annual report 2005-06 - university of florida¬ce of audit & compliance review operational,...

Office of Audit & Compliance Review Operational, Financial, Compliance Audits

Management Advisory ServicesSpecial Reviews

ANNUAL REPORT 2005-06

OFFICE OF AUDIT & COMPLIANCE REVIEW

2005-2006 2

OFFICE OF AUDIT & COMPLIANCE REVIEWUNIVERSITY OF FLORIDA

Annual Report 2005-2006

CONTENTSIntroduction ...........................................................2Operations ..............................................................2

Goals and ObjectivesStaffing and Other ResourcesOrganization ChartStaff TrainingBudget and Expenditure AnalysisTime AnalysisTime Allocation

Audits and Other Planned Reviews ..................6 Trend Analysis

Client SurveysAudit Report Summaries .....................................7Management AdvisoryServices ................................................................ 10

Special Advisory ReviewsNewsletterPost-Audit Assistance

Investigations ..................................................... 11Summary of Significant Issues

Follow-Up ............................................................ 12Follow-Up Statistics

Other Activities .................................................. 13OACR Audit Charter ......................................... 15Contacts and Resources .................................... 16

Message

from the

Chief Audit

Executive

The 2005-2006 has been a year of significant auditand advisory projects. With the maturation ofmyUFL business processes, process audits withextensive control documentation were initiatedduring this period. With the first year of the two-year work plan behind us, significant challenges inaddressing audit risks of the University of Floridaand its affiliated organizations remain.

Maintaining full and effective staffing continued tobe the Office of Audit and Compliance Review’s(OACR) primary challenge with all time high marketdemand for audit professionals triggered mostly bythe Sarbanes-Oxley legislation. While wesuccessfully recruited for certain key positionsduring the period, we finished the year with twoopen positions.

The 2005-2006 year has also been significant forprofessional service including:

• The Spring Conference jointly organized with the North Central Florida Chapter of the Institute of Internal Auditors,• Presentation at the International Conference of the Institute of Internal Auditors in Houston,• Serving on the higher education quality assessment team for Oregon University System,• Taking various leadership roles in professional organizations and within the University.

In addition to promoting the OACR and its activities,these opportunities provided cost effectiveeducational programs for management and staff.

We welcome 2006-2007 with the OACR’s ongoingcommitment for exemplary internal audit servicesand its renewed emphasis to partner in educationalprograms for the promotion of best fiscal practicesfor the University and its affiliates.

Nur Erenguc, CPA, CFEChief Audit Executive


2005-2006 3

OACR STAFF Standing: Lily Reinhart, Brian Mikell, Jeff Capehart,Craig Reed, Hui Zhou, Vito Hite, Suzanne Newman, BreckaAnderson, Joe CannellaSeated: Marilyn Velez, Nur Erenguc, Carole Silverman, ChrisBunn

OPERATIONS

Goals and Objectives

A key operational objective for the period wascompletion of the first year of the 2005-2007 workplan. We directed additional emphasis andresources to the University’s direct support andaffiliated organizations and closely followed thetrends and developments in the application ofSarbanes-Oxley accountability measures to not-for-profit organizations and universities inparticular.

Preparations began for the external qualityassurance review scheduled for early 2007. IIAstandards require external quality reviews ofinternal auditing offices every five years. To thatend, in preparation for our external review, wecompleted an internal quality assurance reviewwith the assistance of a consultant.

Staffing and Other Resources

During 2005-2006 OACR hired one full-time staffauditor and two part-time graduate assistants. Wepromoted two staff members into audit managerand senior auditor vacancies. We ended the yearwith two position vacancies.

We remodeled space in Tigert Hall to accommodateour entire staff. Thus, we closed the Yon Hall office.This was also the first full year of using a new auditworkpaper software program which required re-engineering our internal procedures.

To better align audit resources with the Universityunits expecting and supporting audit effort, wecontinued a funding methodology necessary tomeet this need and expectation. We expect to fill thetwo auditor vacancies in the coming year and add apart-time audit support position. When fullystaffed at 14 auditor positions, the OACR willfavorably benchmark with its peer organizationsand meet the internal audit needs of the Universityand its support organizations.

INTRODUCTION

The Office of Audit and Compliance Review(OACR) provides a central point for thecoordination of activities that promoteaccountability, integrity, and efficiency for theUniversity of Florida. The OACR Charter isincluded on page 15 of this report.

