78(R) HB 2485 House committee report

C.S.H.B. 2485 78(R)    BILL ANALYSIS


C.S.H.B. 2485
By: Hochberg
State Affairs
Committee Report (Substituted)



BACKGROUND AND PURPOSE 

The 77th Legislature passed House Bill 609, which extended the internal
audit requirement to all state agencies that receive an appropriation.
Conducting these audits when the situation necessitates rather than
annually will more judiciously use small state agency funds.  The purpose
of C.S.H.B. 2485 is to require small agencies to complete an annual
written risk assessment, and to require the state auditor to evaluate the
risk assessments and recommend audits for those with significant
financial, managerial or compliance risk, or significant risk related to
the use of information technology. 

RULEMAKING AUTHORITY

It is the committee's opinion that this bill does not expressly grant any
additional rulemaking authority to a state officer, department, agency or
institution. 

ANALYSIS

C.S.H.B. 2485 amends Section 2102.004, Government Code, to redefine the
criteria used to determine which state agencies are required to conduct a
program of internal auditing.  The requirement applies only to a state
agency that has an annual  operating budget that exceeds $10 million, has
a staff of more than 100 full-time equivalent employees as authorized by
the General Appropriations Act, or receives and processes more than $10
million in cash in a fiscal year.   

C.S.H.B. 2485 amends Chapter 2102 of the Government Code to require small
state agencies that do not meet the thresholds described above to submit
an annual written formal risk assessment consisting of an executive
management review of financial, managerial and compliance risks to the
state auditor's office, including risks related to the use of information
technology.  Section 2102.014 requires the state auditor to evaluate the
risk assessments and recommend to the governor that those agencies with
significant risk exposure obtain an audit.  The governor is authorized to
order those agencies to obtain an audit, submit reports and corrective
action plans, and report the status of the agencies' implementation of
audit recommendations to the state auditor.  The governor is also
authorized to fund the audits from any funds appropriated to the governor
for that purpose. 

EFFECTIVE DATE

Upon passage, or, if the Act does not receive the necessary vote, the Act
takes effect September 1, 2003.  


COMPARISON OF ORIGINAL TO SUBSTITUTE

C.S.H.B. 2485 modifies the original by requiring small agencies that are
not required to conduct a program of internal auditing to include in their
annual risk assessment information on risks related to the use of
information technology.  Additionally, the substitute authorizes, rather
than requires, the governor to order audits for an agency.  The substitute
also adds language that authorizes the governor to order an agency to
report to the state auditor the status of the agency's implementation of
prior audit recommendations.