A n n u A l R e p o R t · MAS Investigations Follow 1Up Training/Leave Use/Operational Support Planned Actual Chart 1B ,Allocation 1of 1Time 1Available 1 for 1Projects 1 Prior 1vs

Operational, Financial, Compliance AuditsManagement Advisory ServicesSpecial Reviews

A n n u A l R e p o R t

O f f i c e O f A u d i t & c O m p l i A n c e R e v i e w

2004-05

u n i v e R s i t y O f f l O R i d A

OFFICE OF AUDIT & COMPLIANCE REVIEWUNIVERSITY OF FLORIDA

At this time, having staffed most of our open andnew positions, the Office of Audit and ComplianceReview (OACR) continues to be positioned andcommitted to making significant contributions tothe re-designed business processes of the Universityand the associated systems of internal control.

With the first year of implementation and thestabilization efforts behind, we will conduct thepostponed “myUFL systems” post implementationaudits and continue to provide proactive consultingto the managers at all levels.

While the staffing change had the biggest impacton OACR, 2004-2005 also brought:

Implementation of AutoAudit, a commercialaudit support software

A renewed emphasis on professionallyendorsed COSO control framework

Annexation of office space in Yon Hall

A comprehensive risk assessment in supportof the 2005-2007 audit plan.

Accountability, effectiveness and complianceexpectations by the external and internalstakeholders of the State’s Flagship University areunderstandably high and ever increasing. Ourinternal audit program strives to serve as animportant component to meet and exceed theseexpectations.

In this 2004-2005 annual report, we present asummary of activitiesand services andprovide operationaldata for benchmarkingOACR’s effectiveness.

Nur Erenguc, CPAChief AuditExecutive

Message from theChief Audit Executive

Annual Report 2004-2005

Tigert Hall

CONTENTSIntroduction ...........................................................2Operations ..............................................................2

Goals & ObjectivesStaffing and Other ResourcesOrganization ChartStaff TrainingBudget and Expense AnalysisTime Analysis and Time Allocation

Audits and Other Planned Reviews ..................6 Trend Analysis

Client SurveysAudit Report Summaries .....................................7Management AdvisoryServices ................................................................ 10

Special Advisory ReviewsNewsletterPost-Audit Assistance

Investigations ..................................................... 12Summary of Significant Issues

Follow-Up ............................................................ 13Follow-Up Statistics

Other Activities .................................................. 14Contacts and Resources .................................... 16

UNIVERSITY OF FLORIDA

2 Annual Report

OACR STAFF back row: Elizabeth Tang, Joe Cannella,Lily Reinhart, Murat Telli, Marilyn Velez, Vito Hite, NurErenguc. Front row: Jeff Capehart, Chris Bunn, Al Moon,Brecka Anderson, Laura Kurtz, Suzanne Newman, CraigReed, Carole Silverman Brian Mikell (not pictured: KaylaSpellman)

INTRODUCTIONThe Office of Audit and Compliance Review (OACR)provides a central point for the coordination of andresponsibility for activities that promoteaccountability, integrity, and efficiency for theUniversity of Florida.

Fiscal year 2004-2005 was the first full year of thePeopleSoft Enterprise Resource Planning System(Bridges Project) implementation. As a result, theBridges Project was OACR’s primary focus for 2004-2005. We completed audits and providedsignificant management advisory assistance byassigning six staff to four areas for part of the year.We expect to continue providing proactiveassistance as well as performing postimplementation audits to promote good businessprocedures together with a reasonable level ofcontrols.

Another unique aspect of this period was extendedaudit coverage focusing on the University of FloridaFoundation and University Athletic Association.The 2004-2005 period also reflected a major changein the operational environment of the OACR. Wehired and trained new staff, purchased an auditingsoftware package and revised audit procedures inalignment with COSO framework.

