January 14, 2015 NOTICE TO RESIDENTS OF THE MILWAUKEE AREA TECHNICAL COLLEGE DISTRICT, WISCONSIN A regular open meeting* of the ADVISORY AUDIT COMMITTEE of the Milwaukee Area Technical College District Board, Wisconsin, will be held in the BOARD ROOM, (ROOM M210), of the MILWAUKEE AREA TECHNICAL COLLEGE, 700 West State Street, Milwaukee, Wisconsin on THURSDAY, JANUARY 21, 2015, beginning at 3:00 P.M. The agenda** for said meeting is presented as follows: A. Roll Call B. Compliance with the Open Meetings Law C. Approval of Minutes, October 22, 2015 - Attachment 1 D. Comments from the Public E. Action Items None F. Discussion Items 1. Introduction of Brian Kubik, Internal Auditor 2. External Audit Update 3. Internal Audit Update – Attachment 2 G. Information Items None H. Old Business/New Business Date of Next Meeting: TBD, MATC Board Room, M210 Committee Members: Dull, Gonzalez, Thomey and Wieland * Other members of the MATC Board may be present, although they will not be participating as members of this committee. This meeting may be conducted in part by telephone. Telephone speakers will be available to allow the public to hear those parts of the proceedings that are open to the public. ** Action may be taken on any agenda item, whether designated as an action item or not. Agenda items may be moved into Closed Session for discussion when it becomes apparent that a Closed Session is appropriate under Section 19.85 of the Wisconsin Statutes. The Committee may return into Open Session to take action on any item discussed in Closed Session. Reasonable accommodations are available through the ADA Office for individuals who need assistance. Please call 414-297-6610 to schedule services at least 48 hours prior to the meeting. Attachment AAC - 1 MILWAUKEE AREA TECHNICAL COLLEGE DISTRICT BOARD ADVISORY AUDIT COMMITTEE October 22, 2015 CALL TO ORDER The regular meeting of the Milwaukee Area Technical College District Board Advisory Audit Committee was held in open session on Tuesday, October 22, 2015, and called to order by Mr. David Dull at 3:02 p.m. in the Board Room, M210, at the Downtown Milwaukee Campus of Milwaukee Area Technical College. ITEM A. ROLL CALL Present: David Dull and Bane Thomey Excused: Gonzales and Tom Wieland ITEM B. COMPLIANCE WITH THE OPEN MEETINGS LAW Proper notice of the meeting had been given in compliance with the Wisconsin Open Meetings Law. ITEM C. APPROVAL OF MINUTES, April 28, 2015 – Attachment 1 The minutes were approved without objection. ITEM D. COMMENTS FROM THE PUBLIC None. ITEM E. ACTION ITEMS None. DISCUSSION ITEMS ITEM F. F-1 External Audit Update Discussion: Mr. John Knepel, partner, Mr. Paul Frantz, senior manager, Baker Tilly and Mr. Naushad Moolla, Coleman & Williams reported that there were no material weaknesses or noncompliance in this year’s report. He further explained that as a follow up to last year’s compliance finding-the hiring of a Financial Aid Manager had been completed and that the College was now in compliance. Mr. Knepel stated that Baker Tilly issued a draft of the management letter, which also does not contain any material weaknesses; however, it does contain recommendations which have been addressed by management. He further stated that this audit was the best audit to date. F-2 Internal Audit Update Discussion: Mr. Al Shoreibah, vice president, Finance, reported that the College was in the process of interviewing and hiring an internal auditor. Advisory Audit Committee Minutes of October 22, 2015 Page 2 ITEM G. INFORMATION ITEMS None ITEM H. OLD BUSINESS/NEW BUSINESS Date of Next Meeting: January 21, 2015, 3:00 p.m., Room M210 ADJOURNMENT The meeting adjourned at 3:28 p.m. Respectfully submitted, Desma P. Madison Attachment AAC - 2 MILWAUKEEAREATechnicalCollege TO: Advisory Audit Committee FROM: Brian Kubik, CPA Manager, Internal Audit DATE: January 14, 2016 SUBJECT: MATC Internal Audit Model (DRAFT) Risk Assessment Annually, during 4th quarter of fiscal year. Review/document internal information [Strategic Objectives, F/S, Budgets, Audits, etc.] Review/document external information [industry specific news, compliance themed items (accrediting bodies, government, etc.), changing regulations/laws, etc.] Conduct interviews with Senior Leadership, and other members of Management. Identify risks to the organization, focusing on those that could hinder the achievement of the Strategic Objectives and Business Objectives, creating