Fiscal year 2005-2006 was the second year of themyUFL implementation. As a result, we focused onreviews of major areas with a broad impact suchas University Payroll, Travel, Utilities andCashiering. We completed InformationTechnology audits and provided significantmanagement advisory assistance as the systemstabilized. We continued to provide audit supportfor the major Direct Support Organizations, UFFoundation and University Athletic Association.We expect to continue to provide proactiveassistance as well as post implementation auditsto promote good business procedures togetherwith a reasonable level of controls in all areas.


2005-2006 4

Staff Training

Continuing professional education is highly valuedand attendance to relevant conferences andseminars is promoted. Since cost-effective trainingof new staff was a priority, we initiated training forstaff members new to auditing or to our office.Additionally, we co-sponsored with the IIA two anda half days of training in Gainesville. Audit andaccounting staff from other organizationsparticipated in this training. One staff membercompleted a master’s degree in a relevant fieldduring the fiscal year. Table 1 reflects a listing ofstaff participation in formal training programs in2005-2006.

Table 1 Staff Training

Sponsored by: HoursEmployees

Attending

Institute of Internal Auditors 373 12

University of Florida 229 12

Association of College and

University Auditors105 5

Association of Health Care

Internal Auditors18 1

Florida Institute of Certified

Public Accountants2 1

OACR ORGANIZATION CHART


2005-2006 5

Budget and Expenditure Analysis

The OACR expenditures by category are illustratedin Table 2. Professional staff salaries remain ourprimary commitment representing 90% of totalexpenditures. This year, we made one-timecommitments to renovate office space in Tigert Halland to purchase audit workpaper software. Thesepurchases will benefit staff for years to come. Wealso contracted with a consultant to provideinternal quality assessment services in preparationfor the external quality assessment reviewscheduled for 2007. Supplies and communicationexpenses represented the largest percentage ofoperating expenses.

Time Analysis

Table 3 provides a comparison between timeavailable as planned and actual time available forprojects. Even with 299 hours of overtime,

available hours for the period was 11.3% less thanplanned. This was the result of unanticipatedposition vacancies. These vacancies had an impacton project progress and completion.

Table 2 Analysis of Expenditures

2004 2005 2005 2006

Salaries $929,524 $1,058,853

Other Personal Services (OPS) 24,204 21,154

Fixed Assets 12,502 8,879

Operating Expenses 20,673 22,310

Training 18,627 15,602

Renovations 20,308

AutoAudit Software Purchase 18,075

Consultants 4,385

Total $1,005,530 $1,169,566

Table 3 Planned/Actual Hours

PLANNED ACTUAL DIFF.

Time Available (14.5x2,040) 29,580 29,580

Less: Adjustment for Position Vacancies (3,404) 3,404

Training/Leave Use/Operational Support (8,874) (8,117) (757)

Total (11,521)

Excess hours worked 299 (299)

Time Available for Projects 20,706 18,359 2,348

Operating Expenses

6%

17%8%

26%

14%

10%

12%

7%

Office Supplies Travel

Personnel Expenses Telephone/Postage

Dues/Subscriptions Maintenance

Computer Supplies Printing


2005-2006 6

Time Allocation

Chart A represents the planned activity mix for totaltime available for projects and actual effortexpended, and Chart B provides a comparisonbetween prior year and current allocation of timeavailable for projects. For all categories, actual timedid not vary significantly from the plan. Incomparison with the prior year, time spent onfollow up and investigations was consistent.Management Advisory Services (MAS) was greaterin the prior year due to providing advisory servicesrelating to stabilization of the new myUFL systems.The decrease in operational support is attributableto the reduction in administrative time spent inrecruitment and orientation of new employees. The

increase in audit time is attributable complexity ofplanned audit projects and greater time spent onaudits by less experienced staff.

Direct time percentages are established as aproductivity goal for each professional positionand for the office as a whole. Direct time excludesadministration, service support, leave andtraining.

Chart C compares direct time achieved in the lasttwo fiscal years. Ongoing emphasis on new stafftraining was in conflict with the targeted directtime percentage of 72%, which we could notachieve. Procedures were implemented to monitorstaff direct time more closely.

