1 / 20

Other High-Risk Areas and Compliance Wrap-up Presented by: Charles G. Chaffin, CPA, CIA Director of Audits and System-wi

Other High-Risk Areas and Compliance Wrap-up Presented by: Charles G. Chaffin, CPA, CIA Director of Audits and System-wide Compliance Officer The University of Texas System April 12, 2006. Compliance Track Agenda . Day 1 Compliance fundamentals High compliance risk areas

magdalen
Download Presentation

Other High-Risk Areas and Compliance Wrap-up Presented by: Charles G. Chaffin, CPA, CIA Director of Audits and System-wi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Other High-Risk Areas and Compliance Wrap-up Presented by: Charles G. Chaffin, CPA, CIA Director of Audits and System-wide Compliance Officer The University of Texas System April 12, 2006

  2. Compliance Track Agenda • Day 1 • Compliance fundamentals • High compliance risk areas • Environmental Health and Safety • Day 2 • Research • NCAA • Day 3 • Student Financial Aid • Other high compliance risk areas • Wrap-up and Enterprise Risk Management

  3. High Risk Areas • * Environmental Health & Safety - proper use and handling of dangerous materials, lab safety, and fire safety • * Research - research not conducted in accordance with approved protocol or federal regulations • * Contract Administration / Effort Reporting - improper effort reporting on federal grants, unallowable costs • * Intercollegiate Athletics - adherence to the rules and regulations of the NCAA • * Student Financial Aid – Student eligibility, fiscal management in accordance with Education Department * High Risk Areas already discussed

  4. Other High Risk Areas • Clinical Billing • Medical billing that is not appropriately documented and coded • Endowments • Adherence to terms of endowment agreement • Fiscal Management • Safeguarding of physical and financial assets • Presidential travel and entertainment • Segregation of duties

  5. Other High Risk Areas • Human Resources • Equal opportunity/affirmative action • Sexual harassment • Leave administration • Fair hiring practices • Information Resources/Security • Systems integrity/continuity/availability • Security regulations • External access • Privacy (HIPAA, FERPA, Graham-Leach-Bliley) • Improper disclosure of private/sensitive/protected information

  6. Health Care

  7. Endowments Hogg Family Jackson Estate

  8. Information Systems Cray Supercomputer

  9. Wrap-Up

  10. Compliance Track Agenda • Day 1 • Compliance fundamentals • High compliance risk areas • Environmental Health and Safety • Day 2 • Research • NCAA • Day 3 • Student Financial Aid • Other high compliance risk areas • Wrap-up and Enterprise Risk Management

  11. Compliance vs. Audit Programs • Compliance works with the business units to maximize compliance with applicable laws, rules, regulations, policies and procedures • Compliance functions are generally embedded in the business function and are part of the control structure • On-going, daily assurance • Audit is an independent, objective assurance and consulting activity designed to add value by evaluating the control structure • Periodic and after the fact assurance

  12. Implementation of an Effective Institutional Compliance Program • Building the Infrastructure • Creating Compliance Awareness • Managing Critical Risks • Appraisal and Renewal

  13. Managing Critical Risks • Risk MANAGEMENT Process for “A” risks • Single High-Level Responsible Party • Dean or Provost, VP of Research or Business, HR Director • Knowledge and authority to manage risk • Specialized Training Plan • Risk Specific – For whom, what knowledge, frequency, by whom • Monitoring Plan • How do you know if you are following the rules? • Reporting Plan • Report Cards to Compliance Officer and/or President, corrective action • What activity and items to be reported, frequency, for whom

  14. Compliance Audit Objectives • To provide assurance that an effectively designed compliance program for the high risk area has been implemented and is operating effectively • Are risk assessments taking place? • Are risk management plans in place for all high compliance risk areas? • Single high-level responsible party? • Specialized training provided to appropriate personnel, by appropriate content experts? • Monitoring plans in place and being executed for all high compliance risk areas? • Is the reporting structure operating? Corrective actions implemented? • Providing periodic assessment of the overall compliance program • To provide assurance that the institution is in compliance with policies, plans, procedures, laws, and regulations that could have a significant impact on operations and reports

  15. Expanding the Horizons: Enterprise Risk Management

  16. ERM Drivers • Operational question - Why are we looking only at compliance risks (the risk policies, rules or laws are not followed)? • What about… • Strategic Risks: goals not aligned with the institution’s mission • Operational Risks: mistakes or failures in operations or performance • Financial Risks: financial loss Solution = Enterprise Risk Management

  17. What is ERM? • Enterprise risk management (ERM) is • a continuous, proactive and systematic process • to understand, manage, and communicate businessrisk • from an organization-wide perspective.

  18. Why ERM? • Involves all levels of the organization • Top-down, resulting in more complete assessment • Alignment with strategic initiatives • Facilitates continuous assessment and longer range planning • Makes risk and controls understandable • Provides a simple, uniform methodology • Better allocation of assurance resources • Can be easily updated year to year • JUST GOOD BUSINESS

  19. Resources • www.utsystem.edu/compliance • www.utsystem.edu/AUD • www.theiia.org • www.coso.org

  20. Thank You! Charles Chaffin Jane Youngers Pete Carlon David Givens Amy Barrett Kimberly Hagara Michael Charlton Paige Buechley Lisa Blazer Paul Pousson Dick Dawson

More Related