Internal Audit Reports
The Central Florida Expressway Authority internal auditor periodically reviews different aspects of the agency’s day-to-day operations and makes recommendations to the Audit Committee and the CFX Governing Board.
See audit reports approved by the Audit Committee below.
Fiscal Year 2022 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| Jun 2022 | FY23 Internal Audit Plan and Risk Analysis | |
| Jun 2022 | Cashless Tolling Risk Analysis | |
| Jun 2022 | Third Party Revenue Collections Review | |
| Apr 2022 | Infinity Ransomware Simulations Summary | |
| Apr 2022 | Customer Service Center Performance Assessment | |
| Apr 2022 | Prior Audit Recommendations | |
| Jan 2022 | Procurement and Contract Billing Audit Report | |
| Jan 2022 | PCI Assessment with Report on Compliance | |
| Jan 2022 | FY22 DHSMV Data Security Audit Report | |
| Jan 2022 | FY22 DAVID Data Security Audit Report | |
| Oct 2021 | Secure Code Review Report | |
| Oct 2021 | Prior Audit Recommendations Follow-Up |
Fiscal Year 2021 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| Apr 2021 | Toll Revenue Audit | |
| Apr 2021 | Crisis Management Business Continuity | |
| Apr 2021 | Prior Audit Recommendations Follow-Up | |
| Jan 2021 | FY21 DHSMV Data Security Audit Report | |
| Jan 2021 | FY21 DAVID Data Security Audit Report | |
| Jan 2021 | PCI Assessment with Report on Compliance | |
| Jan 2021 | Ethics Policy Compliance Review | |
| Oct 2020 | Fiscal 2020 Public Records Review Report | |
| Oct 2020 | Prior Audit Recommendations Semi Annual Follow Up | |
| Oct 2020 | Procurement and Contract Billing Audit Report |
Fiscal Year 2020 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| May 2020 | RPA and Automation Review | |
| May 2020 | COSO ERM Governance Review | |
| May 2020 | Retail Transponder Sales Review | |
| Mar 2020 | P-Card and Gas Card Audit | |
| Mar 2020 | Marketing and Social Media Audit | |
| Feb 2020 | PCI Assessment with Report on Compliance | |
| Feb 2020 | Source Code Review – Summary | |
| Jan 2020 | Prior Audit Recommendations Semi-Annual Follow-Up | |
| Jan 2020 | Procurement and Contract Billing Audit Report | |
| Jan 2020 | DHSMV Data Security Assessment | |
| Jan 2020 | DAVID Data Security Assessment | |
| Jun 2019 | IT Project Management Review | |
| Jun 2019 | LENS Access Control Review | |
| Oct 2019 | Prior Audit Recommendations – Semi-Annual Follow-Up |
Fiscal Year 2019 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| Apr 2019 | Customer Contact Center Performance Assessment | |
| Apr 2019 | Prior Audit Recommendations Follow-Up | |
| Apr 2019 | DAVID Data Security Assessment | |
| Apr 2019 | Cybersecurity Incident Response Review | |
| Jan 2018 | PCI Assessment- January 2019 | |
| Jan 2018 | DHSMV Data Security Assessment- November 2018 | |
| Jan 2018 | Procurement and Contract Billing Audits- January 2019 | |
| Oct 2018 | Prior Audit Recommendations Follow-Up- September 2018 | |
| Oct 2018 | Penetration Test Report Summary 2018 | |
| Oct 2018 | Physical Security Assessment Report Summary 2018 | |
| Oct 2018 | Internal Audit Plan |
Fiscal Year 2018 Audit Reports
Information Security Risk Assessment Phase IIExempt
| Date | Document Title | File Format |
|---|---|---|
| Jun 2018 | Ethics Policy Compliance Audit | |
| Jun 2018 | Tolling System Replacement Review Phase III Vulnerability Scanning | |
| Jun 2018 | IT General Controls Review | |
