1 / 36

APSCU Internal Control Audits for Risk Management Academic Affairs and Registrar Operations

Agenda. Risk Management Process OverviewReview of Risks in Academic AffairsImplementation of Risk Management Process. 2. Risk Management Process. Risk - an uncertain event or condition that, if it occurs, has a positive or negative effect on process, project's, or company objectivesRisk is

basil
Download Presentation

APSCU Internal Control Audits for Risk Management Academic Affairs and Registrar Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. APSCU Internal Control Audits for Risk Management Academic Affairs and Registrar Operations Presented by Randall Killeen VP and Controller Education Management Corporation 1

    2. Agenda Risk Management Process Overview Review of Risks in Academic Affairs Implementation of Risk Management Process 2

    3. Risk Management Process Risk - an uncertain event or condition that, if it occurs, has a positive or negative effect on process, project's, or company objectives Risk is inherent in any organization Risks constantly change due to changes in internal business practices, personnel changes, external business environments (competition and regulation), and due to changing customer needs No organization can have a perfect control environment. As a result, risk management is necessary to ensure operations are running efficiently and effectively in compliance with all internal and external standards. The goal of Risk Management is to establish an appropriate control environment for accurate financial and operational reporting. Risk Management - is the identification, assessment, and prioritization of risks resulting in the use of internal and external resources to mitigate, monitor, or eliminate control risks that could negatively impact the organization Risk Management Process – to have a complete risk management process, an organization should review risks across all functional areas, rank the risks within those areas as well as the company as a whole, rank the potential impact of the risk as well as the probability of occurrence, and review the rankings to establish a prioritization of risks. 3

    4. Risk Analysis Impact vs. Probability 4

    5. Risk Management Process Identifying the Risk Universe – Control environments can be assessed in multiple ways. A complete risk review should be performed using elements of all 4 assessment scenarios. Top-down – Defined based on criteria established for Sarbanes Oxley 404 compliance, this approach looks at those processes that could have a significant impact to the company’s financial statements by doing the following: identify significant financial reporting accounts or activities (establish a materiality threshold for example x% of EBITDA or profit) identify material risks within these accounts or disclosures determine which entity-level (organization-wide) controls address the risks identified determine which transaction-level controls address the risks identified determine the nature, extent, and timing of evidence gathered to complete the assessment of in-scope controls Bottom-up – this is an organization specific model in which high volume or high impact transactions are mapped from the process to final reporting, to identify key risk points in the process. 5

    6. Risk Management Process Fraud Flags/Scenarios – Identify potential fraud scenarios at your organization, and assess/design controls to ensure that fraud is mitigated. Using the Fraud Diamond as a guide, fraud is most likely to occur when: Incentive – are there incentives to perpetrate fraud in the organization (promotions, maintaining KPIs, bonuses, etc…)? Opportunity – does any person or group have a concentration of duties that would allow them to complete an entire significant transaction? Rationalization – Are policies, procedures, and practices ambiguous enough that they could promote a fraudulent environment. Are employees treated in a manner that would make them motivated to perpetrate fraud? Capability – is there a type of person that would be more likely to commit fraud, based on personal traits, or outside economic factors? Operations Indicators – this is the review and development of Key Performance Indicators (KPIs) . KPIs could be reviewed by school and benchmarked against the entire organization or industry (if available) to identify those operational areas that require improvement. 6

    7. Typical Operational Risk Causes, Events and Effects 7

    8. Two Approaches to Assessing Operational Risks 8

    9. Control Evaluation Control Evaluation and Ranking – assess each risk by using observation, process walkthroughs, detailed testing, hotline calls, customer-supplier feedback, regulatory requirements, internal requirements, and best practices Review each process from a stakeholder perspective (students, faculty, staff) This allows for a full assessment of key stakeholder concerns Ensures stakeholders are aware of internal control environments and the need for ongoing assessment Stakeholders should be involved in the identification of those areas within a process that have the potential to impact: Stakeholders, process outcomes, data integrity or regulatory compliance 9

