each entity and dividing by four (the number of entities included in the risk assessment)

System-wide average scores

Ranking Risk Factor Risk Category Impact LikelihoodRisk

Score

ME –Current

State

ME –Desired

State Gap16 Service Board IT System Integration Technology 1.5 1.7 2.5 1.1 1.8 0.617 State of Economy External 1.2 1.2 1.4 0.6 1.0 0.418 Labor Unions External 1.1 1.2 1.3 0.7 1.0 0.319 Natural and Unnatural Disasters External 1.0 1.1 1.0 1.0 1.1 0.120 Governance Organizational

Culture1.0 1.1 1.0 0.5 1.0 0.4

21 Capital Program Strategic 1.0 1.0 1.0 0.7 1.0 0.322 Energy Costs External 1.0 1.0 0.9 0.9 1.1 0.123 Alternative Financing Options Strategic 0.9 1.0 0.9 0.6 0.9 0.324 IT System Implementation and

OptimizationTechnology 0.9 1.0 0.9 0.6 1.0 0.4

25 Regional Planning Strategic 0.8 1.0 0.8 0.7 0.9 0.226 Effectiveness and Efficiency Operational 0.9 0.9 0.7 0.5 0.8 0.327 Fare Collections Operational 0.9 0.8 0.7 0.9 1.1 0.228 Positive Train Control Operational 0.7 1.0 0.7 0.7 1.0 0.3

29 Budgeting and Forecasting Financial 0.8 0.8 0.7 0.7 1.0 0.3

30 Grant Management Financial 0.8 0.8 0.6 0.7 0.9 0.131 Other Federal, State, and Local

Requirements (ADA)Compliance 0.9 0.7 0.6 0.8 1.0 0.1

32 Strategic Sourcing Strategic 0 7 0 7 0 5 0 5 0 7 0 2


13


32 Strategic Sourcing Strategic 0.7 0.7 0.5 0.5 0.7 0.2

System-wide average impact

4.6 4.4

4.0 3 5

3.8 3 4

4.0

4.5

5.0

3.5 3.1

3.4 3.2

2.7 2.7 2.5 2.6 2.4 2.1 2.2

1.5 1 2 1 11 5

2.0

2.5

3.0

3.5

Ran

king

1.2 1.1 1.0 1.0 1.0 1.0 0.9 0.9 0.8 0.9 0.9 0.7 0.8 0.8 0.9 0.7

0.0

0.5

1.0

1.5

Risk Factor


14

Risk Factor

This slide is ordered left to right based on system-wide risk scores.Average impact is calculated by adding the impact of each entity and dividing by four (the number of entities included in the risk assessment)

System-wide average likelihood

4.5 4.4 4.0 3.8

3 54.0

4.5

5.0

3.0

3.5 3.1 3.2

3.0 2.7 2.7

2.3 2.3 1.9

1.5 1.7

1 2 1 11 5

2.0

2.5

3.0

3.5

Ran

king

1.2 1.1 1.1 1.1 1.0 1.0 1.0 1.0 1.0 0.9 0.8 1.0 0.8 0.8 0.7 0.7

0.0

0.5

1.0

1.5

Risk Factor


15

Risk Factor

This slide is ordered left to right based on system-wide risk scores.Average likelihood is calculated by adding the likelihood of each entity and dividing by four (the number of entities included in the risk assessment)

System-wide average risk score

21.0 19.1 20.0

25.0

15.8

13.2 11.3 10.8 10.8 10.3

8.1 7.2 6 6 6 1

10.0

15.0

Ran

king

6.6 6.1 5.6 4.0 3.4 2.5

1.4 1.3 1.0 1.0 1.0 0.9 0.9 0.9 0.8 0.7 0.7 0.7 0.7 0.6 0.6 0.5 0.0

5.0

Risk Factor


16

Risk Factor


System-wide average management effectiveness (current and desired states)

