Audit Services

The Vendor is required to provide audit services to assist agency for internal audit staff with upcoming audit and non-audit services to review of:
• Investments
• Information Technology (IT)
• Health Care
• Audit Activities
- Investments:
• Investment Strategy and Performance
oEvaluate the effectiveness of department investment strategies and their alignment with agency overall investment objectives.
oAssess the performance of individual investment groups and portfolios against benchmarks and target returns.
• Risk Management
oReview department risk management framework, including its ability to identify, measure, and manage risks.
oEvaluate the effectiveness of risk mitigation strategies and compliance with risk limits.
• Portfolio Construction and Diversification
oAssess the diversification of agency investment portfolio across asset classes, sectors, and geographic regions.
oEvaluate the appropriateness of portfolio construction methodologies and rebalancing strategies.
• Manager Selection and Monitoring
oReview department processes for selecting and monitoring external investment managers.
oEvaluate the effectiveness of manager performance evaluation and due diligence procedures.
• Investment Operations
oAssess the accuracy and integrity of investment accounting and record-keeping.
oReview the effectiveness of controls related to cash management, securities settlement, and derivative transactions.
oEvaluate the adequacy of investment systems and technology infrastructure.
• Compliance
oAssess compliance with applicable investment laws, regulations, and fiduciary standards.
oEvaluate department policies and procedures related to conflict-of-interest management and ethical conduct.
• Internal Controls
oEvaluate the adequacy of internal controls to safeguard assets, ensure accurate accounting, and prevent fraud.
oAssess the effectiveness of controls related to investment decision-making, risk management, and compliance.
• Third-Party Service Providers
oReview department oversight of external service providers, including investment consultants, performance measurement firms, and securities lending agents.
oEvaluate the effectiveness of contract management and performance monitoring.
• Project Management
oThe Contractor will designate a project manager who will be the primary point of contact for the agency will also designate a contract manager to facilitate communication and coordination.
- Information Technology (IT):
- Agency Information Technology operations consists of three (3) core areas:
• Enterprise Operations and Development
• Enabling Technologies
• Enterprise Service Delivery
• Governance and Strategy
oEvaluate the effectiveness of IT governance practices and strategic planning.
oAssess the alignment of IT initiatives with TRS's overall business objectives.
• Risk Management
oIdentify and assess IT-related risks, including security threats, operational risks, and compliance risks.
oEvaluate the effectiveness of risk mitigation strategies and controls.
- Infrastructure Management:
• Review the management of IT infrastructure components, including:
oNetwork devices
oIntrusion prevention and detection systems
oInternet Protocol services
oActive Directory and LDAP
oWireless and remote access
oVirtualization
oBackupand recovery
oTelecommunications
oHelp desk services
oData center operations
- Application Development and Support
• Evaluate the quality and efficiency of application development and maintenance processes.
• Assess the effectiveness of application support services and incident management.
e. Information Security
• Assess the adequacy of information security measures, including:
oNetwork security
oApplication security
oData security
oIdentity and access management
oCybersecurity incident response
• Evaluate compliance with applicable security standards and regulations (e.g., HIPAA, NIST,
DIR, TAC 202).
• Enterprise Architecture
• Review the alignment of IT architecture with business needs and strategies.
• Evaluate the effectiveness of data governance, data administration, and data warehouse management practices.
- Project Management:
• Assess the effectiveness of project management methodologies and tools.
• Evaluate the management of IT projects and initiatives.
- Health Care:
- Risk and Control Assessment
• Identify and evaluate risks and controls within HD's healthcare operations.
• Analyze the effectiveness of controls in mitigating risks.
- Vendor Management
• Review and assess oversight practices for agency contracted vendors involved in:
oHealth Plan Administration (HPA)
oPharmacy Benefits Management (PBM)
oHealthcare consultancy and actuarial services
oClaims and administrative service providers
• Evaluate contract monitoring procedures for performance guarantees and service delivery.
- Financial Management
• Review processes related to:
oPremium billing and collection for agency -Care and agency -Active Care programs
oVendor payment approvals for claims, administrative services, and other expenses
oMonitoring of fund expenditures to identify potential issues
• Assess the accuracy and timeliness of premium revenue and account reconciliation.
- Compliance
• Evaluate agency compliance with relevant state and federal healthcare and health plan laws, including:
oHIPAA
oHITECH Act
oAffordable Care Act
oMedicare regulations
- Performance Monitoring
• Assess agency methods for measuring customer service satisfaction.
• Review healthcare trend and cost analyses to identify potential cost-saving opportunities.
- Internal Controls Review
• Assist agency Internal Audit in evaluating the effectiveness of internal controls related to:
oGovernance
oStrategic planning
oResource, operational, and budget management
oThird-party vendor selection, monitoring, and contract management
oOperational performance metrics
oRisk management practices
oCompliance with applicable laws and regulations
oPolicies, procedures, and standards for HD operations
- Audit Activities:
- Data Analytics
• Support the implementation of the Data Analytics Framework.
• Develop and enhance internal audit staff's data analytics skills.
• Assist in identifying key risks and planning audit projects using data-driven approaches.
- Audit Plan Development
• Assist in developing the annual audit plan based on risk assessment techniques and professional auditing standards.
• Facilitate the evaluation and update of the audit plan for approval by the state Committee and Board.
- Risk Assessment
• Assist in conducting risk assessments to identify areas for audit focus.
• Evaluate the effectiveness of existing risk management controls.
- Other Activities
• Support the administration of the audit function, including:
oExternal quality assurance reviews
oStrategic planning
oPerformance measures development
oTraining
oStaff augmentation
- Project Management
•The Contractor will designate a project manager who will be the primary point of contact for the agency will also designate a contract manager to facilitate communication and coordination.
- Contract Period/Term: 4 years