| Jun 2018 | Pay By Plate Audit (Toll Violations & Wekiva Parkway Cashless Toll Revenue) | |
| Feb 2018 | Prior Audit Recommendations Follow-Up January 2018 | |
| Feb 2018 | Procurement and Contract Billing Audits January 2018 | |
| Feb 2018 | Safety and Maintenance Policies and Procedures Compliance Audit | |
| Feb 2018 | TRAILS Program Review February 2018 | |
| Feb 2018 | DHSMV Data Security Assessment December 2017 | |
| Feb 2018 | PCI Assessment with Report on Compliance December 2017 | |
| Sep 2017 | Prior Audit Recommendations Follow-Up- August 2017 | |
| Sep 2017 | Information Security Risk Assessment Phase II | EXEMPT |
Fiscal Year 2017 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| Aug 2016 | Prior Audit Recommendations Follow-Up- August 2016 | |
| Nov 2016 | Public Records Review | |
| Nov 2016 | DHSMV Data Security Assessment | |
| Jan 2017 | Prior Audit Recommendations: Semi-Annual Follow-Up- January 2017 | |
| Jan 2017 | Procurement and Contract Billing Audit | |
| Jan 2017 | Call Center Staffing Model Development | |
| Jan 2017 | Vendor Security Review | |
| Aug 2016 | Purchasing Spend Data Audit | |
| Apr 2017 | Accounting System Access and SOD Review | |
| Apr 2017 | Human Resources Process Review | |
| Apr 2017 | Business Continuity Management Review – 2017 | |
| Apr 2017 | Information Security Risk Assessment Phase I | |
| Apr 2017 | Change Management – Tolling System Replacement Audit | |
| Apr 2017 | Customer Service Center Performance Assessment | |
| Apr 2017 | Discount-Rebate Program Audit | |
| Apr 2017 | Internal Audit Plan |
Fiscal Year 2017 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| Jan 2016 | Prior Audit Recommendations Follow-Up – January 2016 | |
| Jan 2016 | ROW Counsel Procurement and Invoice Audit | |
| Jan 2016 | 2016 Contracts Audit | |
| Sep 2015 | Prior Audit Recommendations Follow-Up – September 2015 | |
| Jan 2016 | Bond Financing Review | |
| Jan 2016 | DHSMV Data Security Assessment | |
| Sep 2015 | Payment Card Industry (PCI) Assessment | |
| Sep 2015 | 2013 COSO Framework Governance Review | |
| Sep 2015 | ITS Systems Security Review | Exempt |
| Sep 2015 | PCI 3.0 Gap Assessment | Exempt |
Fiscal Year 2015 Audit Reports
| Date | Document Title | File Format |
|---|---|---|
| Sep 2014 | Prior Audit Recommendations Follow-Up | |
| Sep 2014 | Sensitive Data Audit Report | Exempt |
| May 2015 | Back Office Customer Call Center Review | |
| Sep 2014 | Business Impact Analysis Report | Exempt |
| May 2015 | Prior Audit Recommendations Follow-Up | |
| Sep 2014 | PCI Report on Compliance | Exempt |
| Mar 2015 | DHSMV Data Security Assessment | Exempt |
| Mar 2015 | Prior Audit Recommendations Follow-Up | |
| May 2015 | Ethics Policy Compliance Review- June 2015 |
Fiscal Year 2014 Audit Reports
| Document Title | File Format |
|---|---|
| Contracts Audit | |
| 2014 OOCEA Maintenance and Safety Compliance Audit Report | |
| Prior Audit Recommendations Follow-up – January 2014 |
Reports & Policies
Statistical Reports
Traffic & Earnings Reports
Internal Audit Reports
Inspection Reports
Statistical Reports
Traffic Data & Statistics
Finance Policies
Agency Policies
Central Florida Expressway Authority
CFX Headquarters
4974 ORL Tower Road
Orlando, FL 32807
Phone: (407) 690-5000
Fax: (407) 690-5011
Email: info@CFXway.com
Public Records Requests
Records Management Department
Phone: (407) 690-5000
Email: PublicRecords@CFXway.com*
*Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.