320 likes | 601 Views
2. Learning Objectives. At the end of this presentation, you should have an understanding aboutwhat is a Risk and a Risk Assessmentwhat is meant by Internal Controls"specific examples of internal controls that can protect you and your department. . 3. . Risk Awareness. . Internal Control. .
E N D
1. 1 Internal Controls What Are They and Why Should I Care?
or
Isn’t That Someone Else’s Job?
Presented to
RARA
October 2008
2. 2 Learning Objectives At the end of this presentation, you should have an understanding about
what is a Risk and a Risk Assessment
what is meant by “Internal Controls”
specific examples of internal controls that can protect you and your department
3. 3
4. 4
Risk Awareness
5. 5
6. 6
Risk Assessment
7. 7
8. 8
9. 9
10. 10
11. 11
Internal Controls
12. 12
13. 13
14. 14
15. 15
16. 16
17. 17
18. 18 Control Characteristics / Activities Controls can be preventive (preferable) or detective:
Preventive: Control mechanism that prevents problems from occurring
Authorization / Approvals
Segregation of duties
Management oversight
System access controls (passwords)
Physical access controls
Cash safes
Safety clothing
Detective: Control mechanism that uncovers a problem
Account reconciliation and review
Budget vs actual analyses
Effective monitoring
Exception reports
Complaints / tips / hot-line calls
Job rotations
Smoke alarms
Motion detectors
19. 19 Control Characteristics / Activities
20. 20
21. 21 What Should Research Administrators Expect from the Office of University Audit? Presented to
RARA
October 2008
22. 22 Learning Objectives At the end of this presentation, you should have an understanding about
the purview of the Office of University Audit (OUA)
how OUA conducts audits, both horizontal and department-specific
how OUA responds to consultative requests
24. 24 Office of University Audit Mission Statement “Our mission is to provide audit and advisory services to the University Community by assessing risks, analyzing controls, and ensuring that business practices are effective, efficient, and compliant with University and regulatory policies.”
25. Office of University Audit Organizational Chart
26. 26 Elements of an ideal relationship An audit function with a modern perspective
OUA understands the complex nature of research administration in a university
Audit staff are highly knowledgeable about current applicable government rules and UR policies
Audit staff are highly knowledgeable about internal controls
OUA is focused on customer service and “let’s get it right”
27. 27 What to expect from the Office of University Audit Horizontal Audits:
Advance e-mail notification to the department chair (no surprise visits)
Maximum use of existing data for transaction testing
Adequate time will be given to your department to respond to our request
Face to face meeting to discuss your processes and procedures
Immediate feedback of findings, to ensure they are accurate and to initiate immediate corrective action
Feasible improvement recommendations
Follow up until control weaknesses are addressed
28. 28 What to expect from the Office of University Audit Sponsored Research Audits:
Structured risk assessment approach to identify the major risks to the sponsored research endeavor
Collaborative audit planning to ensure high risk areas are identified
Formal audit plans and schedules with no surprises and no unnecessary interference during critical time periods
Maximum use of existing data for transaction testing
Immediate feedback of findings, to ensure they are accurate and to initiate immediate corrective action
Feasible improvement recommendations
Follow up until control weaknesses are addressed
29. 29 Questions to Ask When Selected for Audit What is the audit objective?
What are the highest risk areas in which you will focus? What might you do to address these risks?
Who will perform the audit, and when?
Who from our Dept will be required to assist you in the audit and what will be our roles?
What information will you need from us, and are there less obtrusive, alternative sources?
When will I know if you think you have identified a problem? Who else will know?
How will you develop recommendations?
How will you know that recommendations have been implemented?
When are your final conclusions reported and what is your reporting model?
Expect high performance and good customer service from your auditor!
30. 30 What can you do?
Open your staff training opportunities and information networks to your auditors.
Compare your understanding of the auditor’s role with her/his understanding…work together to close gaps
If you still have concerns, discuss them with the OUA…openly and non-defensively
31. 31 What to expect from the Office of University Audit Sponsored Research Consultation:
Timely response to your questions and requests
“Customer service” oriented approach when responding to calls / e-mails for advice
Will facilitate collaboration with other university departments when responding to complex questions
Able to respond immediately to concerns of questionable or fraudulent behavior
32. 32
33. 33 Questions? Contact
Salim Alani - salim.m.alani@rochester.edu
Chris Butler - chris.w.butler@rochester.edu
OUA Webpage
http://www.rochester.edu/adminfinance/audit/