January 14, 2015
NOTICE TO RESIDENTS OF THE MILWAUKEE AREA
TECHNICAL COLLEGE DISTRICT, WISCONSIN
A regular open meeting* of the ADVISORY AUDIT COMMITTEE of the Milwaukee Area
Technical College District Board, Wisconsin, will be held in the BOARD ROOM, (ROOM M210),
of the MILWAUKEE AREA TECHNICAL COLLEGE, 700 West State Street, Milwaukee,
Wisconsin on THURSDAY, JANUARY 21, 2015, beginning at 3:00 P.M.
The agenda** for said meeting is presented as follows:
A. Roll Call
B. Compliance with the Open Meetings Law
C. Approval of Minutes, October 22, 2015 - Attachment 1
D. Comments from the Public
E. Action Items
None
F. Discussion Items
1. Introduction of Brian Kubik, Internal Auditor
2. External Audit Update
3. Internal Audit Update – Attachment 2
G. Information Items
None
H. Old Business/New Business
Date of Next Meeting: TBD, MATC Board Room, M210
Committee Members: Dull, Gonzalez, Thomey and Wieland
* Other members of the MATC Board may be present, although they will not be participating as
members of this committee. This meeting may be conducted in part by telephone. Telephone
speakers will be available to allow the public to hear those parts of the proceedings that are
open to the public.
** Action may be taken on any agenda item, whether designated as an action item or not.
Agenda items may be moved into Closed Session for discussion when it becomes apparent
that a Closed Session is appropriate under Section 19.85 of the Wisconsin Statutes.
The Committee may return into Open Session to take action on any item discussed in Closed
Session.
Reasonable accommodations are available through the ADA Office for individuals who need assistance. Please call
414-297-6610 to schedule services at least 48 hours prior to the meeting.
Attachment AAC - 1
MILWAUKEE AREA TECHNICAL COLLEGE DISTRICT BOARD
ADVISORY AUDIT COMMITTEE
October 22, 2015
CALL TO ORDER
The regular meeting of the Milwaukee Area Technical College District Board Advisory
Audit Committee was held in open session on Tuesday, October 22, 2015, and called to
order by Mr. David Dull at 3:02 p.m. in the Board Room, M210, at the Downtown
Milwaukee Campus of Milwaukee Area Technical College.
ITEM A.
ROLL CALL
Present: David Dull and Bane Thomey
Excused: Gonzales and Tom Wieland
ITEM B.
COMPLIANCE WITH THE OPEN MEETINGS LAW
Proper notice of the meeting had been given in compliance with the Wisconsin Open
Meetings Law.
ITEM C.
APPROVAL OF MINUTES, April 28, 2015 – Attachment 1
The minutes were approved without objection.
ITEM D.
COMMENTS FROM THE PUBLIC
None.
ITEM E.
ACTION ITEMS
None.
DISCUSSION ITEMS
ITEM F.
F-1 External Audit Update
Discussion:
Mr. John Knepel, partner, Mr. Paul Frantz, senior manager, Baker Tilly and Mr. Naushad
Moolla, Coleman & Williams reported that there were no material weaknesses or noncompliance in this year’s report. He further explained that as a follow up to last year’s
compliance finding-the hiring of a Financial Aid Manager had been completed and that the
College was now in compliance.
Mr. Knepel stated that Baker Tilly issued a draft of the management letter, which also does
not contain any material weaknesses; however, it does contain recommendations which
have been addressed by management. He further stated that this audit was the best audit
to date.
F-2 Internal Audit Update
Discussion:
Mr. Al Shoreibah, vice president, Finance, reported that the College was in the process of
interviewing and hiring an internal auditor.
Advisory Audit Committee
Minutes of October 22, 2015
Page 2
ITEM G.
INFORMATION ITEMS
None
ITEM H.
OLD BUSINESS/NEW BUSINESS
Date of Next Meeting: January 21, 2015, 3:00 p.m., Room M210
ADJOURNMENT
The meeting adjourned at 3:28 p.m.
Respectfully submitted,
Desma P. Madison
Attachment AAC - 2
MILWAUKEEAREATechnicalCollege
TO:
Advisory Audit Committee
FROM:
Brian Kubik, CPA
Manager, Internal Audit
DATE:
January 14, 2016
SUBJECT:
MATC Internal Audit Model (DRAFT)
Risk Assessment
 Annually, during 4th quarter of fiscal year.