OPERATIONS

Goals and Objectives

A key operational objective for the period wasrecruitment and training of new staff. We directedadditional emphasis and resources to the University’sdirect support and affiliated organizations andfollowed closely the trends and developments in theapplication of Sarbanes-Oxley accountability measuresto not-for-profit organizations and universities inparticular.

As we started a new two year audit cycle, we initiatedcomprehensive risk assessment procedures to generatean audit plan significantly addressing University andits affiliates’ operational, financial reporting andcompliance risks and control systems. The 2005-2007work plan will provide broad coverage and emphasizepost Bridges implementation and business processes.

Staffing and Other Resources

During 2004-2005 OACR hired six full-time staff andtwo part-time graduate assistants. Five were hired asreplacements for position vacancies and one was anadded position. We successfully recruited two auditmanagers, two senior auditors and two staff auditors.However, one audit manager was on parental leave fora significant portion of the year. To accommodateadditional staff, we opened a satellite office in Yon Hall(Florida Stadium East).

Yon Hall

OFFICE OF AUDIT & COMPLIANCE REVIEW

2004-2005 3

Organization Chart

To better align audit resources with the Universityunits expecting and supporting audit effort, weimplemented a funding methodology necessary tomeet this need and expectation. We expect to hiretwo additional auditors in the coming year so,when fully staffed at 14.5 auditor positions, theOACR will favorably benchmark with its peerorganizations and meet the internal audit needs ofthe University and its support organizations.

Staff Training

Continuing professional education is highly valuedand attendance at relevant conferences andseminars is promoted. Since cost-effective trainingof new staff was a priority, we initiated two days ofIIA-sponsored training in Gainesville as well as ahalf-day seminar on Sarbanes-Oxley legislation.Audit staff from other organizations participated inthis training. Table 1 reflects a listing of staffparticipation in formal training programs in 2004-2005.

Table 1 Staff Training

Sponsored by: HoursEmployees

Attending

Institute of Internal Auditors 286 14

Paisley Consulting 145 15

Price Waterhouse Coopers 36 12

Association of College and

University Auditors123 5

Florida Institute of CPAs 16 2

Purvis Gray and Company 16 2

Association of Certified

Fraud Examiners14 1

Florida Audit Forum 6 1

Canaudit, Inc. 40 1

Nur ErengucChief Audit Executive

Brian MikellDirector, Audit &

Managment Advisory Services

Kayla SpellmanAudit Manager

Joe CannellaAudit ManagerHealth Science

Carole SilvermanSenior Audit Mgr

Investigations

Craig ReedSenior Auditor I

Chris BunnIT Audit Manager

Vito HiteSenior Auditor II

Al MoonSenior Auditor II

Jeff CapehartSenior Auditor II

Marilyn VelezSenior Auditor I

Graduate Students

Staff Auditor

TBAStaff Auditor

Lily ReinhartStaff Auditor

Suzanne NewmanAdministrative Coordinator

Brecka AndersonStaff Auditor


4 Annual Report

Budget and Expenditure Analysis

The OACR expenditures by category are illustrated inTable 2. Professional staff salaries remain ourpredominant commitment representing 92% of totalexpenditures. The increase in total salary and OPSexpenditures is attributable to additional positionsas the OACR moves towards appropriate staffing toaddress the needs of a growing and more complexstructure of the University. Miscellaneous officesupplies and travel represented the largestpercentage of operating expense. After operatingexpenses, training represented the largestexpenditure for the year.

Time Analysis

Table 3 provides a comparison between timeavailable as planned and actual time available forprojects. Actual project time available, including240 hours worked in excess of normal hours, was

28% less than planned due to unanticipatedposition vacancies, family leave use and training.This had a signficant impact on project progressand completion.

Table 3 – Planned/Actual Hours

PLANNED ACTUAL DIFF.

