Nov. 30, 2004 Compliance Issues and Audits

TOPICS TO BE DISCUSSED Audits – definition, types of auditors, types of audits Role of WSU Internal Auditor Internal controls – definitions and types Selected compliance issues

Roles and Responsibilities Controller’s office – establishes, maintains and reviews the system of internal control. Organizational unit managers - responsible for internal control within that unit.

OBJECTIVES Provide employees with knowledge and skills so that we can be better prepared for an audit.

OBJECTIVES Encourage all employees to “take ownership”

OBJECTIVES Decrease overall risk for WSU Extension/CAHNRS

OBJECTIVES Create/maintain organizational efficiencies and local control

BUSINESS AFFAIRS/CONTROLLER’S OFFICE OTHER CENTRAL SERVICES  EXTENSION, CAHNRS, VETMED, SCIENCES, ETC.  DEPARTMENT /DISTRICT ADMINISTRATIVE ASSTS.  COUNTIES  PRINCIPAL INVESTIGATORS, PROGRAM DIRECTORS, LEARNING CENTER COORDINATORS; INSTRUCTORS; EXTENSION ADMINISTRATOR  EMPLOYEE

Systematic review Evaluate conformance to some norm or benchmark What is an Audit?

Types of Auditors Internal – WSU Employees External – State Auditors, Private Firms Governmental Audit Agencies (GAA)

Types of Audits Financial Statement Audits - assure users that statements are fairly presented (External and GAA) Compliance Audits – obtain reasonable assurance of compliance with state and local laws and regulations (Internal, External, GAA)

Types of Audits Single Audits – meet the needs of all federal grantor agencies (External, GAA) Investigative – Fraud, whistleblower (Internal, GAA) Performance - Coming soon?

FREQUENCY OF AUDITS CAHNRS – last six month period Compliance audit – payroll, external auditor Whistleblower

CONSEQUENCES OF AUDIT FINDINGS Financial Statement Audit: Restatement Compliance Audit: Implementation of Internal Controls to Avoid Future Findings; Investigative Repayment, dismissal, hard-time

CONSEQUENCES OF AUDIT FINDINGS Single Audit Repay unallowed costs Extrapolate to all of WSU Performance All Audits: Unwanted publicity, loss of respect and/or trust

INTERNAL AUDITOR’S OFFICE Presentation by Norm Coffman

Internal Controls Management process for keeping an entity on course in achieving it’s organizational objectives. Provide reasonable assurance that entity objectives are being met.

Entity Objectives Compliance with state laws and regulations Reliability of financial reporting Effectiveness and efficiency of operations

Internal Control System Requirements Should provide reasonable assurance that an organization will accomplish its objectives Reasonable assurance recognizes that cost of an internal control should not exceed the benefit derived therefrom

Internal Control System Requirements Management defines level of risk the organization is willing to accept and strives to maintain risk within those levels

Types of Internal Controls Control Environment – sets the tone of an organization, influences control consciousness of its people, foundation for all other components.

TYPES OF INTERNAL CONTOLS Risk Assessment – Identification and analysis of relevant risks to achieving the objectives

Types of Internal Controls (cont) Information and Communication – Pertinent information must be identified, captured and communicated in a form and time frame that enables people to carry out responsibilities.

TYPES OF INTERNAL CONTOLS Control Activities – Internal policies and procedures that help address the risks.

TYPES OF INTERNAL CONTOLS Monitoring – Assess quality of performance over time.

SINGLE AUDIT ACT Selected items specifically related to Sponsored Projects by Dorothy Heitter

TEMPORARY EMPLOYMENT Selected items specifically related to Temporary Employment by Trudy Kenny

TRAVEL Selected items specifically related to Travelling for WSU business by Michelle Ely.

Cash Handling – Compliance and Investigative Auditor’s check list for Cash Handling by Tucson Smith

Purchasing – Compliance Audits Do purchases meet local, WSU, state, guidelines for allowability? Highest risk – purchases under $2,500 (k-orders, purchasing cards) Internal controls Communication – BPPM, training, BFO Approval – somebody who has knowledge Review

Purchasing – Investigative Audits Investigative Audit – Are state funds being used for personal gain?  Examples (non-existant vendors, purchasing goods for self) Counties and small departments – segregation of duties can be problematic.

Purchasing – Investigative Audits Internal Controls – local level highly important  Authorization  Review – purchases for authorization - budget statements for purchases

Purchasing – Investigative Audits (cont) Internal Controls  Risk Assessment – is there adequate separation of duties?  Control Activities – authorized signatures, review budget statements  Monitoring – review orders for signature, sample orders from budget statements

ASSET MONITORING - Audits Compliance Audit: Are assets being used for mission of university? Investigative Audit: Are assets being used for personal gain?

ASSET MONITORING - Controls Physical Safeguarding Cash, mail meters Written policies regarding usage Challenge course equipment Volunteers using assets

ASSET MONITORING - Controls Authorization codes Phones, fax machines, Review budget statements

QUESTIONS?

THE END THANK YOU FOR JOINING US!