internal audit a collaborative effort - university of delaware · to provide independent, objective...

4/16/2013

1

Internal Audit A Collaborative Effort

April 25, 2013

Internal Audit/Research Training 1 4/25/2013

Attendees will learn

• What is Internal Audit

• What are Risks and Controls

• What and How Internal Audit Does What is Does

• What is Your Role in All This

• Documentation 101

4/25/2013 2 Internal Audit/Research Training

4/16/2013

2

4/25/2013 Internal Audit/Research Training 3

INTERNAL AUDIT

JUST WHO - AND WHAT -

ARE WE ?


4/16/2013

3

Internal Audit’s Mission

To provide independent, objective assurance and consulting services designed to improve the operations and internal controls of the University.



WHAT WE DO

AUDITS, AUDITS, AND…..YET MORE AUDITS

4/16/2013

4


• Financial Audits

• Compliance Audits

• Information Technology Audits

• Operational Audits

• Investigative Audits


Based Upon Professional Standards &

Ethics

Internal Audit conducts its activities in accordance with The Institute of Internal Auditors’ “Code of Ethics” and the International Standards for the Professional Practice of Internal Auditing

4/16/2013

5

4/25/2013

Internal Audit/Research Training

9

DIRECTOR OF INTERNAL AUDITING

Edward J. Drozd, CPA

SENIOR INFORMATION TECHNOLOGY AUDITOR

Cheryl R. Morris, CISA

SENIOR INTERNAL AUDITOR

Montgomery K. McKee, CPA, CISA

INTERNAL AUDITOR

Joseph C. Hines, CPA

AUDIT SPECIALIST

Maria A. Poole

Information Systems AuditsFinancial, Compliance, Operational

AuditsFinancial Compliance Hotline

Investigations

UD Credit Card AuditsFinancial and Compliance Audits

Audit Visiting Committee Booklets

Financial, Compliance, Operational Audits

Financial Compliance Hotline Investigations

Financial, Compliance, Operational Audits

Financial Compliance Hotline Investigations


HOW WE DO IT

• Annual Risk Assessment • Rolling 3 Year Plan • Annual Plan - Individual

Audits

4/16/2013

6


historical data external inputs

professional judgment


INVENTORY of INTERNAL AUDIT PROJECTS/NTERNAL AUDIT UNIVERSE

KPMG LLP ASSIGNED PROJECTS (NONE after 12/12/07 per C Chepel )

INFORMATION TECHNOLOGIES AUDITS: 1 IT Accounts Receivable/Billing Application Controls

2 IT ACH 3 IT Asset Management System

4 IT AT&T Blackboard System (UD#1 Flex, Meal Points. Etc.) 5 IT BSR Advance (Gift Processing) System

6 IT Central Cashiers System

7 IT CISP Card Industry Audit Initiative

8 IT Cognos Data Warehouse Application & Security

9 IT Cashnet Interface

10 IT Data Encryption

11 IT Data Security Function

12 IT Data Telecommunications 13 IT Database Administration

INVENTORY of INTERNAL AUDIT PROJECTS/iNTERNAL AUDIT UNIVERSE

KPMG LLP ASSIGNED PROJECTS (NONE after 12/12/07 per C Chepel )

INFORMATION TECHNOLOGIES AUDITS: 1 IT Accounts Receivable/Billing Application Controls

2 IT ACH 3 IT Asset Management System

4 IT AT&T Blackboard System (UD#1 Flex, Meal Points. Etc.) 5 IT BSR Advance (Gift Processing) System

6 IT Central Cashiers System

7 IT CISP Card Industry Audit Initiative

8 IT Cognos Data Warehouse Application & Security

9 IT Cashnet Interface

10 IT Data Encryption

11 IT Data Security Function

12 IT Data Telecommunications 13 IT Database Administration

4/16/2013

7



SI = Supplementary Information for Contracts and Grants System Audits:

