Add to collection(s) Add to saved
  1. Business
  2. Management

Raheel Qureshi, CPA Tara Pritchett, CCSA March 3, 2016 1

advertisement 
Raheel Qureshi, CPA
Tara Pritchett, CCSA
March 3, 2016
1
Please silence your cell phones
Take notes – share ideas!
Feel free to ask questions throughout
the presentation.
“The only stupid question is the one
that’s never asked.”
-Ramon Bautista
2
Name
Department
Position
What brought you to this class?
Your last audit experience
3
 Who is Internal Audit?
 What are internal controls?
 What can I do to reduce anxiety when I get a
visit from an Internal Auditor?
4
Your Internal Audit Team
Cato Hall
3rd Floor
Raheel Qureshi
7-5698
Diana Hill
7-5695
Tara Pritchett
7-5694
Tom York
7-5693
Julie Earls
7-0049
5
The Internal Audit Department is an
independent and objective assurance and
consulting activity guided by a philosophy of
adding value to improve the operations of the
University. It assists the University in
accomplishing its objectives by bringing a
systematic and disciplined approach to
evaluate and improve the effectiveness of the
University’s governance, risk management,
and internal controls.
6
To enhance and protect organizational
value by providing risk-based and
objective assurance, advice, and
insight.
Demonstrates integrity.
Demonstrates competence and due professional care.
Is objective and free from undue influence
(independent).
Aligns with the strategies, objectives, and risks of the
organization.
Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement.
Communicates effectively.
Provides risk-based assurance.
Is insightful, proactive, and future-focused.
Promotes organizational improvement.
1. NCAA Compliance Transition to FBS Football
2. Capital Campaign Gift
Accounting Practices
3. Facilities Management Design Services
4. Technology Transfer Office
5. Office of Study Abroad
6. Human Resources
Department
7. NCAA Compliance - Football
Attendance Verification
9
Complete
8. Student Union, Activities and
Recreation
9. Belk College of Business
Operations Administrative
Review
10. Student Accounts Operations
11. Undergraduate Admissions
12. Financial Aid Operations
13. Internal Controls Self
Assessment
14. IT Security - Change
Management
In Progress
Not Started
Chair, Audit,
Compliance and ERM
Committee
Vice Chancellor for
Business Affairs
Chancellor
Director
Tom York
Staff Auditor
Diana Hill
10
Staff Auditor
Julie Earls
Staff Auditor
Tara Pritchett
Staff Auditor
Raheel Qureshi
Board/Audit Committee
Senior Management
2nd Line of
Defense
3rd Line of
Defense
Department Admins
Business Managers
Risk Management
& Compliance
Internal Audit
11
State Auditors
1st Line of
Defense
That’s you!
College business offices
Business support
specialists
Department officers and
administrative assistants
Supervisors, managers,
directors
12
Risk Management
Compliance Functions (Research, Athletics, etc.)
RMSS – Police and Public Safety, Environmental
Health and Safety
IT Security
Controller’s Office
Director of Compliance – Sue Burgess
13
Internal Audit – That’s us!
14
 Who is Internal Audit?
 What are internal controls?
 What can I do to reduce anxiety when I get a
visit from an Internal Auditor?
15
16
Internal Controls are steps within a process designed
to provide reasonable assurance regarding the
achievement of objectives:
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable Laws, Regulations,
Policies & Procedures
17
How can the job be completed to the intended
result in an easier, faster way?
How can the job be done with accurate results?
How can the unit reach maximum productivity
using minimal resources?
18
University Policy 601.8 – Appropriate Use of
University Funds:
Appropriated funds
Foundation Funds
Discretionary Funds
Grant funds – University Policy 601.12
19
Federal laws – FERPA, Title IX
State laws – Department of Labor, Department of
Licensing
County/City laws – Waste disposal, code
enforcement
UNC System policies – Personnel, tuition
UNC Charlotte policies – legal.uncc.edu
Compliance calendar
IT Standards and guidelines – itservices.uncc.edu
20
21
Preventive:
Training on policies
Supervisor review prior to submitting
travel reimbursement
What are some other preventive
internal controls?
