Central Florida Expressway Authority

The Central Florida Expressway Authority internal auditor periodically reviews different aspects of the agency’s day-to-day operations and makes recommendations to the Audit Committee and the CFX Governing Board.

See audit reports approved by the Audit Committee below.

Central Florida Expressway Authority’s Internal Auditor Policy.

Fiscal Year 2019 Audit Reports

Document Title	File Format
Customer Contact Center Performance Assessment	PDF
Prior Audit Recommendations Follow-Up	PDF
DAVID Data Security Assessment	PDF
Cybersecurity Incident Response Review	PDF
PCI Assessment- January 2019	PDF
DHSMV Data Security Assessment- November 2018	PDF
Procurement and Contract Billing Audits- January 2019	PDF
Prior Audit Recommendations Follow-Up- September 2018	PDF
Penetration Test Report Summary 2018	PDF
Physical Security Assessment Report Summary 2018	PDF
Internal Audit Plan	PDF

Fiscal Year 2018 Audit Reports

Document Title	File Format
Ethics Policy Compliance Audit	PDF
Tolling System Replacement Review Phase III Vulnerability Scanning	PDF
IT General Controls Review	PDF
Pay By Plate Audit (Toll Violations and Wekiva Parkway Cashless Toll Revenue Audits)	PDF
Prior Audit Recommendations Follow-Up January 2018	PDF
Procurement and Contract Billing Audits January 2018	PDF
Safety and Maintenance Policies and Procedures Compliance Audit February 2017	PDF
TRAILS Program Review February 2018	PDF
DHSMV Data Security Assessment December 2017	PDF
PCI Assessment with Report on Compliance December 2017	PDF
Prior Audit Recommendations Follow-Up- August 2017	PDF
Information Security Risk Assessment Phase II	Exempt

Fiscal Year 2017 Audit Reports

Document Title	File Format
Prior Audit Recommendations Follow-Up- August 2016	PDF
Public Records Review	PDF
DHSMV Data Security Assessment	PDF
Prior Audit Recommendations: Semi-Annual Follow-Up- January 2017	PDF
Procurement and Contract Billing Audit	PDF
Call Center Staffing Model Development	PDF
Vendor Security Review	PDF
Purchasing Spend Data Audit	PDF
Accounting System Access and SOD Review	PDF
Human Resources Process Review	PDF
Business Continuity Management Review – 2017	PDF
Information Security Risk Assessment Phase I	PDF
Change Management – Tolling System Replacement Audit	PDF
Customer Service Center Performance Assessment	PDF
Discount-Rebate Program Audit	PDF
Internal Audit Plan	PDF

Fiscal Year 2016 Audit Reports

Document Title	File Format
2016 Toll Revenue Audit	PDF
Prior Audit Recommendations Follow-Up – January 2016	PDF
ROW Counsel Procurement and Invoice Audit	PDF
2016 Contracts Audit	PDF
Prior Audit Recommendations Follow-Up – September 2015	PDF
Bond Financing Review	PDF
DHSMV Data Security Assessment	PDF
Payment Card Industry (PCI) Assessment	PDF
2013 COSO Framework Governance Review	PDF
ITS Systems Security Review	Exempt
PCI 3.0 Gap Assessment	Exempt

Fiscal Year 2015 Audit Reports

Document Title	File Format
2015 Contracts Audit	PDF
Prior Audit Recommendations Follow-Up – September 2014	PDF
Sensitive Data Audit Report	Exempt
Back Office Customer Call Center Review	PDF
Business Impact Analysis Report	Exempt
Prior Audit Recommendations Follow-Up – September 2014	PDF
PCI Report on Compliance	Exempt
DHSMV Data Security Assessment	Exempt
Prior Audit Recommendations Follow-Up- March 2015	PDF
Ethics Policy Compliance Review- June 2015	PDF

Fiscal Year 2014 Audit Reports

Document Title	File Format
Contracts Audit	PDF
2014 OOCEA Maintenance and Safety Compliance Audit Report	PDF
Prior Audit Recommendations Follow-up – January 2014	PDF

Reports & Policies

< Go Back

Statistical Reports
Traffic & Earnings Reports
Internal Audit Reports
Inspection Reports
Statistical Reports
Traffic Data & Statistics
Finance Policies
Agency Policies

Central Florida Expressway Authority

CFX Headquarters
4974 ORL Tower Road
Orlando, FL 32807

Phone: (407) 690-5000
Fax: (407) 690-5011
Email: info@CFXway.com

Public Records Requests

Records Management Department
Phone: (407) 690-5000
Email: PublicRecords@CFXway.com*

*Under Florida law, e-mail addresses are public records. If you do not want your e-mail address released in response to a public records request, do not send electronic mail to this entity. Instead, contact this office by phone or in writing.