1 CFS Cash Management (e.g, Letter of Credit Draw Downs)

2 CFS Close Outs

3 CFS Collaborations/Partnerships

4 CFS Conflict of Interest Procedures

5 CFS Compliance with Grant Restrictions, Terms and Conditions for Direct Costs

6 CFS Cost Transfers

7 CFS Fringe Benefits and Facilities and Administrative Cost Allocations

8 CFS Program Income

9 CFS Proposal Budget Preparation

10 CFS Recharge Centers

11 CFS Reporting (e.g., SF 269 Federal Financial Reports)

12 CFS Subrecipient Monitoring

4/16/2013

8


Area

Last Internal Audit

Scheduled for Internal Audit Testing 2014-2016

1. Information Technologies FY2013 Yes -Ongoing

1. Central Financial Systems:

a. Accounts Receivable FY2012 No

a. Asset Management/Equipment Inventory FY2013 No

a. Bank Wire Transfers FY2011 Yes

a. Central Cashier FY2012 No

a. Employee Fringe Benefits Accounting and Compliance FY2012 No

a. Financial Aid Accounting and Compliance FY2012 Yes

a. Gift Processing FY2013 No

a. Investments Accounting and Compliance FY2011 Yes

a. Journal Vouchers FY2013 No

a. Payrolls FY2013 Yes

a. Procurement FY2010 Yes

a. Sponsored Programs/ Contracts and Grants Accounting and Compliance

FY2013 Yes

1. University Departments:

a. 1743 Holdings, LLP FY2012 Yes

a. Construction FY2010 Yes

a. Intercollegiate Athletics FY2012 No

a. International Programs FY2010 Yes

a. Library FY2008 Yes

a. Procurement Cards FY2013 Yes -Ongoing

a. Other University Departments (e.g., The Colleges and Other Academic, Research, Auxiliary and Administrative units) FY2013 Yes - Selected Visits and Coverage by Audits of Central Financial Systems

4. Compliance Hotline Investigations FY2013 Yes - As Needed

5. Consulting and Special Projects FY2013 Yes - As Needed

ROLLING THREE-YEAR INTERNAL AUDIT PLAN

2014-2016


• Make Policy • Perform Departmental Work • Reconcile Accounts • Set up Internal Controls • Try to Make Life Miserable

WHAT WE DON’T DO

4/16/2013

9


What’s Internal Control All About


Control Types

4/16/2013

10


INHERENT CONTROL LIMITATIONS


CONTROL OBJECTIVES • Authorization • Completeness • Accuracy • Validity • Physical Safeguards & Security • Error handling • Segregation of Duties

4/16/2013

11


Who’s Responsible For Internal Controls ?


INTERNAL CONTROL COMPONENTS

Control environment Risk Assessment Control Activities Information and communication Monitoring

4/16/2013

12


An audit by another name is still… an audit

• Federal Government – Office of Naval Research is UD’s cognizant agency

• Sponsors • A-133 Auditors—KPMG • Program Auditors

– Campus tell C&G Specialist when contacted regarding any audit

– MUST tell VP Fin office when programs contact us – Coordination and information must come from Research & VP

Finance for consistency

• Internal Audits


What’s An Audit

4/16/2013

13


• Opening conference • Preliminary review • Testing • Exit meeting • Draft audit report • Final audit report • Management's written response • Summarized report • Follow-up


http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=q-82WWFeCxb2_M&tbnid=JfyNPFsdFwvl1M:&ved=0CAgQjRwwAA&url=http://www.presshook.com/business/benefit-forensic-loan-audit-current-mortgage/&ei=VYwiUd6aMfK30AGzxYD4Ag&psig=AFQjCNF7JYi2uiA7f1Fq-3yRN_6F-xf8qw&ust=1361305045842957

4/16/2013

14


The Audit Program – The Roadmap

Purpose of Audit Program

What may be included in an audit Identify major

programs based on expenditures in fiscal year (SEFA)

Cash Management Review previous

audit findings

Cost share (committed vs.

actual)

Review new programs or those

with regulatory changes

Expenditures (budget vs actual)

Financial Reporting

Effort Reporting

Review personnel or system changes

Subawards UD Policies & Procedures


4/16/2013

15


AUDIT PROGRAM EXAMPLE

Audit Program

Program Step:

Results:

W/P Reference

Preliminary Documentation 1. Obtain a download of all credit card

transactions for FY2013 that have been charged to Federally Sponsored Program funds (purpose XXXX4…) from the Financial System. The query names are AUD_FEDCG_PCARD_TRANS and AUD_FEDCG_PCARD_TRANS_BYCH.

A download of all contract and grant transactions charged to sponsored funds has been secured. A copy of the spreadsheet has been doc-linked here: Fed PCard Transactions 082312.xls No copy of the report has been included in the work papers due to the number of items appearing on the report.

N/A

1. Review the transaction listing for unusual items or items that would not seem to be an appropriate purchase that would be made on a Federal contract or grant. Judgmentally select 30 transactions for further review.

Several individuals reviewed the listing and selected numerous transactions for review. A final selection of 30 grant transactions was made and the spreadsheet documenting this selection is doc-linked here: 2013 Fed_Grants_Testing.xlsx.

FPC-0-1

1. Secure copies of the grant documentation for each transaction in the selection.

The information was requested from the department and secure for each grant selected as part of the review.

Individual Sample Items

Program Objectives

This is a limited scope review and consists solely of ensuring that credit card charges to Federally sponsored programs are in compliance with

Federal rules and regulations regarding allowability, allocability, and reasonableness as well to ensure University policies and procedures were

being followed.


