Internal Audit - Michigan State University

Photo © 2008 Michigan State University Board of Trustees
Internal Audit
December 3, 2013
I nt er nal Audit
J a n a D e a n , C PA , C I A
Financial & Operations Audit Manager
Learning Objectives
Understand Internal Audit’s mission and responsibility
Understand the audit process
Understand Common Audit Areas
Understand Common Audit Findings
Indentify good internal controls and techniques
Organization of Internal Audit
Audit Process
Common Audit Areas & Findings
Inter nal Audit
Common Audit Areas
Understanding internal controls
• Segregation of duties
Testing significant activity including:
• Cash receipts/Accounts receivable
• Expenditures (including payroll, travel,
• Procurement cards
• Grant activity including semester effort reporting
• Equipment inventory
• Resale inventory
Significant contracts
Sensitive data
Conflict of Interest/Outside work for pay
MSU Fraud and Recovery
Methods of Reporting Fraud
MSU Hotline – call center/web reporting
Direct contact with Internal Audit/DPPS/HR
Key links:
• IA website:
• Fiscal misconduct guidelines:
I n f o r m a t i o n Te c h n o l o g y A u d i t i n g
Inter nal Audit
IT Risks
IT Infrastructure Risks:
• Sensitive information
• Monetary transaction processes
• System access restrictions and enforcement
• Weak password policies
• Overall network security controls
Typical IT Audit Findings
Data Backup Procedures
Disaster Recovery Plans
Access Controls
Security Practices
IT Audit Sensitive Data Focus
Identified as a key risk to the University.
Examples: SSN, Payment Card Data, Student Info., Medical Records, etc…
Liabilities of Disclosure: Financial Loss, Legal Action, Loss of Public Trust, etc…
MSU Institutional Data Policy (IDP)
Took effect on January 1 st , 2011.
Defines minimum requirements for securing University institutional data.
Applies to all University business and academic units and all MSU employees.
Visit the MSU Enterprise Information Stewardship webpage for more information.
Summary of Topics
Internal audit overview
Audit process
Common audit areas and findings
Fraud detection and prevention
IT risks and findings
T h a n k Yo u !
Jana Dean
To m L u c c o c k
Steve Kurncz
Finance & Operations
Audit Manager
Executive Management
Information Technology
Audit Manager
Email: [email protected]
Email: [email protected]
Email: [email protected]
Internal Audit Main Phone:
MSU Fiscal Misconduct Hotline:
(517) 355-5030
Please Visit Our Website For More Information:
w w w. m s u . e d u / ~ i n t a u d i t
Internal Audit
* Background Images Compliments of MSU University Relations
Photo © 2008 Michigan State University Board of Trustees