The Evolving
Higher Education
Internal Audit
Landscape
in the USA
Betsy Bowers, CIA, CFE, CGFM, CIG
ACUA President
June 17, 2006
CAUBO Internal Auditors Pre-Conference Seminar
Montreal, Canada
Overview
Internal Auditing Overview
Evolving USA Higher Education Landscape
What Internal Auditors Do in Higher
Education
Emerging Higher Education Internal Auditing
Trends
How to Cope
2
Evolution of Audit
First audits conducted in 3500 BC (Mesopotamia)
Early methods:
 Egyptians—actual witnessing of grains brought to granaries
 Greeks—transactions required authorization and
verification
 Romans—hearing of accounts (oral verifications of records
to another’s records)
Audit—Latin auditus (a hearing) and quaestors
(those who inquire)
Columbus had auditors aboard
3
How Internal Auditing
Developed
Industrial revolution and British Companies Act
USA auditing
 Post WWI and bankers
 Railroads
1941 Institute of Internal Auditors
4
Recent Changes within IIA
New Definition-(1999)
Revision of the International Standards for the
Professional Practice of Internal Auditing
Changes in the IIA’s Professional Practices
Framework
Expanded attention to enterprise risk, new ways
to “partner” with management and focus on IT
Balance between assurance activities, process
improvement and consulting
5
IIA Framework
Competency Framework for Internal Auditing (CFIA)



Ethics and Standards (mandatory compliance)
Practice Advisories (non-mandatory, best approaches and clarifications)
Development and Practice Aids (educational products)
IIA Standards



Attribute Standards (attributes of organizations/individuals performing
internal audit services)
Performance Standards (nature of internal audit services and provide
quality criteria against which performance can be measured)
Implementation Standards (prescribe Standards applicable in specific
type of engagements)
6
Internal vs. External Auditor
Internal Auditor
An organization’s
employee or independent
entity (outsource or co-source)
Serves needs of the
organization
Focuses on future events
by evaluating controls
designed to assure the
accomplishment of entity
goals and objectives
External Auditor
An independent contractor
Serves third parties, who
need reliable financial
information
Focuses on accuracy and
understandability of
historical events as
expressed in the financial
statements
Source: Sawyer, Dittenhofer, and Scheiner, Sawyer’s Internal Auditing, 5th edition,
The Institute of Internal Auditors, 2003, pp. 7-8
7
Internal vs. External Auditor
Internal Auditor
Is directly concerned with the
prevention of fraud in any
form or extent in any activity
reviewed.
Is independent of activities
audited, but is ready to
respond to needs and desires
of all elements of
management.
Reviews activities continually
External Auditor
Is incidentally concerned with
prevention/detection of fraud
in general, but is directly
concerned when financial
statements may be materially
affected. (SAS 99 changing
focus).
Is independent of management
and the board of directors,
both in fact and in mental
attitude.
Reviews records supporting
financial statements
periodically---usually once a
year.
Source: Sawyer, Dittenhofer, and Scheiner, Sawyer’s Internal Auditing, 5th edition,
The Institute of Internal Auditors, 2003, pp. 7-8
8
What do Internal Auditors Do?
AUDITS
 Financial
 Compliance
 Operational
 Combination
ACCOUNTABILITY
FUNCTIONS
 Performance Based Budget
(e.g. Florida state agencies)
CONSULTING
 Management Advisory Services
INVESTIGATIONS
9
What do Higher Education
Internal Auditors Do?
College & University Business
Administration, Sixth Edition:
(©2000, National Association of College and University Business Officers)
The roles and responsibilities
of internal auditing . . . in higher
education can be as diverse as the
. . . institutions they serve.
Internal auditors’ . . . abilities
can make them important
partners with an institution’s
management.
10
What It Means to Our
Institutions
At their fingertips, they have:
A coach.
An advocate.
A risk manager.
A controls expert.
An efficiency specialist.
A problem-solving partner.
A safety net.
