Internal Audit “Partnering with Management” PACFAM PACFAM Meeting Meeting November November 15, 15, 2012 2012 Updated February 2015
Int nter erna nal l Aud udit it Cha hart rter er • Included in the University of Oklahoma Board of Regents’ Policy Manual. • Required by State Law • Internal Audit is a uthorized by the Board of Regents and the President to have full, free, and unrestricted access to all u niversity functions, records, property and personnel.
Wha hat is is Int nter erna nal l Aud udit itin ing? g? Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Source: The Institute of Internal Auditors
Wha hat do we do? Internal Audit Assesses: • Adequacy of policy, procedures and internal controls. • Compliance with laws, rules, regulations and organizational guidelines. • Organizational efficiency. • Accuracy and reliability of accounting records.
nal Audi dit t Respons sponsibi ibilit lity Int nter erna • OU Norman Campus • OU Health Sciences Center Campus • OU Tulsa Campus • Cameron University (Lawton) • Rogers State University (Claremore) • Any off-site location or function of the above entities
OU INTERNAL AUDIT Organizational Chart - 2015 University of Oklahoma Board of Regents David L. Boren OU President Clive Mander , FCA Chief Audit Executive Suzie Brewer Administrative Asst. Special Investigations and OU HSC OU Norman OU Norman Quality Assurance IT - all campuses OU Tulsa Rogers State University Cameron University Improvement Program Carolyn Clink , CIA CFE Tim Marley , CPA CISA Audit Director IT Audit Director Amanda Dicken Robin Irvin, CIA Sandra Ashford David Skrdla , CISA Audit Manager Audit Manager Audit Manager IT Audit Manager Ke'Yonna Wynn Robert Green Jeremy Lynch Catherine McDaniel Andy Thung, CISA Senior Auditor Senior Auditor Auditor Auditor IT Auditor Chandriga Suppiah Bennett Pickar Alexandra Gerea Cindy Hall Auditor Auditor Auditor IT Auditor Kale Thaxton Auditor Student Interns Samuel Perez Hannah LeConte Jackson Stone Kayli Warmker Sarah Petrocchi Erin Carroll
Code e of Ethi hics cs The Principles/Rules of Conduct We Adhere to: • Integrity • Objectivity • Confidentiality • Competency Source: The Institute of Internal Auditors
Ins nsti titute tute of Int nter erna nal l Aud udit itor ors s Stan andar ard II IIA St Standar dard 1220 1220.A1 stat tates, “Internal aud audito itors rs mu must exercis rcise due due professio ional nal care by by consid idering ring the: • Extent of work needed to achieve the engagement's objectives; • Relative complexity, materiality, or significance of matters to which assurance procedures are applied; • Adequacy and effectiveness of governance, risk management, and control processes; • Probability of significant errors, fraud, or noncompliance; and • Cost of assurance in relation to potential benefits. ”
Th The Aud udit it Sele lection ction Pr Proce cess Risk Analy lysis is vs. Rotati tional onal Schedule edule The Institute of Internal Auditors requires risk analysis rather than a rotational schedule for annual audit plans. The Internal Audit Department lists all auditable entities and • functions and compiles them into an ‘audit universe. ’ A risk analysis is used to determine which audits to perform on • an annual basis.