    10. Quantification of risk exposure is sometimes difficult as there may be no monetary value associated with that particular control. In instances where quantification is not possible, stakeholders and compliance groups must determine as a company, the acceptable risk the organization is willing to bear. Based on the quantification of risks, a risk response should be developed Risk Responses: - Accept = continuous monitoring - Avoid = eliminate the process or business - Reduce = institute preventive or multiple phase detective controls - Share ownership = outsource the process or share liability Mitigation of Key Risks 10

    11. Risk Mitigation Impact vs. Probability 11

    12. Risk Monitoring and Review Managing ongoing control efforts should be based on a cost benefit analysis of such efforts If the likelihood and impact of a control weakness are low, the cost of process implementation and monitoring should also be low This process is cyclical, as any changes to the situation (such as operating environment or needs of the unit) requires re-evaluation per step one Follow-up Rules of Thumb: A reasonable timeframe for process re-engineering and control remediation should be established in conjunction with process owners and audit personnel Follow-up review and ongoing monitoring of these processes should be based on the timeline established At least annually each organization within the company should review their own process to ensure they are operating efficiently and effectively Annually an internal assessment of prior year controls (and remediation efforts) should be reviewed in addition to changes to internal practices, personnel turnover, and external environment changes, to aid in the scoping of continuous audits Customer feedback, reconciliations, adjustments, and employee feedback surveys should also be used as ongoing process evaluation tools 12

    13. Key Risks Evaluation Satisfactory Academic Progress Academic Quality Persistence Attendance Registrar Operations 13

    14. Enterprise Risk Management: Academic Affairs – Risk Evaluation 14

    15. 15

    16. 16

    17. 17

    18. Enterprise Risk Management: Academic Affairs – Risk Evaluation 18

    19. 19

    20. Curriculum Development All curricula are developed with extensive research which includes input from industry professionals. Campuses maintain Professional Advisory Councils (PACS) for each curriculum area in order to have regular input regarding changes in the industry and to review existing curricula for currency. Consideration for developing a new program includes research into program outcomes and assessing number of graduates from other colleges in the area, what the potential job market is for graduates, potential starting salaries and career paths over time. All programs are regularly evaluated according to an established program review schedule to ensure currency. These reviews include analyzing key metrics including enrollment numbers, persistence, and graduate outcomes. Program reviews include cross-functional representation such as IT to ensure that hardware and software remain current with industry standards. Input for new program development comes from a variety of levels. Centrally, researchers are continually looking at competitors’ offerings as well as conducting on-going environmental scans to identify new and emerging opportunities. Input is regularly sought from faculty and campus personnel as well from those working in the field. 20

    21. Quality of Delivery Department chairs are required to conduct regular classroom observations of all faculty teaching within their departments. Feedback to faculty is structured and designed to assist faculty members in consistently improving the classroom experience to students. Student surveys are consistently administered in order to assess faculty effectiveness. Surveys are widely used throughout higher education to assess faculty effectiveness. Students have an opportunity to evaluate their courses on a number of variables. Department chairs use the survey results to work with faculty on continually improving their course delivery. A number of other surveys are completed on a regular basis. Such as Noel Levitz. This is a student satisfaction survey that, among other data points, assesses student satisfaction with the quality of their academic experience. Ratings include satisfaction with quality of instruction, quality of curriculum, and availability of faculty outside of class for advising and counseling. A graduate satisfaction survey is sent to all graduates to, again, assess their satisfaction with their academic program, classroom experience and other factors. Thirdly, employers who hire graduates are surveyed to determine their perception of the effectiveness of the education that our students received. Satisfaction trends across survey instruments are monitored to determine highly effective campuses and best practices, as well as to identify areas for improvement. 21