Chart C Office Direct Time by Fiscal Years

75%68% 70% 68% 70%62% 69%

65%

75% 75%

0%

20%

40%

60%

80%

100%

Quarter1 Quarter2 Quarter3 Quarter4 Total Office

FY 04 05 FY 05 06 Goal 72%

Chart A Allocation of Total Time

Planned vs. Actual

51%

4%

6%

3%

36%

56%

6%

4%

4%

31%

0% 10% 20% 30% 40% 50% 60%

Audits

MAS

Investigations

Follow Up

Training/Leave

Use/Op Supp

Planned Actual

Chart B Allocation of Time Available

for Projects

Prior vs. Current Year

47%

19%

6%

4%

24%

71%

7%

5%

5%

12%

0% 20% 40% 60% 80%

Audits

MAS

Investigations

Follow Up

Operational Support

2004 2005 2005 2006


2005-2006 7

Table 4 Trend Analysis of Projects Planned/Completed Planned Completed

Original Revised Current Carry Over Total

2003 2004 21 20 15 7 22

2004 2005 27 21 17 4 21

2005 2006 34 32 16 3 19*

TOTALS 82 73 48 14 62

* Table 6 lists reports issued this period.

AUDITS AND OTHER PLANNEDREVIEWS

Trend Analysis

Table 4 reflects a three-year analysis of projectsplanned and completed. The work plan includesplanned audits and advisory reviews.

Over the last three years, 73 projects were plannedand 62 were completed. The upward trend inprojects planned is attributable to the continuedgrowth in OACR staff size. The low completionpercentage in 2005-2006 is consistent with greatertime spent on each project than planned.

During 2005-2006, 71% of available time, or 14,766hours, was spent on audits. Internal audits wereplanned based on evaluation of risk and includedinput from university management.

Client Surveys

Client surveys completed at the conclusion of eachengagement reflect that OACR services are wellreceived. Ninety-eight percent of surveyresponses indicated ratings of either good orexcellent in all categories.

Client Surveys

(11 Responses)

74%

1%

5%

52%

64%

25%

44%

36%

0% 20% 40% 60% 80%

Audit Team

Audit Report

Audit

Performance

Excellent Good Fair Poor

Trend Analysis of Projects

Planned/Completed

0

10

20

30

40

50

60

70

80

Planned Completed

2005 2006

2004 2005

2003 2004

62

73


2005-2006 8

AUDIT REPORT SUMMARIES

The summary of audits issued profiles majorengagements completed during the fiscal year. Thesubjects of the reports illustrate the commitment toproactive and diverse coverage. We conductedaudits of major business processes includingUniversity payroll, travel, and cashiering. Wereviewed internal controls in the Parking, Utilitiesand Telecommunications auxiliaries. Ourinformation technology audits this year focused onthe web-based student course system andinformation security management at large units. Inthe research area we looked at the process forprocuring and awarding contracts to vendors withscientific or specialized expertise and at theprocedure for reporting labor charges allocated tofederally funded research projects. We auditedStudent Government administration andoperations emphasizing Activity & Service fee-funded activities. We continued to provide auditservices to the Direct Support Organizations at theUF Foundation and University Athletic Associationby performing audits and working with their auditcommittees.

Telecommunications and Cellular Charges

In our audit of the Telecommunications, wedetermined that telecommunications charges werebilled and collected timely and that they wereadequately supported at rates that sufficientlycovered operating costs. We found that campusunits did not always perform sufficient review ofcharges to determine that only authorized andofficial business charges were paid. Subsequent toour audit, Telecommunications implemented abilling system that provides a sufficient level ofdetail to determine if charges are correct.Additionally, we found that departments did notalways perform a cost comparison/benefit analysisto support selection of a cellular plan or maintaindocumentation of the analysis performed. TheUniversity Controller agreed to reissue guidelinesfor monitoring telephone invoices and for cellphone use and charges.

WebCT Vista

We audited the University’s online coursemanagement system, WebCT Vista. The primaryobjective of this audit was to determine theadequacy of the internal control system thatensures efficient operation, information securityand compliance with applicable governance overWebCT Vista. Under the oversight of the Office ofInformation Technology, WebCT Vista is effectivelyproviding services to a significant number ofstudents and faculty. In Fall 2005 it was used byapproximately 34,000 students and 900 faculty.Opportunities for improvement were identifiedapplicable to change management, a businesscontinuity plan, review of production data anddata base administrator training.

University Travel

We audited travel transactions processed throughthe myUFL system for the University of Florida andaffiliated organizations such as the University ofFlorida Foundation. Travel expenditures processedduring the 2004-2005 fiscal year exceeded $28million. We found internal controls over theprocessing and accounting for travel to be generallyadequate to ensure compliance with establishedrules, policies and procedures. We notedopportunities for improvement in the monitoring ofexpense reports and in monitoring for duplicatepayments. We also found opportunities forimproving the controls over the distribution oftravel checks, establishment of travelauthorizations and in the procedures for issuingtravel advances.


