UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
LONG - RANGE INTERNAL AUDIT PLAN
and
RISK ANALYSIS
Fiscal Years 2015 - 2017
Included in Section 5 of the Audit Plan is a listing of brief audit objectives for each
auditable area. These objectives relate to overall internal controls, efficiency of operations and
compliance with laws and regulations, and Board of Regents and/or management policies and
procedures.
Recommendation:
The Audit Plan should be flexible and periodically adjusted to adapt to changes in the audit
environment. These changes include new or revised laws or regulations and changes in existing
operations or activity levels. The Audit and Compliance Committee should approve these periodic
changes to the Audit Plan. I recommend that the Board of Regents approve the attached Audit
Plan, including the Internal Audit Resources, and delegate approval for periodic changes to the
Audit Plan to the Audit and Compliance Committee.
DFG:rh
Attachment
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
LONG-RANGE INTERNAL AUDIT PLAN
FY 2015-2017
Table of Contents
Description
Section
Executive Summary
1
Summary of Man-Hours / Man-Hour Assumptions
2
Audit Team
3
Auditable Areas
4
Audit Objectives
5
Three-Year Audit Schedule
6
Frequency of Audit Activity
7
Risk Analysis
8
Executive Summary
Section 1
University of Houston System
Annual Long-Range Internal Audit Plan, FY 2015-2017
Executive Summary
Background: The Texas Government Code, Board of Regents Audit and Compliance
Committee Charter, and Board of Regents Audit Policy require the Internal Auditing Department
to prepare a risk based audit plan and present it to the Board of Regents for approval. The
methodology we use in preparing this analysis consists of the following phases: (1) identification of
auditable areas, (2) input from management, and (3) a risk analysis. Matters that we consider in
establishing audit work schedule priorities include (a) the date and results of the last audit; (b)
financial exposure; (c) potential loss and risk; (d) requests by management; (e) major changes in
operations, programs, systems, and controls; and (f) opportunities to achieve operating benefits.
During the risk analysis, we assign numerical risk factors depending upon the following: (1) reason
for the audit, (2) administrative oversight, and (3) date last audited.
Identification of Auditable Areas: Auditable areas can be categorized in each of the following
categories:
1.
Annual Assistance to External Auditors
• State Auditors Office (SAO): Projects included in the SAO’s annual audit plan,
including SACS accreditation reviews, and special projects upon request
• External CPA firms: Audits of Houston Public Media, Endowment Fund,
Athletics, and Charter School
• Other State/Federal/External Sponsor Auditors
2.
Annual Activities/Mandates
• Follow-up activity required by the Institute of Internal Auditors (IIA) Standards
• Chancellor/Board of Regents Travel and Entertainment reimbursements requested
by Board of Regents/Chancellor
• Special projects and police investigations required by institutional policy and IIA
Standards
• Texas Higher Education Coordinating Board: Facilities Audit (5 year cycle)
• NCAA Rules-Compliance and football attendance audits required by NCAA rules
• Construction: Construction procurement process, new construction (outsourced)
• Board of Regents Annual Procurement Report
3.
Departmental Reviews: These compliance reviews test 15 different areas of
compliance for system and campus policies. These reviews are conducted every 5
years for all departments within the system. Many of the policies tested are directly
related to internal controls. See Attachment A for a listing of all departmental
reviews by college/division together with pertinent data on each college/division.
4.
Functional Reviews:
These engagements are operational reviews for
efficiency/effectiveness and are conducted for all divisions and service organizations
within the system.
5.
Information Technology Reviews: The security reviews are required by Texas
Administrative Code, and various other information technology areas are addressed
based on risk.
1
The Internal Audit Resources allocated to each of these areas for fiscal years FY 2015-2017 are
as follows:
FY 2015
Assistance to External Auditors
Mandates
Departmental Reviews
Functional Reviews
IT Reviews
Total Hours
FY 2016
FY 2017
300
4,900
3,550
3,448
1,900
700
4,700
3,700
3,598
1,400
300
4,300
3,350
4,248
1,900
14,098
14,098
14,098
Departmental Resources: The Texas Internal Auditing Act requires the Board of Regents to
approve the Audit Plan and periodically review the resources dedicated to the Internal Audit
program and determine if adequate resources exist to ensure that risks identified in the annual
risk assessment are adequately covered within a reasonable time frame. The Internal Audit
Team is comprised of a Chief Audit Executive, Director, five Senior Auditors, Information
Technology Auditor, three Staff Auditors, and an Executive Administrative Assistant. The
estimated FY 2015 salary budget is $1,021,936 and the M&O budget is $52,539. In our opinion,
the resources dedicated to the Internal Auditing program are adequate.
Input from Management: A series of meetings are scheduled with key management personnel
throughout the system and with the Chair of the Audit and Compliance Committee to identify
sensitive or high exposure areas and to identify high risk functions, information technology, and
compliance areas that are hot topics in the higher education industry that should be scheduled for
review. Comments are also requested on the Internal Audit Plan and Risk Analysis from all
Audit and Compliance Committee members at the August Audit and Compliance Committee
meeting. See Attachment B for a schedule of these meetings.
Risk Analysis: The risk analysis is used to develop an audit plan for performing audit projects
in risk areas over a specified time to minimize the risk of losses to the University; to prioritize
audit projects by the level of risk; to use our audit staff and time in an effective and efficient
manner; and to determine the nature, timing, and extent of audit steps and procedures in direct
relation to the amount and nature of the risk.
After performing the preliminary risk assessment, the following areas received the highest risk
rank (25-20). Some of these areas are scheduled for review during FY 2015-2017, while some
are not scheduled because of audit coverage in departmental reviews that addresses certain
aspects of the area.
2
Scheduled
Unscheduled
Budgeting (FY 2017)
Formula Funding (FY 2015)
General Accounting (FY 2015)
Human Resources (FY 2017)
Payroll (FY 2017)
Student Housing (FY 2016)
Accounts Payable
Property Management
Purchasing/Contract Administration
Conclusion: The Long Range Internal Audit Plan and Risk Analysis help provide the Audit and
Compliance Committee with assurance that it is providing the necessary oversight over the
quality and integrity of the accounting, financial reporting practices, system of internal controls,
institutional management practices, and the direction of the internal auditing function.
3
ATTACHMENT A
AUDIT COVERAGE MATRIX
DEPARTMENTAL REVIEWS
University
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
College/Division Name
Academic Affairs/Provost
Administration & Finance
Architecture
Athletics
Business
Chancellor/President
Education
Engineering
Graduate College of Social Work
Honors
Hotel & Restaurant Management
Law Center
Liberal Arts & Social Sciences
Library
Natural Sciences & Mathematics
Optometry
Pharmacy
Research
Student Affairs & Enrollment Services
Technology
University Advancement
FY 2014 BUDGET
Operations
Restricted
Expenditures
Expenditures
47,558,350
4,325,001
94,031,266
19,091,355
5,175,806
680,988
31,836,801
3,899,916
43,246,847
7,504,419
2,455,022
85,253
13,260,155
4,157,767
33,185,517
22,305,588
4,139,773
2,956,906
2,610,457
963,084
12,307,604
2,713,124
24,992,079
358,005
63,467,583
14,464,754
18,782,798
388,716
51,749,117
30,670,839
17,342,966
5,514,488
14,655,073
3,518,304
40,745,766
10,903,565
115,651,324
85,397,328
14,423,805
2,123,851
15,203,022
173,594
666,821,131
222,196,845
FTEs
248
1,397
66
158
377
21
256
413
85
45
110
296
1,073
118
581
149
116
279
635
123
159
6,706
UHCL
UHCL
UHCL
UHCL
UHCL
UHCL
UHCL
Administration & Finance
Business
Education
Human Sciences & Humanities
President's Office
Provost's Office
Science and Computer Engineering
13,413,017
10,355,329
6,536,977
8,377,034
2,086,247
29,920,025
6,953,027
77,641,656
207,998
3,500
1,093,114
886,129
12,224
12,835,023
724,926
15,762,914
184
136
112
158
22
364
117
1,091
UHD
UHD
UHD
UHD
UHD
UHD
UHD
UHD
UHD
UHD
Academic & Student Affairs
Administration & Finance
Advancement & External Relations
Business
Employment Svc & Operations
Humanities & Social Sciences
President's Office
Public Service
Sciences & Technology
University College
28,855,363
26,699,589
2,561,422
11,905,564
1,413,330
12,348,828
1,196,081
6,298,010
8,528,825
1,522,260
101,329,272
37,206,525
1,500
2,067
374,752
0
77,100
5,876
537,797
1,431,065
1,571,852
41,208,534
286
249
15
154
15
246
8
104
156
34
1,268
UHV
UHV
UHV
UHV
UHV
UHV
UHV
Administration & Finance
Arts & Sciences
Business Administration
Education
President's Office
Provost
Nursing
5,594,609
4,738,681
6,949,829
2,970,509
3,416,795
9,795,122
1,955,488
35,421,033
0
0
299,175
0
61,679
6,648,346
429,000
7,438,200
67
76
79
38
30
142
24
457
4
FY 2015 FY 2016 FY 2017 FY 2018 FY 2019
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
ATTACHMENT B
SCHEDULED MEETINGS WITH MANAGEMENT
BOR Audit and Compliance Committee
Roger Welder
UHS/UH Chancellor/President
Renu Khator
UHS/UH Administration & Finance
Carl Carlucci
Tom Ehardt
Emily Messa
General Counsel
Dona Cornell
UH Provost/Academic Affairs
Paula Short
Craig Ness
UH Research
Rothindra Bose
Mark Clarke
Selesta Hodge
Cris Milligan
Kirstin Rochford
Beverly Rymer
UH Student Affairs
Richard Walker
Brenda Cook
Keith Kolwalka
Dan Maxwell
William Munson
Floyd Robinson
Pat Sayles
Steve Soutullo
Don Yackley
UHCL Senior Management
William Staples
Carl Stockton
Michelle Dotter
Usha Mathew
UHD Senior Management
William Flores
David Bradley
Ed Hugetz
Ivonne Montalbano
Johanna Wolfe
Elaine Pearson
UHV Senior Management
Raymond V. Morgan
Jeffrey Cass
Wayne Beran
Jay Lambert
Val Walden
UH Administration & Finance
Tom Ehardt
Raymond Bartlett
Barbara Duarte
David Ellis
Mike Glisson
Margie Hattenbach
Karin Livingston
Joan Nelson
Pat Sayles
Esmeralda Valdez
UH Information Technology
Dennis Fouty
Summary of Man-Hours / Man-Hour Assumptions
Section 2
University of Houston System
Internal Auditing Department
Long-Range Internal Audit Plan
Summary of Man-Hours
Activity
Fiscal Year
2015
2016
2017
Scheduled Audits
5,148
5,498
5,698
IT Reviews/Monitoring
1,900
1,400
1,900
Special Projects
3,000
3,000
3,000
Departmental Reviews
3,550
3,700
3,000
500
500
500
14,098
14,098
14,098
Follow-up Reviews
Total Direct Audit Hours
2-1
University of Houston System
Internal Auditing Department
Long-Range Internal Audit Plan
Man-Hour Assumptions
Available Man-Hours
Chief Audit
Executive
Director
Senior Auditor
Information
Technology
Auditor
Staff
Vacations
Holidays (15 days)
Sick Leave
Professional Training
In-house Training
Professional Organizations
Indirect Audit Hours: Administrative
Direct Audit Hours
120
120
40
60
40
40
1,084
576
120
120
40
60
40
40
784
876
96
120
60
60
20
16
184
1,524
120
120
96
60
20
16
80
1,568
96
120
40
60
20
16
40
1,688
Total Hours Available
2,080
2,080
2,080
2,080
2,080
Direct Audit Hours By Position
576
876
1,524
1,568
1,688
Staff Size By Position
Employee Turnover/Attrition
Available Staff Size
1
1.0
1
1.0
5
0.5
4.5
1
1.0
3
0.5
2.5
Subtotal
576
876
6,858
1,568
4,220
Allocable Direct Audit Hours
Total Direct Audit Hours
14,098
2-2
University of Houston System
Internal Auditing Department
Long-Range Internal Audit Plan
Departmental Resources
The Texas Internal Auditing Act requires the Board of Regents to approve the
Audit Plan and periodically review the resources dedicated to the Internal Audit program
and determine if adequate resources exist to ensure that risks identified in the annual risk
assessment are adequately covered within a reasonable time frame. In our opinion, the
resources dedicated to the Internal Auditing program are adequate.
FY 2014 Departmental Resources:
•
Personnel: Chief Audit Executive, Director, five Audit Seniors, Information
Technology Auditor, three Staff Auditors, and an Executive Administrative
Assistant
• Salary Budget: $1,021,936
• M&O Budget: $52,539
Estimated FY 2015 Departmental Resources:
• Salary Budget: $1,021,936
• M&O Budget: $52,539
Organization Chart:
The departmental organization chart is attached.
2-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING
ORGANIZATION CHART
Don Guyton
CHIEF AUDIT EXECUTIVE
Sandra Dahlke
EXEC. ADMIN.
