Goal 6.0 DELIVER EFFICIENT, EFFECTIVE, AND RESPONSIVE
BUSINESS SYSTEMS AND RESOURCES THAT ENABLE THE SUCCESSFUL
ACHIEVEMENT OF THE LABORATORY MISSION(S)
Appendix B Volume 2, Self-Evaluation FY2006
Return
to Table of Contents
Objective 6.4 Provide Efficient, Effective, and
Responsive Management Systems for Internal Audit and
Oversight: Quality, Information Management; and Other
Administrative Support Services as Appropriate
6.4a Internal audits completed in accordance
with annual audit plan. Revisions to the approved SLAC
FY06 audit plan will be mutually agreed to by both
parties.
SLAC Response: Stanford Internal Audit completed all
the audits in accordance with the Revised FY2006 SLAC
Audit Plan, dated June 5, 2006 incorporating the
internal controls testing required for the OMB Circular
A-123 in FY2006. In addition, an additional review,
“High Level Review of Internal Controls at SLAC”,
was also conducted. The completion and issuance of the
audit reports for the “OMB Circular A-123 Testing of
Internal Controls for Human Resources and Payroll”
and the “Review of the Accounts Payable Process”
were delayed into November 2007 since the priority was
focused on recording testing details into the A-123
Assessment and Reporting Tool (AART) spreadsheets in
order to meet the early September deadline for
transmittal of the AART to DOE.
6.4.b Ability to complete corrective actions
for reviews in accordance with approved Corrective
Action Plan
SLAC Response: FY06 Reviews and Audits, along with
recommendations and corrective actions follow
A. Stanford Internal Audit Review of SLAC
Allowable Costs for FY2005
A.1. Ashley Fellowship Program
Recommendation: SLAC H/R and Accounting should
reconcile the salaries charged to the Fellowship Account
# 030004 at the end of each fiscal year and ensure that
only 12 months of the recipient’s salary is charged
appropriately.
Corrective Action: The H/R Administrator
for the Ashley Fellowship Program will coordinate a
meeting with the affected supervisor and the
responsible Budget Office Analyst to determine the
time frame of the fellowship. The Budget Office
Analyst will monitor and reconcile the charges at
the end of each fiscal year.
B. Stanford Internal Audit Review of Agreed
Upon Procedures performed at SLAC for FY2005 in
Accordance with OMB Circular A-133
No recommendations.
C. Stanford Internal Audit on SLAC’s Internal
Procedures on the Review and Approval of Invoices from
Subcontractors Subject to the Davis-Bacon Act in FY2005
Recommendation: The Purchasing Officer and
deputy Purchasing Officer should update Section 42-1 of
the Business Services Division (BSD) Procedure Manual.
Corrective Action: SLAC Purchasing
Management completed all related procedures in
December 2005
Recommendation: The Purchasing Officer and
Deputy Purchasing Officer should ensure that the
Contract Administrators are reminded of their
responsibility to adhere to the Purchasing Office’s
internal procedures for the review and approval of
subcontractor invoices that are subject to the
Davis-Bacon Act.
Corrective Action: The Deputy Purchasing
Officer held a meeting in May 2005 with the
Construction to ensure these guidelines were
followed. Completed.
D. Stanford Internal Audit High-Level Review of
Internal Controls at SLAC
No recommendations.
E. Stanford Internal Audit SLAC PeopleSoft
(version 8x) – Application Security Review
Recommendation 1: Update and document policies
and procedures related to the PeopleSoft application
environment.
Corrective Action: Financials 8.8 is a
work in progress with an estimated completion
12/31/06. For HRMS 8, the Business Applications
Support (BAS) will review it during HRMS 8.9
upgrade, estimated to be completed by 06/30/07
Recommendation 2: Restrict access to Sensitive
PeopleTools such as Application Designer in the
production environment.
Corrective Action: The Financials 8.8
review has been completed. We removed all read-only
access to Application Designer from the POADMIN and
SL_POADMIN_INQ permission list.
Recommendation 3: Review the permissions lists
which have some access to security tools and delete
where such access is unnecessary.
Corrective Action: BAS will review.
Completion planned for 11/30/06.
Recommendation 4: Reassign those ALLPANLS in
the BAS group to appropriate permission lists in
conjunction with their roles.
Corrective Action: Immediate action was
taken. Removed user ids from FSYS.
Recommendation 5: Review the permission list
that have access to critical business processes and
remove those that are unnecessary.
Corrective Action: Financials 8.8 – BAS
review. will be completed by 11/30/06. HRMS 8 – BAS
to review during HR 8.9 upgrade estimated to be
completed by 06/30/07.
Recommendation 6: Review the permission lists
with correction made and determine if this is
appropriate.
Corrective Action: Review in progress.
Financials 8.8 BAS identified 115 of the 166
permission list which are not assigned to any users.
SLAC is still reviewing the remaining 51. Financials
review to be completed by 11/30/06.
Recommendation 7: Review the users without
employee ids and ensure that only valid users have
accounts.
Corrective Action: BAS to review during
upgrade to HRMS 8.9. To be completed by 06/30/07.
Recommendation 8: Establish a process for HR
to generate an automated e-mail for retired employees so
that they may be removed in a timely fashion from
PeopleSoft tables.
Corrective Action: In fact, a procedure
for sending an automated e-mail from HR for retired
employees does exist. No further action needed on
this recommendation.
6.4c Every five years, receive an overall
satisfactory rating from an external review of
Contractor's success in meeting Internal Audit and
Oversight; Quality; Information Management; and Other
Administrative Support Services management goals and
expectations consistent with professional auditing
standards received an overall satisfactory rating from
an external review every five years.
SLAC Response: On April 24-27, 2006, a peer review
was conducted by the Business Peer Review Team,
consisting of representatives from Jefferson Lab, Fermi
National Accelerator Laboratory, and Lawrence Berkeley
National Laboratory. The primary objective of the review
was to identify areas of strength and areas where there
was opportunity for improvement based on known best
business practice, or other industry standards. Areas
investigated in the FY 2006 Peer Review were:
Procurement, SLAC Site Security, Property Management,
and Travel/Travel Accounting.
The Executive Summary from the review team states
that “....the reviewed Business Services Division (BSD)
functional areas are exceptionally well-managed and
provide a high level of service to their customers as
well as being attentive to the requirements of SLAC’s
DOE Contract…..” The full peer review report is
available on request.
6.4d Excluding scientific IT, Contractor's
comparison of Information Technology (IT) cost
performance with like industry and government entities
for 1) IT spending as a percent of overall cost plan; 2)
percent of Laboratory employees in IT jobs and 3) IT
budget per end user.
SLAC Response: While data may be available, an
analysis could not be done this year given other demands
on the Business Services Division and the CFO
organization. This performance measure will be pursued
in FY2007.