College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004 Agenda Background on Internal Audit Risk and Internal Controls College Review Workplan (Audit Program) Audit Process 2 What is Internal Audit? An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes Source: Institute of Internal Auditors What happens during an Internal Audit? The auditor may inspect, analyze, and verify records and obtain information by interviews, questionnaires, and physical inspections An internal audit review is a risk-based examination of an organization, program, function or activity. 4 Risk Any issue that could impair the ability of the College to achieve its objectives Can be measured in terms of likelihood and impact Your input is solicited in identifying inherent risks within the college, areas of concern, and areas that you would like to have included in the audit 5 Risk Categories of Risk Strategic Risk: Goals and objectives Financial Risk: Loss of assets Operational Risk: Ongoing management processes Compliance Risk Laws and Regulations Reputational Risk Tarnishing of image 6 Risk Assessment Questions to ask What can go wrong? What areas have the most risk? What assets are at risk? Who is in a position of risk? What do we not want to appear on the 5 o’clock news or in the LA Times? Are internal controls in place to mitigate the risks? 7 What are Internal Controls? Steps taken to obtain reasonable assurance that objectives are achieved The policies and procedures that help ensure management directives are carried out Help ensure that necessary actions are taken to address risk to achievement of the college’s objectives. 8 Objectives of Internal Controls Compliance with policies, laws, regulations, contracts, etc. Accomplishment of Goals and Objectives Reliability and Integrity of Information Economical and Efficient Use of Resources Safeguarding of Assets 9 Responsibility for Internal Controls Management is responsible for developing an appropriate system of internal controls Every employee is responsible for following and applying those practices 10 Examples of Internal Controls Using passwords to protect computer files Reconciling accounts Authorizing and approving transactions Periodic asset counts Periodic comparisons Investigation of discrepancies Physical safeguards against theft and fire 11 College Review Work Plan Also known as an audit program Emphasis is on what internal controls are in place. Areas for review could include: Fiscal activity Human resources Health and Safety Equipment and assets Information systems 12 “Ideal” Audit Observations Departmental administrative policies, procedures and practices are documented All accounts are reconciled regularly Cash receipts are promptly endorsed, recorded, safeguarded, deposited and reconciled 13 “Ideal” Audit Observations Check requests are properly authorized, and sufficiently documented Procurement card use is adequately controlled. Time sheets are properly authorized and agree with payroll records Performance evaluations are prepared on a timely basis 14 “Ideal” Audit Observations University equipment used in an employee’s home is documented and approved Logical and physical security over computer systems is adequate All employees have completed the Injury and Illness Prevention Training 15 Audit process summary Notification Entrance conference Preliminary survey of operations Fieldwork – discussion of potential issues Draft Audit Report Exit conference Final report Audit evaluation/Client survey Audit follow-up 16 Questions 17