ASSISTANT
Russ Hoskens
DIRECTOR
Bobby Kegresse
SENIOR AUDITOR
Tony Moreno
SENIOR AUDITOR
Isimeme Emafor
STAFF
AUDITOR II
Brandee O’Neal
SENIOR AUDITOR
Lisa Berry
SENIOR AUDITOR
Dia Martinez
STAFF
AUDITOR I
Scott Brown
SENIOR AUDITOR
Ray Hale
INFORMATION
TECHNOLOGY
AUDITOR
Eric Porter
STAFF
AUDITOR I
2-4
5/19/14
Audit Team
Section 3
University of Houston System
Internal Auditing Department
Internal Audit Team
Don F. Guyton, C.P.A., Chief Audit Executive, began working in the UHS Internal Auditing
Department in his current position on October 1, 1987. Other experience includes: five years
of Big Four public accounting experience, three years of controller experience in industry, and
three years of experience as a commissioned officer in the U.S. Army. He received a M.B.A.
degree from the University of New Orleans where he was a member of Beta Gamma Sigma.
He is a member of the American Institute of Certified Public Accountants (AICPA), Texas
Society of Certified Public Accountants (TSCPA), and the Institute of Internal Auditors (IIA).
He is a past president of the Texas Association of College and University Auditors.
Russell G. Hoskens, C.P.A., C.I.A., C.F.E., C.I.S.A., Director, began working in the UHS
Internal Auditing Department in his current position on June 30, 1997. Other experience
includes: eleven years of internal audit experience, including two years as an audit manager
at the University of Texas Medical Branch at Galveston. He received a M.B.A. degree
(concentration in Internal Auditing) from Louisiana State University. He is a member of the
AICPA, the IIA, the Association of Certified Fraud Examiners (ACFE), and the Information
Systems Audit and Control Association (ISACA). He is also a past president of the Texas
Association of College and University Auditors.
Bobby Kegresse, C.P.A, C.I.A., Senior Auditor, began working in the UHS Internal Auditing
Department on November 8, 2010. Other experience includes nineteen years of internal audit
experience and eight years of accounting experience. He received a B.B.A. degree in
Accounting from Southwest Texas State University. He is a member of the IIA.
Tony Moreno, C.F.E., C.I.C.A, Senior Auditor, began working in the UHS Internal Auditing
Department on October 10, 2005. Other experience includes nine years of internal audit
experience and ten years of banking experience. He received B.S. degrees in Economics and
Anthropology from the University of Houston. He is a member of the IIA and the ACFE.
Brandee O’Neal, C.I.A., C.I.C.A., Senior Auditor, began working in the UHS Internal Auditing
Department on July 11, 2011. Other experience includes ten years of internal audit and
accounting experience at the Texas Department of Criminal Justice. She received a M.B.A.
degree from Sam Houston State University. She is a member of the IIA.
Lisa Berry, C.I.A., C.F.E., Senior Auditor, began working in the UHS Internal Auditing
Department on September 8, 2008. Other experience includes two years of internal audit
experience in industry. She received a M.S. degree in Accounting from the University of
Houston. She is a member of the IIA and the ACFE. She is also past president of the
Internal Audit Student Association at the UH Bauer College of Business.
3-1
University of Houston System
Internal Auditing Department
Internal Audit Team
Scott Brown, C.P.A., Senior Auditor, began working in the UHS Internal Auditing Department
on February 24, 2014. Other experience includes seven years of internal audit experience in
industry, five years as a financial examiner, and six years of accounting experience. He
received a B.S. degree in Finance and a M.S. degree in Accounting from the University of
Houston-Clear Lake. He is a member of the IIA.
Ray Hale, C.I.S.A, Information Technology Auditor, began working in the UHS Internal
Auditing Department on November 15, 2010. Other experience includes eighteen years of
internal audit experience, including ten years of information technology experience. He
received a M.B.A. degree from Webster University. He is a member of the IIA and ISACA.
Isimeme Emafor, C.P.A, Staff Auditor II, began working in the UHS Internal Auditing
Department on October 7, 2013. Other experience includes three years as a financial
examiner and three years of banking experience. She received a B.S. degree in Biology
from the University of Houston and a M.B.A. degree from DePaul University. She is a
member of the IIA.
Dia Martinez, Staff Auditor I, began working in the UHS Internal Auditing Department on
February 18, 2013. Other experience includes two years of Medicare auditing. She
received a B.B.A. degree in Accounting from the University of Texas at San Antonio. She
is a member of the IIA.
Eric Porter, Staff Auditor I, began working in the UHS Internal Auditing Department on
February 17, 2014. Other experience includes two years of internal auditing experience at
the Texas Department of Criminal Justice and twenty years of experience in the
transportation, real estate, and energy industries. He received a B.B.A. degree in Finance,
M.B.A. degree, and a M.S. degree in Accounting from the University of Houston. He is a
member of the IIA.
Sandra Dahlke, Executive Administrative Assistant, became a Certified Administrative
Professional in 1978. She began working in the Internal Auditing Department on July 9,
2012, after working for the University of Houston Law Center for almost seven years as a
Secretary. Other experience includes 28 years of secretarial experience.
Professional Certifications:
C.P.A. – Certified Public Accountant
C.I.A. – Certified Internal Auditor
C.I.S.A. – Certified Information Systems Auditor
C.F.E. – Certified Fraud Examiner
C.I.C.A. – Certified Internal Control Auditor
3-2
Auditable Areas / Audit Activities
Section 4
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDITABLE AREAS
ANNUAL ASSISTANCE/MANDATES & SYSTEM-WIDE AUDITS
ANNUAL ASSISTANCE / MANDATES
Annual External Audits - Liaison
Athletics – NCAA
Charter School
Endowments
Houston Public Media
Athletics
Football Attendance Audit
NCAA Rules-Compliance
Follow-up Audit Procedures
Special Projects
Annual Audit Plan/Risk Analysis
Annual Internal Audit Activity Report
Annual Procurement Report
Construction: Construction Procurement Process and New Construction (Outsourced)
Internal Audit Quality Assurance
Management Requests
Police Investigations
State Auditor’s Office - Liaison
State-wide and Other Audits
Regional Accreditation Reviews (SACS)
Texas Higher Education Coordinating Board
Facilities Audits
Travel Expenditures
Board of Regents’ Travel
Chancellor/President’s Travel
4-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDITABLE AREAS
ANNUAL ASSISTANCE/MANDATES & SYSTEM-WIDE AUDITS
SYSTEM-WIDE AUDITABLE AREAS
Academic Fees
Accounts Payable
Athletics
Auxiliary Contract Administration
Budgeting
Colleges / Divisions
Continuing Education
Endowments
Facilities Management
Facilities Planning & Construction
Financial Reporting
Formula Funding
General Accounting
Human Resources
Information Technology
Institutional Compliance Programs
Investment Management
Library
Parking
Payroll
Police Departments
Property Management (Fixed Assets)
Student Accounting & Receivables
Support Organizations
Travel and Entertainment Expenditures
University Advancement
Enrollment Services
Admissions
Financial Aid
Registrar
Enrollment Mgmt & Production System
Procurement
Procurement Cards/Travel Cards
Purchasing
Contract Administration
Research
Contracts & Grants Administration
Intellectual Property Management
Research Oversight Committees
Research Centers and Institutes
- Center for Advanced Computing & Data
Systems
- Center for Advanced Materials
- Texas Center for Superconductivity
- Texas Inst. For Measurement,
Evaluation, and Statistics
Research Financial Services
Research Information Center
Time and Effort Reporting
Student Housing
Student Services
Campus Recreation
Childcare
Health Center
Student Center
Veterans Services
Unit Audits – Divisions, Colleges, Schools,
Departments, Centers, Institutes, Programs,
Management Changeover, etc.
4-2
Audit Objectives
Section 5
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
ANNUAL ASSISTANCE / MANDATES:
Annual External Audits (Athletics – NCAA, Endowments, Houston Public Media, and Charter
School)
To provide assistance, as requested, to external auditors to expedite the audit and reduce audit costs
to the university.
Annual Procurement Report
To review the Annual Procurement Report to help ensure that the report preparation methodology
appears to be reasonable and the report satisfies the Board of Regents annual reporting requirement
for procurement activity.
Athletics – Football Attendance Audit
To verify attendance at football games to comply with NCAA legislation.
Athletics – NCAA Rules-Compliance
To determine the adequacy of the Athletic Department’s NCAA Rules-Compliance Program in
accordance with the requirements of NCAA Bylaw 23.2.3.(e).
Board of Regents’ Travel
To determine whether the travel expenditures and reimbursements to the members of the Board of
Regents comply with the applicable statutes/Board of Regents policies.
Chancellor/President’s Travel
To determine whether the travel expenses and non-payroll payments or reimbursements to the
Chancellor/President were adequately documented and comply with the applicable statutes and
Board of Regents/UHS policies.
Construction Procurement Process
To determine whether UHS is complying with its policies and procedures and the Texas Education
Code in selecting its contractors for its major construction projects.
Follow-up Reviews
To determine whether appropriate action is taken on reported audit findings.
5-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
Special Projects
Annual Audit Plan/Risk Analysis
Annual analysis to determine the university's areas of risk and scheduling audits of these
areas with the resources available to the Internal Auditing Department.
Annual Internal Audit Activity Report
Annual activity report provides a summary of internal audit activities performed during
the fiscal year, including explanations for significant deviation from the approved audit
plan.
Internal Audit Quality Assurance
Procedures performed to ensure that the Internal Auditing Department complies with The
International Standards for the Professional Practice of Internal Auditing as promulgated by
the Institute of Internal Auditors.
Management Requests
Projects requested by management that arise due to events within the university. Provide
auditing expertise in review of systems and procedures and provide recommendations for
improvements to internal controls.
Police Investigations
Projects assigned by the UH-System Chancellor or Board of Regents or that arise due to
unexpected events within the university. Provide auditing expertise in review of systems
and procedures and provide recommendations for improvements to internal controls related
to police investigations such as theft or other fraud.
State Auditor's Office
Liaison – State-wide and Other Audits
Provide assistance to the State Auditor’s Office to expedite the audit.
5-2
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
Regional Accreditation Reviews (SACS)
To assist the State Auditor's Office in performing the specified audit procedures for the
special report required every 10 years for each campus by the Southern Association of
Colleges and Schools.
Texas Higher Education Coordinating Board
Facilities Audits
To determine accurate reporting of space and space needs, including confirming the
following: 1) data reported in the institution’s Facilities Inventory, 2) construction projects
have received the necessary approvals, and 3) cost, funding, and space for all completed
projects.
SYSTEM-WIDE AUDITABLE AREAS:
Academic Fees
To determine whether procedures help ensure academic fees are properly recorded and expended
appropriately and are in compliance with state laws and regulations.
Accounts Payable
To determine whether the accounts payable system has adequate internal controls to provide
assurance that only bona fide university expenditures are paid, there is adequate documentation and
proper approvals. To ascertain that procedures ensure accurate recording and reporting of
liabilities.
Athletics
To determine that there are adequate internal controls to help ensure that departmental resources are
being effectively and efficiently utilized and the department’s activities comply with statutes,
regulations, and university policies.
Auxiliary Contract Administration
To determine whether all executed contracts are in accordance with university policies and that
monitoring procedures are in place to help ensure compliance with contract obligations.
5-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
Budgeting
To determine whether budget activities were being performed under an adequate system of internal
controls to assure the reliability and integrity of the university’s budgetary data.
Continuing Education
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Enrollment Services
To determine whether the admissions and registration process is effective and efficient and meets
the students’ and institution’s needs.
Endowments
To determine whether endowment income was expended in accordance with the terms of the
endowment agreement.
Facilities Management
To determine whether there are adequate internal controls to help ensure that departmental and
university resources are being effectively and efficiently utilized and activities comply with statutes,
regulations, and university policies.
Facilities Planning & Construction
To determine whether there are adequate internal controls to help ensure that departmental and
university resources for major and minor construction projects are being effectively and efficiently
utilized and activities comply with statutes, regulations, and university policies.
Financial Aid
To determine whether the university is in compliance with federal and state regulations and
university policy.
Financial Reporting
To determine whether activities are performed under an adequate system of internal controls to help
ensure the reliability and integrity of the information contained in the university’s financial reports
and that reports are prepared in accordance with statutes, regulations, and university policies.
5-4
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
Formula Funding
To determine whether procedures are in place to help ensure that the data provided to the
Coordinating Board is accurate, complete and in the format prescribed.
General Accounting
To determine whether activities are performed under an adequate system of internal controls to help
ensure that transactions are recorded in the general ledger in accordance with university policies.
Human Resources
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Information Technology
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Institutional Compliance Programs (May be Conducted by External Peer Review Team)
To determine whether programs are designed and functioning effectively.
Investment Management
To determine whether there are adequate internal controls over the investment of non-endowed
funds to help ensure compliance with statutes, regulations, and university policies.
Library
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Parking
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
5-5
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
Payroll
To determine whether only bona fide university employees are being paid their approved wages and
that payroll procedures comply with Board and university policies and state and federal law.
