1 / 18

The Role of the Internal Audit Department

Research Administrators Network. Definition of Internal Auditing.

Faraday
Download Presentation

The Role of the Internal Audit Department

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Research Administrators Network The Role of the Internal Audit Department

    2. Research Administrators Network Definition of Internal Auditing “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ” The Institute of Internal Auditors

    3. Research Administrators Network We’re Here to Help! Identify Risks Find Better Ways and Best Practices Partner With You to Find Solutions Prevent Problems

    4. Research Administrators Network We Report to the Board of Regents Audit Committee - Ensures independence Elevate issues to a level where they can be corrected Keeps Regents informed Meets quarterly Independence is the foundation of auditing The Regents can provide resources needed to correct some issues The President and Regents can adopt policy changesIndependence is the foundation of auditing The Regents can provide resources needed to correct some issues The President and Regents can adopt policy changes

    5. Research Administrators Network What is Risk Based Auditing? Focus on risk of occurrences that could prevent the University from achieving its goals There are many types of risk – fraud, improper reporting, ineffective or inefficient use of resources, credibility loss, etc. Focus on areas with high risk and high probability that controls are not in place or are weak

    6. Research Administrators Network We have a plan! Risk based audit plan developed with input from across the University Risk factors: Impact Probability Controls Impact - What would be the impact on the University if this item failed to function? such as a major fraud, or a disruption in business, what would be the impact to the University?   §       High Impact - it could create serious problems for the University that could result in the loss or use of resources, a significant loss of revenues/funding, or unfavorable publicity and possible harm to the University’s reputation §       Medium Impact – the University would recognize the impact, but would be able to manage the problem §       Low Impact ·- it would not have a significant impact on the University or its reputation   Probability – Without considering existing process controls that may exist, what is the probability that this breakdown could occur?   Every area has certain checks and balances that help prevent things from going wrong, such as review processes, issuing receipts for money received, and approvals (auditors refer to these processes as “controls”). If the controls were not in place, what is the possibility that something would go wrong? Items that might increase the probability include high volumes of transactions, highly regulated areas, large amounts of cash and high employee turnover, involvement of management.   §       High Probability – it is very likely that something could go wrong §       Medium Probability – it is possible that something could go wrong §       Low Probability – it is not likely that anything will go wrong   Controls - How well does the University manage this potential risk, i.e. how good are the controls in this area? Are there currently processes in place that provide good checks and balances? Are you aware of problems that have occurred in the area that could have been prevented by better controls, if yes, then the controls may not be as good as they could be.   §       Good – processes exist that should prevent the majority of possible losses or other problems §       Average – processes are in place that will usually prevent problems, although the processes could be better §       Poor – there are few processes in place to prevent losses or problems, or the processes are not working Impact - What would be the impact on the University if this item failed to function? such as a major fraud, or a disruption in business, what would be the impact to the University?   §       High Impact - it could create serious problems for the University that could result in the loss or use of resources, a significant loss of revenues/funding, or unfavorable publicity and possible harm to the University’s reputation §       Medium Impact – the University would recognize the impact, but would be able to manage the problem §       Low Impact ·- it would not have a significant impact on the University or its reputation   Probability – Without considering existing process controls that may exist, what is the probability that this breakdown could occur?   Every area has certain checks and balances that help prevent things from going wrong, such as review processes, issuing receipts for money received, and approvals (auditors refer to these processes as “controls”). If the controls were not in place, what is the possibility that something would go wrong? Items that might increase the probability include high volumes of transactions, highly regulated areas, large amounts of cash and high employee turnover, involvement of management.   §       High Probability – it is very likely that something could go wrong §       Medium Probability – it is possible that something could go wrong §       Low Probability – it is not likely that anything will go wrong   Controls - How well does the University manage this potential risk, i.e. how good are the controls in this area? Are there currently processes in place that provide good checks and balances? Are you aware of problems that have occurred in the area that could have been prevented by better controls, if yes, then the controls may not be as good as they could be.   §       Good – processes exist that should prevent the majority of possible losses or other problems §       Average – processes are in place that will usually prevent problems, although the processes could be better §       Poor – there are few processes in place to prevent losses or problems, or the processes are not working

    7. Research Administrators Network What Is the Plan? List of audits for fiscal year Based on risk assessment and available man hours Includes estimated budget hours and completion date Approved by Audit Committee Leave some room for the unexpected Requests and unforeseen issues are presented to Audit Committee for approvalLeave some room for the unexpected Requests and unforeseen issues are presented to Audit Committee for approval

    8. Research Administrators Network Auditable Entities WE DO AUDIT Operations and compliance Departments Colleges or Schools Programs, Grants, Contracts Information Technology Systems University-wide Processes WE DO NOT AUDIT Specific individuals Human Resource issues Sexual harassment or other civil rights issues May get into performance auditing in the futureMay get into performance auditing in the future

    9. Research Administrators Network Internal Audit is Intake Point for Whistleblowers University policy requires Internal Audit to receive reports of Misconduct Fraud Several ways to report Hotline E-mail Phone Walk in We interview complainant – complete form informing them of process and rights and if they agree tape record interview. Based on nature of complaint we will refer and provide copies of tape and short synopsis of interview. If confidentiality is an issue we try our best to maintain it however without a name it is sometimes difficult to conduct an investigation.We interview complainant – complete form informing them of process and rights and if they agree tape record interview. Based on nature of complaint we will refer and provide copies of tape and short synopsis of interview. If confidentiality is an issue we try our best to maintain it however without a name it is sometimes difficult to conduct an investigation.