2005-2006 9

University Athletic Association GatorSportshop

The objective of this audit was to assess theadequacy and effectiveness of the internal controlsystems in purchasing and inventory, sales andrevenues, payroll and temporary servicesexpenditures and information technology. TheGator Sportshop retail operation, generatingrevenues in excess of $2 million per year, waseffectively achieving its mission and operationalgoals in providing a retail outlet for UF fans,students and alumni. The Athletic Associationagreed to develop and formally adopt writtenpolicies and procedures for the Sportshop in theareas of receiving merchandise, sales andcollections, and game-day souvenir standaccountability.

University Cashiering

In the Cashiering audit, we noted that theCashiering function had adequately designed andimplemented controls. As the point of receipt for allUniversity collections, including student fees,accounts receivable and loan collections, theUniversity Cashier collected approximately $670million in the 2004-2005 fiscal year. The Cashierprovides change, processes collections for deposit,and coordinates the physical transfer of collectionsfrom campus units, including credit card paymentsaccepted by over 70 campus entities. AlthoughUniversity directives require that credit and debit/ATM card transactions be deposited by the nextbusiness day, we found that some departments didnot deposit these transactions timely. Somedepartments failed to use locked bags whentransporting cash between buildings.

University Payroll

The University processed payroll forapproximately 25,000 employees, totaling $1.05billion, during the 2004-2005 fiscal year. Our auditconcluded that internal controls were designedadequately and operating effectively to ensure thatpayroll is calculated, recorded and disbursedaccurately for services performed. Payrolladjustments could be reduced if departmentsensure that job actions are processed timely. Tothat end, an electronic personnel action form (ePAF)will be implemented to enhance the input process.

Additionally, we noted that approving time andreviewing the preliminary paylists prior tofinalizing payroll will reduce the volume ofincorrect payments to employees. Opportunitieswere also identified to improve internal controls inrole security and access management.

Foundation Gift Collections

We audited university units that collected gifts fordeposit with the Foundation. All gifts solicited inthe name of and received for the benefit of theUniversity of Florida must be deposited in one ofover 5,800 funds administered by the Foundation.We found that written polices and procedures werenot clearly communicated regarding giftprocessing. We also noted that some universityunits were not making timely deposits orreconciling deposits to Foundation records.

Student Government

The scope of Student Government administrationand operations audit emphasized accounting forActivity and Service fee funded activities. Thecontrols for Student Government administrationand operations were designed adequately andoperating effectively. Timeliness of reconciliationswith official university records and the clarificationfor the establishment and use of reserve accountswere comments developed for improving fiscalcontrols.

Emerson Hall


2005-2006 10

University Athletic Association Cashiering

The UAA Cashiering office is the focal point for allUAA collections, which totaled over $27 million forthe 6-month period ending March 31, 2006. TheCashier provides change, processes collections fordeposits, coordinates the physical transfer ofcollections from UAA departments and is thecustodian of a change fund that ranges from$45,000 to $95,000. Our audit concluded that theUAA Cashier’s office is effectively achieving itsoperational goals and has adequately designedcontrols. Suggestions for improvement includedthe adoption of formal deposit and reconciliationprocedures.

Subrecipient Contracts

Our audit of subrecipient contracting andprocurement practices reflected that they weredesigned adequately and operating effectively. TheDivision of Sponsored Research reviews, approvesand executes contracts to vendors while threecampus units, Engineering, IFAS and the MainContracts and Grants, monitor them. Werecommended that the three offices develop aconsistent monitoring process and that theydevelop procedures to improve the processing ofcontract payments.

Effort Reporting

Effort reporting is mandated by the federalgovernment to verify that labor charges tofederally sponsored agreements are reasonable andreflect actual work performed. The EffortReporting System, currently available throughmyUFL, is designed to capture the information inorder to be in compliance with federal standards.We found that the design of the Effort Reportingsystem needed improvement. The Division ofSponsored Research, Finance and Administrationand the Office of the Provost agreed to collaborateto identify the best approach to improve systemdesign. Input from faculty will be solicited in orderto determine the best method to emphasize the roleof individual researchers in the verificationprocess.

Unit-Based Information SecurityManagement

We audited information security management at 25university units for controls in place over restrictedand sensitive data and for compliance with Office ofInformation Technology’s security policies andprocedures. While most areas had excellent ITsecurity, improvement opportunities existedcampuswide in data backup/recovery procedureswhich could hamper operations in the event of adisaster, such as a hurricane or fire.