Police Department
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Procurement/Travel Cards
To determine whether procurement/travel cards are being used for University purchases and that
reconciliations are being performed in a timely manner.
Property Management (Fixed Assets)
Review the Property Management System and make recommendations to improve the methods of
recording, safeguarding, and accounting for fixed assets (including the Wortham House and other
facilities owned/leased by the university).
Purchasing/Contract Administration
To ascertain whether the purchasing system has adequate internal controls and procedures which
result in obtaining the desired product at the optimum price, in the requested quantity, at the right
time and place.
Research
To determine whether there are management practices in place to help ensure that contracts and
grants are being managed in compliance with state and federal regulations and university policies
and procedures.
Student Accounting and Receivable System
Review of systems internal controls to determine whether adequate security and controls related to
software, data, and operating personnel exist and to determine whether application meets desired
user objectives.
Student Housing
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
5-6
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT OBJECTIVES
Student Services
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Support Organizations
To determine whether the amount recorded in the university’s books and records agree with the
corresponding amounts included in the support organization’s audited financial statements and IRS
Form 990 and to determine whether the foundations are complying with their agreements with the
board of regents.
Travel and Entertainment Expenditures
To determine whether travel and entertainment expenditures comply with Board and university
policies and state regulations.
University Advancement
To determine whether there are adequate internal controls to help ensure that departmental
resources are being effectively and efficiently utilized and the department’s activities comply with
statutes, regulations, and university policies.
Unit Audits (Divisions/Colleges/Departments/Centers/Institutes/Programs/Management Changeover Reviews)
To determine whether departmental financial and administrative activity complies with Board and
university policies and state regulations and to determine whether there are management practices
in place to help ensure goals and objectives are being accomplished efficiently and effectively.
5-7
Three-Year Audit Schedule, FY 2015 - 2017
Section 6
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
SCHEDULED AUDITS - FY 2015
BUDGET
HOURS
AUDIT ACTIVITY
ANNUAL ASSISTANCE / MANDATES (4,900 hours)
Annual External Audits - Liaison
Annual Procurement Report
Athletics - Football Attendance Audit
Athletics - NCAA Rules-Compliance
Board of Regents Travel, FY 2015
Chancellor/President's Travel, FY 2015
Construction Procurement Process
Follow-up Reviews
Special Projects/Police Investigations
State Auditor's Office Liaison
Audit Assistance - General
Follow-up Reports
100
100
100
400
200
200
100
500
3,000
100
100
SYSTEM-WIDE AUDITS (3,100)
Endowments - UH Honors College
Endowments - UH Pharmacy
Endowments - UH Technology
Endowments (UHV)
Formula Funding (UHCL, UHD, and UHV)
General Accounting
250
250
250
250
900
1,200
DEPARTMENTAL REVIEWS (3,450 hours)
UH Architecture
UH Athletics
UHS/UH Chancellor/President
UH Optometry
UHCL Administration & Finance
UHCL Business
UHCL Human Sciences & Humanities
UHCL Science and Computer Engineering
UHV Administration & Finance
UHV Provost
200
250
200
700
500
200
200
200
450
550
INFORMATION TECHNOLOGY (1,900 hours)
Computer Assisted Auditing Techniques
IT - Review and Monitor of IT Systems (High Priority Projects)
TAC 202, Information Security Standards (UHCL, UHD, and UHV)
500
500
900
QUALITY ASSURANCE REVIEWS (200 hours)
Internal Quality Assurance Review
External Quality Assurance Review
100
100
INITIATED DURING FY 2014 - TO BE COMPLETED/REPORTED IN FY 2015
548
14,098
Total Hours Scheduled for Fiscal Year 2015
6-1-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
FY 2014 AUDITS IN PROGESS AT YEAR-END
Budget
Hours
AUDIT ACTIVITY
Projects Initiated During FY 2014, But Not Completed
Board of Regents Travel, FY 2014
Chancellor/President's Travel, FY 2014
Continuing Eduation (UH)
Departmental Reviews
UH Administration & Finance
UH Liberal Arts & Social Sciences
UH Student Affairs & Enrollment Services
Facilities Planning & Construction
Financial Aid, Designated Tuition Set Aside (UH)
Student Accounting & Receivables
6-1-2
548
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
SCHEDULED AUDITS - FY 2016
BUDGET
HOURS
AUDIT ACTIVITY
ANNUAL ASSISTANCE / MANDATES (5,300 hours)
Annual External Audits - Liaison
Annual Procurement Report
Athletics - Football Attendance Audit
Athletics - NCAA Rules-Compliance
Board of Regents Travel, FY 2016
Chancellor/President's Travel, FY 2016
Construction Procurement Process
Follow-up Reviews
Special Projects/Police Investigations
State Auditor's Office Liaison
Regional Acceditation Review - SACS (UHD)
Audit Assistance - General
Follow-up Reports
100
100
100
400
200
200
100
500
3,000
400
100
100
SYSTEM-WIDE AUDITS (3,100)
Endowments - UH Liberal Arts and Social Sciences
Endowments - UH University Advancement
Facilities Management
Student Housing (UH & UHV)
500
200
1,200
1,200
DEPARTMENTAL REVIEWS (3,700 hours)
UH Academic Affairs/Provost
UH Education
UH Graduate College of Social Work
UH Hotel and Restaurant Management
UHCL Provost's Office
UHD Academic & Student Affairs
UHD University College
UHV President's Office
750
300
250
400
700
700
250
350
INFORMATION TECHNOLOGY (1,400 hours)
Computer Assisted Auditing Techniques
IT - Review and Monitor of IT Systems (High Priority Projects)
TAC 202, Information Security Standards (UH)
500
500
400
RESEARCH CENTERS (350 hours)
UH Center for Advanced Computing & Data Systems, Follow-up
350
INITIATED DURING FY 2015 - TO BE COMPLETED/REPORTED IN FY 2016
248
14,098
Total Hours Scheduled for Fiscal Year 2016
6-1-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
SCHEDULED AUDITS - FY 2017
BUDGET
HOURS
AUDIT ACTIVITY
ANNUAL ASSISTANCE / MANDATES (4,500 hours)
Annual External Audits - Liaison
Annual Procurement Report
Athletics - Football Attendance Audit
Board of Regents Travel, FY 2017
Chancellor/President's Travel, FY 2017
Construction Procurement Process
Follow-up Reviews
Special Projects/Police Investigations
State Auditor's Office Liaison
Audit Assistance - General
Follow-up Reports
100
100
100
200
200
100
500
3,000
100
100
SYSTEM-WIDE AUDITS (4,100)
Academic Fees (UH)
Budgeting
Financial Aid, Non-Title IV
Human Resources
Payroll
300
500
900
1,200
1,200
DEPARTMENTAL REVIEWS (2,900 hours)
UH University Advancement
UHCL Education
UHCL President's Office
UHD Administration & Finance
UHD Advancement & External Relations
UHD Employment Services & Opearations
UHD President's Office
UHD Public Service
UHV Arts & Sciences
UHV Business Administration
UHV Education
250
250
200
700
200
200
200
300
200
200
200
INFORMATION TECHNOLOGY (1,900 hours)
Computer Assisted Auditing Techniques
IT - Review and Monitor of IT Systems (High Priority Projects)
TAC 202, Information Technology Standards (UHCL, UHD, and UHV)
500
500
900
INITIATED DURING FY 2016 - TO BE COMPLETED/REPORTED IN FY 2017
698
14,098
Total Hours Scheduled for Fiscal Year 2017
6-1-4
FREQUENCY OF AUDIT ACTIVITY
Frequency Analysis
Fieldwork Scheduled, FY 2015 - 2017
Reports Issued, FY 2010 - 2014
Section 7
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON
Auditable Area
FY 2008
ANNUAL ASSISTANCE / MANDATES
Annual External Audit Liaison - Athletics
Annual External Audit Liaison - Charter School
Annual External Audit Liaison - Endowments
Annual External Audit Liaison - Houston Public Media
Athletics - Football Attendance Audit
Athletics - NCAA Rules-Compliance
SAO Liaison - State-wide & Other Audits
SAO - Regional Accreditation Reviews (SACS)
THECB - ARP/ATP Grants
THECB - Facilities Audits
THECB - Techonology Workforce Development
SYSTEM-WIDE AUDITS
Academic Fees
Accounts Payable
Athletics (See Mandates above and Division Audits below)
Auxiliary Contract Administration
Budgeting
College/Division (See College & Division Audits below)
Continuing Education
Contracts & Grants Administration (See Research below)
Endowments
Enrollment Management
Facilities Management
Facilities Planning & Construction
Financial Aid
Financial Reporting
Formula Funding
General Accounting
Human Resources
Information Technology (See Information Technology below)
Institutional Compliance Programs
Investment Management
Library (see College Audits below)
Parking
Payroll
Police Department
Procurement Cards/Travel Cards
Property Management (Fixed Assets)
FY 2009
08-16
09-14
08-10
08-02
09-13
09-25
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
10-12
10-26
11-10
12-13
12-25
FY 2013
13-13
13-31
FY 2014
14-14
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LATER
X
X
X
X
X
X
X
X
X
10-19, 10-28
09-16
X
X
X
X
X
X
X
X
X
X
X
X
13-19
X
08-19
11-25, 11-26
11-29, 11-32
11-34
SP11-03
SP09-05
09-22
12-03, 12-12
12-18, 12-23
12-33
13-05, 13-06
13-11, 13-24
13-25
SP13-03
X
X
SP11-06
11-20
SP12-04
SP12-09
12-36
X
X
X
X
X
X
08-24
09-26
10-24
11-33
12-38
13-36
14-27
X
X
X
X
X
X
X
X
X
X
14-26
7-1-1
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON
Auditable Area
FY 2008
Purchasing/Contract Administration
Student Accounting & Receivables
Student Housing
Student Services (See Student Services below)
Support Organizations
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
08-08
08-17
Graduate College of Social Work
Honors College
Hotel & Restaurant Management
Law Center
Liberal Arts & Social Sciences
Library
Natural Sciences & Mathematics
Optometry
Pharmacy
Technology
DIVISION AUDITS
Academic Affairs/Provost
Administration & Finance
Athletics
Chancellor/President
Research
Student Affairs & Enrollment Services
University Advancement
INFORMATION TECHNOLOGY
Office of the Chief Information Officer
Network Administration
Data Center
SP14-02
X
LATER
X
X
X
X
X
11-23
Education
Engineering
SP13-07
10-10
10-11
Travel and Entertainment Expenditures
University Advancement (Also see Division Audits below)
08-18
FY 2014
SP11-04
08-05
COLLEGE AUDITS
Architecture
Business
FY 2013
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
13-32
10-18
X
X
SP14-09
SP14-04
14-10
X
X
11-31
X
13-30
X
12-07
X
10-09
14-11
12-04, 12-19
X
10-17
10-07
14-23
X
X
SP09-01
09-12
13-35
SP13-05
11-11
SP11-08
09-23
09-02
X
SP12-02
12-14
SP12-06
09-18
11-02
14-22
14-07
11-05
SP09-02
SP12-03
SP12-10
SP12-07
X
X
SP14-05
SP13-12
SP13-10
SP13-04
SP13-09
13-26
X
X
X
X
10-27
SP09-03
X
X
14-16
X
14-05
X
X
X
X
X
X
X
7-1-2
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON
Auditable Area
FY 2008
Enterprise Computing
Microsoft Services (E-mail, File Shares, Lync, etc.)
