Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

How to Survive an Audit (Without Really Trying)

advertisement 
How to Survive an Audit
(Without Really Trying)
University Business Officers
March 7, 2006
Step 1
Make sure you know what is happening!
A Broad Overview of
Internal Audit Services
It’s not always an Audit
Four Basic Types of Activities
 Audits – big projects scheduled in advance, selected for
their value to senior management and the Board of
Trustees
 Fiscal Accountability Reviews – limited projects
designed to provide Deans, Directors, and Department
Chairs a quick check on policy compliance, and
utilization of sound business practices
 Analyst Projects – decision support for management
 Investigations - a collaborative effort to protect the
university’s reputation and resources
Types of “Audits”
 Financial – testing of underlying records to verify the reliability
and integrity of official financial records
 Compliance – evaluates if you are following existing rules,
regulations, laws and internal policy and procedure
 Operational Audits – looks at efficiency, effectiveness, and
evaluates if are goals being met
 EDP/IT Auditing – evaluates computer systems and applications
Audit Results are reported to the President, Board of Trustees, and
line management. We do a formal follow-up review later.
What To Expect
 Opening Conference – a chance for us to meet
 Preliminary Survey – To learn about you and your
processes – Interviews, collecting forms, reports, &
internal policy
 Field work – Interviews, testing internal controls,
analysis of financial and other records
 Report – Drafted, reviewed, discussed, revised and
issued - includes your responses
 Follow-up – 5-6 months later we come back to see what
you’ve done
Fiscal Accountability Review
 Developed as an informational tool for the Deans, as
executive officers for the various colleges, and
Departmental Chairs who are responsible for their
individual departments
 It is intended to aid management in assessing their
strengths and identifying opportunities for
administrative improvement
 No in depth test work and no follow-up review
 Reported to the President and Board of Trustees
Analyst Projects
 Requested by management
 Narrow focus on the topic of the request
 We may function as consultants, researchers, trainers,
or in various other roles depending on the request
 The results are always reported to line management,
and may be reported to senior management and the
Board of Trustees if they touch on an issue with
Institutional implications
Investigations
 Conducted to determine the facts about an allegation
 May start with a “Hot Line” complaint, or as a request
from senior management, the Office of General
Counsel, Risk Management, the Department of Public
Safety, or the Office of Equal Opportunity
 We try to protect the university’s assets and public
reputation by confirming the extent of a problem and
identifying possible solutions
 In some cases the focus is on identifying and recovering
resources that have been misused or stolen
Step 2
Fix the easy things now, before we get to
your office
The “Top Ten”
The Most Common Issues Identified in Audits
TEN
University Assets Should Be Safeguarded
FOR INSTANCE
 Current Lists of insurable or pilferable assets
 Current Software Records – lists or license files
 No slush funds
 Petty Cash and Change funds accounted for
 Personal Long Distance Call Reimbursement Process
 Records of University tools, equipment, keys, Id
NINE
Payroll Records Should Be Accurate and
Complete
FOR INSTANCE
 Faculty Time Must Be Tracked By the Department

Sick Leave, Annual, Consulting

PAR Certification Must Be Accurate and Should Be
Signed By The Actual Employee
 Employees Should Enter and Approve Time In Kronos
 Supervisors Should Approve Their Employees Time
 Payroll Reporters Should Not Change Records Without
Employee and Supervisor Written Approval
EIGHT
Generally Accepted Business Practices
Should Be Followed
FOR INSTANCE
 Revenues Should Be Reconciled to Supporting
Documentation
 Credit Card systems should be settled daily.
 Deposits Should Be Made Within 3 Days
 Expenditures Should Be Reconciled To Supporting
Documentation
 Pre-numbered receipt or cash registers
SEVEN
Expenditures Should Comply With
University Policy
FOR INSTANCE
 Original receipts and other documentation is required
for all expenditures of university funds
 Some expenditures such as travel, entertainment, and
flowers require specific additional documentation
 Travel Requires additional approvals
 Entertainment typically involves someone who is not a
university employee
 Competitive Bids
 Reimbursements must be approved by higher authority
SIX
Health and Safety Should Be Protected
FOR INSTANCE
 There should be posted evacuation plans
 Employees who drive on University business must have
completed Defensive Driving
 Chemicals, Biological and Radioactive substances must
be stored and disposed of correctly
 Hallways, stairs, doorways must be negotiable
FIVE
Side Systems Should Be Reconciled to
PeopleSoft
FOR INSTANCE
 Reconciliation should be completed at least
once a month