 Review/document internal information [Strategic Objectives, F/S, Budgets, Audits, etc.]
 Review/document external information [industry specific news, compliance themed items
(accrediting bodies, government, etc.), changing regulations/laws, etc.]
 Conduct interviews with Senior Leadership, and other members of Management.
 Identify risks to the organization, focusing on those that could hinder the achievement of the
Strategic Objectives and Business Objectives, creating a risk pool.
 Risk will be rated, based on: Strategic Business Impact, Management Control Maturity, Prior
Audits/Reviews/Mitigating Controls, Business Environment Complexity, and Management
Concerns.
 A draft of the Plan will be sent to Senior Leadership for comment/feedback.
 Final risk rankings will determine what areas are selected to audit.
 The final plan will also be presented for Audit Advisory Committee review (anticipate annual July
AAC Meeting).
Continuous Process
 Throughout the year, discussions with Senior Leadership/Management continue,
communications from inside and outside of organization are received, outside agencies may
complete reviews, etc., and the pool of risks will likely require updating. Whether changes in the
current year’s Audit Plan (Plan) result will depend on the rating of the risk.
Audit Plan
 Derived from the Risk Assessment, the sequence of audit completion (i.e., order in which risk
areas are addressed) will be based on the risk ranking and feedback from Management, as
particular departments may have other projects or ‘busy times’ that would make an audit more
intrusive.
 As was mentioned above, due to the Continuous Risk Assessment process, any updates to the
Plan during the year will be shared with Senior Leadership, Management and the AAC as they
occur.
Audits (Audit Results)
 As the process is new, communications will be sent to all Leadership as planning begins alerting
them to the new Internal Audit (IA) Department, how the plan was developed (bullets above), if
contacted that they need to cooperate fully, etc.
 The scope/objectives of each audit will be developed during the planning phase, which includes
introductory and additional meetings, in which IA will meet with department personnel to gain
an understanding of current processes, request data, etc. Management will be kept updated.
 An official announcement will be sent to the functional team (and leadership over that area)
noting the start of the audit, scope/objectives, an expected timeframe, contact information, the
communication protocol (no surprises), etc.
 All potential findings will be discussed immediately, and Management will be asked to identify an
action plan that they will take to mitigate the risk identified, and the timeframe needed for such
resolution. IA will collaborate with Management in developing appropriate action plans. The
timeline may vary depending on several factors: other projects/tasks underway in their area,
level of the risk identified (i.e., High Level risks need to be addressed more timely than Low Level
risks), budgetary concerns, etc. However, the timeline should not extend past one year.
 A draft report will be shared initially with all employees who will be ‘owners’ of the action plans,
to ensure agreement with findings and language.
 The final draft will then be shared with all employees to be copied on final report (Senior
Leaders, Department Management), to allow for any questions and feedback.
 IA will seek signatures and the final report (pdf) will be shared with signors/copies on the report.
 Summaries of the reports/findings will be presented/discussed with the AAC on a quarterly basis.
Audit Follow-up
 IA will validate that the action plans agreed to by Management are completed timely. Interim
communications will be made to ensure the action required stays on the employees radar. The
last of these interim communications will include the Vice President for the responsible area to
ensure no surprises. A monthly report on Audit Follow-up will be shared with Senior Leadership.
The hope/expectation is for 100% on-time completion. This can be influenced by Senior
Leadership – if the expectation that all agreed to action plans are completed on time, the
likelihood of completion is much greater (Tone at the Top).
 A summary of Audit Follow-up will also be shared with the AAC on a quarterly basis.
Pictorially, the Audit Model appears as:
Additionally, as Emerging Issues or Leading Practices (outside of the Plan) are identified, they will be
shared also.
Finally, IA will update the AAC each quarter on all four phases of the Audit Model. Additionally, one of
the AAC Charter requirements is for the Committee to “Assess the achievement of the duties
specified in the Charter and report the findings to the Board (4.50).” IA would like to develop a chart
to monitor the Committee’s annual progress/achievement of the duties spelled out, and share this on
a quarterly basis.