Source: The Institute of Internal Auditors
11
Overview of University
Business Cycles
University Core Missions
Instruction
Research
Public Service
Ancillary Missions
Other
Fiscal
Proprietary
Personnel
Operational
Student Services
Administrative
Services
12
What We’re After
Accurate, reliable, and timely
information
Compliance
Economy, efficiency, and
effectiveness
Safeguards
13
Fraud Investigations and Internal
Auditors
Hotlines
Management concerns
Employee concerns
Third party referrals
Auditor testing
14
Evolving Higher Education
Landscape in the USA
Demographic Outlook








More students attending colleges/universities
College/University Presidents function as CEOs
Evolving pedagogies
“In Loco Parentis”
Globalization: borderless learning
Institutional mobility
Control of privacy information tightening
Average weekly hours of faculty up to 48.6 (vs. 40 in 1984)
15
USA Laws Affecting Higher
Education Landscape
Higher Education Reauthorization Act
 Sets rules Education Department programs on accreditation,
international and graduate education, teacher aid training
 Financial Aid Programs for Students
 Changes on Horizon:
–
–
–
–
–
–
–
–
Academic Competitive Grant
SMART Grant
Distance Education Treatment
Active Military Deferments of student loans (up to 3 years)
Teacher loan forgiveness
Eligibility of PLUS loans extended to graduate students
Annual loan limits increased
HEROS Act (House Education Relief Opportunities for Students) extended
16
USA Laws Affecting Higher
Education Landscape
Sarbanes-Oxley Act
 Similar to Canada Business Corporations Act
 Report to the Nation on Occupational Fraud and
Abuse [ACFE-Association of Certified Fraud Examiners]
 PCAOB [Public Company Accounting Oversight Board]
 Widely discussed among higher education groups
 NACUBO Advisory Report (2004)
 Web-based survey
 353 institutions (60% independent /40% public)
17
Public Company Accounting
Oversight Board
[PCAOB]
Established by the Sarbanes-Oxley Act
of 2002
Jurisdiction – Publicly traded
companies and accounting firms that
audit publicly traded companies.
18
2004 Report to the Nation
Data strongly supports Sarbanes-Oxley’s
requirement for audit committees to
establish confidential reporting mechanisms.
Confidential reporting mechanisms reduce
fraud losses significantly.
19
ACFE Report to the Nation on
Occupational Fraud and Abuse
More effective internal controls needed
The most cost-effective way to deal with fraud is to
prevent it
Most occupational fraudsters are first time offenders
Obtain criminal background checks
20
NACUBO Survey (2004)
Percent
92%
73%
81%
95%
85%
63%
56%
11%
Characteristic
audit committee or equivalent
audit committee charter
at least one financial expert on the committee
financial statement audit oversight
involved in the selection of external auditors
pre-approval of non-audit services
require partner rotation within 7 years
audit committee members not members of the
board
21
USA Professional Regulations
for Auditors
AICPA
 American Institute of Certified Public Accountants
 Like Canadian Institute of Chartered Accountants
 Statements on Auditing Standards (SAS)
Ethics Education for CPAs
FASB
 Financial Accounting Standards Board
 Higher Education Accounting
GASB
 Government Accounting Standards Board
 State and local government accounting
Government Auditing Standards (Yellow Book)
22
AICPA’s Risk Assessment
Standards
February 2006 – 8 new Statements on Auditing
Standards (SAS) collectively known as Risk
Assessment Standards.
Collectively, they provide guidance:
 auditor’s assessment of the risks of material misstatement in




a non-issuer financial statement audit;
design and performance of tailored audit procedures to
address assessed risks;
audit risk and materiality;
planning and supervision; and
audit evidence.
23
New Statements on Auditing
Standards (2006)
No.