a risk pool. Risk will be rated, based on: Strategic Business Impact, Management Control Maturity, Prior Audits/Reviews/Mitigating Controls, Business Environment Complexity, and Management Concerns. A draft of the Plan will be sent to Senior Leadership for comment/feedback. Final risk rankings will determine what areas are selected to audit. The final plan will also be presented for Audit Advisory Committee review (anticipate annual July AAC Meeting). Continuous Process Throughout the year, discussions with Senior Leadership/Management continue, communications from inside and outside of organization are received, outside agencies may complete reviews, etc., and the pool of risks will likely require updating. Whether changes in the current year’s Audit Plan (Plan) result will depend on the rating of the risk. Audit Plan Derived from the Risk Assessment, the sequence of audit completion (i.e., order in which risk areas are addressed) will be based on the risk ranking and feedback from Management, as particular departments may have other projects or ‘busy times’ that would make an audit more intrusive. As was mentioned above, due to the Continuous Risk Assessment process, any updates to the Plan during the year will be shared with Senior Leadership, Management and the AAC as they occur. Audits (Audit Results) As the process is new, communications will be sent to all Leadership as planning begins alerting them to the new Internal Audit (IA) Department, how the plan was developed (bullets above), if contacted that they need to cooperate fully, etc. The scope/objectives of each audit will be developed during the planning phase, which includes introductory and additional meetings, in which IA will meet with department personnel to gain an understanding of current processes, request data, etc. Management will be kept updated. An official announcement will be sent to the functional team (and leadership over that area) noting the start of the audit, scope/objectives, an expected timeframe, contact information, the communication protocol (no surprises), etc. All potential findings will be discussed immediately, and Management will be asked to identify an action plan that they will take to mitigate the risk identified, and the timeframe needed for such resolution. IA will collaborate with Management in developing appropriate action plans. The timeline may vary depending on several factors: other projects/tasks underway in their area, level of the risk identified (i.e., High Level risks need to be addressed more timely than Low Level risks), budgetary concerns, etc. However, the timeline should not extend past one year. A draft report will be shared initially with all employees who will be ‘owners’ of the action plans, to ensure agreement with findings and language. The final draft will then be shared with all employees to be copied on final report (Senior Leaders, Department Management), to allow for any questions and feedback. IA will seek signatures and the final report (pdf) will be shared with signors/copies on the report. Summaries of the reports/findings will be presented/discussed with the AAC on a quarterly basis. Audit Follow-up IA will validate that the action plans agreed to by Management are completed timely. Interim communications will be made to ensure the action required stays on the employees radar. The last of these interim communications will include the Vice President for the responsible area to ensure no surprises. A monthly report on Audit Follow-up will be shared with Senior Leadership. The hope/expectation is for 100% on-time completion. This can be influenced by Senior Leadership – if the expectation that all agreed to action plans are completed on time, the likelihood of completion is much greater (Tone at the Top). A summary of Audit Follow-up will also be shared with the AAC on a quarterly basis. Pictorially, the Audit Model appears as: Additionally, as Emerging Issues or Leading Practices (outside of the Plan) are identified, they will be shared also. Finally, IA will update the AAC each quarter on all four phases of the Audit Model. Additionally, one of the AAC Charter requirements is for the Committee to “Assess the achievement of the duties specified in the Charter and report the findings to the Board (4.50).” IA would like to develop a chart to monitor the Committee’s annual progress/achievement of the duties spelled out, and share this on a quarterly basis.