3.5

4.0

4.5

enes

s

1.5

2.0

2.5

3.0

agem

ent E

ffect

ive

0.0

0.5

1.0

Man

a

Risk Factor

M t Eff ti C t M t Eff ti D i d


17

Management Effectiveness - Current Management Effectiveness - Desired

This slide is ordered left to right based on system-wide risk scores.Average management effectiveness is calculated by adding the management effectiveness results of each entity and dividing by four (the number of entities included in the risk assessment)

System-wide average management effectiveness gap

4.3 4.0

3.8 4.0 3.9 3.8

4.1

3 16.0

7.0

8.0

enes

s

2.9 3.1 2.4

3.0 3.0 2.9 3.2

2 0 2.2 2 12.8 2.6

3.1 2.7 3.1

2.8

3.1 2.9

2.1 2.1

1.8

1 1 1 1 1 12 0

3.0

4.0

5.0

6.0

agem

ent E

ffect

ive

1.7 2.0 2.1

1.6 1.7 1.1

0.6 0.7 1.0 0.5 0.7 0.9 0.6 0.6 0.7 0.5

0.9 0.7 0.7 0.7 0.8 0.5

1.0 1.0 1.1 1.0 1.0

1.1 0.9 1.0 0.9

0.8 1.1 1.0 1.0 0.9 1.0

0.7

0.0

1.0

2.0

Man

a

Risk Factor

M t Eff ti C t M t Eff ti D i d


18

Management Effectiveness - Current Management Effectiveness - Desired

This slide is ordered left to right based on system-wide risk scores.Average management effectiveness gap is calculated by adding the management effectiveness gap of each entity and dividing by four (the number of entities included in the risk assessment)

System-wide Risk Scores and Management Effectiveness Gap

GoodRepair

Perception Funding

4.5

5

Policies and Procedures

Customers

Fare Integration

Public Officials

Perception Funding

Staff

3

3.5

4

FTA/FRA

SafetyCashIT Integration

Interagency Outdated TechCompensation

2

2.5

Like

lihoo

d

Grants ADARegional Planning

PTC

Budget Forecasts

Fare CollectionAlternative Financing

Unions

CapitalEffective EfficientIT Optimization

Economy

EnergyDisasters

Governance

Terrorism

1

1.5

Sourcing

0

0.5

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5Impact


19

Management Effectiveness Gaps are show via the size and color of the circle. The largest circles in red represent ME Gaps of 1 to 2, The smallest size in green represents ME Gaps under 1.

RTA Five Year Audit ProgramProgram

(S F ll i P )(See Following Pages)


The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

Regional Transportation AuthorityRTA Five Year Audit Program Sorted by Audit Execution and Proposed Audit

Ref Proposed Audit Proposed DescriptionLinkage to Risk Factors (Key Business Risk

Highlighted in Color Blue) RTA

CTA

Met

ra

Pace Audit

Execution Risk Category 2012 20132014 or Later

1 Audit Issues Remediation Assessment

Assess ability of management to timely and adequately address issues/findings noted in audit reports issued by various oversight bodies and identify gaps to be closed by management or trends to be addressed by management.

FTA/FRA ComplianceGovernanceOther Federal/State & Local RequirementsPublic PerceptionReputation

X X X X RTA Compliance X X X

2 Customer Service Center Operations

Assess processes related to call center operations to help ensure timely, accurate, and consistent information (experience) to customers. Assess performance of any third parties performing call center activities based on key contract provisions. Includes customer service and travel information centers across all agencies.

Customer Service & CommunicationEffectiveness & EfficiencyInteragency Communication & CoordinationPerformance MetricsPolicies & Procedures

X X X X RTA Passengers & Riders

X

3 Data Privacy Review Assess effectiveness of internal controls and processes related to data privacy and use of personally identifiable information from both employees and passengers (inclusive of agencies and contracted third parties).

Data Security & Privacy Public PerceptionReputationSegregation of DutiesUser Access

X X X X RTA Organization Culture

X X

4 Disadvantaged Business Enterprise (DBE) Program Compliance Review

Assess effectiveness of internal controls and processes related to utilization of DBE contractors by prime contractors based on defined requirements, applicable laws & regulations, policies & procedures, as well as existing contract documentation.

