Governance Audit Presentation - Texas Association of College and

advertisement
Auditing the
Organizational
Governance Processes
Dick Dinan, CPA, CIA
Amanda Jenami, CPA, CISA, CFE, CIA, MBA
TACUA April 2010
Introduction



Overview
Definition of governance
Ideas to identify a candidate for a governance audit
Methodology




Who we talked with
The information we requested
Information analysis & verification
Emerging themes/findings
Reporting


Reporting to management
Reporting to the Board
This session will discuss how an audit of the governance
processes was conducted in a university environment. The
general concepts and audit approach should be applicable
to other types of organizations as well. The presentation
will include the analysis of various types of data, the types
of information gathered from faculty and staff interviews,
and the reporting process. We will also provide
information on how this audit added value to the
university.
The Texas A&M University System is comprised
of 20 members that include:
 11 Universities
 7 Agencies
 1 Health Science Center
 System Office
The System Internal Audit Department is a
shared service providing internal audit services
to all System members.
An effective internal auditing activity helps an
organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance
processes.
There are many definitions of Organizational Governance,
including:
• Corporate governance is the system by which companies are directed
and managed. It influences how the objectives of the company are set
and achieved, how risk is monitored and assessed, and how
performance is optimized. (Australia)
• Corporate governance is a scheme for ensuring that the executive
managers, who have been placed in charge of the company, fulfill their
duties. (Japan)
The IIA put out a position paper titled Organizational Governance:
Guidance for Internal Auditors that provides good information on the
auditor’s role in auditing the governance processes. Here is the link
to this position paper: www.theiia.org/download.cfm?file=76050
If you have ever conducted audits of various university/agency
processes such as financial management services, IT, HR,
Student Financial Aid, Physical Plant, etc., that identify few
significant control weaknesses or problems, but overall
organizational performance is deteriorating, and your intuition
tells you there are problems, it may be time to take another
approach. A high level review of the organization’s governance
processes provides the opportunity to step back and look at
what is happening at the institutional level. At this level it is
easier to view and assess how processes provide for overall
direction/guidance, performance management, accountability,
communication and transparency in the conduct of work to
achieve the organization’s goals and objectives. Sometimes it is
difficult to get this broad view when the audit scope and focus
are on a smaller segment of the organization.

Over the last several years Texas A&M University
– Kingsville had experienced decreased student
enrollment, under performing programs, low
faculty/staff morale, declining buildings and
infrastructure, and a leadership void due to
turnover and the relatively large number of
interim management positions. For the most part,
the audits conducted during this time were Code
3, meaning they identified a few significant issues,
but mostly low level noncompliance types of
issues. This is at a time when our other South
Texas schools were experiencing growth in
enrollment.
Rating System for Audit Reports
REPORT
CODE
WHAT DOES IT MEAN
Code 1
No observations.
Code 2
Notable observations. Minor violations of controls, laws, policies, and regulations.
Code 3
Many notable and/or some significant observations. Controls were weak in one or more areas. Noncompliance
with laws, policies and regulations put the department/college/component at risk. Opportunities for significant
efficiencies were identified within a limited area, such as a department’s revenue handling processes.
Code 4
Many significant observations. Controls were weak in multiple areas. Significant risk for noncompliance with
laws, regulations and policies. Opportunities for significant efficiencies were identified within processes that are
component-wide, such as central purchasing processes.
Code 5
One or more major observations. Significant risk for loss of financial assets, legal consequences, or damage of the
organization’s reputation.
There are three levels of audit findings as defined by the A&M System Internal Audit Department. They are as defined below:
Rating
What does it mean?
Notable
An error, weakness, or condition disclosed during an audit which can, and should be, corrected at the
department or supervisor level. These are minor to moderate violations of controls, laws, and policies.
Significant
An error, deficiency or condition which is a significant violation of controls, laws or policies. These are items in
which a CEO, Dean, Director or Vice President need to be involved in the problem resolution.
Major
A condition which is very serious and has a high probability for legal or financial consequences or embarrassing
the organization. These are items in which the Chancellor and/or member(s) of the Board need to be involved in
the problem resolution.

Procedures used to gather information and
perform analysis to develop findings/emerging
themes.








System personnel
Members of the President’s Council
College Deans
Student representatives
Information Technology
Human Resources
Office of Institutional Research
University employees
Who makes the university’s key decisions?


Committee Structure
Organization Charts
How are university resources allocated?





Compact with the A&M System
Programmatic Review
Strategic Plan
Enterprise Risk Management Plan
Enrollment Plan
How are units held accountable?





Divisional accountability Plans
Enrollment statistics
Retention statistics
Student satisfaction surveys
Other customer satisfaction surveys
How does the university ensure compliance
with requirements?

Regulatory Framework






A&M System policies and regulations
University rules
Faculty handbook
Administrative procedures
Employee training
Compliance monitoring program
Does the university have the expertise necessary to
carry out its mission in an effective manner, and the
ability to recruit/retain quality faculty and staff?







Human resources plan
Experience/expertise at key positions
Employee turnover report
List of vacancies
Salary competitiveness
Quality of city life/amenities
Employee training
Does the university have processes in places to
attract and retain high quality students?






Enrollment statistics
Retention statistics
Graduation statistics
ACT/SAT scores
State’s top ten percent students
Student accommodation
Do employees have the tools necessary to be
effective and efficient?