104
105
106
107
108
109
110
Standard
Codification of Auditing Standards and Procedures
Generally Accepted Auditing Standards [GAAS]
Audit Evidence
Audit Risk and Materiality
Planning and Supervision
Assessing Risk of Material Misstatement
Performing Audit Procedures in Regard to Assessed
Risks and Evaluating the Audit Evidence Obtained
111 Audit Sampling
24
AICPA Emerging Item
SAS 60
 Replaces term “reportable condition” with
“significant deficiency”
 Effective after Dec. 15, 2006
 Impact: lowers the bar on matters identified in the
audit---more items will be ‘significant’
 60 days from report release to convey these to ‘those
charged with governance’
25
Ethics Education for CPAs
NASBA [National Association of State Boards of
Accountancy] proposed draft of Uniform
Accountancy Act
Ethics –ability to sit for CPA exam
Ethics --for licensure
AICPA’s Professional Ethics Exam
CPE requirements--for license renewal
 Texas
 Maryland
26
Ethics Requirement for
License Renewal
28 jurisdictions
Continuing
Education in
Ethics
Every Every Every Every
2
3
4
Year
Years Years Years
Every
other
Year
Two hours
Four Hours
Six Hours
Eight Hours
(fraud detection-California)
27
Financial Accounting Standards Board
[FASB] Emerging Trends
CARO (conditional asset retirement obligation)
Sabbatical leave accounting
Pensions/postretirement benefits accounting
FASB Staff Position (FSPs)
28
Governmental Accounting Standards Board
[GASB] Trends
GASB 47 Accounting for termination benefits
GASB 46 Net Assets restricted by enabling legislation
Current projects
 Intangible assets
 Derivates and hedging
 Fund balance reporting
29
Other Regulatory Issues Emerging
Yellow Book ~Government Auditing Standards
requirements for continuing education
-
National Single Audit Sampling Project
NCAA [National Collegiate Athletic Association]
 Agreed upon procedures
Tax issues
30
Emerging Trends in
Internal Audits
Visibility of and emphasis on internal audit
reaching new heights
Fostering compliance with new regulations
and statutes
Renewed focus on:
 Risk
 Control
 Governance
Increased emphasis on objectivity and
independence
31
New Challenges Facing Internal
Auditors
Maintaining a fully staffed internal audit
activity with appropriate skill sets
Reporting relationships with senior
management and the board
Increased demand for control and financial
focused engagements
32
New Challenges Facing
Internal Auditors
(continued)
Fostering compliance with statutory and
regulatory requirements
Maintaining a risk-focused audit plan in an era
of competing priorities
Providing consulting services and maintaining
objectivity in fact and appearance
33
The Future
Proactively ensure key stakeholders know the roles,
responsibilities, and capabilities of your audit organization.
Conduct periodic risk assessments and develop risk-based
audit plans to optimize audit resources.
Assess pertinent risks during the planning phase of every audit
and target scope and objectives accordingly.
Maintain a continuous focus on internal controls at the
enterprise level and during every engagement.
34
The Future
Ensure adequate audit coverage of the
organization’s financial operations.
Ensure a mechanism for reporting anonymous
allegations of improprieties is in place and operating
effectively.
Work collaboratively with investigators to ensure
adequate evaluation and analysis for potential
misconduct.
35
The Future
Network and benchmark to ensure awareness of
trends that could potentially impact your
organization.
Recognize red flags and fraud indicators.
Encourage and facilitate enterprise risk management
(ERM).
Assess the organization’s ethical climate and offer
recommendations for improvements. . .
36
How to Cope with the Evolving
Landscape in Higher Education
Founded in 1958, ACUA is an association devoted to
the issues and topics common for higher education
internal auditors
Open to ALL institutions of higher education
 Institutional
 Individual
Current membership: 600 + institutions
 Australia, Belgium, Canada, Egypt, Israel, Jamaica, Lebanon,
Mexico, Puerto Rico, South Africa, UK and USA
37
ACUA Strategic Goals
Goal A: ACUA will be its members’ indispensable
resource for education, knowledge, exchange, best
practices and networking.
Goal B: ACUA will be THE recognized resource for
internal auditors in higher education and a principal
advocate of higher education internal auditing.
38
Goal A: Education
1. Develop a sustainable process for demographic data
on members.
2. Expand the information and tools available on
ACUA’s website.
3. Enhance ACUA-L.
4. Expand educational offerings.
39
Goal B: Resource
5.Expand resource material for Internal
Auditors in higher education.
6.Create a Process for understanding issues and
positions that grassroots members want ACUA
to advocate for them.
