College Reviews
An Overview
Presented by Howard Lutwak, CIA
Director of Internal Audit
January 2004
Agenda




Background on Internal Audit
Risk and Internal Controls
College Review Workplan (Audit
Program)
Audit Process
2
What is Internal Audit?


An independent, objective assurance and
consulting activity designed to add value and
improve an organization's operations.
It helps an organization accomplish its
objectives by bringing a systematic disciplined
approach to evaluate and improve the
effectiveness of risk management, control
and governance processes
Source: Institute of Internal
Auditors
What happens during an
Internal Audit?


The auditor may inspect, analyze, and
verify records and obtain information by
interviews, questionnaires, and physical
inspections
An internal audit review is a risk-based
examination of an organization,
program, function or activity.
4
Risk



Any issue that could impair the ability
of the College to achieve its objectives
Can be measured in terms of
likelihood and impact
Your input is solicited in identifying
inherent risks within the college, areas
of concern, and areas that you would
like to have included in the audit
5
Risk

Categories of Risk
Strategic Risk:
Goals and objectives
Financial Risk:
Loss of assets
Operational Risk: Ongoing management
processes
Compliance Risk Laws and Regulations
Reputational Risk Tarnishing of image
6
Risk Assessment

Questions to ask






What can go wrong?
What areas have the most risk?
What assets are at risk?
Who is in a position of risk?
What do we not want to appear on the 5
o’clock news or in the LA Times?
Are internal controls in place to mitigate
the risks?
7
What are Internal Controls?



Steps taken to obtain reasonable
assurance that objectives are achieved
The policies and procedures that help
ensure management directives are carried
out
Help ensure that necessary actions are
taken to address risk to achievement of
the college’s objectives.
8
Objectives of Internal Controls





Compliance with policies, laws, regulations,
contracts, etc.
Accomplishment of Goals and Objectives
Reliability and Integrity of Information
Economical and Efficient Use of Resources
Safeguarding of Assets
9
Responsibility for Internal Controls


Management is responsible for developing
an appropriate system of internal controls
Every employee is responsible for following
and applying those practices
10
Examples of Internal Controls







Using passwords to protect computer files
Reconciling accounts
Authorizing and approving transactions
Periodic asset counts
Periodic comparisons
Investigation of discrepancies
Physical safeguards against theft and fire
11
College Review Work Plan


Also known as an audit program
Emphasis is on what internal controls are in
place. Areas for review could include:





Fiscal activity
Human resources
Health and Safety
Equipment and assets
Information systems
12
“Ideal” Audit Observations



Departmental administrative policies,
procedures and practices are
documented
All accounts are reconciled regularly
Cash receipts are promptly endorsed,
recorded, safeguarded, deposited and
reconciled
13
“Ideal” Audit Observations




Check requests are properly authorized,
and sufficiently documented
Procurement card use is adequately
controlled.
Time sheets are properly authorized
and agree with payroll records
Performance evaluations are prepared
on a timely basis
14
“Ideal” Audit Observations



University equipment used in an
employee’s home is documented and
approved
Logical and physical security over
computer systems is adequate
All employees have completed the
Injury and Illness Prevention Training
15
Audit process summary









Notification
Entrance conference
Preliminary survey of operations
Fieldwork – discussion of potential issues
Draft Audit Report
Exit conference
Final report
Audit evaluation/Client survey
Audit follow-up
16
Questions
17