22
Detective:
Reconciling invoices to ledger
(payments)
Comparing packing list/order contents
with purchase order
What other detective internal controls
can you think of?
23
•
•
•
•
•
•
•
24
Computer username/password
Preset time out on screen saver
49er Mart approval path
Card swipe door locks
2 signatures on DPRs
Gate arms in controlled parking lots
Tickets to basketball games
What types of controls are:
University Policies?
IT configuration standards?
Error messages or reports?
Prepare data backups from current
systems?
Reconciliation of petty cash?
25
Internal controls are the tasks that are in place to
help address risks.
26
A situation involving exposure to danger.
(Merriam-Webster)
The hazard or chance of loss. (dictionary.com)
A probability or threat of damage, injury,
liability, loss, or any other negative occurrence
that is caused by external or internal
vulnerabilities, and that may be avoided
through preemptive action.
(businessdictionary.com)
27
What “bad thing” could happen in your department?
What is the consequence if it happens?
What is the chance of it happening? (Likelihood)
How big of a deal is it? (Severity)
28
“A process step is a task, activity… that
moves an input closer to the final
objective.”
The department admin collects timesheets and
files them
The office submits the reimbursements to the
Travel Office within 30 days
Faculty members send an email requesting supplies
and they are stored in a locked cabinet
29
“An internal control… is a critical step
within the process that leads to the
success of the entire process.”
Supervisors review timesheet submissions monthly
to ensure they were completed on time
Supervisors review and approve all travel
reimbursements for accuracy before submission to
the Travel Office
Department admin staff matches the purchase
order, invoice and receiving slip before marking the
supply as received in 49er Mart
30
The department admin
collects timesheets and
files them
The office submits the
reimbursements to the
Travel Office within 30
days
Faculty members send an
email requesting supplies
and they are stored in a
locked cabinet
31
Supervisors review
timesheet submissions
monthly to ensure they
were completed on time
Supervisors review and
approve all travel
reimbursements for
accuracy before submission
to the Travel Office
Department admin staff
matches the purchase
order, invoice and receiving
slip before marking the
supply as received in 49er
Mart
Test your knowledge!
? Takes inventory of office supplies
before submitting an order.
? Create a spreadsheet of all
laptops, desktop computers and
printers in the department.
? Verify the serial numbers on all
laptops, desktops and printers
in the department every 6
months. A director signs off on
the spreadsheet.
32
Check out the Internal Audit website at
internalaudit.uncc.edu to read more about
Internal Controls vs. Process Steps!
33
34
Situation:
All supply requisitions come through Lisa (the admin assistant) and are
approved by the center director, Dr. Smith. College faculty working with the
center have had no complaints about Lisa and Dr. Smith thinks things are going
well, so he is surprised when the dean asks him why he has spent so much of
his annual budget so early in the year? He is not sure how to answer the dean
but does manage to say he will look into it. Dr. Smith calls Lisa and asks her
about the center’s spending and she tells him she doesn’t know what the dean
is talking about. She has been ordering what the faculty have asked for and it
has been approved by the college, so she believed everything was fine. He asks
for a spending report and it does show 75% spent and it is only November. He
wants to know more about what is being purchased but does not know what
to ask for or how to get it.
35
Cast:
Kelly: Lab manager and responsible for fixed assets inventory
Mary: The new office manager
Situation
When Kelly first started, keeping track of all the computers was difficult, especially the laptops.
Now that laptops are not part of the inventory, she has a much easier job. Over the years, she
has kept two laptops in the bottom drawer of a file cabinet in the department office. If a faculty
member needs one for a trip or a conference, he or she takes it out and brings it back when the
event is over. Kelly has recently been told that she would be able to attend the association of
lab mangers annual conference. She wanted to take a laptop to check her email and keep up
with 49er Mart, so she went to the file cabinet to get one. When she opened the drawer, it was
empty. She asked Mary where the laptops were. She said, “What laptops? I didn’t know we
had any.” Kelly and Mary went to see the department chair to ask what to do.
36
37
Control Environment – policies &
procedures, overall tone from management.
Risk Assessment – identify the things that
keep you from accomplishing your
objective.
Control Activities – approvals,
reconciliations, segregation of duties, etc.