Time Available (8x2,040)+(6x1360) 24,480 24,480

Less: Adjustment for Position Vacancies (3,206) 3,206

Training/Leave Use/Operational Support (7,344) (9,210) 1,866

Total (12,416)

Excess hours worked 240 (240)

Time Available for Projects 17,136 12,304 4,832

Operating Expenses

12%

8% 14%

10%

22% 34%

Office Supplies Telephone/PostageDues/Subscriptions MaintenanceComputer Supplies Travel/Other

Table 2 Analysis of Expenditures

2003 2004 2004 2005

Salaries $750,647 $929,524

Other Personal Services (OPS) 8,506 24,204

Fixed Assets 11,800 12,502

Operating Expenses 18,935 20,673

Training 11,480 18,627

Total $801,368 $1,005,530


2004-2005 5

Time Allocation

Chart A represents the planned activity mix for timeavailable for projects and actual effort expended,and Chart B provides a comparison between prioryear and current allocation of time available forprojects. In comparison with budgeted, the actualhours allocated to audits was lower due to thecancellation of post implementation Bridges audits.The systems were being stablized and advisorysupport was prioritized. In comparison with theprior year, actual hours spent for training/leave andoperational support is reflective of extensiverecruitment and new staffing.

Direct time percentages are established as aproductivity goal for each professional positionand for the office as a whole. Direct timeexcludes administration, service support, leaveand training.

Chart C compares direct time achieved in thelast two fiscal years. Holidays and leave wereremoved from total available time beforecalculating the direct time for FY 04-05. Theincrease in new staff leading to increasedoperational support kept direct times lower forFY 04-05.

Chart C Office Direct Time by Fiscal Years

69%72%76% 75%

73%68% 70%75% 70% 68%

0%

20%

40%

60%

80%

100%

Quarter1 Quarter2 Quarter3 Quarter4 Total Office

FY 03 04 FY 04 05 Goal 72%

Chart A Allocation of Total Time

Available

Planned vs. Actual

46%

8%

12%

4%

30%

36%

15%

4%

3%

42%

0% 10% 20% 30% 40% 50%

Audits

MAS

Investigations

Follow Up

Training/Leave

Use/Operational

Support

Planned Actual

Chart B Allocation of Time Available

for Projects

Prior vs. Current Year

49%

21%

14%

4%

12%

47%

19%

6%

4%

24%

0% 10% 20% 30% 40% 50% 60%

Audits

MAS

Investigations

Follow Up

Operational

Support

2003 2004 2004 2005


6 Annual Report

Table 4 Trend Analysis of Projects Planned/Completed

Original Revised Current Carry

Over

Total1

2002 2003 16 16 14 3 17

2003 2004 21 20 15 7 22

2004 2005 27 21 17 4 21

TOTALS 64 57 46 14 60

Planned Completed

1 Table 6 lists reports issued this period.

AUDITS AND OTHER PLANNEDREVIEWS

Trend Analysis

Table 4 reflects a three-year analysis of projectsplanned and completed. The work plan includesplanned audits and advisory reviews.

Over the last three years, 57 projects were plannedand 60 were completed. The upward trend in projectsplanned and completed is attributable to thecontinued growth in OACR staff size.

During 2004-2005, 47% of available time, or 7,722hours, was spent on audits. Internal audits wereplanned based on evaluation of risk and includedinput from university management.

Client Surveys

Client surveys completed at the conclusion of eachengagement reflect that OACR services are wellreceived. One-hundred percent of survey responsesindicated ratings of either good or excellent in allcategories, an improvement over last year’s 95%.The most notable improvement was in the ‘AuditReport’ category.