    22. Qualified Faculty All faculty are evaluated and hired based on the accreditation requirements governing the individual campus Periodic reviews of faculty files are conducted by internal audit and academic affairs’ specialists to ensure that the appropriate credentials are present and that files are being maintained in a manner that meets accreditation requirements Faculty are evaluated on an annual basis using a standardized assessment which includes assessment of the following: Provides competency-based education Designs class instruction Enables student exit competencies Delivers learning-centered instruction Encourages student success Manages the classroom environment Contributes to a culture of learning Relates industry-related experience to learning School policy maintains an annual professional development requirement for all faculty: 24 hours for FT faculty; 12 for PT faculty In addition to campus and education system-based faculty development, centralized on-boarding resources are available to faculty. These resource covers: Creating a Learning-Centered Course Syllabus Lesson Planning Learning Styles Engaging Students for Success Instructional Strategies Questioning Assessment Rubrics: Effective Assessment Tools Effective Test Design Critical Thinking Meaningful Course Revision 22

    23. Enterprise Risk Management: Academic Affairs – Risk Evaluation 23

    24. 24

    25. Student Retention Weekly retention reports are provided to all education systems and campuses following the ACICS retention calculation as follows: Retention (A-B)/A %    (A = Adjusted Total Unduplicated Enrollment, B = Withdrawals)   Adjusted Total Unduplicated Enrollment:   (Enrollment as of the beginning of this reporting period, July 1, 2009 +                                          Additions during the year: New starts and re-entries) – Students reported as part of the enrollment as of the beginning of this reporting period were also reported as new starts during this same reporting period – Students who withdrew to enroll in institution with common ownership.   Withdrawals: All students who dropped from the enrollment number that were not dropped for military reasons. Using a consistent reporting mechanism allows goals to be set and performance year over year to be assessed on an on-going basis.  25

    26. Enterprise Risk Management: Academic Affairs – Risk Evaluation 26

    27. 27

    28. Enterprise Risk Management: Academic Affairs – Risk Evaluation 28

    29. Enterprise Risk Management: Registrar Operations– Risk Evaluation 29

    30. 30

    31. Registrar Operations System/User Control Review: Authentication controls for students and institutions as we work to collect appropriate documentation. User access and segregation of duties. An audit trail, reporting and periodic quality control verification for admission and transfer credit decisions. Security, access, audit and inventory of diploma paper, transcript paper and school stamp and seal. 31

    32. Registrar Operations Establishment of policies and procedures: All relevant information included Proper personnel approval Distribution list and ongoing reference Training and resources related to policies/procedures Ongoing training (annual and new-hire) on internal policies, systems, processes and external resources to validate credentials (aka diploma mills, student produced document/fraudulent credentials) Ongoing monitoring of policy implementation Appeals process information System Changes: Changes are translated appropriately from policy to programming language Changes are approved prior to system update System changes are testing in a "safe" mode prior to full implementation Training occurs in conjunction with change implementation All training manuals reflect the system changes 32

    33. Registrar Operations Periodic Checklists: Reflect all appropriate policies and procedures Reflect the minimum admission and transfer credit requirements Indicate the reporting required from each relevant system, and the appropriate levels of review Indicate program specific admission and transfer requirements Indicate all non-routine transaction types for follow-up Failure to meet admission requirements: Probation and appeal standards are outlined in student handbooks/catalogs Reports are run periodically to measure effectiveness and mitigate risk factors (i.e.: academically complete and have outstanding financial obligations, Incomplete grade deadline dates) so student are alerted as to their status Students that don’t meet requirements are notified timely, and counseled per guidelines Policies are outlined in student catalog Students eligible to receive diplomas are checked against list sent to vendor and diplomas received Documentation in the student file indicates that the student record and graduation processes are working as outlined 33

    34. Enterprise Risk Management: Registrar Operations– Risk Evaluation 34

    35. Enterprise Risk Management: Academic Affairs – Risk Evaluation 35

    36. Appendix 36

    37. Final Program Integrity Rules 37 Satisfactory Academic Progress.pdf Definition of Required to Take Attendance.pdf

More Related