Information & Communication – use
relevant information and communicate
appropriately.
Monitoring – How are you doing? Is the
process working?
38
How they apply to you
Control Environment –
department head
announcing policy changes,
how financial reporting is
handled and
communicated, and how
university standards are
discussed and enforced
39
How they apply to you
Risk Assessment considerations for security of
cash collected, evaluation of
student worker access to
department files, and the
information security
vulnerabilities posed by
maintaining a set of laptop
computers for check-out by
traveling faculty
40
How they apply to you
Control Activities –
authorizations, approvals,
verifications, reconciliations,
business performance
reviews, and segregation of
duties
41
How they apply to you
Information and
Communication - sharing
and validating requests for
information when received,
then sharing and validating
responses before their
release
42
How they apply to you
Monitoring Activities regular financial status
reports as well as progress
reports for major
department initiatives
43
A short video on internal controls
 Who is Internal Audit?
 What are internal controls?
 What can I do to reduce anxiety when I get a
visit from an Internal Auditor?
45
What you can do to be proactive before a
visit from Internal Audit
How you can improve controls in your unit
46
Learn University standards
Review admin operations
Determine areas to be addressed in
more detail
Take the Control Self – Assessment
workshop (tomorrow or October 25)
Check out internalaudit.uncc.edu
for more information!
47
We schedule an entrance meeting with the
Director of the department being audited
We provide a list of items that we need for
review, based on the nature of the audit
A timeline is established – typically 6 – 10 weeks
During the course of the audit, we will contact
you regularly with questions and updates – we
encourage you to ask questions, too!
48
Used by Internal Audit to prepare the
work program
“Brain storming” of potential risks
50
52
5 Myths About Internal
Auditing…
55
A. Compliance with applicable
laws, regulations, policies &
procedures
B. Prevention of fraud
C. Incorporating ethical
business practice standards
D. Periodic reviews by Internal
Audit
56
A.
B.
C.
D.
57
The one you used last.
All assigned funds.
Only the petty cash fund.
The monthly phone bill.
A.
B.
C.
D.
58
Control Environment
Monitoring
Organizational Structure
Risk Assessment
A. A means to an end.
B. Authorized procedures.
C. The particular category in which a control
is placed.
D. Steps within a process designed to
provide reasonable assurance regarding
the achievement of your objectives.
59
A.
B.
C.
D.
60
Segregation of Duties
Reconciliations
Security of Assets
All of the Above
A.
B.
C.
D.
61
The Chancellor
Business Units
The Safety Office
Internal Audit
A. Review Internal Audit’s website for
articles and presentations
B. Attend a Controls Self Assessment
workshop
C. Ask lots of questions
D. All of the above!
62
Cast:
Brittany: Primary admin assistant in the department
for over 10 years. “Go to” person for the faculty
members with reputation as someone who gets the job
done.
Christina:
63
The new staff member
Situation:
Due to an unexpected illness of her mother, Brittany was out on sick
leave for two weeks during the time fee payments for lab supplies were
being collected. The chair asked Christina to follow up with those
students who still owed the fee and to give him a status report. As
Christina reviewed the spreadsheet that she found on the shared drive,
some things did not add up. The amount of money on the spreadsheet
did not match what was showing in Banner as deposited. When she
contacted several students listed as still owing the fee, each one said
they had already paid and had a receipt from Brittany. After hearing
and seeing all of this, Christina took her concerns to the chair, who
called Internal Audit.
64
What’s happened here?
What are the first steps to take? How bad is this
situation?
What could the department have done to
prevent or detect this?
What do you do now?
66
Segregation of Duties - Does any one person have too
much control?
Goals and Objectives – Every unit has them. Do you
know yours?
New Employee Onboarding - How do you welcome
someone new?
Policies and procedures – Do you know which ones
apply to you and your department?
Faith, hope and trust are not internal controls - What
are the words most often said after a fraud is
uncovered?
67
University homepage
Faculty & Staff
Tools & Resources
Find us on the web at: http://internalaudit.uncc.edu/
68
Related documents
Exercise Chapter 15
Exercise Chapter 15
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Look Ahead Feature To access the application that
Look Ahead Feature To access the application that
Download
advertisement