Download presentation
1
The Role of the Internal Audit Department
Research Administrators Network
2
Definition of Internal Auditing
“Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ” The Institute of Internal Auditors Research Administrators Network
3
Research Administrators Network
We’re Here to Help! Identify Risks Find Better Ways and Best Practices Partner With You to Find Solutions Prevent Problems Research Administrators Network
4
We Report to the Board of Regents Audit Committee
- Ensures independence Elevate issues to a level where they can be corrected Keeps Regents informed Meets quarterly Independence is the foundation of auditing The Regents can provide resources needed to correct some issues The President and Regents can adopt policy changes Research Administrators Network
5
What is Risk Based Auditing?
Focus on risk of occurrences that could prevent the University from achieving its goals There are many types of risk – fraud, improper reporting, ineffective or inefficient use of resources, credibility loss, etc. Focus on areas with high risk and high probability that controls are not in place or are weak Research Administrators Network
6
Research Administrators Network
We have a plan! Risk based audit plan developed with input from across the University Risk factors: Impact Probability Controls Impact - What would be the impact on the University if this item failed to function? such as a major fraud, or a disruption in business, what would be the impact to the University? § High Impact - it could create serious problems for the University that could result in the loss or use of resources, a significant loss of revenues/funding, or unfavorable publicity and possible harm to the University’s reputation § Medium Impact – the University would recognize the impact, but would be able to manage the problem § Low Impact ·- it would not have a significant impact on the University or its reputation Probability – Without considering existing process controls that may exist, what is the probability that this breakdown could occur? Every area has certain checks and balances that help prevent things from going wrong, such as review processes, issuing receipts for money received, and approvals (auditors refer to these processes as “controls”). If the controls were not in place, what is the possibility that something would go wrong? Items that might increase the probability include high volumes of transactions, highly regulated areas, large amounts of cash and high employee turnover, involvement of management. § High Probability – it is very likely that something could go wrong § Medium Probability – it is possible that something could go wrong § Low Probability – it is not likely that anything will go wrong Controls - How well does the University manage this potential risk, i.e. how good are the controls in this area? Are there currently processes in place that provide good checks and balances? Are you aware of problems that have occurred in the area that could have been prevented by better controls, if yes, then the controls may not be as good as they could be. § Good – processes exist that should prevent the majority of possible losses or other problems § Average – processes are in place that will usually prevent problems, although the processes could be better § Poor – there are few processes in place to prevent losses or problems, or the processes are not working Research Administrators Network
7
Research Administrators Network
What Is the Plan? List of audits for fiscal year Based on risk assessment and available man hours Includes estimated budget hours and completion date Approved by Audit Committee Leave some room for the unexpected Requests and unforeseen issues are presented to Audit Committee for approval Research Administrators Network
8
Research Administrators Network
Auditable Entities WE DO NOT AUDIT Specific individuals Human Resource issues Sexual harassment or other civil rights issues WE DO AUDIT Operations and compliance Departments Colleges or Schools Programs, Grants, Contracts Information Technology Systems University-wide Processes May get into performance auditing in the future Research Administrators Network
9
Internal Audit is Intake Point for Whistleblowers
University policy requires Internal Audit to receive reports of Misconduct Fraud Several ways to report Hotline Phone Walk in We interview complainant – complete form informing them of process and rights and if they agree tape record interview. Based on nature of complaint we will refer and provide copies of tape and short synopsis of interview. If confidentiality is an issue we try our best to maintain it however without a name it is sometimes difficult to conduct an investigation. Research Administrators Network
10
Investigations of Fraud and Employee Misconduct
Whenever possible we will refer to the appropriate Dean, University Police, OEO or Human Resources for investigation University policy requires Internal Audit to investigate if financial or operational Internal Audit coordinates and reports to the State Auditor Based on University policy we refer complaints to appropriate department for investigation If we conduct an audit and find inappropriate use of University assets or misappropriation of funds we request an opinion from University Counsel on whether the matter constitutes fraud and if so it is reported to the State Auditor and University Police. We have dealt with opposing counsel, insurance adjusters, state police and federal program investigators Research Administrators Network
11
Research Administrators Network
Who Are We? We are University employees We are certified public accountants, internal auditors, fraud examiners and information system auditors We are a staff of 7 auditors Most auditors have two certifications Half the staff have been with Internal Audit for over 20 years Most auditors have more years audit experience in public accounting, financial auditing, internal audit and performance audit Research Administrators Network
12
It’s the “little” things that get you!
Misreporting hours. Forgetting to obtain prior approval when needed. Using estimates that are not supported. Any violation of University policy. We have helped HR in several cases where employees claimed to be at one place and were not there. In one case an employee claimed to be going t class but was not Not reviewing P-card transactions Not approving purchases prior to placing orders Unfamiliarity with University policy or misunderstandings Research Administrators Network
13
Research Administrators Network
Preventive Measures Make sure your controls are working Review and reconcile Check the work of your subordinates Don’t give in to the temptation to skip controls because you are busy! It is difficult to take the time to develop a policies and procedures manual To review and scrutinize documentation However, it is even more time consuming to under go an audit or investigation Research Administrators Network
14
What is included in the audit report?
What was found Why it happened What is required What effect it has Recommendation for improvement Response – who, when and how Audits have six elements Condition Cause Criteria Effect Recommendation Response Reports have an executive summary with a conclusion answering the objective Background relating to the area under audit Observations and Recommendations Research Administrators Network
15
What happens after the audit?
Follow-up Review corrective action Report to Audit Committee Have two reports – recommendations cleared and past due Based on timeframes provided in the response, we conduct a follow-up to verify that corrective action occurred. Audit committee is concerned with past due and pay close attention to this report Ha Research Administrators Network
16
Who Audits the Auditors?
We must have a peer review at least once every five years Our Standards are set by the Institute of Internal Auditors, and the American Institute of Certified Public Accountants Research Administrators Network
17
We Want to Know How We Are Doing
At the completion of each audit we will send an after-audit-survey We want you to rate our performance Were we professional, helpful, timely and did we add value? Please take the time to give us your feedback. This is one of our measures to determine if our work is adding value to the University Research Administrators Network
18
Research Administrators Network
We are here to help We provide training Respond to policy and technical accounting questions Offer suggestions for improvement Advisory role PI training Cash Management Grants Management Will conduct consulting services to prevent problems or discontinue inappropriate processes Research Administrators Network
19
Christine Chavez Director of Internal Audit
1801 Roma NE Research Administrators Network
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.