Database Administration
PeopleSoft Finance
PeopleSoft Human Resources
PeopleSoft Campus Solutions
Document Imaging System
University Advancement System
Data Warehouse
Blackboard
University Services (other applications)
Customer Service
Web and Communication Technologies
Classroom Support
Wired Network
Wireless Network
Information Technology Security Operations
Texas Administrative Code 202
Tier 1 Projects (High Priority)
Tier 2 Projects (Medium Priority)
Tier 3 Projects (Low Priority)
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
SP14-08
14-28
10-03
X
X
X
LATER
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
RESEARCH
Contract and Grants Administration
Intellectual Property Management
Institutional Review Board
Research Centers (See Research Centers below)
Research Financial Services
Research Information Center
11-24
SP14-06
X
X
X
X
X
RESEARCH CENTERS
Center for Advanced Computing & Data Systems
Center for Advanced Materials
Texas Center for Superconductivity
Texas Institute for Measurement, Evaluation, and Statistics
12-17
12-32
STUDENT SERVICES
Campus Recreation
Childcare Center
Health Center
University Center
SP13-08
13-04
13-03
SP14-03
X
X
X
X
X
X
X
X
7-1-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON
Auditable Area
OTHER AUDITS:
Cash Handling Reviews
IT - PeopleSoft Student Acad. & Admin., Data Conversion
Medical Billings
National Research University Fund
Privacy/Information Security
Research - JAMP
Research - CPRIT
FY 2008
FY 2009
08-23
08-12
09-24
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
10-20
10-22
12-24
11-30
11-08
09-05
13-07
14-20
7-1-4
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
LATER
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-CLEAR LAKE
Auditable Area
FY 2008
ANNUAL ASSISTANCE / MANDATES
SAO Liaison - State-wide and Other Audits
SAO - Regional Accreditation Reviews (SACS)
THECB - ARP/ATP Grants
THECB - Facilities Audits
THECB - Techonology Workforce Development
SYSTEM-WIDE AUDITS
Academic Fees
Accounts Payable
Athletics (N/A)
Auxiliary Contract Administration
Budgeting
College/Division (See School & Division Audits below)
Continuing Education
Contracts & Grants Administration (Sponsored Programs)
Endowments
Enrollment Management
Facilities Management
Facilities Planning & Construction
Financial Aid
Financial Reporting
Formula Funding
General Accounting
Human Resources
Information Technology (UCT)
Institutional Compliance Programs
Investment Management (N/A)
Library
Parking
Payroll
Police Department
Procurement Cards/Travel Cards
Property Management (Fixed Assets)
Purchasing/Contract Administration
Student Accounting & Receivables
Student Housing (N/A)
Student Services
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
LATER
X
X
X
X
X
10-19
09-16
X
X
13-18
X
X
X
X
X
X
X
X
X
13-34
14-17
X
X
08-13
11-18
13-33
X
X
12-36
X
X
X
10-02
12-21
X
X
X
X
SP12-05
X
X
X
X
X
X
X
X
X
X
7-1-5
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-CLEAR LAKE
Auditable Area
FY 2008
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
Support Organizations (N/A)
Travel and Entertainment Expenditures
University Advancement
FY 2014
11-23
SCHOOLS
Business
Education
Human Sciences and Humanities
Science & Computer Engineering
X
13-21
10-21
10-14
X
X
X
10-25
X
11-22
REARCH CENTER
Environment Institute of Houston
13-14
SP13-13
13-29
09-24
LATER
X
X
10-13
DIVISIONS
Administration & Finance
President's Office
Provost's Office
OTHER AUDITS
Cash Handling Reviews
FY 2013
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
10-20
7-1-6
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-DOWNTOWN
Auditable Area
FY 2008
FY 2009
ANNUAL ASSISTANCE / MANDATES
SAO Liaison - State-wide & Other Audits
SAO - Regional Accreditation Reviews (SACS)
THECB - ARP/ATP Grants
SYSTEM-WIDE AUDITS
Academic Fees
Accounts Payable
Athletics (N/A)
Auxiliary Contract Administration
Budgeting
College/Division (See College & Division Audits below)
Continuing Education
Contract and Grants Administration
Endowments
Enrollment Management
Facilities Management
Facilities Planning & Construction
Financial Aid
Financial Reporting
Formula Funding
General Accounting
Human Resources
Information Technology
Institutional Compliance Programs
Investment Management (N/A)
Library
Parking
Payroll
Police Department
Procurement Cards/Travel Cards
Property Management (Fixed Assets)
Purchasing/Contract Administration
Student Accounting & Receivables
Student Housing (N/A)
Student Services
Support Organizations (N/A)
Travel and Entertainment Expenditures
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
LATER
X
X
10-28
X
X
X
13-17
X
X
X
X
X
X
X
X
14-25
SP10-01
X
X
08-14
11-19
SP12-01
12-36
13-23
X
X
X
X
X
09-20
12-11
SP13-11
X
X
X
X
X
X
X
X
X
X
X
X
X
X
11-23
7-1-7
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-DOWNTOWN
Auditable Area
FY 2008
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
University Advancement
COLLEGES
Business
Humanities and Social Sciences
Public Service
Sciences and Technology
University College
09-03
SP09-04
14-15
X
12-37
09-17
10-15
X
SP11-02
11-15
DIVISIONS
Academic & Student Affairs
Administration & Finance
Advancement & External Affairs
Employment Services & Operations
President's Office
OTHER AUDITS
Cash Handling Reviews
Contracts and Grants - JAMP
X
14-24
08-22
14-21
13-12
13-22
X
X
X
X
X
12-34
12-39
12-35
09-24
09-04
11-07
7-1-8
X
X
11-16
LATER
X
14-06
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-VICTORIA
Auditable Area
FY 2008
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
ANNUAL ASSISTANCE / MANDATES
SAO Liaison - State-wide and Other Audits
SAO - Regional Accreditation Reviews (SACS)
SYSTEM-WIDE AUDITS
Academic Fees
Accounts Payable
Athletics
Auxiliary Contract Administration
Budgeting
College/Division (See School & Division Audits below)
Continuing Education (N/A)
Contract and Grants Administration
Endowments
Enrollment Management
Facilities Management
Facilities Planning & Construction
Financial Aid
Financial Reporting
Formula Funding
General Accounting
Human Resources
Information Technology (Computing Services)
Institutional Compliance Programs
Investment Management (N/A)
Library
Parking
Payroll
Police Department
Procurement Cards/Travel Cards
Property Management (Fixed Assets)
Purchasing/Contract Administration
Student Accounting & Receivables
Student Housing
Student Services
Support Organizations (N/A)
Travel and Entertainment Expenditures
LATER
X
X
X
X
X
13-20
X
X
X
X
14-04
X
X
X
X
X
08-20
X
11-17
X
12-36
X
X
X
09-19
12-20
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
11-23
7-1-9
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-VICTORIA
Auditable Area
FY 2008
FY 2009
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
FY 2013
FY 2014
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
University Advancement
SCHOOLS
College/Division - Arts & Sciences
College/Division - Business Administration
SP11-01
SP11-07
College/Division - Education
College/Division - Nursing
DIVISIONS
College/Division - Administration & Finance
College/Division - President's Office
College/Division - Provost
12-26
12-28
SP12-11
X
X
SP13-01
SP13-02
SP13-06
X
12-27
SP12-08
11-14
11-12
X
12-22
11-13
7-1-10
X
X
LATER
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
FREQUENCY OF AUDIT ACTIVITY
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-SYSTEM
Auditable Area
Annual Procurement Report
Board of Regents' Travel
Chancellor/President's Travel
Construction Procurement Process
Consumable/Resale Inventory
Follow-up Audit Procedures
Internal Auditing Quality Assurance/Peer Review
Non-Compliance Report
SAO Liaison
Wortham House - Fixed Asset Inventory
FY 2008
FY 2009
08-06
08-07
09-10
09-09
WORK PERFORMED
Audit Rpt. No./Special Project Rpt. No.
X = Work In-Progress/Scheduled
FY 2010
FY 2011
FY 2012
10-05
10-04
09-06
08-01, 08-09, 09-01, 09-11, 10-01, 10-08
08-15, 08-21 09-15, 09-21 10-16, 10-23
09-08
08-03
09-07
11-03
11-04
11-28
11-01, 11-09
11-21, 11-27
10-06
11-06
08-04, 08-11
12-05
12-06
12-02, 12-10
12-16, 12-31
12-01, 12-09
12-15, 12-30
12-29
12-08
FY 2013
FY 2014
13-08
13-09
13-02, 13-16
13-28
14-09
14-08
14-02, 14-13
14-19
13-01, 13-15
13-27
14-01, 14-12
14-18
WORK
SCHEDULED
FY 2015 FY 2016 FY 2017
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
LATER
X
13-10
14-03
X
X
X
7-1-11
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITNG DEPARTMENT
AUDIT REPORTS ISSUED
REGULAR REPORTS
REPORT #
AR2014-01
AR2014-02
AR2014-03
AR2014-04
AR2014-05
AR2014-06
AR2014-07
AR2014-08
AR2014-09
AR2014-10
AR2014-11
AR2014-12
AR2014-13
AR2014-14
AR2014-15
AR2014-16
AR2014-17
AR2014-18
AR2014-19
AR2014-20
AR2014-21
AR2014-22
AR2014-23
AR2014-24
AR2014-25
AR2014-26
AR2014-27
AR2014-28
TITLE
Follow-up Status Report - Actions Scheduled for Implementation from 7/1/13 to 12/31/13
Construction Award Status Report
Annual Non-Compliance Report, FY 2013
UHV Research Administration
UH Division of Research, Departmental Reviews
UHD Joint Admissions Medical Program, FY 2013
UH College of Technology, Departmental Reviews
Chancellor/President'sTravel & Entertainment Expenditures, FY 2013
Board of Regents' Travel & Entertainment Expenditures, FY 2013
UH College of Business, Departmental Reviews
UH Honors College, Departmental Review
Follow-up Status Report - Actions Scheduled for Implementation from 1/1/14 to 3/31/14
Construction Award Status Report
UH Athletics, Football Attendance - 2013 Season
UHD College of Humanities and Social Sciences, Departmental Reviews
UH College of Natural Sciences and Mathematics, Departmental Reviews
UHCL Endowments
Follow-up Status Report - Actions Scheduled for Implementation from 4/1/14 to 6/30/14
Construction Award Status Report
UH Cancer Prevention and Research Institution of Texas, Grant Awards
UHD College of Sciences and Technology, Departmental Reviews
UH College of Pharmacy, Departmental Review
UH Law Center, Departmental Reviews
UHD College of Business, Departmental Reviews
UHD Endowments
UH Procurement Cards
Information Technology Audit Activity Report, FY 2014
UH Information Security Standards
AR2013-01
AR2013-02
AR2013-03
AR2013-04
AR2013-05
AR2013-06
AR2013-07
AR2013-08
AR2013-09
Follow-up Status Report - Actions Scheduled for Implementation from 7/1/12 to 12/31/12
Construction Award Status Report
UH Texas Center for Superconductivity
UH Center for Advanced Materials
UH Law Center, Endowments
UH College of Architecture, Endowments
UH JAMP, FY 2011-2012
Board of Regents' Travel, FY 2012
Chancellor/President's Travel, FY 2012
7-2-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITNG DEPARTMENT
AUDIT REPORTS ISSUED
REGULAR REPORTS
REPORT #
AR2013-10
AR2013-11
AR2013-12
AR2013-13
AR2013-14
AR2013-15
AR2013-16
AR2013-17
AR2013-18
AR2013-19
AR2013-20
AR2013-21
AR2013-22
AR2013-23
AR2013-24
AR2013-25
AR2013-26
AR2013-27
AR2013-28
AR2013-29
AR2013-30
AR2013-31
AR2013-32
AR2013-33
AR2013-34
AR2013-35
AR2013-36
TITLE
Annual Non-Compliance Report, FY 2012
UH Graduate College of Social Work, Endowments
UHD Student Success and Enrollment Management, Departmental Reviews
UH Football Attendance, 2012 Season
UHCL President's Office, Departmental Review
Follow-up Status Report - Actions Scheduled for Implementation from 1/1/13 to 3/30/13
Construction Award Status Report
UHD Auxiliary Contract Administration
UHCL Auxiliary Contract Administration
UH Auxiliary Contract Administration
UHV Auxiliary Contract Administration
UHCL School of Education, Departmental Review
UHD Division of Adminstration & Finance, Departmental Reviews
UHD Financial Aid - Direct Loans, Work Study, SEOG
UH College of Hotel and Restaurant Management, Endowments
UH College of Business, Endowments
UH University Advancement, Departmental Review
Follow-up Status Report - Actions Scheduled for Implementation from 4/1/13 to 6/30/13
Construction Award Status Report
UHCL Environmental Institute of Houston
UH College of Engineering, Departmental Reviews
UH Athletics, NCAA Rules-Compliance
UH Frequent Traveler Audit
UHCL Financial Aid, Title IV
UHCL Research Administration
UH University Libraries, Departmental Review
Information Technology Audit Activity Report, FY 2013
AR2012-01
AR2012-02
AR2012-03
AR2012-04
AR2012-05
AR2012-06
AR2012-07
AR2012-08
AR2012-09
AR2012-10
Follow-up Status Report - Actions Scheduled for Implementation from 7/1/11 to 9/30/11
Construction Awards
UH College of Engineering, Endowments
UH College of Hotel & Restaurant Management, Departmental Review
Board of Regents' Travel, FY 2011
Chancellor/President's Travel, FY 2011
UH Graduate College of Social Work, Departmental Review
Annual Non-Compliance Report, FY 2011
Follow-up Status Report - Actions Scheduled for Implementation from 10/1/11 to 12/31/11
Construction Awards
7-2-2
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITNG DEPARTMENT
AUDIT REPORTS ISSUED
REGULAR REPORTS
