What is Internal Audit University of Date

What/Who is Internal Audit? A University department that reports directly to the Board of Regents (BOR) through the Secretary of the BOR and the Chair of the Regents Audit and Financial Advisory Committee (RAFAC)

University of Internal Audit Organizational Chart Board of Regents Chair-Regent Audit and Financial Advisory Committee Secretary of the BOR Internal Audit Director President

What is Internal Audit’s purpose? To assist the Board of Regents in carrying out their fiduciary responsibility of the governance of the university. To assist the University community in recognizing and managing risks to the university.

What kind of work does Internal Audit do? –Audits –Consultations –Investigations –Education

Audits Evaluations of various processes, functions, departments, and activities (NOT people) to: Identify risks Determine whether those risks are adequately mitigated

Consultations Provide advice and information to University departments on internal controls, risk management, and sound business practices in such areas as policy development, system or process development, specific issue resolution, etc.

Investigations Conduct internal investigations regarding allegations of fiscal misconduct and fraudulent actions that adversely impact the University. This work looks at the actions of individuals and their intent.

Education Conduct workshops or any other information presentation to the University community on internal controls, risk management, fraud prevention, and sound business practices.

How Does IA Figure Out What Audits to Conduct?

Identify key risks of the organization Look at all areas of exposure, not just financial Focus on the issues that matter most Develop audit plan to examine higher risk areas Our Scope-Start with Risk Assessment

Factors that affect risk: External influences (laws, regulations) Internal influences (policies, culture) Opportunity for misappropriation Degree of automation vs. manual processes Volume and size of activity Decentralization of processes

Thinking About Risk Administrators have an important role –Responsible for fiscal affairs of the unit Lots of expectations from lots of constituents –Funding sources attach strings –Public scrutiny Too much to do, too little time, too few resources– means you have to evaluate risk and balance conflicting demands Whistleblowers monitor actions

Audit Universe Core Processes Key Functions/Activities Common Functions/Activities Organizational Units

The Audit Universe Core Processes –HR/Payroll –Procurement –Sponsored Programs/Research –Student-Related Services –Academic

The Audit Universe Key Functions/Activities (university-wide or campus based) – examples: –Risk Management –Facilities Management –Information Technology Services –Contracts and Grants –Media Relations

The Audit Universe Common Functions/Activities – (department- based) examples: –Youth Programs –Conferences/seminars –Study Abroad Organizational units (2,500 of these across the University, within 500 higher level orgs)

Why IA May Come Knocking on Your Door As part of a core process evaluation audit, a key function/activity audit, a common function/activity audit As part of a continuous audit (looking at specific transactions for compliance) As a department (organization unit) audit As part of an investigation In response to a request (consultation)

What is an Internal Control? An internal control is a process within an organization designed to provide reasonable assurance that certain things happen the way we want them to: Reliability and integrity of information Compliance with policies, plans, procedures, laws, regulations, and contracts Safeguarding of assets Economical and effective use of resources Accomplishment of established objectives and goals The cost of a control should not exceed its benefit!

Examples of Internal Controls Directive Controls Designed to establish desired outcomes. Examples include: Laws Policies Procedures Meetings

Examples of Internal Control Preventative Controls Designed to prevent errors from occurring Examples: Segregation of duties Pre-authorizations Adequate documentation Physical control over assets Computerized techniques, such as passwords and transaction limits.

Examples of Internal Controls Detective Controls Designed to detect errors Examples include: Reviews and comparisons Account reconciliations Physical counts of inventories

Audits – What does IA look for? In general, Internal Audit looks at what is happening and compares it to what should be happening, as defined by: Laws, rules, regulations, policies Sound business practices

Audits – What does IA look for? Strategic Planning - clarity of objectives/goals; risk assessment Culture, Management Style, Synergism Knowledge of authority Clarity of responsibilities Communication

Audits – What does IA look for? Awareness of applicable laws, rules, regs, policies Presence of controls to ensure objectives are achieved Segregation of responsibilities Monitoring Evaluation and continuous improvement

A Word About Documentation… What is documentation? In writing Forms of external documentation –correspondence from outside the institution –invoices, contracts, memorandums of understanding Forms of internal documentation –forms, internal correspondence, schedules

A Word About Documentation… What does it do? Provides evidence of business activities Provides evidence of authorizations Why do we need it? Audit trail – the series of documentation that provides evidence of the events that transpired to effect a business transaction. It helps to determine the process occurred as intended to ensure compliance and propriety.

Fraud/Fiscal Misconduct

Elements of Fraud/Fiscal Misconduct Act or failure to act Intent to deceive Relied upon by others Loss occurs

Attributes Commonly Present in Fraud/Fiscal Misconduct Need – financial, ego Opportunity Rationalization

Indicators of Fraud Doesn’t take vacations Change in life style

Resources Enter resources related to your campus

How to Reach Internal Audit Website:(internalaudit.yourschool.edu) Phone:xxx-xxx-xxxx Fax:xxx-xxx-xxxx