//hullihen.nss.udel.edu/audit/Personal Boxes/Cheryl/My Documents/Fed PCard Transactions 082312.xls




//hullihen.nss.udel.edu/audit/Personal Boxes/Cheryl/My Documents/2013 Fed_Grants_Testing.xlsx

4/16/2013

16

Audit questions/observations

• Verify checks and balances

• Verify terms are followed

• Verify there are appropriate processes in place



AUDIT WORKPAPERS

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=Pe05L8sQJgPo0M&tbnid=I2XDXtdhL2kZMM:&ved=0CAgQjRwwAA&url=http://www.praxity.com/client-service/Pages/Audit-and-Assurance.aspx&ei=_G8jUfXnAujx0wG54YGIDg&psig=AFQjCNEGfgF6vET-EQV42c4YC0voaVonHw&ust=1361363324083504

4/16/2013

17

Vulnerabilities


Lingering close outs

Pro card /Travel

Card

Unlike circumstances

Oddities

RED FLAGS


4/16/2013

18


Types of findings

• Material weaknesses

• Significant deficiencies

• Deficiencies

• Questioned costs can result from all above


4/16/2013

19

Your internal controls are found to be weak and/or non-existent? Common responses usually include:

• “We don’t have enough staff to handle adequate segregation of duties.”

• “It is too expensive to do it that way.”

• “I trust my people and controls are not necessary.”


Controls and Research?


WHY?

4/16/2013

20

Recent Audit Findings

Florida State University • Repay $3,000,000

• DHHS NSF OIG audit

• 2008-2010

• Failed to ensure

• Allowable

• Allocable

• Reasonable

UC – Santa Barbara • Repayment of $6.3 million

being questioned

• NSF OIG audit

• 2 year audit

• Issues

• Overcharged summer

• Cost share

• Cost Transfers

• Unallowable

Univ. of Wisconsin-Madison

• Reversal of repayment request

• HHS OIG

• Unallowable cost for equipment due to not requesting prior approval

• NIH and sponsor protested

4/25/2013

Internal Audit/Research Training 39

What to Expect if Audited? • You are guilty until proven innocent

• The burden of proof regarding allowability is on the University NOT the auditor

• Individuals in departments other than RO may be interviewed and/or expected to provide information


4/16/2013

21

• Cost Transfers

• Effort Reporting

• Closeouts


Who’s who: Roles and Responsibilities


Ad

min

istr

ato

r • Read the award

• Know the terms

• Translate rules to outcomes

• Question expenses

• Maintain documentation

Pri

nci

ple

Inve

stig

ato

r • Read the award

• Know the terms

• Present ideas of WHAT is desired outcome

• Justify allowability

• Provide justification

Cen

tral

Off

ice

• Read the award

• Know the terms

• Guide and facilitate decisions

• Seek sponsor approvals as needed

• Help determine relevant documentation

4/16/2013

22

Before anything else, preparation is the key to success. ~Alexander Graham Bell


For every minute spent in organizing, an hour is earned.

~Anonymous


4/16/2013

23

Keys to a Successful Audit

Audit Trails…“If it’s not documented, it didn’t happen….”

Appropriate Approvals

Organized Files

Knowledge of policies

and regulations


Building a stronger document

Approvals

Justification

Supporting details


4/16/2013

24

Ask yourself…

• Would a stranger understand this justification?

• Would I understand these details in a 6 month review of the document?

• Do I believe this justification?


Audits • Question: When do you start preparing for an audit?

• Answer: The day you prepare a proposal

48 4/25/2013 Internal Audit/Research Training

4/16/2013

25

Being “audit savvy” is…

• Being proactive

• Being prepared

• Being persistent


EXERCISE

build strong documentation

4/25/2013

Internal Audit/Research Training

50

4/16/2013

26

Let’s build the documentation

• Scenario 1: Computer/peripherals purchase

• Scenario 2: Cash Withdrawal on UD credit card

• Scenario 3: Amazon.com purchase


Scenario 1: Computer & computer peripherals purchased on federal award

• Examine receipts: are they complete?

• Documentation requirements: are they met?

• Charges: are they allowable?


4/16/2013

27



4/16/2013

28


Excerpt from Proposal Documentation

Scenario 2: Cash Withdrawal on UD credit card • Documentation requirements: are they met?

• Use of funds: is it allowable?

• Reconciliation: what is necessary?


4/16/2013

29


Excerpt from Proposal Documentation


4/16/2013

30

Scenario 3: Amazon.com purchase

• Documentation requirements: are they met?

• Charges: are they allowable?

• Approvals: what approvals?



4/16/2013

31

Receipt Documentation Excerpt


Audits... • Are necessary

• Should not be feared

• Validate good business processes


Documentation... • Validate expenses

• Can be obtained in many ways

• Ensures good monitoring /business processes

In summary

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=itht7p4JUworNM&tbnid=BNIieiIWKK0tEM:&ved=0CAgQjRwwAA&url=http://rsm.aajassociates.com/services.php?menu=1&id=2&id0=4&ei=jYsiUYH6I6WB0AHCgYHYAQ&psig=AFQjCNH8JXjGpn2r_Q7eYVm5y_yt7l2mqw&ust=1361304845623406

4/16/2013

32

Questions? Contacts

Janet Ianni – Associate Director, Post Award Administration

Cheryl Morris, Sr. Auditor – Information Technology

Maria Poole - Audit Specialist

Eileen Burns - Business Administrator II, Chemistry & Biology

Ian Janssen - Director, Archives