Transportation and Parking

The Transportation and Parking services (TAPS)audit focused on the evaluation of internal controlsassociated with sales and accounting for revenue,purchasing and disbursement activities andcompliance with bonded debt. TAPS is a self-supporting auxiliary responsible for issuing decalsfor campus parking and collecting fines for parkingviolations. Operating revenues were nearly $14million for the 2004-2005 fiscal year. We found thatTAPS achieved their stated mission of providing acustomer focused parking program for theUniversity community. Opportunities forimprovement were found in the accounting forparking garage revenues, accountability for decalstock, monitoring payroll deduction collections andmonitoring fines revenues.

University Utilities

University Utilities, a Physical Plant Department,procures utility services from external vendors,maintains distribution networks, reads meters,collects and disposes of refuse and providesaccounting support and coordination for utilityservices. Our audit concluded that controls weredesigned adequately and operating effectively toensure that utility services rates were properlycalculated, billed, collected and recorded.Opportunities for improvement communicated tomanagement included improved procedures formonitoring future rate calculations, identificationand classification of direct vs. indirect costs, andmaintaining adequate reserves.


2005-2006 11

Effort Distribution

2%

18%

12%

23%

45%

General University Service and Support

University Governance and Publications

DSO Service

Consultations and Advisory Reviews

Other

During fiscal year 2005-2006, 1,478 hours werespent on MAS, which represented 7% of availablehours. A significant portion of MAS effort wasexpended on advisory reviews, consultations andgeneral University service and support. Followingare summaries of MAS projects and service/support:

Executive Travel and Reimbursements

The objective of this project was to review theeffectiveness of processing controls over executivereimbursements and evaluate their propriety andcompliance with established policies andprocedures. While reimbursements were found tobe reasonable and appropriate, we communicatedsuggestions to enhance processing procedures.

University of Florida FoundationApplication Access Management

This audit evaluated the internal controls in placeat the Foundation to manage access toapplications and ensure accuracy and integrity ofdata. We found that controls in general weredesigned adequately and operating effectively. Weidentified opportunities for improvement in therequest and authorization of role security, and inprocedures to ensure the appropriateness of allcurrent users.

University of Florida FoundationRestricted Gifts

The Foundation serves as the fundraising arm andprocessing agent of donor’s funds and annuallydisburses funds to University units for use inaccordance with donor intent. Each college ordepartment within the University is responsiblefor overseeing the administration and proper useof these funds to ensure donor intent compliance.Our audit evaluated the design and effectivenessof controls to promote the use of restricted fundsin accordance with donor intent and Foundationpolicies and procedures. Foundation fundestablishment, donor intent communication, andfund use in accordance with donor intent weredetermined to be generally adequate.

MANAGEMENT ADVISORYSERVICES

OACR is committed to providing proactive,preventive advice on internal controls, operationsand compliance. Requests for managementadvisory services (MAS) usually come from variousmanagement levels throughout the University. Theinformation provided through these servicesassists management in decision making and inimproving operations. Results of these types ofservices are usually communicated throughmanagement letters.

OACR actively provides advisory reviews,consulting assistance, training and training tools,and post-audit assistance. The following chartillustrates the MAS types performed and thepercentage of time spent.

Florida Group Practice Billing

The objective was to review the Florida GroupPractice billing format to determine the adequacy ofinformation provided to patient payees. The FGPagreed to reevaluate the current billing format andrecommendations were made to assist in makingthe user statements more “user friendly.”

Health Science Center (HSC) SecurityProgram for Information and ComputingEnvironment (SPICE)

SPICE was designed to protect the security andprivacy of information that is managed by the HSCby ensuring that appropriate administrative,technical, and physical safeguards are in place. Theprogram includes policies and procedures thatcomply with federal security and privacyregulations, state law, and University of Florida ITsecurity policies. In an advisory capacity, we


2005-2006 12

restitution of $400,000 received by the Universityduring 2005-2006.

Significant issues from investigative reviews aresummarized as follows:

Resource Misuse

Concerns were presented to OACR that anemployee of the College of Pharmacy used auniversity owned vehicle for personal benefit. AnOACR investigation confirmed the misuse andnoted that the employee did not maintain vehiclelog records. Recommendation included themaintenance of vehicle log records.