Ris isk Ana naly lysis is Cri riteri ria Prior audit findings • Perceived sensitivity • Control environment • Confidence in operating management • Changes in people or systems • Complexity • Time since last audit •
Types of Aud udit its Pe Perf rforme rmed Financial Operational Compliance Colleg lege e and Depart artments ments, , Clinic nics, , Func ncti tional onal Units, its, Athlet letics, ics, Information ormation Technol hnolog ogy/Systems, tems, Specia ial l Reviews, iews, Specia ial l Inves esti tigat ations, ions, Centers ters and Instit itutes utes, , Spons nsored ored Prog ograms rams
Aud udit it Pr Proce cess, , Step ep-by by-Step Step Post Audit Planning Fieldwork Reporting Review 1. Engagement letter 1. Exit conference 2. Preliminary 2. Draft audit report request for 3. Final audit report, with information management responses 3. Risk analysis and and scheduled completion audit program dates development 4. Entrance conference
Int nter erna nal l Aud udit it Help lp Li Line ne As part of our service to the University, we encourage any employee to contact us with questions relating to internal controls or to discuss any issue relating to risks and exposures in their area of responsibility. Call (405) 325-3411 (Ask for an Audit Manager) or Email us at: InternalAudit@ou.edu
Fu Furt rthe her r Inf nfor ormatio ation • Visit our website at www.ou.edu/audit Main n Offic ice e Norma man n Campus us • 1816 West Lindsey Street Phone number: 405-325-3411 Satell llit ite e Offic ice e OUHSC Campus us • Service Center Building Room 239 Phone number: 405-271-2532
Di Disb sburse urseme ment nts: s: University Accounts: • Personal reimbursements and travel claims not approved by someone of institutional authority • Not aware of change in mobile phone/device policy Foundation : • Personal reimbursements and travel claims not approved by someone of institutional authority • Retention of departmental records to support Foundation activity
D ISBU NTS BURSEME EMENTS Does the account sponsor approve your disbursements and travel • claims? Does an individual with greater institutional authority approve the department head’s travel? Are disbursements business-related and in compliance with University • policy? Are invoices paid within 45 days as required by state legislation? • Are purchases over $5,000 processed through a PO? Do you process all • contractual products or services through the Purchasing Department? If not, do you have an authority to contract? Are accounting duties of ordering, receiving, and reconciling properly • segregated to ensure that no one individual controls the process from beginning to end? Resources urces: State Travel Reimbursement Act (STRA) , 74 O.S., Section 500.1, et seq. University Travel Procedures: • http://www.ou.edu/controller/fss/procedures/travel.html OU Purchasing Department • http://www.ou.edu/purchasing/policies/index.html OU Regents’ Policy Manual • http://www.ou.edu/regents/official_agenda/2004PolicyManual.pdf
Pcard: Pcard: • Allowing Pcard to be used by someone other than the card holder, including access to the Pcard number for online purchases • Purchasing items not permissible per the Pcard Policy • Approval by account sponsor not evident
P CARD ARD Did Pcard holders and Pcard administrators attend training? • Is use of the Pcard limited to the card holder? • Are students, including graduate students, prohibited from using the • Pcard? Do you retain your Pcard receipts? • Does the account sponsor review the purchase receipts when approving • the transactions? Resources urces: Pcard Policy • http://www.ou.edu/purchasing/home/pcard/pcard_policy.htm General Records Disposition Schedule for State Universities and • Colleges http://www.odl.state.ok.us/oar/docs/ucgrds-schedule.pdf
Pa Payroll oll: Hourly Employees: • Overtime hours incorrectly moved to other pay periods • Timesheets not approved by employee and/or supervisor • Payroll documentation not available (missing Time Sheets Monthly Employees: • Leave certifications not approved by employee and/or supervisor • Leave certifications not available
P AYRO LL ROLL Hourly: Do employees sign their timecards/time sheets? Do their • supervisors sign the timecards/time sheets? Monthly: Do monthly personnel track their paid leave? Does the employee • sign documentation stating the amount of paid leave taken on a monthly basis? Do their supervisors approve and sign the documentation? Supplemental Pay: Does the department maintain supplemental pay • records? Does the account sponsor approve the supplemental pay? Are HR PeopleSoft account passwords kept confidential? • Is all access to computer systems cancelled for employees that transfer • from your department or for employees that no longer work for the University? Resources urces: Human Resources Guide to Services: • http://hr.ou.edu/payandrecords/
Sup uppl plement mental al Pa Pay: • Insufficient support for supplemental pay • Approval by appropriate supervisor with institutional authority not evident
Supple plement mental al Pay: • Does the department maintain supplemental pay records? • Does the account sponsor approve the supplemental pay? • Approval by appropriate supervisor with institutional authority? Resourc sources: s: • Human Resources Guide to Services: http://hr.ou.edu/payandrecords/
Recommend
More recommend