40
ACUA’s Recent Initiatives
Internal Audit Start-Up Kit
 CD
 Members Only Section of ACUA website
 www.acua.org
Risk Dictionary
 Taskforce leader: David Crawford (TX system)
 crawfordid@earthlink.net
 JDE enterprises
41
ACUA Risk Dictionary Project
SUB-PROCESS
WORKBOOK NAME
Academic Administration
Instruction and Academic Support
Academic Information Technology
Instruction and Academic Support
Accounting
Financial Management
Accounts Payable
Financial Management
Accounts Receivable
Financial Management
Admissions
Student Services
Animal Research
Research
Athletics (NCAA)
Auxiliary Enterprises
Auxiliary Enterprises Administration
Auxiliary Enterprises
Bookstore
Auxiliary Enterprises
Building Maintenance
Physical Plant
Capital Assets & Depreciation
Financial Management
Cash Handling
Financial Management
Cash Management
Financial Management
Charge Capture and Collection
Hospitals
42
Risk Footprint
# ACTIVITIES
RISKS
1
2
3
Administration (13,
Staff
3 15, 18, 23)
HH Bad PR
HH Fraud
HH turnover
HM
Inadequate
communica
Facility (5, 6, 7, 12,
tions
Inadequate
Unhealthy
2 19, 20, 21, 22)
HM system
HM space
HM environment MM
Security &
Lack of
Failure to
Safety(2, 3, 4, 8,
Lack of ER
trained
comply with
1 11, 14, 16, 17)
HM training
HM security
HL regs., laws HL
Maintenance (1, 7,
Insecure
4 9, 10)
HM facility
4
Lawsuitclass
action
5
6
Failure to
Contractor
comply with
goes
rules, regs,
HL bankrupt
MM etc.
MM
Equipment
Poor
failure
ML lighting
Lack of
Fire & acts
plan or
of nature HL Failure to
Power
ML failure
HL Riot
Unlicensed
Deferred
Equipment
Inadequate
HM facility
MH maintenance MM breakdown MM staff
MM Theft
7
Inability to
recruit
qualified
staff
Unsafe
ML building
8
9
Lack of
performance
Operation
by
budget
MM contractor MM shortages
Lack of
sufficient
LM storage
Physical
MM attack
MM Vandalism
Unsanitary
or unhealthy
Injury or
MM environment ML death
Unsafe
LM furniture
ML Death
Lawsuit LM individual
Management uses the footprint to allocate resources to managing risks that
can affect the achievement of goals and objectives
Internal Audit uses the footprint to provide governance and executive
management with appropriate level of assurance on all identified risks
43
Risk Dictionary Worksheet:
Academic Administration
RISKS
CONTROL 1
CONTROL 2
Failure to train faculty and staff for
academic administration
Tracking and communicating
training requirements
Require periodic training and
follow-up
Inappropriate/inequitable workload
definition
Consensus of workload definition
from faculty
Workload standards by
department
Failure to communicate effectively
Regularly scheduled staff and
faculty meetings
Periodic Email announcements
and updates
Poor academic administrator
quality
Regular evaluations with clearly
defined performance measures
Make training available to
administrators
Programs not developed and
evaluated for effectiveness,
continued demand, and institutional
priorities
Accreditation reviews
Development of strategic plan by
each college or department
CONTROL 3
Staff member assigned to ensuring
proper communication
Analytical review of trends
44
Spot check of equipment
3 by Mgr.
Exception report to Mgr.
3 About emps not attended
X
X
X
X
Lawsuit individual
Inadequate staff
X
X
1 Checklist of tasks
Visual inspection by
2 Supervisor
1 Training of employees
Comparison of training
2 log to list of employees
X
Injury or death
X
Theft
Unsanitary or
unhealthy
environment
3 Mgr. Walkthrough
Security check on staff
1 ins & outs
Preventive maintenance
1 schedule
Supervisor reviews
2 completed maintenance
Equipment
breakdown
Maintenance (1, 7, 9, 10)
Insecure facility
Unlicensed
facility
Deferred
maintenance
Level
Monitoring Footprint
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Preventive
maintenance schedule
X
Supr. Signs & dates
report with notes
List of equip. checked;
Memo to file; Sign log
on equip.
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Date Reviewer
Status
X
X
X
X
X
Evidence of Control
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Training roster,
certificates, curriculum
Report of exceptions
signed & dated
Manager initials &
dates with comments
of actions taken.
45
24
ACUA Opportunities for
MEMBER Involvement
In addition to being a member, you can serve
Committees
Taskforces
Authors for articles
Presenters/educators for conferences
46
Why Join ACUA?
To increase your professionalism and increase
audit expertise and knowledge
To serve the audit profession
To have fun while we educate and improve
ourselves
47
Questions?
48
Contact Information
Betsy Bowers
bbowers@uwf.edu
ACUA President
University of West Florida
Associate Vice President
Internal Auditing & Management Consulting
Pensacola, Florida
www.uwf.edu/iamc
49