REPORT #
AR2012-11
AR2012-12
AR2012-13
AR2012-14
AR2012-15
AR2012-16
AR2012-17
AR2012-18
AR2012-19
AR2012-20
AR2012-21
AR2012-22
AR2012-23
AR2012-24
AR2012-25
AR2012-26
AR2012-27
AR2012-28
AR2012-29
AR2012-30
AR2012-31
AR2012-32
AR2012-33
AR2012-34
AR2012-35
AR2012-36
AR2012-37
AR2012-38
AR2012-39
TITLE
UHD Information Security Standards
UH Provost Office, Endowments
UH Athletics, Football Attendance - 2011 Season
UH Office of Academic Affairs and Provost, Departmental Reviews
Follow-up Status Report - Actions Scheduled for Implementation from 1/1/12 to 3/31/12
Construction Awards
UH Texas Learning and Computation Center
UH Non-College, Specific Endowments
UH Hilton Hotel
UHV Information Security Standards
UHCL Information Security Standards
UHV President's Office, Departmental Reviews
UH System Administration, Endowments
UH National Research University Fund
UH Athletics, NCAA Rules-Compliance
UHV School of Arts and Sciences, Departmental Review
UHV School of Education and Human Devlopment, Departmental Review
UHV School of Business Administration, Departmental Review
Internal Quality Assurance Review of Internal Auditing
Follow-up Status Report - Actions Scheduled for Implementation from 4/1/12 to 6/30/12
Construction Awards
UH Texas Institute for Measurement, Evaluation, and Statistics
UH Texas Center for Superconductivity, Endowments
UHD Advancement & External Relations, Departmental Review
UHD President's Office, Departmental Review
UHS Financial Reporting
UHD College of Public Service, Departmental Review
Information Technology Audit Activity Report, FY 2012
UHD Employment Services and Operations, Departmental Review
AR2011-01
AR2011-02
AR2011-03
AR2011-04
AR2011-05
AR2011-06
AR2011-07
AR2011-08
Follow-up Status Report - Actions Scheduled for Implementation from 7/1/10 to 9/30/10
UH Athletics, Departmental Review
Board of Regents Travel, FY 2010
Chancellor/President's Travel, FY 2010
UH Division of Student Affairs, Departmental Reviews
Annual Non-Compliance Report
UHD JAMP, FY 2009 - FY 2010
UH JAMP, FY 2009 - FY 2010
7-2-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITNG DEPARTMENT
AUDIT REPORTS ISSUED
REGULAR REPORTS
REPORT #
AR2011-09
AR2011-10
AR2011-11
AR2011-12
AR2011-13
AR2011-14
AR2011-15
AR2011-16
AR2011-17
AR2011-18
AR2011-19
AR2011-20
AR2011-21
AR2011-22
AR2011-23
AR2011-24
AR2011-25
AR2011-26
AR2011-27
AR2011-28
AR2011-29
AR2011-30
AR2011-31
AR2011-32
AR2011-33
AR2011-34
TITLE
Follow-up Status Report - Actions Scheduled for Implementation from 10/1/10 to 12/31/10
UH Athletics, Football Attendance - 2010 Season
UH College of Optometry, Departmental Review
UHV Administration & Finance, Departmental Reviews
UHV Office of the Provost, Departmental Reviews
UHV School of Nursing, Departmental Review
UHD University College, Departmental Reviews
UHD Office of Academic Affairs & Provost, Departmental Reviews
UHV Financial Aid, Pell Grants
UHCL Financial Aid, Pell Grants
UHD Financial Aid, Pell Grants
UH Financial Aid, Scholarships
Follow-up Status Report - Actions Scheduled for Implementation from 1/1/11 to 3/31/11
UHCL Office of Academic Affairs & Provost, Departmental Reviews
Executive and Foreign Travel, All Components
UH Research Administration
UH Athletics, Endowments
UH College of Education, Endowments
Follow-up Status Report - Actions Scheduled for Implementation from 4/1/11 to 6/30/11
Construction Award Status Report
UH Library, Endowments
UHS Privacy
UH College of Education, Departmental Reviews
UH College of Optometry, Endowments
Information Technology Audit Activity Report, FY 2011
UH College of Natural Sciences & Mathematics, Endowments
AR2010-01
AR2010-02
AR2010-03
AR2010-04
AR2010-05
AR2010-06
AR2010-07
AR2010-08
AR2010-09
AR2010-10
AR2010-11
Follow-up Status Report - Actions Scheduled for Implementation from 7/1/09 to 9/30/09
UHCL Information Security Standards
UH Information Security Standards
Chancellor/President Travel, FY 2009
Board of Regents Travel, FY 2009
Annual Non-Compliance Report, FY 2009
UH CLASS, Departmental Reviews
Follow-up Status Report - Actions Scheduled for Implementation from 10/1/09 to 12/31/09
UH Honors College, Departmental Review
UH Foundation Review
UH Alumni Association Review
7-2-4
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITNG DEPARTMENT
AUDIT REPORTS ISSUED
REGULAR REPORTS
REPORT #
AR2010-12
AR2010-13
AR2010-14
AR2010-15
AR2010-16
AR2010-17
AR2010-18
AR2010-19
AR2010-20
AR2010-21
AR2010-22
AR2010-23
AR2010-24
AR2010-25
AR2010-26
AR2010-27
AR2010-28
TITLE
UH Athletics, Football Attendance - 2009 Season
UHCL School of Business, Departmental Review
UHCL School of Science and Computer Engineering, Departmental Review
UHD S&T, Engineering Technology, DR - Follow-up
Follow-up Status Report - Actions Scheduled for Implementation from 1/1/10 to 3/31/10
UH Law Center, Departmental Reviews
UH College of Architecture, Departmental Review
UH/UHCL ARP Grants, 2006 Awards
UHS Cash Handling Reviews, FY 2010
UHCL School of Human Sciences & Humanities, Departmental Review
UH Medical Billings
Follow-up Status Report - Actions Scheduled for Implementation from 4/1/10 to 6/30/10
Information Technology Audit Activity Report, FY 2010
UHCL Administration & Finance, Departmental Reviews
UH Athletics, NCAA Rules-Compliance
UHS/UH Office of the Chancellor/President, Departmental Review
UH/UHD ARP Grants, 2007 Awards
7-2-5
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT REPORTS ISSUED
SPECIAL PROJECT REPORTS
REPORT #
SP2014-01
SP2014-02
SP2014-03
SP2014-04
SP2014-05
SP2014-06
SP2014-07
SP2014-08
SP2014-09
SP2014-10
SP2014-11
TITLE
Review of Proposals for External Audits
UH Cashier's Office Missing Deposits
UH Texas Learning & Computation Center - SAO Hotline Complaint No. 14-0591
UH Small Business Development Center
UH Faculty Addresses
UH Division of Research - SAO Hotline Complaint No. 14-0588
University of Pittsburgh Peer Review
UH Internet Security - SAO Hotline Complaint No. 14-3046
UH Sasakawa International Center for Space Architecture
UH Financial Aid - SAO Hotline Complaint No. 14-3466
UH College of Natural Sciences & Mathematics - SAO Hotline Complaint No. 14-3592
SP2013-01
SP2013-02
SP2013-03
SP2013-04
SP2013-05
SP2013-06
SP2013-07
SP2013-08
SP2013-09
SP2013-10
SP2013-11
SP2013-12
SP2013-13
SP2013-14
SP2013-15
SP2013-16
UHV School of Business - SAO Hotline Complaint
UHV School of Business, Travel - SAO Hotline Complaint
UH Grade Changes
UH F&A Rate Computation - SAO Hotline Complaint
SAO NRUF - Travel Vouchers
UHV School of Business, Travel - SAO Hotline Complaint
UH Collection Fees - SAO Hotline Complaint
TLC2 Payroll Issues
UH Forensic Society, Fund Raising
UH Athletics Facilities / Venue Management - SAO Hotline Complaint
UHD Website Vulnerability - SAO Hotline Complaint
UH Credit Card Handling - SAO Hotline Compliant
UHCL Travel & Hiring Practices - SAO Hotline Compliant
Welch Foundation Analysis - Assurance
UH NSM, Earth and Atmospheric Sciences Assertions
Welch Foundation Letter - Unexpended Balances
SP2012-01
SP2012-02
SP2012-03
SP2012-04
SP2012-05
SP2012-06
SP2012-07
SP2012-08
SP2012-09
SP2012-10
UHD Financial Aid - SAO Hotline Compliant
UH Pharmacy, Graduate Assertions
UH VC/VP Credentials - SAO Hotline Compliant
UHV Jaquar Hall - SAO Hotline Compliant
UHCL Personal Information - SAO Hotline Compliant
UHS Bond Issue Proceeds - SAO Hotline Compliant
UH Moving Expenses - SAO Hotline Compliant
UHV Teacher Certifications - SAO Hotline Compliant
Student Asserts Unauthorized Financial Aid
UH Researchers / Laboratories - SAO Hotline Compliant
7-2-6
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT REPORTS ISSUED
SPECIAL PROJECT REPORTS
REPORT #
SP2012-11
SP2012-12
SP2012-13
TITLE
UHV School of Business - SAO Hotline Compliant
UH Texas Learning & Computation Center, Travel Reimbursements
Texas Tech Peer Review
SP2011-01
SP2011-02
SP2011-03
SP2011-04
SP2100-05
SP2011-06
SP2011-07
SP2011-08
UHV School of Business - SAO Hotline Complaint
UHD College of Sciences and Technology - MySafeCampus Report
UH Student Enrollment Issue - SAO Hotline Complaint
UH Cougar Village/Capital One Bank - SAO Hotline Complaint
UTEP Peer Review
UH Facilities, Planning & Construction - MySafeCampus Report
UHV School of Business - SAO Hotline Complaint
UH College of Optometry - SAO Hotline Compliant
SP2010-01
UHD Facilities Management Department - Employee Allegations
7-2-7
INTERNAL AUDIT RISK ANALYSIS
8-1
Risk Analysis Methodology
8-2
Risk Analysis
8-3
Audit Coverage Matrices
8-4
Information Technology Risk Assessment
Section 8
RISK ANALYSIS METHODOLOGY
Section 8-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
RISK ANALYSIS METHODOLOGY
Each year, the Internal Auditing Department prepares a risk analysis, as required by The
International Standards for the Professional Practice of Internal Auditing which states that its plan
of engagements should be based on a risk assessment, undertaken at least annually, and that the
input of senior management and the board should be considered in this process. Risk is defined as
the probability that an event or action may adversely affect the organization or activity under audit.
The purpose of our risk analysis is to develop an audit plan for performing audit projects in
risk areas over a specified time to minimize the risk of losses to the University; to prioritize audit
projects by the level of risk; to use our audit staff and time in an effective and efficient manner; and
to determine the nature, timing, and extent of audit steps and procedures in direct relation to the
amount and nature of the risk.
The risk methodology we use consists of three phases: (1) identification of auditable areas;
(2) input from management; and (3) a risk analysis. We also considered an auditable area's impact
on the accomplishment of the University's goals and objectives during our risk analysis. Matters
that we consider in establishing audit work schedule priorities include: (a) the date and results of
the last audit; (b) financial exposure; (c) potential loss and risk; (d) requests by management; (e)
major changes in operations, programs, systems, and controls and (f) opportunities to achieve
operating benefits.
The auditable areas audit cycle is as follows: SACS Accreditation Reviews every 10 years
(see 8-3-1); and NCAA Rules-Compliance (see 8-3-2), Financial Aid (see 8-3-3 and 8-3-4),
College/Division, Departmental Reviews (see 8-3-5), Endowments (8-3-6), and UH Information
Technology (see 8-4) receive an annual audit for a portion of the coverage areas .
The College/Division, Departmental Reviews are scheduled at least once every 5 years.
These reviews test compliance with the universities’ policies and procedures for the following 15
areas noted below.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
management oversight
operational activities
policies, procedures, required training, and reporting
cost center management
payroll
human resources
change funds and cash receipts
procurement and travel cards
departmental expenses
contract administration
property management
departmental computing
scholarships
incidental and lab fees
research
8-1-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
RISK ANALYSIS METHODOLOGY
RISK ANALYSIS:
In the attached Risk Analysis, we assigned levels of risk by use of a number rating system.
The first step was to define the risk factors. We decided on the following risk factors: (1) reason
for the audit, (2) administrative oversight, and (3) date last audited. These risk factors were
assessed as follows:
(1)
Reason for the Audit: Each auditable area was assigned a value of 5 for one of the
following reasons: auditor preference (the complexity of information systems, the
impact of compliance issues, knowledge of management practices, results of last
audit, and public relations exposure) or management request.
(2)
Administrative Oversight: We decided on the following factors to assess oversight
risk: (1) budgeted sources of funds, (2) budgeted uses of funds, (3) total
expenditures, (4) total income, and (5) total asset values. Values were assigned
from 0 to 10 (0 - < $10,000,000; 1 to 9 – increments of $10,000,000; 10 - >
$100,000,000).
(3)
Date Last Audited: Values assigned for date last audited were from 0 to 10. A
value of 10 was assigned for an auditable area that has not been audited or was
audited 10 or more years ago. Values below 10 were assigned based on how many
years since the last audit.
All risk factors for each auditable area were combined resulting in a total risk factor.
After performing the preliminary risk assessment, the following areas received the highest risk
rank (25-20). Some of these areas are scheduled for review during FY 2015-2017, while some
are not scheduled because of audit coverage in departmental reviews that addresses certain
aspects of the area.