Trend Analysis of Projects

Planned/Completed

0

10

20

30

40

50

60

70

Planned Completed

2004 2005

2003 2004

2002 2003

6057

Client Surveys

(5 Responses)

83%

93%

88%

17%

7%

12%

0% 20% 40% 60% 80% 100%

Audit Team

Audit Report

Audit

Performance

Excellent Good Fair Poor


2004-2005 7

AUDIT REPORT SUMMARIES

The summary of audits issued profiles majorengagements completed during the fiscal year. Thesubjects of the reports illustrate the commitment toproactive and diverse coverage. We conductedBridges audits of customer relations design andcontract management. We performed aninformation technology audit of individual remoteaccess to the University of Florida network. Anaudit of the Purchasing Card Program wasconducted as well as an audit of the Upward BoundProgram. The internal controls over material andsupply fees charged to students were evaluated.Finally, in our expanded coverage of Direct SupportOrganizations (DSO), we performed audits of theUniversity of Florida Foundation, UniversityAthletic Association and Florida Foundation SeedProducers, an Institute of Food & AgriculturalSciences DSO.

Privately Funded Restricted Programs

This audit, requested by the University of FloridaFoundation, Inc. (Foundation), complemented thefinancial audit performed by the Foundation’sexternal auditors, KPMG, for fiscal year 2002-2003.The primary objective was to determine whetherthe use of endowed funds established by theUniversity units was in accordance with donorrestrictions and intent. The audit covered nineendowed funds established within the Foundationand administered by a specific universitydepartment, school college or Student FinancialAffairs. During 2002-2003 total Foundationdisbursements to the University from the selectedfunds was $3,434,034. All funds under review weredeposited intact to University of Florida accounts.Generally, their use by University units was incompliance with donor intent and restrictions.Controls to assure such compliance were generallysatisfactory.

Customer Relations DesignImplementation – Bridges Project

The UF Bridges group was charged with theimplementation of modules purchased fromPeopleSoft including the Customer Relations DesignImplementation (CR) applications. CR includescash receipting, accounts receivable and bankingapplications. The primary objective of this auditwas to evaluate whether the design and

implementation of the applications would ensurethe integrity and reliability of system data.Controls over the processes were generallyadequate to ensure appropriate segregation ofduties, authorization of transactions and dataintegrity. Audit concerns included design of bankreconciliation functionality and procedures anddevelopment of policies to ensure appropriatesegregation of duties when assigning anddistributing user security roles.

Intercollegiate Athletics ContinuingAcademic Eligibility

The primary objective of this audit was to evaluatethe effectiveness of policies and procedures in placeto ensure student-athlete continuing academiceligibility, for the 2003-2004 academic year basedon National Collegiate Athletic Association (NCAA)and Southeastern Conference (SEC) requirements.The University Athletic Association, Inc. (UAA) isresponsible for the intercollegiate athleticsprograms at the University of Florida. Key controlsover the function of certifying that student-athletesmeet continuing academic eligibility guidelineswere adequate and ensured compliance with theseguidelines for the 2003-2004 academic period. TheUniversity established an appropriateorganizational structure and procedures forcontinuing academic eligibility.

Upward Bound Program

The University of Florida Upward Bound Program,established in 1971, is a US Department ofEducation funded program that promotes projectsdesigned to facilitate the development of academicskills and motivation necessary for completing highschool and entering the post-secondary institutionof the participant’s choice. For the 2003-2004 fiscal

Computer Science Engineering


8 Annual Report

period, the Program received Federal Funding of$343,269 and served approximately 60 to 80participants. The primary objective of this auditwas to evaluate the adequacy of support anddocumentation for program activities; compliancewith program participation criteria and fund use;and compliance with established Universityprocedures. The Program was generallyadministered in compliance with Federal programguidelines; however we identified significantopportunities for the improvement of controls inthe management of Program funds.

UF Bridges Contract Management

Significant contracts were made to purchasesoftware and consulting expertise as part of theBridges implementation effort. Payments tocontract vendors during fiscal year 2003 and 2004were 62% of the $24.5 million capitalizeddisbursements. The primary objective of this auditwas to assess the internal controls in place forcontract management. Although contracts werenegotiated, authorized and reviewed appropriately,monitoring contract compliance anddisbursements could be improved through thedevelopment of procedures ensuring documentedauthorization and receipt of goods and services.

