Add to collection(s) Add to saved
  1. Business
  2. Management

- Wolf & Company

advertisement 
The Role of Internal Audit in
Higher Education
Michael J. McShea, CIA, CFSA,
CRMA
MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS
© 2010 Wolf & Company, P.C.
Today’s presentation can be downloaded at:
http://www.wolfandco.com/news/webinar_library
2
About Wolf & Company, P.C.
• Established in 1911
• Over 180 professionals with offices located in:
– Boston, Massachusetts
– Springfield, Massachusetts
– Albany, New York
• Offers Assurance, Tax, Business Consulting and Risk
Management services
• Provide services to:
– Educational institutions, employee benefit plans, financial
institutions, investment management firms, family and
closely-held businesses, public companies, professional
service firms, technology companies and high net worth
individuals
3
Education & Not-for-Profit Expertise
• Provide services to a wide range of clients
– Public and private educational institutions
– Trade associations, religious organizations, fundraising organizations
– Foundations
•
•
•
•
Internal Audit
IT Assurance & Security
Assurance Services
Tax
4
Meet Today’s Presenter
Michael J. McShea, CIA, CFSA, CRMA
Senior Manager – Internal Audit Services
Wolf & Company, P.C
Direct: 617-428-5415
mmcshea@wolfandco.com
www.wolfandco.com
5
Today’s Agenda
• What is Internal Audit?
– Types of Internal Audits
• Why is it Valuable?
• The Internal Audit Process
– Example Internal Audit Procedures
– Internal or Outsourced Internal Audit Department?
• What Effective Departments Offer
– Example Risk Assessment
• Challenges Faced by Internal Audit
• Wrap-Up and Questions
6
What is Internal Audit?
“…an independent, objective assurance and consulting
activity designed to add value and improve an
organization’s operations..”
The Institute of Internal Auditors https://na.theiia.org/about-us/about-ia/Pages/About-the-Profession.aspx
7
Types of Internal Audits
• There are four major types of internal audits,
financial, operating, compliance and information
technology - it is not unusual to incorporate
elements of each. Internal auditors are sometimes
asked to perform special reviews.
8
Why is it Valuable?
9
Why is it Valuable?
• An effective internal audit function can:
– Bring subject matter expertise into play
– Help focus resources on key operational, financial, and
technology activities
– Present ideas that challenge existing practices and lead to
ongoing business performance improvements
– Provide a level of assurance to boards of trustees on the
effectiveness of operations
10
The Internal Audit Process
The
Internal
Audit
Process
11
The Internal Audit Process
• Planning
– Preliminary fact-finding discussions with
management
– Outline audit objectives
– Establish audit period and request documentation
– Entrance meeting with area to be audited
• Execution
– Conduct interviews to determine controls and practices
– Obtain data for review, analysis and evaluation
– Test identified controls
12
The Internal Audit Process
• Reporting
– Write report
– Discuss with management of audited area
– Finalize and issue report with recommendations for
enhancement
• Action Plans
– Management formulates responses to correct deficiencies
• Follow-up
– Management reports on progress to Board and internal audit
reviews effectiveness of control remediation
13
Example Internal Audit Procedures
Procurement Cards
– Review the University’s procurement card-related
policies and procedures
– Make inquiries of management to document internal
controls in place over procurement cards
– Document and test the controls in place over:
 Issuing and monitoring procurement cards
 Approving procurement card transactions
 Ensuring transactions are in line with University policies
14
Poll Question!
15
Internal or Outsourced Internal Audit
Internally Staffed
• Independent function
• Perform scheduled audits
• In-depth review of internal
controls
• Report to Audit Committee
• Auditing Limited to Employer
Outsourced
• Independent function
• Perform scheduled audits
• In-depth review of internal
controls
• Report to Audit Committee
• Brings Experience from Other
Audit Assignments
• Leverage Knowledge of Firm
16
Internal or Outsourced Internal Audit
• Some challenges in building an internally staffed
auditing function:
– An auditor will seldom have expertise across all of the risk
areas that a college or university are likely to have
– An auditor with financial expertise is not likely to possess
anything beyond a cursory understanding of IT risks
– A one or two-person in-house internal audit shop may have
difficulty keeping pace with new regulatory, legal and
technological developments
17
What Effective Departments Offer
• Internal Controls
– Assess the effectiveness of controls.
Examples:
Internal controls help ensure:
– Funds and cash receipts are properly accounted for
– Building door lock systems and key control access is
monitored
– Complete and accurate records are kept of transactions
involving students
– Travel and other expenses are allowable and reasonable
18
What Effective Departments Offer
• Efficiency
– Internal audit can aid in improving efficiency and
effectiveness.
Example:
An internal audit of a decentralized operation, where duplication
may exist, can:
– Provide an objective assessment of the activity, while also
assessing the effectiveness of its controls. This may then
allow the institution to look into ways to streamline or gain
efficiency - doing more with less or more with the same.
19
What Effective Departments Offer
• Risk Assessment
– A risk assessment and risk identification processes should be
inherent in any well-run internal audit shop.
– A risk assessment would entail examining inherent risk,
management's attitude toward internal controls, regulatory
pressures, the IT environment, frequency of review, etc.
– Upon completing a risk assessment, a rating of low,
moderate or high risk is assigned to the assessable unit or
area. These ratings are considered when scheduling internal
audit reviews.
20
Example Risk Assessment
Threat
Operational Areas
Human Resources
Processes
Payroll
Risk Impact
Likelihood
Reputation
Strategic
Safety
Availability
IT
Vendor
Regulatory
Financial
Moderate
Low
Moderate
Low
Moderate
High
Low
High
Moderate
Inherent Risk:
Inherent Risk Assessment Key
High
Moderate
Low
Moderate
Audit Timeframe
12 months
24 months
36 months
21
Challenges Faced by Internal Audit
• How much to audit
– An internal auditor must exercise professional judgment
when reconciling the risks with resource limitations and the
amount of time available.
• How much to communicate
– Tell the story as crisply and succinctly as possible. The
longer the report, the less likely it will be completely read by
those in a position to implement the recommended corrective
actions.
22
Challenges Faced by Internal Audit
• How to deliver a balanced message
– Provide assurance on the overall effectiveness of risk
management, control, and governance processes.
• Push back
– Work with management when they take strong exception to
the audit results and conclusions.
23
Wrap-Up and Questions
24
Wrap-Up
Internal Audit is a Valuable Tool
• Internal auditors can significantly augment
management’s oversight capacity and help them
prevent weaknesses from becoming problems.
25
Questions?
Michael J. McShea, CIA, CFSA, CRMA
Senior Manager – Internal Audit Services
Wolf & Company, P.C
Direct: 617-428-5415
mmcshea@wolfandco.com
Today’s presentation can be downloaded at:
http://www.wolfandco.com/news/webinar_library
26
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
QUALITY ASSURANCE: Obstetrics Auditing, Records & Reports
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Presentation A&A Forum
Presentation A&A Forum
TH INSTITUTE OF CHARTERED ACCOUNTANTS OF
TH INSTITUTE OF CHARTERED ACCOUNTANTS OF
Subcommittee on Internal and External Audits Activity Report
Subcommittee on Internal and External Audits Activity Report
Finance & Investment Day-Audit Panel
Finance & Investment Day-Audit Panel
NDSA Standards: Self-assessment a
NDSA Standards: Self-assessment a
Download
advertisement