Scheduled
Budgeting (FY 2017)
Formula Funding (FY 2015)
General Accounting (FY 2015)
Human Resources (FY 2017)
Payroll (FY 2017)
Student Housing (FY 2016)
Unscheduled
Accounts Payable
Property Management
Purchasing/Contract Administration
8-1-2
RISK ANALYSIS
Section 8-2
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON SYSTEM
SYSTEM-WIDE AUDITS
RISK ASSESSMENT
Auditable Area
Payroll
Formula Funding
General Accounting
Budgeting
Property Management (Fixed Assets)
Accounts Payable
Purchasing / Contract Administration
Human Resources
Student Housing
Enrollment Management
Financial Aid
Academic Fees
Parking
Facilities Planning & Construction
Facilities Management
University Advancement
Student Services
Library
Financial Reporting
Investment Management
Continuing Education
Contract & Grants Administration
Police Departments
Colleges/Divisions
Student Accounting & Receivables
Institutional Compliance Programs
Information Technology
Auxiliary Contract Administration
Support Organizations
Athletics
Procurement Cards / Travel Cards
Endowments
Travel and Entertainment Expenditures
Total
Risk
Rank
25
25
20
20
20
20
20
20
20
17
16
16
16
15
20
13
13
13
12
12
12
11
11
10
10
10
9
6
4
3
2
1
0
FY2015-2017
Reason For Audit
Administrative Administrative
Auditor
Management
Oversight
Oversight
Preference
Request
Risk Level
Dollars
5
5
5
10
10
10
10
10
10
10
10
4
10
10
6
1
10
5
3
3
3
10
2
0
10
1
10
10
0
4
0
0
3
2
1
0
5
5
5
5
5
5
5
5
8-2-1
550,504,475
191,322,515
1,801,158,263
1,565,900,000
886,749,342
291,566,323
291,566,323
127,272,830
40,291,739
509,334,008
342,916,691
66,591,622
15,679,917
174,889,441
58,305,213
36,396,527
31,501,603
30,417,337
1,535,270,539
28,367,292
2,723,837
100,667,622
11,261,462
1,167,819,585
509,334,008
0
47,473,687
8,181,681
0
31,103,619
29,324,456
19,673,927
6,209,904
Years
Since
Last
Audit
10
10
10
10
10
10
10
10
6
7
1
10
10
0
10
10
10
10
2
10
7
1
10
0
0
10
0
1
4
0
0
0
0
FY 2015
FY 2016
FY 2017
Later
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON
SYSTEM-WIDE AUDITS
RISK ASSESSMENT
Auditable Area
Payroll
Formula Funding
General Accounting
Budgeting
Property Management (Fixed Assets)
Accounts Payable
Purchasing / Contract Administration
Human Resources
Student Housing
Financial Aid
Enrollment Management
Parking
Facilities Planning & Construction
Academic Fees
Facilities Management
University Advancement
Financial Reporting
Investment Management
Student Services
Continuing Education
Library
Colleges/Divisions
Student Accounting & Receivables
Contract & Grants Administration
Police Departments
Institutional Compliance Programs
Information Technology
Auxiliary Contract Administration
Support Organizations
Athletics
Procurement Cards / Travel Cards
Endowments
Travel and Entertainment Expenditures
Total
Risk
Rank
25
25
20
20
20
20
20
19
19
18
17
16
15
14
19
13
12
12
12
12
11
10
10
10
10
10
7
6
4
3
2
2
0
FY2015-2017
Total
UHS
UH
Reason For Audit
Administrative Administrative Administrative Administrative
Auditor
Management
Oversight
Oversight
Oversight
Oversight
Preference
Request
Risk Level
Dollars
Dollars
Dollars
5
5
5
5
5
5
5
5
5
5
5
10
10
10
10
10
10
10
9
3
10
10
1
10
4
4
3
10
2
2
0
1
10
10
9
0
0
2
0
0
2
2
1
0
409,186,746
131,738,014
1,426,145,986
1,209,100,000
715,937,537
234,542,337
234,542,337
90,711,506
37,279,739
207,354,095
368,457,199
13,195,770
164,614,383
46,871,639
46,260,567
33,980,393
1,295,246,047
25,632,835
20,792,290
1,851,449
19,171,514
889,017,976
368,457,199
94,217,689
7,641,035
0
27,206,146
4,569,651
0
29,769,629
23,854,201
18,306,312
5,142,054
8-2-2
7,751,311
401,435,435
1,425,000
130,313,014
299,218,649 1,126,927,338
34,200,000 1,174,900,000
34,003,020
681,934,517
2,295,074
232,247,263
2,295,074
232,247,263
1,658,023
89,053,483
0
37,279,739
0
207,354,095
0
368,457,199
0
13,195,770
0
164,614,383
0
46,871,639
0
46,260,567
0
33,980,393
131,886,524 1,163,359,523
4,702,831
20,930,004
0
20,792,290
0
1,851,449
0
19,171,514
0
889,017,976
0
368,457,199
0
94,217,689
0
7,641,035
0
0
0
27,206,146
0
4,569,651
0
0
0
29,769,629
243,430
23,610,771
1,492,829
16,813,483
18,382
5,123,672
Years
Since
Last
Audit
10
10
10
10
10
10
10
10
6
3
7
10
0
10
10
10
2
10
10
7
10
0
0
1
10
10
0
1
4
1
0
1
0
FY 2015
FY 2016
FY 2017
Later
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-CLEAR LAKE
SYSTEM-WIDE AUDITS
RISK ASSESSMENT
Auditable Area
Budgeting
General Accounting
Payroll
Formula Funding
Property Management (Fixed Assets)
Parking
Enrollment Management
Financial Reporting
Accounts Payable
Purchasing / Contract Administration
Human Resources
Colleges/Divisions
Academic Fees
Facilities Management
Student Services
Library
Police Departments
Investment Management
Procurement Cards / Travel Cards
University Advancement
Continuing Education
Institutional Compliance Programs
Financial Aid
Information Technology
Auxiliary Contract Administration
Facilities Planning & Construction
Student Accounting & Receivables
Travel and Entertainment Expenditures
Contract & Grants Administration
Endowments
Athletics
Student Housing
Support Organizations
Total
Risk
Rank
20
20
20
17
16
15
14
11
11
11
11
10
10
10
10
10
10
10
10
10
10
10
9
7
6
5
4
3
1
0
0
0
0
FY2015-2017
Reason For Audit
Administrative Administrative
Auditor
Management
Oversight
Oversight
Preference
Request
Risk Level
Dollars
10
10
5
2
6
0
4
9
1
1
1
9
0
0
0
0
0
0
0
0
0
0
3
0
0
0
4
0
0
0
0
0
0
5
5
5
5
5
5
5
8-2-3
112,200,000
110,165,570
52,745,292
23,986,560
60,791,103
807,297
48,936,219
93,318,794
17,975,926
17,975,926
14,925,456
93,404,570
5,597,693
5,331,463
3,972,885
3,772,355
1,615,239
1,173,060
761,579
645,550
0
0
37,093,356
5,753,812
353,039
425,058
48,936,219
505,909
3,031,632
463,707
0
0
0
Years
Since
Last
Audit
10
10
10
10
10
10
10
2
10
10
10
1
10
10
10
10
10
10
10
10
10
10
1
2
1
0
0
3
1
0
0
0
0
FY 2015
FY 2016
FY 2017
Later
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-DOWNTOWN
SYSTEM-WIDE AUDITS
RISK ASSESSMENT
Auditable Area
Payroll
General Accounting
Budgeting
Property Management (Fixed Assets)
Formula Funding
Enrollment Management
Parking
Financial Aid
Financial Reporting
Accounts Payable
Purchasing / Contract Administration
Human Resources
Academic Fees
Colleges/Divisions
Facilities Management
Student Services
Library
Procurement Cards / Travel Cards
Police Departments
University Advancement
Investment Management
Continuing Education
Institutional Compliance Programs
Information Technology
Contract & Grants Administration
Student Accounting & Receivables
Auxiliary Contract Administration
Facilities Planning & Construction
Travel and Entertainment Expenditures
Endowments
Athletics
Student Housing
Support Organizations
Total
Risk
Rank
21
20
20
17
17
16
15
13
12
12
12
11
11
10
10
10
10
10
10
10
10
10
10
8
7
6
6
5
3
0
0
0
0
FY2015-2017
Reason For Audit
Administrative Administrative
Auditor
Management
Oversight
Oversight
Preference
Request
Risk Level
Dollars
5
6
10
10
7
2
6
0
7
10
2
2
1
1
10
0
0
0
0
0
0
0
0
0
1
0
6
0
0
0
0
0
0
0
5
5
5
5
5
5
8-2-4
63,889,763
252,170,778
175,700,000
79,698,402
21,386,080
68,500,791
1,676,850
73,481,733
122,025,074
24,045,782
24,045,782
15,383,776
11,947,901
142,537,806
5,070,850
4,597,776
4,548,110
2,740,318
2,005,188
1,770,584
1,167,996
872,388
0
13,475,598
3,035,426
68,500,791
859,977
0
287,935
676,504
0
0
0
Years
Since
Last
Audit
10
10
10
10
10
10
10
1
2
10
10
10
10
0
10
10
10
10
10
10
10
10
10
2
7
0
1
0
3
0
0
0
0
FY 2015
FY 2016
FY 2017
Later
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON-VICTORIA
SYSTEM-WIDE AUDITS
RISK ASSESSMENT
Auditable Area
Payroll
Budgeting
Formula Funding
Parking
Student Housing
Property Management (Fixed Assets)
Enrollment Management
Accounts Payable
Purchasing / Contract Administration
General Accounting
Financial Aid
Human Resources
Library
Academic Fees
Student Services
Procurement Cards / Travel Cards
Facilities Management
Investment Management
Endowments
Continuing Education
Institutional Compliance Programs
Police Departments
University Advancement
Information Technology
Colleges/Divisions
Auxiliary Contract Administration
Facilities Planning & Construction
Financial Reporting
Travel and Entertainment Expenditures
Student Accounting & Receivables
Athletics
Contract & Grants Administration
Support Organizations
Total
Risk
Rank
17
16
16
15
14
13
12
11
11
11
10
10
10
10
10
10
10
10
10
10
10
10
10
7
6
6
5
4
3
2
2
0
0
FY2015-2017
Reason For Audit
Administrative Administrative
Auditor
Management
Oversight
Oversight
Preference
Request
Risk Level
Dollars
5
5
5
5
2
6
1
0
0
3
2
1
1
1
2
0
0
0
0
0
0
0
0
0
0
0
0
0
4
0
0
2
0
2
0
0
0
5
5
5
5
5
8-2-5
24,682,674
68,900,000
14,211,861
0
3,012,000
30,322,300
23,439,799
15,002,278
15,002,278
12,675,929
24,987,507
6,252,092
2,925,358
2,174,389
2,138,652
1,968,358
1,642,333
393,401
227,404
0
0
0
0
1,038,131
42,859,233
2,399,014
9,850,000
24,680,624
274,007
23,439,799
1,333,990
382,875
0
Years
Since
Last
Audit
10
10
10
10
4
10
10
10
10
10
3
10
10
10
10
10
10
10
10
10
10
10
10
2
2
1
0
2
3
0
2
0
0
FY 2015
FY 2016
FY 2017
Later
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT COVERAGE MATRICES
INDEX
1.
SACS Accreditation Reviews
2.
NCAA Rules-Compliance
3.
Financial Aid – Schedule
4.
Financial Aid – Award Amounts
5.
Departmental Reviews
6.
Endowments
Section 8-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT COVERAGE MATRIX
SACS 10 YEAR ACCREDITATION REVIEWS
Year
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
UH
10 Year
CAMPUS
UHCL
UHD
10 Year
10 Year
UHV
10 Year
X
X
X
X
X
Note: A special project report from the State Auditor's Office (SAO) is
required for the 10 year reviews. The Internal Auditing Department
prepares the working papers for the SAO, using the SAO's work program.
8-3-1
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT COVERAGE MATRIX
NCAA RULES-COMPLIANCE
Audit Areas
Major Areas
Eligibility
- Initial-Eligibility Certification
- Continuing-Eligibility Certification
- Transfer-Eligibility Certification
Financial Aid Administration
Recruiting
FY 2015 FY 2016 FY 2017 FY 2018 FY 2019
X
X
X
X
X
Other Areas
Governance & Organization
Academic Performance Program
Camps and Clinics
Investigations and Self-Reporting Rules Violations
Rules Education
Extra Benefits
- Athletic Equipment and Apparel
- Complimentary Admissions
- Student-Athlete Vehicles
- Team Travel
- Representatives of Athletics Interests
Playing and Practice Seasons
Student-Athlete Employment
Amateurism
Commitment of Personnel to Rules-Compliance Activities
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Note: NCAA Bylaw 22.2.1.2.(e) - …the institution shall demonstrate that: … at least once
every four years, its rules-compliance program is the subject of evaluation by an authority
outside of the athletics department. This bylaw was rescinded as of February 2013. However,
the Athletics Compliance Department continues to follow the remaining NCAA bylaws as part
of their compliance operations.