University Purchasing Card Program

The University’s Purchasing Card (PCard)Program, initiated in April 2004, is administered bythe Assistant Director of Purchasing. The PCardissuing bank is Wachovia and the credit cardvendor paid for purchase transactions is MBNA. Asof December 2004, the University had 4,173 activecardholders. The primary objective of this auditwas to evaluate the adequacy of the Program’sinternal controls. We reviewed card issuance, use,cancellation, or revocation, bank reconciliation andprocessing for payments, purchase authorizationand budgetary controls, and procurementeconomies. Key controls over the PCard Programwere adequate, however control improvementopportunities included more specific guidancerelated to PCard purchases, notification of thePCard team when cardholders terminateemployment, card cancellation and re-training forunits not following program guidelines, eliminationof certain merchant category codes, and vouchersthat fail budget checking.

University of Florida Network RemoteAccess

The objective of this audit was to determine theadequacy of internal controls over individualremote access to the University of Florida network.Accessing the University of Florida networkremotely allows authorized students, faculty andstaff the ability to perform computer activities fromoff campus. Individual remote access to theUniversity network is used by more than 5,000students, faculty and staff. Remote access to theUniversity network can be performed using virtualprivate network (VPN) or dial-in access. Remoteaccess is managed by Network Services, adepartment within the Office of InformationTechnology (OIT) and Computing and NetworkServices (CNS). Internal controls were found to beeffective in OIT and CNS policies and procedures.The opportunities for improvement wereapplicable to logical security and changemanagement and were already underway beforethe audit.

Florida Foundation Seed Producers, Inc.

Florida Foundation Seed Producers, Inc.(Producers), located north of Marianna, Florida is aDirect Support Organization of the University ofFlorida. Producers was incorporated in 1943 toprovide to Florida farmers and producers of cropseed and nursery stock, the foundation seed stock ofthe best known varieties adaptable to Floridaclimate and soils in cooperation with theUniversity of Florida’s Institute of Food andAgricultural Sciences. Producers had over 400contracts for the production, harvesting, bagging,

CNS Data Center - Bryant Hall


2004-2005 9

buying, selling, and storing of seed and nurserystock during fiscal 2004. Producers’ gross royaltyincome for 2004 was $1,298,339 and income fromsales of seed was $1,023,413. The primary objectiveof this audit was to evaluate the control proceduresin place to account for those revenues. Key controlsover the business transactions were adequate,except that reports available for managerialmonitoring of royalty receivables and verificationof accuracy of amounts received neededimprovement.

Material & Supply Lab Fees

The primary objective of this audit was todetermine if Material and Supply (M&S) fees areestablished, disbursed and managed in compliancewith University policies. M&S Fees offset the cost ofmaterials or supplies consumed in the course of thestudent’s instruction. Registration is managed bythe University Registrar and fees are assessed byUniversity Financial Services. Academicdepartments are responsible for fee disbursementsand maintaining records, for each course, of the feecollections and disbursements. As of Spring 2005,nearly 1,200 course fees were established and thecash balances available for these courses totalednearly $1 million. There was opportunity forimprovement in the establishment, disbursementand management of M&S fees to ensure thatcomplete, accurate and consistent fee data isavailable for use in the establishment, assessment,collection and allocation of M&S fees.

University of Florida Athletic AssociationTicket Office

The primary objective of this audit was to assessthe adequacy of internal controls over revenuesfrom ticket sales and for compliance withapplicable laws, rules and regulations, includingNCAA rules for complimentary tickets. TheUniversity of Florida Athletic Association TicketOffice coordinates ticket sales for all sportingevents including managing ticket priorities forboosters, alumni, faculty and staff, students and thegeneral public. In fiscal year 2003-2004,approximately 86% of total revenues came from thesale of season and single game tickets for football,12% from men’s basketball and 2% from othersports. Although revenues and ticket stocks werematerially accounted for and operations weregenerally in compliance with applicable

regulations, there were significant opportunitieswhere controls and procedures could be improved.