    10. Research Administrators Network Investigations of Fraud and Employee Misconduct Whenever possible we will refer to the appropriate Dean, University Police, OEO or Human Resources for investigation University policy requires Internal Audit to investigate if financial or operational Internal Audit coordinates and reports to the State Auditor Based on University policy we refer complaints to appropriate department for investigation If we conduct an audit and find inappropriate use of University assets or misappropriation of funds we request an opinion from University Counsel on whether the matter constitutes fraud and if so it is reported to the State Auditor and University Police. We have dealt with opposing counsel, insurance adjusters, state police and federal program investigatorsBased on University policy we refer complaints to appropriate department for investigation If we conduct an audit and find inappropriate use of University assets or misappropriation of funds we request an opinion from University Counsel on whether the matter constitutes fraud and if so it is reported to the State Auditor and University Police. We have dealt with opposing counsel, insurance adjusters, state police and federal program investigators

    11. Research Administrators Network Who Are We? We are University employees We are certified public accountants, internal auditors, fraud examiners and information system auditors We are a staff of 7 auditors Most auditors have two certifications Half the staff have been with Internal Audit for over 20 years Most auditors have more 10 - 20 years audit experience in public accounting, financial auditing, internal audit and performance auditMost auditors have two certifications Half the staff have been with Internal Audit for over 20 years Most auditors have more 10 - 20 years audit experience in public accounting, financial auditing, internal audit and performance audit

    12. Research Administrators Network It’s the “little” things that get you! Misreporting hours. Forgetting to obtain prior approval when needed. Using estimates that are not supported. Any violation of University policy. We have helped HR in several cases where employees claimed to be at one place and were not there. In one case an employee claimed to be going t class but was not Not reviewing P-card transactions Not approving purchases prior to placing orders Unfamiliarity with University policy or misunderstandingsWe have helped HR in several cases where employees claimed to be at one place and were not there. In one case an employee claimed to be going t class but was not Not reviewing P-card transactions Not approving purchases prior to placing orders Unfamiliarity with University policy or misunderstandings

    13. Research Administrators Network Preventive Measures Make sure your controls are working Review and reconcile Check the work of your subordinates Don’t give in to the temptation to skip controls because you are busy! It is difficult to take the time to develop a policies and procedures manual To review and scrutinize documentation However, it is even more time consuming to under go an audit or investigation It is difficult to take the time to develop a policies and procedures manual To review and scrutinize documentation However, it is even more time consuming to under go an audit or investigation

    14. Research Administrators Network What is included in the audit report? What was found Why it happen What is required What effect it has Recommendation for improvement Response – who, when and how Audits have six elements Condition Cause Criteria Effect Recommendation Response Reports have an executive summary with a conclusion answering the objective Background relating to the area under audit Observations and RecommendationsAudits have six elements Condition Cause Criteria Effect Recommendation Response Reports have an executive summary with a conclusion answering the objective Background relating to the area under audit Observations and Recommendations

    15. Research Administrators Network What happens after the audit? Follow-up Review corrective action Report to Audit Committee Have two reports – recommendations cleared and past due Based on timeframes provided in the response, we conduct a follow-up to verify that corrective action occurred. Audit committee is concerned with past due and pay close attention to this report HaHave two reports – recommendations cleared and past due Based on timeframes provided in the response, we conduct a follow-up to verify that corrective action occurred. Audit committee is concerned with past due and pay close attention to this report Ha

    16. Research Administrators Network Who Audits the Auditors? We must have a peer review at least once every five years Our Standards are set by the Institute of Internal Auditors, and the American Institute of Certified Public Accountants

    17. Research Administrators Network We Want to Know How We Are Doing At the completion of each audit we will send an after-audit-survey We want you to rate our performance Were we professional, helpful, timely and did we add value? Please take the time to give us your feedback. This is one of our measures to determine if our work is adding value to the UniversityThis is one of our measures to determine if our work is adding value to the University

    18. Research Administrators Network We are here to help We provide training Respond to policy and technical accounting questions Offer suggestions for improvement Advisory role PI training Cash Management Grants Management Will conduct consulting services to prevent problems or discontinue inappropriate processesPI training Cash Management Grants Management Will conduct consulting services to prevent problems or discontinue inappropriate processes

    19. Research Administrators Network Christine Chavez Director of Internal Audit 277-5016 1801 Roma NE

More Related