Separate Applications such as Accounts Receivable,
Point of Sale Systems

Excel spreadsheets used to track departmental activity

Home grown databases – Access etc
FOUR
Duties Should Be Segregated
FOR INSTANCE
Two Pairs of Eyes on Every Transaction

Custody – Receiving

Record Keeping

Reconciliation

Authorization – Ordering, Disposal, Adjustments
THREE
Deficits Should Be Quickly Identified and
Resolved
FOR INSTANCE
 On CIS Management Balance Sheet Report
 Activity – Fund Balance Should Show Negative and
Claim on Cash Balance Should Show Positive
 Activity – Funds Available Report Should Have a
Smiley Face
 Projects – The Bottom Line on the Summary of
Rev/Exp Report in the Budget Less Rev/Exp Column
Should Be Positive
TWO
Critical or Sensitive Data and Systems
Should Be Secure
FOR INSTANCE
 Passwords should be unique and not shared
 Virus protection should be active and updated
 Backups completed and stored off site with tested restoration
and recovery plans
 Critical data should be identified
 Storage of Sensitive data should be reviewed by ISO – generally
there is no need to have it on PC’s
 Encryption should be considered – especially for laptops
 Equipment should be secured
ONE
Management Must Assume Responsibility
For Oversight
BECAUSE
 The buck stops there
 You can delegate work – you can’t
delegate responsibility
 It’s Not the AA’s Job
FOR INSTANCE
The PI or Account Executive
 should understand the Management and Payroll Reports
 should review and approve with signature and date the
Management and Payroll Reports
 Should ensure there are appropriate contracts and agreements to
protect the department and University – employment
agreements, vendor contracts, and research grants/contracts
 Should ensure those contracts or agreements are monitored
Step 3
Uh Oh! Major Problem
Fraud?
An Investigation Can’t be Avoided
 Problems grow over time
 You can be part of the solution by ensuring that the
Right People know about the problem as soon as
possible
 Do not try to investigate yourself – that can lead to
other problems – get the ‘experts’ involved.
 While investigations are never easy, the outcome is
always better for you and the university if the problem
is resolved while it is still small and manageable
Things that need to be investigated
Theft or misuse of university resources, including:
 Conflicts of interest
 Violations of contract and grant requirements
 Misuse of donated funds
 Violations of university policies and procedures
 Waste and abuse of authority
 Theft – inappropriate use or taking of University assets
Involve the Right People
When you suspect that someone in your department is doing
something wrong you should contact the appropriate university
officers and officials.
 Your supervisor and/or on up the line if needed
 The University Hotline – on line at www.ethicspoint.com or
By phone at (888) 206-6025
(This is an outside group and you don’t have to identify yourself)
 The Office of General Counsel
 The Department of Public Safety
 Human Resources
 Risk Management
It Protects You!
 Failing to report a crime is also crime
 Whistleblowers are protected under Utah law, and
University policy
 Your department cannot recover lost income and
property without an investigation
 Reporting stops the loss and sends a message that the
behavior is unacceptable
Why Didn’t I Mention Internal Audit?
Call us by all means.
Even if you are not sure there is a problem, we can offer advice and
help sort out the issues
We are the starting point for determining who will handle hot line
complaints received through Ethics Point and we work closely with
the other groups on campus
If we aren’t the best group to do the investigation – we will contact the
right group or let you know who to contact
Chuck Piele – 581-6561
Pam Mollner – 585-3529
Margie Goodrich – 587-7732
Related documents
Transitions of Logic
Transitions of Logic
Organizational Patterns in Academic Writing
Organizational Patterns in Academic Writing
Title: 3-Step Method for Graphing Functions
Title: 3-Step Method for Graphing Functions
Communication—A basic life process
Communication—A basic life process
Engagement Registration Form
Engagement Registration Form
A Set of Complexity Measures Designed for Applying Meta
A Set of Complexity Measures Designed for Applying Meta
Project-ASP-report
Project-ASP-report
Download
advertisement