Gator Boosters, Inc. Internal Controls

The primary objective of this audit was to evaluateGator Boosters’ fund-raising policies andprocedures; to identify revenue sources and controlprocedures for their accounting and safeguarding,and to evaluate controls for procurement anddisbursements. Gator Boosters is a Direct SupportOrganization of the University of Florida. Itsmission is to strengthen the University’s athleticsprogram by encouraging private giving andvolunteer leadership. Fundraising policies andprocedures were in support of Gator Boostersmission and goals. Revenues were properlyaccounted and disbursements were in compliancewith applicable rules and regulations, although wenoted significant opportunities where controls andprocedures could be improved.

myUFL Systems Information TechnologyControls

The primary objective of this audit was to evaluatethe adequacy of information system controls overthe Bridges systems. The Bridges systems includethe Human Resource and Finance transactionalsystems, and the Enterprise Reporting system.Internal controls were found to be generallyeffective in the areas of network security, databasesecurity, computer operations, and physical andenvironmental security. Opportunities forimprovement were noted in the areas of platformand application security, system development andchange management, and contingency planning.

Ben Hill Griffin Stadium at Florida Field


10 Annual Report

MANAGEMENT ADVISORYSERVICES

OACR is committed to providing proactive,preventive advice on internal controls, operationsand compliance. Requests for managementadvisory services (MAS) usually come from variousmanagement levels throughout the university. Theinformation provided through these servicesassists management in decision making and inimproving operations. Results of these types ofservices are usually communicated throughmanagement letters.

OACR provides advisory reviews, consultingassistance, training and training tools, and post-audit assistance. The following chart illustrates theMAS performed and the percentage of timeassociated.

During fiscal year 2004-2005, 3,166 hours werespent on MAS. This represented 19% of availablehours. The majority of MAS effort was expended onadvisory reviews and consultations. Following aresummaries of major MAS projects.

myUFL System Enterprise Reporting

The primary objective of this audit was todetermine the adequacy of information technologyand data integrity controls over the EnterpriseReporting system. Employing Cognos BusinessIntelligence tools, Enterprise Reporting is thesystem used to obtain information from theUniversity’s financial and human resourcesinformation systems as well as student and othermanagement information. The reporting systemcontains both delivered reports and dynamicallygenerated reports. As of August 2005, 4,920 usershave access to the Enterprise Reporting system.Internal controls were generally effective in thearea of computer operations; howeveropportunities for improvement were identifiedapplicable to data integrity, system availability,effectiveness of reports and change management.

Foundation Disbursements Processedthrough the University

The University of Florida Foundation, Inc.(Foundation) is a direct-support organization of theUniversity. Its mission is to promote, receive andadminister private support for the University.Beginning July 1, 2004, all disbursements ofFoundation funds for the benefit of the Universitywere made by transfer to and processed throughthe University’s accounting system. ThroughJanuary 31, 2005, Foundation transfers to theUniversity totaled $41,804,647. The objectives ofthis audit were to evaluate the effectiveness andefficiency of this process and the adequacy ofcontrols to ensure compliance with University andFoundation requirements. We noted opportunitiesfor improvement in the controls and processes, andidentified tools and practices that, whenimplemented by Foundation and Universitypersonnel, should improve the effectiveness offunds transfers and disbursement monitoring.

Donor Intent Compliance

The primary objective of this audit was todetermine whether restricted funds establishedwithin the University of Florida Foundation, Inc.(Foundation) and administered by University unitswere used in accordance with donor restrictionsand intent. The respective University school,college or department oversees the administrationand proper use of these funds. Foundation fundswere appropriately established and disbursements

were deposited intact to University accounts.Generally, fund use by University units was incompliance with donor intent and restrictionsincluding that of Eminent Scholar andProfessorship. The current accounting forrestricted funds created an integrated informationbase providing greater opportunity for donorintent communication and use monitoring.