Cash PositionOther Federal/State & Local RequirementsPolices & ProceduresPublic Official RelationshipsPublic PerceptionReputation

X X X X RTA Compliance X X

5 Emergency Response Coordination

Assess emergency response coordination activities to determine how agencies and external parties, such as first responders and City Hall, will coordinate efforts during extended service interruptions due to weather conditions, equipment issues, unplanned and unusual events, or natural or unnatural disasters. Will include assessment of communication protocols to keep public informed as well.

Customer Service & CommunicationInteragency Communication & CoordinationNatural & Unnatural DisastersPublic PerceptionSafety & SecurityTerrorist Acts


X

6 Fraud Prevention Assessment Perform a high-level fraud prevention assessment to assist the agencies in identifying key fraud risk factors based on processes and operations, comparing to current internal control and fraud prevention/detection processes, and identify gaps to be addressed my management. Assess processes and procedures to identify, monitor, and mitigate conflicts of interest.

Conflicts of InterestEthical Decision MakingFinancial ReportingFraud & Unauthorized ActsGovernanceReputationSafeguarding of Assets

X X X X RTA Organization Culture

X

7 Grant Management Review Assess effectiveness of internal controls and processes related to grant development, management and reporting activities to help ensure effectiveness and compliance with grant requirements.

Budgeting & ForecastingFunding AvailabilityGovernancePublic Official RelationshipsState of Good Repair

X X X X RTA Financial X

RTA Five Year Audit Program Page 1 of 6




CTA

Met

ra

Pace Audit


8 Hiring & Promotion Practices Review

Assess effectiveness of internal controls and processes related to hiring such as compliance with federal, state, and local laws/ordinances, transparency, background checks, approvals, internal and external postings, and alignment with organizational goals and objectives.

Compensation & BenefitsLabor UnionsPolicies & ProceduresPublic PerceptionRecruitment, Retention, & Succession PlanningOther Federal/ State & Local RequirementsReputation

X X X X RTA Human Capital X X

9 Information Technology Strategy Assessment

Perform an assessment of existing IT infrastructure, strategies, and skill sets compared to overall business objectives to create a 3 to 5 year roadmap to achieve goals and objectives of the entities. This includes developing a strategy to integrate and consolidate IT systems and applications to meet operational, performance, and compliance goals in a cost effective manner.

Fare Management & IntegrationIT Systems Implementation & OptimizationGovernanceOutdated TechnologyService Board IT System IntegrationUniversal Fare Card Implementation

X X X X RTA Information Technology

X

10 Paratransit Operational Review Review and document compliance with USDOT ADA regulatory requirements contained in 49 CFR Parts 27, 37, and 38 with respect to ADA paratransit service operations and eligibility determinations, including an analysis of capacity constraints and complaint handling.

Cash PositionCustomer Service & CommunicationEffectiveness & EfficiencyOther Federal/State & Local RequirementsPerformance MetricsPolicies & Procedures

X X RTA Compliance X

11 Passenger Safety & Security Review

Perform an assessment of current processes, protocols, and contingencies in place to respond to passenger safety and security incidents. Will include assessment of communication and escalation processes both internally and externally to employees, passengers and pertinent emergency services departments) as applicable.

Customer Service & CommunicationGovernanceInteragency Communication & CoordinationNatural & Unnatural DisastersPublic Official RelationshipsPublic PerceptionPolicies & ProceduresSafety & SecurityState of Good RepairTerrorist Acts


X

12 Procurement Spend Analysis Perform an analysis of overall spend to provide management with greater visibility into how operational funds are expended, identity three opportunities to rationalize spend, and provide leading practices on strategic sourcing.

Effectiveness & EfficiencyFunding AvailabilityPerformance MetricsStrategic Sourcing

X X X X RTA Strategic X





CTA

Met

ra

Pace Audit


13 RTA Governance Gap Assessment

Review existing governance mandates granted by way of the 2008 reform legislation or other legislative actions and determine gaps between defined mandates and actual governance practices. Assess barriers to implementation of any and provide recommendations to implement mandates and enhance overall governance and oversight processes. Also, perform and assess of how new monies granted have been allocated.

