330 likes | 349 Views
Learn about the Internal Audit department at a university, its purpose, key functions, audits, investigations, and how it identifies risks. Explore internal controls and the audit universe to understand the importance of IA in a higher education setting.
E N D
What/Who is Internal Audit? A University department that reports directly to the Board of Regents (BOR) through the Secretary of the BOR and the Chair of the Regents Audit and Financial Advisory Committee (RAFAC)
University of Internal Audit Organizational Chart Board of Regents Chair-Regent Audit and Financial Advisory Committee President Secretary of the BOR Internal Audit Director
What is Internal Audit’s purpose? To assist the Board of Regents in carrying out their fiduciary responsibility of the governance of the university. To assist the University community in recognizing and managing risks to the university.
What kind of work does Internal Audit do? • Audits • Consultations • Investigations • Education
Audits Evaluations of various processes, functions, departments, and activities (NOT people) to: • Identify risks • Determine whether those risks are adequately mitigated
Consultations Provide advice and information to University departments on internal controls, risk management, and sound business practices in such areas as policy development, system or process development, specific issue resolution, etc.
Investigations Conduct internal investigations regarding allegations of fiscal misconduct and fraudulent actions that adversely impact the University. This work looks at the actions of individuals and their intent.
Education Conduct workshops or any other information presentation to the University community on internal controls, risk management, fraud prevention, and sound business practices.
Our Scope-Start with Risk Assessment Identify key risks of the organization Look at all areas of exposure, not just financial Focus on the issues that matter most Develop audit plan to examine higher risk areas
Risk Assessment Factors that affect risk: • External influences (laws, regulations) • Internal influences (policies, culture) • Opportunity for misappropriation • Degree of automation vs. manual processes • Volume and size of activity • Decentralization of processes
Thinking About Risk • Administrators have an important role • Responsible for fiscal affairs of the unit • Lots of expectations from lots of constituents • Funding sources attach strings • Public scrutiny • Too much to do, too little time, too few resources– means you have to evaluate risk and balance conflicting demands • Whistleblowers monitor actions
Audit Universe • Core Processes • Key Functions/Activities • Common Functions/Activities • Organizational Units
The Audit Universe • Core Processes • HR/Payroll • Procurement • Sponsored Programs/Research • Student-Related Services • Academic
The Audit Universe Key Functions/Activities (university-wide or campus based) – examples: • Risk Management • Facilities Management • Information Technology Services • Contracts and Grants • Media Relations
The Audit Universe • Common Functions/Activities – (department-based) examples: • Youth Programs • Conferences/seminars • Study Abroad • Organizational units (2,500 of these across the University, within 500 higher level orgs)
Why IA May Come Knocking on Your Door • As part of a core process evaluation audit, a key function/activity audit, a common function/activity audit • As part of a continuous audit (looking at specific transactions for compliance) • As a department (organization unit) audit • As part of an investigation • In response to a request (consultation)
What is an Internal Control? An internal control is a process within an organization designed to provide reasonable assurance that certain things happen the way we want them to: • Reliability and integrity of information • Compliance with policies, plans, procedures, laws, regulations, and contracts • Safeguarding of assets • Economical and effective use of resources • Accomplishment of established objectives and goals The cost of a control should not exceed its benefit!
Examples of Internal Controls Directive Controls Designed to establish desired outcomes. Examples include: Laws Policies Procedures Meetings
Examples of Internal Control Preventative Controls Designed to prevent errors from occurring Examples: Segregation of duties Pre-authorizations Adequate documentation Physical control over assets Computerized techniques, such as passwords and transaction limits.
Examples of Internal Controls Detective Controls Designed to detect errors Examples include: Reviews and comparisons Account reconciliations Physical counts of inventories
Audits – What does IA look for? In general, Internal Audit looks at what is happening and compares it to what should be happening, as defined by: • Laws, rules, regulations, policies • Sound business practices
Audits – What does IA look for? • Strategic Planning - clarity of objectives/goals; risk assessment • Culture, Management Style, Synergism • Knowledge of authority • Clarity of responsibilities • Communication
Audits – What does IA look for? • Awareness of applicable laws, rules, regs, policies • Presence of controls to ensure objectives are achieved • Segregation of responsibilities • Monitoring • Evaluation and continuous improvement
A Word About Documentation… What is documentation? • In writing • Forms of external documentation • correspondence from outside the institution • invoices, contracts, memorandums of understanding • Forms of internal documentation • forms, internal correspondence, schedules
A Word About Documentation… What does it do? • Provides evidence of business activities • Provides evidence of authorizations Why do we need it? • Audit trail – the series of documentation that provides evidence of the events that transpired to effect a business transaction. It helps to determine the process occurred as intended to ensure compliance and propriety.
Elements of Fraud/Fiscal Misconduct • Act or failure to act • Intent to deceive • Relied upon by others • Loss occurs
Attributes Commonly Present in Fraud/Fiscal Misconduct • Need – financial, ego • Opportunity • Rationalization
Indicators of Fraud • Doesn’t take vacations • Change in life style
Resources Enter resources related to your campus
How to Reach Internal Audit Website: (internalaudit.yourschool.edu) Phone: xxx-xxx-xxxx Fax: xxx-xxx-xxxx Email: IA@yourschool.edu