Conflict of Interest

An allegation stated that a College ofDentistry faculty member participated in outsideactivities undisclosed to the University. It wasconfirmed that the faculty member participatedand received payment for outside activitiesundisclosed to the University and did not fullyrecord annual leave when involved in theseactivities. A lack of administrator understandingand compliance with disclosure of outside activitiesand financial interests policies was identified. Thiswas immediately addressed by the College andleave use records were corrected.

An allegation presented concerns that kickbackswere received in the hiring of consultants atBridges by an employee with an undisclosedcompany. Based on OACR review no merit wasfound to the allegation of an impropercompensation arrangement with consultants hired.However, the employee failed to properly discloseto the University outside financial interests.Internal control issues identified during the reviewincluded: consultant service purchase in excess of$50,000 without a contract; use of unencumbereddisbursements in consultant service purchase;hiring practices that did not reflect involvement ofsupervisory staff; and use of a vendor listed in themyUFL system to operate as a pass-through in thecontracting of independent consultants.

participated in the SPICE compliance team’s effortsto develop a process for recurring evaluation ofindividual HSC units.

General Consultation Services

During the fiscal year, OACR provided MASconsulting services in response to requests frommany University-related entities including, theUniversity President, The Vice President forFinance and Administration, the University ofFlorida Foundation, the Warrington College ofBusiness and the College of Medicine.

General University Service

General service to the University includes servingon advisory committees such as Sarbanes-Oxley,Auxiliary and Information Technology AdvisoryCouncil, as well as time spent serving on searchcommittees for significant University positions.

Newsletter

Quarterly newsletters were distributed campus-wide with regular features that include highlightsfrom projects and campus-wide issues. Copies areavailable at http://oacr.ufl.edu.

Post-Audit Assistance

OACR routinely provides support and guidance onthe implementation of planned actions.

INVESTIGATIONS

The OACR receives complaints and allegations offiscal improprieties from a variety of internal andexternal sources, including hotline calls, directcorrespondence, and referrals from otheruniversity offices and state agencies. Theinvestigative reviews conducted by OACR havedual objectives of responding to facts of allegationsand addressing relevant fiscal and administrativecontrol weaknesses. Where appropriate,recommendations for improvements of internalcontrols are communicated to management and aremonitored for implementation. In total, 1084 hours,or 5% of available hours were committed toinvestigative efforts. Investigative effortsperformed during 2003-2004 resulted in the


2005-2006 13

FOLLOW-UP

Audit reports include auditor ’s comments andplanned actions developed and agreed to by theaudit team and management and the estimated timefor their implementation. Reports issued byexternal auditors, including the Office of the AuditorGeneral, contain recommendations for whichuniversity management also provides a correctiveimplementation plan.

Standard 2500, Standards for the Professional Practice ofInternal Auditing, promulgated by the Institute ofInternal Auditors, requires that the internalauditor determine that management has takenappropriate action regarding reported auditcomments.

The planned action “not to be implemented” generally reflects changing conditions that render the plan obsolete.

Quarterly follow-up procedures were conductedthroughout the year and their results werecommunicated to University management and theBoard of Trustees Audit Committee. For the reportperiod, the OACR staff expended 1,031 hours or 5% ofavailable hours for follow-up reviews.

Table 5 summarizes the results of our follow-upactivities as of June 30, 2006.

As reflected by the summarized information,implementation percentages for auditrecommendations and planned actions were higherthis period. Several action plans involved significantinformation technology and data processingresources for implementation and therefore were notimplemented within the anticipated time frame.

Planned Action

Implementation Percentage

68% 71%

83%45% 80% 85% 83%

0

10

20

30

40

50

60

70

80

1 2 3 4 5 6 7

Table 5 Follow Up Activities

Percent

ImplementedOversight byFollowed

UpImplemented In process

Not to be

Implemented

Percent

ImplementedPrior Year

1 Academic Affairs 65 44 18 3 68% 69%

2 Finance & Admin. 73 52 19 2 71% 79%

3 Health Affairs 6 5 1 0 83% 68%

4 IFAS 11 5 6 0 45% N/A

5 Student Affairs 5 4 1 0 80% N/A

6 UAA 26 22 4 0 85% 50%

7 UFF 6 5 1 0 83% 86%

Totals 192 137 50 5 71% 68%


2005-2006 14

IIA Spring Conference, Best Western Hotel

OTHER ACTIVITIES

Professional Activities

OACR staff participated in various nationalinitiatives, training, and organizations including:

• Member – Institute of Internal Auditors (IIA)