Funding AvailabilityGovernancePublic Official RelationshipsPublic PerceptionReputation

X RTA Organization Culture

X

14 Americans with Disabilities Act Review

Document compliance with USDOT ADA regulatory requirements contained in 49 CFR Parts 27, 37, and 38 with respect to fixed route bus and rail facilities, vehicles, and service operations, as applicable.

Other Federal/State & Local Requirements X X X X Agencies Compliance X

15 Business Continuity & Disaster Recovery Review

Assess the effectiveness of business continuity and disaster recovery processes including contingency plan development, escalation procedures, offsite data backup storage, and facility backups as well as perform testing of business continuity and disaster recovery plans

GovernanceInteragency Communication & CoordinationNatural & Unnatural DisastersOutdated TechnologyPolicies & ProceduresPublic PerceptionRail/Bus/Train OperationsSafety & SecurityService Board IT System IntegrationTerrorist Acts

X X X X Agencies Information Technology

X

16 Capital Program Management Review

Assess effectiveness of internal controls and processes related to capital construction project administration including invoice review and approval, budget to actual analysis, site visits, contract terms monitoring, and regulatory compliance such as Davis-Bacon and reporting.

Capital ProjectsBudgeting & ForecastingOther Federal/State & Local RequirementsPolicies & ProceduresState of Good Repair

X X X X Agencies Strategic X X

17 Cash & Treasury Review Assess effectiveness of internal controls and processes related to cash handling, cash receipts, cash flow forecasts, bank account reconciliations, wire transfers, cash transaction authority levels, segregation of duties, and existence of current policies and procedures reflective of actual processes. Also review key controls in place over the purchase, disposition, valuation, and custody of investments.

Cash PositionBudgeting & ForecastingFraud & Unauthorized ActsFunding AvailabilityPolicies & ProceduresSafeguarding of Assets

X X X X Agencies Financial X X X

18 Claims Management Review Assess processes related to claim management including litigation, negotiation, liability accrual, reporting, and organizational change to mitigate recurrence.

Cash PositionGeneral LiabilityProcess Change ManagementSafety & Security

X X X X Agencies Financial X





CTA

Met

ra

Pace Audit


19 Contract Management Review Assess the effectiveness of internal controls and processes related to contract management including vendor/contractor oversight and management activities to help ensure contracted goods and services are obtained at the agreed upon price and comply with contract requirements.

Cash PositionContract ComplianceGrant CompliancePerformance MetricsPolicies & ProceduresPublic PerceptionVendor Management

X X X X Agencies Operations X X

20 Employee Benefits Administrative Review

Assess the effectiveness of internal controls and processes related to benefits administration, including enrollment, eligibility, segregation of duties, and existence of current policies and procedures reflective of actual processes. Also perform high-level assessment of PBM/TPA contracts for inclusion of performance metrics and performance guarantees.

Cash PositionCompensation & BenefitsERISA ComplianceLabor UnionsPolicies & ProceduresRecruitment, Retention, & Succession Planning

X X X X Agencies Human Capital X

21 Employee Expense Review Review employee and board level business/travel expenses to determine whether each was appropriately approved, sufficiently documented, and timely submitted in accordance with policies and procedures. May also include validation of allowability and funding allocation and an assessment of existence of policies and procedures reflective of actual processes.

Cash PositionPolicies & ProceduresPublic PerceptionPublic Official RelationshipsReputation


22 Energy Cost Management Review

Assess processes to forecast energy needs and implement effective short and long term strategies to minimize energy costs such as electricity, gasoline, and diesel. May include assessing use of contract locks, hedges, joint contracts, and swaps as well as green energy implementation. Assess how purchase efforts are coordinated across transportation agencies and sister agencies.

Funding AvailabilityCash PositionEnergy CostsInteragency Communication & CoordinationEffectiveness & EfficiencyPolicies & ProceduresPublic Perception

X X X X Agencies Financial X

23 Fare Collection Review Assess the effectiveness of internal controls and processes related to fare collection such as fare card purchases, uncollected fares, cash collections, fare account reconciliations, fare application controls, fare forecast to actual analysis, segregation of duties, and existence of current policies and procedures reflective of actual processes.