Effort Distribution

70%

7%8%

8%7%

ERP Business Reengineering

Governance/Publications

DSO and Committee Service

Consultations and Advisory Reviews

Other


2004-2005 11

Role Security Management

The objective was to evaluate PeopleSoft rolesecurity management. This review involved theheavy use of queries to identify conflicting roles inthe financials and human resources modules.Conflicting roles were identified andcommunicated to appropriate departments.Departments, along with the Bridges SecurityTeam, initiated actions to clean-up conflictingassigned roles.

Payroll Issues

The major objective of this project was to workwith the Payroll Office to investigate anddetermine the causes and impact of over-paymentsto employees in PeopleSoft HRMS Payroll. For thetime period July 1 through December 22, 2004,University Payroll collected 1,011 wage refundstotaling $1,496,725. While causes of overpaymentsvaried, OACR assisted Payroll in identifyingpotential methods for detecting and preventingwage overpayments in the future.

Treasury Management Issues

The primary objective of this project was todevelop a process to reconcile bank accountinformation with University accounting records –all the way to the General Ledger (GL). TheUniversity has seven bank accounts. Due to errorsand timing differences, subsystems were not inagreement with the GL. OACR assisted UniversityTreasury Management in developing a process toperform these reconciliations.

Contracts and Grants Issues

The primary objective of this project was to workwith University Contracts and Grants (C&G) toassist with the implementation of the PeopleSoftbilling function. The primary problems related tobilling issues were conversion of historical data,and the inability to create accurate bills for activecontracts. OACR assisted C&G in identifying andcorrecting problems on a grant-by-grant basis.

Florida Museum of Natural HistoryButterfly Exhibit

The primary objective of this project was toidentify and evaluate the operating results andreported variances of the Butterfly RainforestExhibit (Exhibit). The Exhibit opened to the public

on August 14, 2004. Certain functions required foroperation of the Exhibit are provided by aContractor and certain other functions by Museumstaff.

As of February 28, 2005, there were significantdifferences in the financial information andoperational results generated by the Contractor andby the Museum management. The differences wereidentified and communicated to all parties.Recommendations were made to further improveaccountability and allow for better informationgeneration and communication with regards tooperational results.

Gainesville HSC Billing Compliance

The UF College of Medicine has established aninternal billing compliance office in Gainesville andengaged external auditors to perform an annualreview of their compliance activities. As part of ourreview of this compliance program we met with theexternal review team, reviewed the report, anddiscussed their findings and conclusions with theAssociate Director of Billing Compliance. Theexternal auditor did not have any recommendationsof significance.

Jacksonville HSC Billing Compliance

The primary objective was to evaluate the adequacyand effectiveness of the Jacksonville Health ScienceCenter billing compliance program and identifyopportunities to strengthen existing practices. Weobtained an understanding of the organizationalstructure, mission, and responsibilities of thecompliance program as well as relevant policies.The engagement consisted of a review of operationalprocedures, on-site examination, analysis of reportsand meeting correspondence, interviews with keypersonnel and identification of established internaland external rules and regulations. We did notidentify any significant issues or opportunitiesimpacting the effectiveness of this program.


12 Annual Report

INVESTIGATIONS

The OACR receives complaints and allegations offiscal improprieties from a variety of internal andexternal sources, including hotline calls, directcorrespondence, and referrals from otheruniversity offices and state agencies. Theinvestigative reviews conducted by OACR havedual objectives of responding to facts of allegationsand addressing relevant fiscal and administrativecontrol weaknesses. Where appropriate,recommendations for improvements of internalcontrols are communicated to management and aremonitored for implementation.

In total, 951 hours, or 6% of available hours werecommitted to investigative efforts.

During the year, in connection with prior periodinvestigative reviews, $120,500 was restituted. Anadditional amount in excess of $150,000 is expectedto be restituted.

Significant issues from these reviews aresummarized below.