• Member – Association of Healthcare Internal Auditors (AHIA)

• Member – American Institute of Certified Public Accountants (AICPA)

• Member – Florida Institute of Certified Public Accountants (FICPA)

• Member – Association of Certified Fraud Examiners (ACFE)

• Member – IIA North Central Florida Chapter

• President – IIA North Central Florida Chapter

• Treasurer – IIA North Central Florida Chapter

• Board Member – IIA North Central Florida Chapter

• Program Committee – IIA North Central Florida Chapter

• Planning and Organization – North Central Florida IIA Chapter Spring Conference

• Presenter – North Central Florida IIA Chapter Spring Conference

• Webmaster – IIA North Central Florida Chapter

• Volunteer Instructor – IIA

• Session Facilitator – Large campus audit directors roundtable, Association of College and University Auditors

• Presenter – International Conference of the IIA

• Member – Higher Education Quality Assessment Team for the Oregon University System

• Member – State University Auditors Consortium (SUAC)

• Participant – Florida Audit Forum

University Service

During 2005-2006, OACR members participated invarious university-wide initiatives andassignments including:

• Member – Auxiliary Review Committee

• Member – University Information Technology Advisory Committee – Information Security Management (ITAC-ISM)

• Member – University Information Technology Advisory Committee – Network Infrastructure (ITAC-NI)

• Member – Sarbanes-Oxley Committee

• Member – University of Florida Communications Network (UFCN)

• Presenter – Division of Sponsored Research – Research Administration Training Series

• Visitor – University IT Planning Retreat

• Participant – Information Technology Security Awareness day

IIA Spring Conference, Best Western Hotel


2005-2006 15

Table 6 Reports Issued 2005 06

TITLE PERIODISSUE

DATEREPORT NO. PROJECT

Florida Group Practice Billing As of July 1, 2005 8/8/05 72.200503 MAS

Telecommunications and Cellular

ChargesAs of April 1, 2005 10/18/05 UF 05 443 22 Internal Audit

WebCT Vista Online Course

Management System

As of October 14,

200511/4/05 UF 06 472 24 Internal Audit

University Travel As of June 30, 2005 11/8/05 UF 06 459 11 Internal Audit

UAA Gator SportshopAs of August 31,


HSC Security Program for

Information & Computing

Environment (SPICE)

03/22/05 – 12/7/05 12/14/05 72.200602 MAS

University CashieringAs of August 1,


University PayrollAs of November

30, 20051/30/06 UF 06 458 10 Internal Audit

Foundation Gift CollectionsAs of October 31,


Student Government As of June 30, 2005 2/28/06 UF 06 461 13 Internal Audit

Unit Based Information Security

Management

As of December 31,


Transportation & Parking As of June 30, 2005 5/24/06 UF 06 478 03 Internal Audit

University UtilitiesAs of March 31,


UAA Cashiering*As of March 31,


Subrecipient Contracts*As of December 31,


Effort Reporting*As of November

30, 20059/1/06 UF 06 477 29 Internal Audit

UFF Application Access

Management*As of April 30, 2006 9/6/06 UF 06 450 02 Internal Audit

Executive Travel and

Reimbursements*7/1/05 – 6/30/06 8/21/06 72.200601 MAS

UFF Restricted Gifts* 1/1/05 – 12/31/05 10/06 UF 06 449 01 Internal Audit

*Substantially completed as of June 30, 2006


2005-2006 16

OACR AUDIT CHARTERIntroduction

Internal auditing is an independent, objective assuranceand consulting activity designed to add value andimprove an organization’s operations. It helps anorganization to accomplish its objectives by bringing asystematic, disciplined approach to evaluate andimprove the effectiveness of risk management, control,and governance processes. The Office of Audit andCompliance Review (OACR) at the University of Floridaadministers the internal audit program for theUniversity with the objectives to assist members of theUniversity and the Board of Trustees in the effectivedischarge of their responsibilities. To this end, the OACRfurnishes them with analyses, appraisals,recommendations, counsel, and information concerningthe activities and organizations reviewed.

Mission

The Office of Audit and Compliance Review serves theUniversity of Florida and its support organizations,including its direct support organizations and FacultyPractice Plan corporations. It provides a central pointfor coordination of and oversight for activities thatpromote accountability, integrity, efficiency, andcompliance.

Organization, Independence, Authority

The university president appoints the Chief AuditExecutive. The OACR operates under the generaloversight of the university president and reports to theBoard of Trustees through its audit committee as to theprocess and content of its reports. This reportingrelationship promotes independence and assuresadequate consideration of audit findings and plannedactions.