Cash PositionCustomer Service & CommunicationEffectiveness & EfficiencyFare Management & IntegrationFraud & Unauthorized ActsPublic PerceptionReputation

X X X Agencies Operations X X

24 Financial Controls Review Assess the effectiveness of internal controls and processes related to journal entries, chart of accounts maintenance, fixed assets, budgeting, accounts receivable, capital expenditures, general ledger reconciliations, monthly, quarterly and yearend close, segregation of duties, user Assess rights, and documented policies and procedures.

Effectiveness & EfficiencyFinancial DisclosureFinancial ReportingGoodwill & ImpairmentOutdated TechnologyPolicies & Procedures






CTA

Met

ra

Pace Audit


25 General Information Technology Controls Review

Assess the effectiveness of general information technology controls including change management, computer operations, application development, and system access.

Data Security & PrivacyGovernanceOutdated TechnologyProcess Change ManagementSegregation of DutiesService Board IT System IntegrationUser Access


X X

26 Information Technology - IT Key Applications Review

Assess key IT applications to determine overall functionality provided to the business based on needs and identify any gaps.

Data Security & PrivacyEffectiveness & EfficiencyIT Systems Implementation & OptimizationOutdated TechnologySegregation of DutiesUser Access


X X

27 Information Technology Security Review

Assess the effectiveness of network and application security processes including network intrusion, assess rights, segregation of duties with key systems, and existence of current policies and procedures reflective of actual processes.

Data Security & PrivacyGovernanceIT Systems Implementation & OptimizationOutdated TechnologyPolicies & ProceduresPublic PerceptionReputationSegregation of DutiesUser Access


X

28 Payroll Review Assess the effectiveness of internal controls and processes related to payroll time and attendance, time approvals, wage, benefit, tax, and other payroll deduction calculations, and compliance with applicable laws and regulations.

Cash PositionCompensation & BenefitsFederal/State & Local Tax CompliancePolicies & Procedures

X X X X Agencies Human Capital X X X

29 Procure to Pay Process Review

Assess the effectiveness of internal controls related to the purchase to pay process including solicitations, preferred vendor list, purchase requirements, purchase orders, invoice approvals, three-way matching, purchase cards, purchase authorization limits, performance metrics, and use of defined policies and procedures.

Cash PositionContract ComplianceGrant CompliancePerformance MetricsPolicies & Procedures

X X X X Agencies Financial X X

30 Real Estate & Facilities Management Review

Assess processes related to real estate and facilities management including lease management, real estate taxes, capital planning, and maintenance. Also assess management oversight processes related to real estate inventory and cost efficiency monitoring.

Cash PositionEquipment & Facility FinancingGeneral LiabilityPerformance MetricsState of Good RepairReal Estate Asset ManagementReal Estate Tax Compliance

X X X Agencies Operations X





CTA

Met

ra

Pace Audit


31 Staff & Management Development Review

Assess processes related to performance evaluation, training and development including mid-year and annual employee evaluations, performance feedback, assessing organization talent needs, training programs, management development programs, and succession planning programs.

Compensation & BenefitsEffectiveness & EfficiencyEmployee Performance ManagementPolicies & ProceduresRecruitment, Retention, & Succession PlanningTraining & Development

X X X X Agencies Human Capital X

32 Staffing Resources Review Assess the effectiveness of internal controls and processes related to scheduling of staff and management of leave requests in a manner that efficiently utilizes all available manpower and minimizes overtime and service disruptions. Also review management oversight process related to absenteeism and direct/indirect effects to operations.

Cash PositionEffectiveness & EfficiencyEmployee Performance ManagementLabor UnionsPublic PerceptionRail/Bus/Train OperationsResource SchedulingSafety & SecurityService Metrics

X X X X Agencies Operations X

Totals 10 14 27


Documents

Regeg o aional Transportation Authority · Scope and Objective Highlights Conducted a system-wide (RTA, CTA, Metra, Pace) risk assessment • Service Boards and RTA identified their