8-3-2
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT COVERAGE MATRIX
FINANCIAL AID
FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2019
Title IV
Pell Grants
Federal Direct Loan Program
Perkins Loans
College Work-Study
Supplemental Education Opportunity Grants
TEACH Grant
X
X
X
X
X
X
Non-Title IV
Scholarships
Designated Tuition (20%) - Set Aside
Other Non-Title IV
X
X
X
8-3-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
FINANCIAL AID PROGRAMS
TOTAL AWARDS
Supplemental
Education
Opportunity
Grants
Academic
Competitiveness
Grant
National
SMART
Grant
$ Awards
$ Awards
$ Awards
Federal Family
Education
Loan Program
Federal
Direct Loan
Program
Pell Grants
$ Awards
$ Awards
$ Awards
2008
2009
2010
2011
2012
2013
2014
$127,525,067
$136,105,908
$143,760,077
N/A
N/A
N/A
N/A
N/A
N/A
$8,244,959
$172,662,435
$181,547,103
$172,531,087
$162,259,752
$24,341,144
$28,767,072
$42,684,559
$51,004,966
$54,577,436
$53,526,012
$51,490,996
$3,687,787
$3,634,942
$3,353,817
$1,126,019
$2,118,694
$1,456,759
$63,768
$1,535,212
$1,578,869
$1,797,976
$1,295,837
$1,617,134
$1,328,953
$1,329,684
$1,280,094
$2,126,386
$1,650,000
$1,165,849
$1,000,000
$1,000,000
$1,055,234
UHCL
2008
2009
2010
2011
2012
2013
2014
$32,376,828
N/A
N/A
N/A
N/A
N/A
N/A
N/A
$32,791,171
$35,468,523
$36,553,539
$37,401,756
$35,416,173
$31,621,768
$3,268,117
$3,613,283
$5,736,855
$7,223,187
$7,705,328
$7,867,066
$7,657,532
$84,084
$70,951
$57,897
$64,042
$53,111
$67,000
$52,000
$108,689
$84,664
$101,697
$123,044
$124,471
$111,587
$143,815
2008
2009
2010
2011
2012
2013
2014
$42,802,572
$40,766,446
$47,148,593
N/A
N/A
N/A
N/A
N/A
N/A
$22,552
$49,650,902
$53,723,163
$52,876,329
$49,973,546
$12,524,136
$14,767,738
$22,748,948
$26,792,564
$26,751,083
$26,294,178
$26,465,051
N/A
N/A
N/A
N/A
N/A
N/A
2008
2009
2010
2011
2012
2013
2014
$8,935,228
$11,110,936
N/A
N/A
N/A
N/A
N/A
N/A
N/A
$14,876,155
$18,997,187
$21,534,532
$21,082,561
$21,217,151
$1,345,869
$1,599,942
$2,936,721
$4,561,797
$4,771,457
$5,028,439
$5,457,117
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Entity/
Year
College
Perkins Loans Work-Study
$ Awards
$ Awards
TEACH
Grant
Total
Title IV
Financial Aid
$ Awards
UH
$503,526
$598,830
$846,978
$852,945
N/A
N/A
N/A
$453,539
$380,984
$628,217
$601,449
N/A
N/A
N/A
N/A
$31,500
$50,000
$96,500
$77,500
$51,000
$32,977
$159,326,369
$173,224,491
$203,016,583
$228,806,000
$240,937,867
$229,893,811
$216,232,411
$197,424
$204,009
$197,656
$205,036
$190,449
$197,915
$118,766
N/A
N/A
N/A
N/A
N/A
N/A
N/A
$48,000
$26,000
$228,658
$315,573
N/A
N/A
N/A
N/A
$176,636
$287,239
$358,038
$297,458
$247,651
$228,374
$36,083,142
$36,966,714
$42,078,525
$44,842,459
$45,772,573
$43,907,392
$39,822,255
$222,826
$271,371
$398,079
$409,926
$285,343
$306,207
$310,022
$513,767
$522,948
$508,825
$420,590
$421,385
$465,399
$376,525
$252,673
$251,462
$372,035
$451,165
N/A
N/A
N/A
$4,000
$11,000
$41,400
$155,095
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
$56,319,974
$56,590,965
$71,240,432
$77,880,242
$81,180,974
$79,942,113
$77,125,144
$50,025
$34,984
$45,397
$72,920
$92,906
$120,131
$113,279
$72,475
$74,092
$61,425
$76,385
$57,068
$93,726
$78,840
N/A
N/A
N/A
$51,750
N/A
N/A
N/A
$26,522
$16,000
$27,500
$28,000
N/A
N/A
N/A
N/A
$32,000
$29,000
$26,000
$26,000
$18,322
$20,078
$10,430,119
$12,867,954
$17,976,198
$23,814,039
$26,481,963
$26,343,179
$26,886,465
UHD
UHV
NOTE 1: Award amounts were provided by Financial Aid Directors.
8-3-4
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
AUDIT COVERAGE MATRIX
DEPARTMENTAL REVIEWS
University
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
UH
College/Division Name
Academic Affairs/Provost
Administration & Finance
Architecture
Athletics
Business
Chancellor/President
Education
Engineering
Graduate College of Social Work
Honors
Hotel & Restaurant Management
Law Center
Liberal Arts & Social Sciences
Library
Natural Sciences & Mathematics
Optometry
Pharmacy
Research
Student Affairs & Enrollment Services
Technology
University Advancement
FY 2014 BUDGET
Operations
Restricted
Expenditures
Expenditures
47,558,350
4,325,001
94,031,266
19,091,355
5,175,806
680,988
31,836,801
3,899,916
43,246,847
7,504,419
2,455,022
85,253
13,260,155
4,157,767
33,185,517
22,305,588
4,139,773
2,956,906
2,610,457
963,084
12,307,604
2,713,124
24,992,079
358,005
63,467,583
14,464,754
18,782,798
388,716
51,749,117
30,670,839
17,342,966
5,514,488
14,655,073
3,518,304
40,745,766
10,903,565
115,651,324
85,397,328
14,423,805
2,123,851
15,203,022
173,594
666,821,131
222,196,845
FTEs
248
1,397
66
158
377
21
256
413
85
45
110
296
1,073
118
581
149
116
279
635
123
159
6,706
UHCL
UHCL
UHCL
UHCL
UHCL
UHCL
UHCL
Administration & Finance
Business
Education
Human Sciences & Humanities
President's Office
Provost's Office
Science and Computer Engineering
13,413,017
10,355,329
6,536,977
8,377,034
2,086,247
29,920,025
6,953,027
77,641,656
207,998
3,500
1,093,114
886,129
12,224
12,835,023
724,926
15,762,914
184
136
112
158
22
364
117
1,091
UHD
UHD
UHD
UHD
UHD
UHD
UHD
UHD
UHD
UHD
Academic & Student Affairs
Administration & Finance
Advancement & External Relations
Business
Employment Svc & Operations
Humanities & Social Sciences
President's Office
Public Service
Sciences & Technology
University College
28,855,363
26,699,589
2,561,422
11,905,564
1,413,330
12,348,828
1,196,081
6,298,010
8,528,825
1,522,260
101,329,272
37,206,525
1,500
2,067
374,752
0
77,100
5,876
537,797
1,431,065
1,571,852
41,208,534
286
249
15
154
15
246
8
104
156
34
1,268
UHV
UHV
UHV
UHV
UHV
UHV
UHV
Administration & Finance
Arts & Sciences
Business Administration
Education
President's Office
Provost
Nursing
5,594,609
4,738,681
6,949,829
2,970,509
3,416,795
9,795,122
1,955,488
35,421,033
0
0
299,175
0
61,679
6,648,346
429,000
7,438,200
67
76
79
38
30
142
24
457
8-3-5
FY 2015 FY 2016 FY 2017 FY 2018 FY 2019
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
UNIVERSITY OF HOUSTON SYSTEM
AUDIT COVERAGE MATRIX
ENDOWMENTS
Endowment Category
University of Houston:
Advancement
College of Architecture
Athletics
C. T. Bauer College of Business
College of Education
Cullen College of Engineering
Graduate College of Social Work
Honors College
Hilton College of Hotel Restaurant Mgmt
College of Liberal Arts & Social Sciences
College of Law
Library
Non College Specific
College of Natural Sciences & Mathematics
College of Optometry
College of Pharmacy
President
Provost
Student Affaris
TCSUH
College of Technology
Total - University of Houston
No. of
Market Value
Endowments as of 8/31/13
Income
Distributed
FY 2013
FY 2011
FY 2012
FY 2013
FY 2014
1
17
41
99
60
80
23
48
55
263
11
55
188
51
33
82
5
19
6
9
28
1,174
3,809,491
9,814,813
5,763,044
59,725,758
2,479,422
15,402,770
3,235,436
7,506,002
3,990,890
76,473,679
1,584,513
7,660,010
78,408,888
19,046,045
4,209,538
2,357,036
2,341,320
48,437,320
615,174
14,686,751
1,635,294
369,183,195
(173,594)
(335,448)
(199,916)
(957,102)
(75,785)
(446,314)
(82,540)
(246,693)
(139,821)
(2,511,007)
(58,628)
(267,666)
(1,121,620)
(631,568)
(138,428)
(67,527)
(82,821)
(1,820,778)
(21,838)
(549,768)
(53,139)
(9,982,001)
University of Houston-Clear Lake
147
21,115,044
(466,519)
X
University of Houston-Downtown
84
26,447,307
(693,590)
X
University of Houston-Victoria
81
11,096,713
(302,622)
System Administration
21
111,708,734
(3,968,883)
1,507
539,550,993
(15,413,615)
TOTAL - UH SYSTEM ENDOWMENT FUND
8-3-6
FY 2015
FY 2016
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
INFORMATION TECHNOLOGY RISK ASSESSEMENT
UNIVERSITY OF HOUSTON
University of Houston Information Technology Department prepared a risk assessment based on
its service domains using the Institute of Internal Auditors Global Technology Audit Guide. For
each service domain, a risk assessment was performed using the following risks: university
dependency, quality of internal controls, changes in service domain, availability, integrity, and
confidentiality. After rating likelihood and impact of each risk, the overall risk score was
tabulated for each service domain.
Included in the risk assessment are the following:
• Information Technology Risk Assessment,
• Risk Assessment Methodology, and
• Service Domains and Sub-Programs.
Section 8-4
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
INTERNAL AUDIT PLAN, FY 2015-2017
Impact
∑LxI
2
1
1
1
1
1
1
1
2
1
2
9
243
6
10
$16,603,828
$495,345
$538,639
$11,375,117
$94,635
$195,900
$2,451,320
1
1
3
1
1
1
2
1
3
1
3
1
3
15
57
$5,069,978
$2,228,900
$90,000
1
3
1
1
1
2
1
3
1
2
1
1
12
49
$1,827,045
$2,538,132
1
3
1
1
1
2
1
3
1
3
1
3
15
14
$1,212,091
$877,900
1
1
1
3
3
3
1
1
1
1
1
1
1
1
1
2
1
2
1
1
1
3
2
2
1
1
1
2
1
2
1 1
1
3
12
9
13
10
1
10
$413,802
$137,292
$794,148
$74,000
1
1
1
3
1
1
1
2
1
3
1
3
1
3
15
16
2
1
1
1
1
3
3
3
3
3
1
1
1
1
1
1
1
1
1
1
2
2
1
2
1
2
1
1
2
2
2
2
1
1
1
3
3
2
3
3
1
1
1
1
1
3
1
3
1
3
1
1
1
1
1
2
1
2
1
3
22
14
12
13
15
34
1
6
12
19
Composite Risk
Level
$30,430,265
$589,980
$734,539
Low
$7,388,878
Low
$4,365,177
Low
$30,000
$2,119,991
Low
$425,083
$175,000
$487,802
$137,292
$1,394,231
Low
Low
Low
$1,225,877
$370,500
$30,000
$1,626,377
Low
$2,335,155
$103,489
$459,689
$765,681
$1,225,599
$2,881,327
$312,500
$254,200
$870,500
$251,540
$1,626,320
$6,842,802
$415,989
$713,889
$2,136,181
$1,477,139
Medium
Low
Low
Low
Low
Composite Risk Level Range: High=35-54; Medium=20-34; Low=6-19
Lowest possible score = 6 Highest possible score = 54 Midpoint = 30
Source: Adapted from The Institute of Internal Auditors Global Technology Audit Guide (GTAG) 2005
Note: The Information Technology Risk Assessment was prepared by the University of Houston Information Technology Department.
8-4-1
Budget Total
Capital Projects
Likelihood
M&O
Impact
Salaries /
Benefits
Likelihood
Budgeted FTE
Total Risk Score
Confidentiality
Impact
Integrity
Availability
Likelihood
Changes in
Service Domain
Quality of
Internal
Controls
Impact
10. Operations, Data Center, Print Services
11. Research Computing, Academic Computing
12. Telephony
13. Web Support Services
Likelihood
9. Network Infrastructure and Services
(encompasses Wireless Network Services)
(System-wide)
Impact
4. Enterprise Infrastructure and Services, Identity
Management
5. Help Desk
6. IT Policy
7. Information Technology Security
8. Instructional Technology, Multimedia Services,
Student Computing
Likelihood
1. Administration of IT Organization
1a. A&F Business Services
2. Administrative / Enterprise Information Systems
(System-wide)
3. Desktop Computing Support, User Support
Services, Training, Computer Store
Impact
IT Audit Universe Categories – UIT Service Domains
Likelihood
IT Risk Assessment FY14: The Impact of Risk Areas
on UIT Service Domains
University
Dependency
UNIVERSITY OF HOUSTON
INFORMATION TECHNOLOGY RISK ASSESSMENT
$500,000
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
IT Risk Assessment Methodology 2014*
*Adapted from The Institute of Internal Auditors Global Technology Audit Guide
(GTAG) 2005
Risk – Definition – The probability of an event occurring that will have an impact on the
achievement of university objectives. Risk = Likelihood (probability) of event x Impact
IT Audit Universe Categories – Defined by Educause Service Domains, further broken down by
UIT into sub-programs. These service domains map to the UIT Line Item Budget and are
reflected in UIT Performance Metrics.