In performing its function, the OACR has no directresponsibility or authority over any of the activities itreviews. Therefore, the audit, review and appraisal donot relieve other persons in the university of theresponsibilities assigned to them. The OACR isauthorized full and unrestricted access to all areas andinformation sources necessary to carry out its activities.Documents and information provided to OACR staffduring an engagement are handled in the same prudentmanner as by those employees normally accountablefor them.

Professional Standards

The OACR staff members have a responsibility to theinterest of those they serve and should refrain fromentering into any activity that may create a conflict ofinterest. They have an obligation of self-discipline aboveand beyond the requirements of laws and regulations.They should uphold and demonstrate qualities of

integrity, honesty, loyalty, morality, dignity, andconfidentiality consistent with the Institute of InternalAuditors Code of Ethics. The Institute’s Standards forthe Professional Practice of Internal Auditing shallconstitute the operating procedures for the Office.

Duties and Responsibilities

(a) Conduct and coordinate audits, investigations,and management reviews relating to theprograms and operations of the university andits support organizations.

(b) Conduct, supervise, or coordinate otheractivities carried out or financed by theuniversity for the purpose of promotingeconomy and efficiency in the administrationof, or preventing and detecting fraud and abusein, its programs and operations.

(c) Receive complaints and coordinate all activitiesof the University as required by the Whistle-blower’s Act pursuant to Sections 112.3187-112.31895, Florida Statutes.

(d) In accordance with the University’ s Policy onFraudulent and Dishonest Acts, receive andconsider complaints that do not meet thecriteria for an investigation under the Whistle-blower’s Act and conduct, supervise, orcoordinate such inquiries, investigations, orreviews as appropriate.

(e) Keep the University president, vice presidentfor finance and administration, managementand the audit committee for the University’sBoard of Trustees informed concerning fraud,abuses, and internal control deficienciesrelating to programs and operations, initiatecorrective actions, and report on the progressmade in implementing corrective actions.

(f) Ensure effective coordination and cooperationbetween the Auditor General, federal auditors,and other governmental bodies and externalauditors with a view toward avoidingduplication.

(g) Review, as appropriate, rules and proceduresrelating to the programs and operations of theuniversity and make recommendationsconcerning their impact.

In the performance of these services, Office of Audit andCompliance Review will ensure that an appropriatebalance is maintained between audit, investigative, andother activities. Detailed operational procedures forthe OACR will be established and presented for theapproval of the president and the audit committee.


2005-2006 17

CONTACTS & RESOURCESThe Office of Audit & Compliance Review workscollaboratively and cooperatively with many otheroffices. Below is a partial listing of the contacts andresources used frequently.

State Auditor Generalhttp://www.state.fl.us/audgen/Gainesville Office: (352) 334-1740Campus Office: (352) 392-5255

FL Department of Financial ServicesConsumer Helpline: 1-800-342-2762Get Lean Hotline: 1-800-GET LEANwww.fldfs.com

University Controller’s Officehttp://fa.ufl.edu/uco/(352) 392-1321

Board of Governorshttp://www.fldcu.org/

UF Board of Trusteeshttp://www.trustees.ufl.edu/

Health Science Center Compliancehttp://www.med.ufl.edu/complian/(352) 265-8359

Division of Sponsored Researchhttp://rgp.ufl.edu/research/(352) 392-1582

Institutional Review Boardhttp://irb.ufl.edu/

University Contracts & Grantshttp://fa.ufl.edu/cg/(352) 392-1235

IFAS Sponsored Programshttp://grants.ifas.ufl.edu(352) 392-2356

Engineering Contract & Grantshttp://www.eng.ufl.edu/home/cng/(352) 392-6626

University Athletic Associationhttp://www.uaa.ufl.edu/(352) 375-4683

Equal Opportunity Programs Officehttp://www.hr.ufl.edu/eeo/default.htm(352) 392-6004

University Ombudsmanhttp://www.ombudsman.ufl.edu/(352) 392-1308

University General Counselhttp://www.generalcounsel.ufl.edu/(352) 392-1358

University Police Departmenthttp://www.police.ufl.edu/(352) 392-1111

Shands Auditing(352) 265-7969

University Vice President for Human Resourceshttp://www.hr.ufl.edu/(352) 392-1075

University Vice-President for Finance &Administrationhttp://www.admin.ufl.edu/(352) 392-1336