Communication
Information systems
Staff development
Employee evaluations
Employee goal setting
Independent Reports





Salary Comparative Study
The Coordinating Board
System Employee Turnover
Vacancies – System Payroll System
Overdue Mandatory Training – System Training Database
Testing





Collaborative interviews
Secret shoppers
Program reviews
New hire starting salaries
Review of Institutional Effectiveness Plans
Inadequate planning/Lack of focus





Lack of candid assessment of strengths,
opportunities, weaknesses, threats
Lack of strategies on mission accomplishment
Lack of focus on strengths – Engineering, Music,
and Wildlife
No academic plan
No master plan
















BA in Pre-Medical Technology, 2000
BA in Pre-Dentistry, 2000
BA in Anthropology, 2001
Emphasis in Production Agriculture/Ornamental Horticulture, 2002
BS in Restaurant and Foodservice Management, 2002
BBA in Economics, 2002
MS in Gerontology, 2002
MA/MS in Supervision, 2002
BS in Industrial Engineering, 2006
BS in Natural Gas Engineering, 2006
MA/MS in Elementary Education, 2006
MA in Kinesiology, 2006
BA in Geology, 2007
BA in Geography, 2007
MS in Geology, 2007
BS in School Health, 2007
Lack of performance monitoring/compliance monitoring
framework










Inadequate regulatory framework
Overdue program reviews
Overdue tenure track reviews
Learning effectiveness reviews (pre-& post-class)
Overdue mandatory training
Lack of goal/performance gap analysis
Decentralized survey administration – integrity of results
A large number of divisional goals not met
No “closing-the-loop” between planning and assessment
Resource allocation not tied to assessment. Do employees have the
tools necessary to perform their duties effectively and efficiently?
Customer Service







No priority placed on good customer service.
Most support services – customer complaints.
Employees had not been provided with the tools necessary to
succeed.
Some hiring decisions had been based on financial resources
rather than on expertise.
Student information system had not been implemented in an
efficient manner.
Employees had not been adequately trained on a new email
management software.
Management did not track complaints.
Leadership Style







Four Presidents in ten years
Non-participative non-cohesive
style
High turnover in middle
management – department
chairmen, etc.
Leadership waits for underperformers to retire.
Underperformers are moved
around the campus and not
terminated.
Limited cross departmental
communication
Departments operate in silos
Too Many Interims







Provost
Vice President for Finance &
Administration
Dean of Engineering
Dean of Business
Executive Director of University
Facilities
Director of Physical Plant
Director of Admissions
Frugal Fiscal Management


Substandard accommodation
Inexperienced management and staff
Organizational Culture


Small community
Not much external experience
High vacancy rate attributed to:





Uncompetitive salaries
Advertising positions at salary ranges the
University did not intend to offer;
Many leave after a few months
A comparative salary study – resulted in a raise
for 80% of the faculty
Entire original Banner implementation team
had left three years after implementation
The University has not adequately invested in
technology for improved competitiveness.



IT function had not been pro-active in
providing campus community with guidance.
Duplicative efforts at department level.
IT function is decentralized, uncoordinated,
duplicative and wasteful.
The student information system had not been
implemented in the most effective and efficient manner.





System not set up to perform automatic admissions.
Transcripts still loaded manually.
Transfer articulation performed manually.
Original implementation did not include CAPP –
student advising still cumbersome, inefficient and
prone to error.
No ongoing employee training.
The University’s governance processes do not adequately define expectations or ensure
achievement of expected performance for a competitive higher education institution.
The University lacks a strong accountability framework that provides management with
the status of key University activities and responsive solutions to problems.
The weak governance processes have contributed to the University experiencing a
significant decrease in student enrollment; freshmen retention and on-time graduation
rates that are below state goals; faculty salaries that are some of the lowest among the
state’s doctoral and south Texas universities; and research funding declining to its lowest
level since 2003.
With four presidents in ten years, the University has not seen consistent leadership to
help it address the complex challenges facing today’s universities. The University has
operated in what has been described as “frugal” fiscal culture which has led to a sense of
mediocrity. The University has not adequately invested in its human capital and
information technology operations, thus hindering its ability to provide its students,
faculty and staff with an environment that fosters success and excellence. See full report
at http://www.tamus.edu/offices/iaudit/Reports
University President







The new president called the report “an invaluable tool” for him
going forward.
Thought the team had “asked the right questions.”
Recommended that a governance audit should be performed
every time there was a new president coming into a university.
Made the report open to everyone on campus by posting on their
intranet.
Called a university-wide meeting the same week he received the
report .
Faculty said “it was good and that it should just be the
beginning.”
Created committees responsible for implementing initiatives to
address issues identified in the report. All committee work was
driven by timelines, deliverables, and due dates for
implementation of corrective actions. Status meetings are held biweekly to monitor progress.
Audit Committee Chair



Thought the audit report would be a useful tool
to the new President.
Applauded the President’s response to the
audit report during the committee meeting.
Indicated that the audit was the first of its kind
and “intended to do more of these.”
Team:
Dick Dinan, [email protected] , (979) 458-7144
Amanda Jenami, [email protected] , (979) 458-7135
Address:
Texas A&M University System
System Internal Audit Department
1200 TAMU
College Station, Texas 77843
Phone: (979) 458-7100
Fax: (979) 458-7111
Download
Related flashcards

Management

42 cards

Corporate governance

23 cards

System administration

65 cards

Management

61 cards

Create Flashcards