Likelihood – High probability that the risk will occur (H – 3), medium probability that the risk
will occur (M – 2), low probability that the risk will occur (L – 1).
Impact – There is a potential for material impact on the institution’s earnings, assets or reputation
(H – 3). The potential impact may be significant to IT, but moderate in terms to the total
institution (M – 2). The potential impact on the institution is minor in size or limited in scope (L
– 1).
Risks Assessed – Each UIT Service Domain (IT Audit Universe Category) is assessed according
to the following risks:
•
University Dependency – How many University organizations are supported by the
service, and to what degree?
(L) The service domain does not serve other organizational units, or at most
one other organization unit. Service domain is mostly self-contained.
(M) Service domain serves limited informational needs of several dependent
organizations within the University.
(H) Service domain meets full and very complex informational needs of
numerous dependent organizations within the University.
•
Impact of Quality of Internal Controls (robustness of environment) - Factors:
Hardware: Standalone vs. Multiple systems; Software: Redundancy/Robustness
of applications/failover capabilities; Physical: Data Center location – Access and
environmental controls, Secondary DC; Participant in Change Management
Control Process; Monitoring – 24/7/365 Policies; Human Resources/Staffing
8-4-2
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
(L) The service domain is robust and incorporates multiple levels of internal
controls. Issues have low impact on delivery of services affecting
university operations.
(M) The service domain employs limited internal controls. Some redundancies
are in place, but disruptions in services affecting university operations are
still possible.
(H) The service domain contains single points of failure and lacks resiliency.
Minor system disruptions can have a significant impact on the delivery of
services affecting University operations.
•
Changes in Service Domain/Audit Area – How dynamic is the service domain? Are there
typically significant changes in staff size, funding, functions, systems, key positions
and/or responsibilities of the area?
(L) The service domain is typically static. There are not frequent changes in
staff size, funding, functions,
responsibilities of the area.
systems,
key
positions
and/or
(M) It is not infrequent that changes to the service domain occur. However,
these changes to staff size, funding, functions, systems, key positions
and/or responsibilities of the area do not result in significant impact to the
operations of the university.
(H) Changes to the service domain frequently occur and result in serious
impact on the operations of the University.
•
Availability – What is the relative effect of the service domain being unavailable to the
operations of the university?
(L) Unavailability of the service domain would have little or no impact on the
operations of the University.
(M) Unavailability of the service domain has a moderate impact on the
operations of the University.
(H) Unavailability of the service domain has a serious impact on the
operations of the University.
•
Integrity – What is the relative effect of inaccurate data to the service domain’s capability
to support university operations?
8-4-3
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
(L) Incorrect or inaccurate information generated by the service domain
would have little or no impact on the operations of the University.
(M) Incorrect or inaccurate information generated by the service domain has a
moderate impact on the operations of the University.
(H) Incorrect or inaccurate information generated by the service domain has a
serious impact on the operations of the University.
•
Confidentiality - What is the degree of confidentiality of the information produced or
handled by the service domain?
(L) Information produced by the service domain is not confidential and is
generally available to the public, the release of which would not result in
any potential loss or embarrassment to the University.
(M) Information produced by the service domain is available to designated
employees of the University in connection with their jobs. Release to the
public or to an unauthorized entity could result in minor financial loss or
moderate embarrassment or violation of an individual’s privacy.
(H) Information produced by the service domain requires protection against
unauthorized or premature disclosure. Such disclosure could result in
serious loss or embarrassment or could adversely affect the University or
the subject of the information.
Reso urce Allocatio ns:
Budgeted FTEs employed in the service domain
Financial Budget Amounts – Salaries/Benefits, M&O, Capital Projects
Composite Risk Level - Ranges:
H = 35-54
M = 20-34
L = 6-19
Midpoint= 30
8-4-4
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
UNIVERSITY OF HOUSTON
INFORMATION TECHNOLOGY
SERVICE DOMAINS AND SUB-PROGRAMS
1. Administration of IT Organization, Clerical Support
1.010 Financial planning and management for IT
1.020 Campus IT planning
1.030 IT communications and publications
1.040 Human resource management for the IT organization
1.050 Facilities management for the IT organization
1.051 Technology Delivery Facilities
1.052 Non-Technology Delivery Facilities
1.060 Advanced technology, technology R&D
1.070 Admin IT Organization Staff (administrative and clerical)
1.080 CIO position
1.090 Supplies and Misc. Office Expenses
1.100 Other Misc Expenses
1.150 Professional Development
2. Administrative / Enterprise Information Systems
2.010 Administrative / Enterprise information systems
2.011 Enterprise Student Systems
2.012 Business intelligence/data administration/data warehouse application systems
2.020 Development and implementation of these systems
2.030 Maintenance of these systems
2.040 Training of users of these systems
2.050 Programming support related to these systems
2.060 Database / data administration
2.070 Hardware, software, staff, and other infrastructure needed to support these systems
2.080 Administration of BI technologies such as dashboards to facilitate decision making (e.g. enrollment
management, SRLH)
2.090 Document Imaging within Administrative/Enterprise IS
2.120 Human resource management application systems
2.130 Payroll Systems
2.121 Integrated workplace management system for space management and facilities maintenance
2.123 HR / Payroll Systems
2.160 Fiscal and procurement application systems
2.180 Grants management applications
2.102 Housing Management System and Self-Services (myHousing)
2.111 Enterprise decision support (databases, data warehouse)
2.310 Administrative / Enterprise Cougar One-Card System
2.320 Administrative / Enterprise Parking Mgmt System
2.330 Administrative / Enterprise Point of Sale Systems
2.340 Administrative / Enterprise Portal Services
2.341 Portal Services (AccessUH)
8-4-5
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
UNIVERSITY OF HOUSTON
INFORMATION TECHNOLOGY
SERVICE DOMAINS AND SUB-PROGRAMS
2.342
2.150
Portal Services (PeopleSoft UHS Portal)
Professional Development
3. Desktop Computing Support, User Support Services, Training, Computer Store
3.000 Administration of User Services and Support
3.010 Desktop computer technical analysis and consulting staff
3.020 Computer resale activities and staff
3.030 Computer installation, maintenance, and repair
3.040 Technicians and technical support for desktop computing
3.050 Computer repair staff
3.060 Support for knowledge bases, self-help tools
3.070 General user training and education and related staff
3.080 User documentation and general informational publications and related staff
3.090 Infrastructure support for departmental IT support providers
3.100 User support staff (other than help desk staff)
3.110 Reference desk and staff
3.120 Hardware and software to support desktop computing
3.121 Hardware and software to support desktop computing-students
3.122 Hardware and software to support desktop computing-faculty/staff
3.123 Uniprint Printing Services
3.150 Professional Development
4. Enterprise Infrastructure and Services, Identity Management
4.010 Portal development and support
4.020 Middleware development and support
4.030 Security infrastructure development and support
4.040 Service-oriented architecture (Web Services) development and support
4.050 Identity management
4.060 E-mail
4.070 Staff, hardware, software, supplies to support enterprise infrastructure
4.080 Identity management systems (directory, password, federated access)
4.101 Enterprise Infrastructure and Services / Virtual Server Environment
4.200 Enterprise Infrastructure for Email and Messaging
4.230 Messaging and related infrastructure (DHCP, DNS, Email, Listserv, SharePoint)
4.150 Professional Development
4.600 Enterprise Infrastructure (storage, backup and recovery, servers)
4.610 Enterprise Infrastructure / File Shares
4.700 System backups
5. Help Desk (Help Desk including all activities)
5.010 Walk-in support for students, faculty, and staff
8-4-6
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
UNIVERSITY OF HOUSTON
INFORMATION TECHNOLOGY
SERVICE DOMAINS AND SUB-PROGRAMS
5.020
5.030
5.031
5.040
5.050
5.060
5.140
5.150
5.160
5.161
Call-in support for students, faculty, and staff
Call centers
Administration of Call Center Systems
Support for knowledge bases, self-help tools
Specialized support centers
Help desk staff
Collaborative technologies (desktop videoconferencing, shared web browsing)
Professional Development
Creation of audio and video media used in research, instruction, documentation, and
marketing/communications purposes.
Digital Signage
6. Information Technology Policy
6.010 IT policy development, dissemination, and education
6.020 Information usage/management policy development and education
6.030
Interpretation of current policy related to specific issues, situations, and incidents
6.040 Coordinating response to incidents of inappropriate use of information or information technology
6.050 Policy staff
6.150 Professional Development
7. Information Technology Security
7.010 Vulnerability analysis
7.020 Security planning and design and implementation
7.030 Security policy and process development
7.040 User education and guidance programs
7.041 Security Education for Students
7.050 Incident response / Incident Management
7.060 Security administration staff, hardware, software, supplies
7.150 Professional Development
8. Instructional Technology, Student Computing
8.010 Classroom technology
8.020 Course management systems
8.030 Specialized training and support for faculty
8.040 Specialized training and support for students
8.050 Instructional support staff, hardware, software, supplies
8.060 Multimedia services
8.070 TV, broadcasting
8.071 Lecture Capture (MediaSite)
8.080 Public student lab support
8-4-7
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
UNIVERSITY OF HOUSTON
INFORMATION TECHNOLOGY
SERVICE DOMAINS AND SUB-PROGRAMS
8.090
8.120
8.140
8.141
8.150
8.160
8.170
8.171
Teaching and technology center staff
Faculty instructional technology/LMS support
Classroom technology (physical renovation and maintenance; provision of fixed and mobile
technology)
Classroom Equipment Checkout
Professional Development
Instructional Technology QuestionMark Application Administration
Student technology centers (labs, training, support, etc.)
Student Labs - Laptop Check-out
9. Network Infrastructure and Services
9.010 Wire and cable infrastructure for data and video networks
9.020 Campus data network
9.021 Virtual Private Network (VPN)
9.022 Fax Services
9.030 Remote access (modem pools, ISP)
9.040 Commodity Internet
9.050 High-performance research network (e.g., Abilene)
9.060 Video network
9.061 Intrusion/Panic Alarm Systems
9.070 Converged network
9.080 Wireless network
9.081 Mobile Devices (Blackberry Enterprise Services)
9.082 Wi-Fi Network (CougarWiFi/UHGuest/Eduroam)
9.083 Wi-Fi Network (UHWireless/UHSecure)
9.090 Staff, hardware, software. supplies for network infrastructure
9.100 Security Camera hardware, software, supplies, staff
9.110 Administration of the access control system(s) used for electronic access to campus buildings
9.150 Professional Development
9.160 Network Infrastructure / Enterprise Service Availability / Performance monitoring / incident
coordination; staff, hardware, and software
10. Operations, Data Center, Print Services
10.010 Systems administration and operation
10.020 System backups
10.030 Data center environmental support systems such as HVAC, UPS
10.040 Print services
10.050 Copier services
10.060 Mail room services
10.070 Staff, hardware, software, supplied affiliated with data center operations
10.150 Professional Development
8-4-8
UNIVERSITY OF HOUSTON SYSTEM
INTERNAL AUDITING DEPARTMENT
AUDIT PLAN, FY 2015 - 2017
UNIVERSITY OF HOUSTON
INFORMATION TECHNOLOGY
SERVICE DOMAINS AND SUB-PROGRAMS
11. Research Computing, Academic Computing
11.010 Research computing hardware and software
11.020 Research computing cycles from remote sites
11.030 Staff, other hardware, software, supplies for research computing consulting and technical assistance
11.040 Academic hardware and software that does not relate to instruction
11.050 Discipline-specific applications development, programming, and support not related to instruction
11.060 General statistical support
11.070 Management of high performance computing technologies for research purposes
11.080 High Performance Research Networks (LEARN, RenoH)
11.150 Professional Development
12. Telephony
12.010 Wire and cable infrastructure for voice network
12.020 Dial tone (including services to student housing)
12.021 Telephone Services - Rolm
12.022 Telephone Services - VoIP
12.030 Voice mail
12.040 Long distance resale
12.050 Cellular and paging services
12.060 Telephony staff, hardware, software, etc.
12.150 Professional Development
13. Web Support Services
13.010 Content management support
13.020 Web server support
13.030 Content design and Web-based publication
13.031 Skillport
13.032 Web Support for Univ. Advancement
13.033 Content Management (Hannon Hill)
13.034 Web Farm
13.040 Web-based applications development or interface
13.050 Web support staff, hardware, and software
13.150 Professional Development
8-4-9