Embezzlement

OACR was alerted to the misappropriation of$28,000 Continuing Medical Education fundsthrough personal endorsement and deposit. Theextent of the misappropriation, which occurredfrom February 2003 through June 2004, wasidentified as $123,500. The Associate Dean resignedeffective January 20, 2005. After a criminalinvestigation by the Federal Bureau ofInvestigation, the Associate Dean pled guilty to asingle count of wire fraud and is currently awaitingsentencing. He provided restitution of $120,500 toContinuing Medical Education. Recommendationsrelated to improved check log maintenance,Continuing Medical Education program approvalsand contract monitoring were made.

Resource Misuse

• Concerns were expressed to OACR of more than$23,000 in long distance telephone calls made bya teaching assistant in the College of Liberal Artsand Sciences. Duties as a teaching assistant didnot necessitate making long distance phone calls.Total long distance charges were identified as$23,821.75. Criminal charges were filed andlegal proceedings are continuing.Recommendations were made to limit telephonelines with long distance service access and toreview monthly the telecommunication invoicesand transaction detail.

• Two cash deposits totaling $1,545 from SurplusProperty Online Auction sales, UniversityProperty Services, had not been received byUniversity Financial Services and wereconsidered stolen. University Police Departmentinvestigated and concluded that no chargescould be filed and considered the case closed dueto lack of controls to provide individualaccountability. An internal control reviewidentified deficiencies in the cash collectionpolicy, transfer of cash receipts and timeliness ofmanagement review. These issues have beenappropriately addressed.

UF Privacy Office - HIPAA Compliance

The primary objective was to evaluate theadequacy and effectiveness of the UF PrivacyOffices in Gainesville and Jacksonville, and identifyopportunities to strengthen existing practices. TheUF Privacy Office directs programs to respond tothe Medical Privacy Rule of the Health Insuranceand Portability Act of 1996 (HIPAA). Theseprograms include training, monitoring andresponse to privacy complaints and concerns. Weobtained an understanding of the organizationalstructure, mission, and responsibilities of thePrivacy Office as well as relevant policies. Theengagement consisted of a review of operationalprocedures, on-site examination, analysis of reportsand meeting correspondence, interviews with keypersonnel and identification of established internaland external rules and regulations. We did notidentify any significant issues or opportunitiesimpacting the effectiveness of this program.

Newsletter

Quarterly newsletters were distributed campus-wide with regular features that include highlightsfrom projects and campus-wide issues. Copies areavailable at http://oacr.ufl.edu.

Post-Audit Assistance

OACR routinely provides support and guidance onthe implementation of planned actions.


2004-2005 13

FOLLOW-UP

Audit reports include auditor’s comments andplanned actions developed and agreed to by theaudit team and management and the estimatedtime for their implementation. Reports issuedby the external auditors, including the Office ofAuditor General, contain recommendations forwhich university management also provides acorrective implementation plan.

Standard 2500, Standards for the Professional Practiceof Internal Auditing, promulgated by the Institute ofInternal Auditors, requires that the internalauditor determine that management has takenappropriate action regarding reported auditcomments.

1 – Academic Affairs2 – Finance & Administration3 – Health Affairs4 – Athletic Association5 – UF Foundation6 – Bridges7 – Institute of Food & Agricultural Sciences

Quarterly follow-up procedures were conductedthroughout the year and their results werecommunicated to University management and theBoard of Trustees Audit Committee. For the reportperiod, the OACR staff expended 613 hours or 4% ofavailable hours for follow-up reviews.

Table 5 summarizes the results of our follow-upactivities as of June 30, 2005.

The reduced implementation percentage wasreflective of Bridges implementation stabilizationefforts which at times took priority over auditimplementation plans.

The planned action “not to be implemented” generally reflects changing conditions that render the plan obsolete.

68%

82%

68%

50%86%

50%0%

0

5

10

15

20

25

30

1 2 3 4 5 6 7

Planned Action Implementation Percentage

Table 5 – Follow Up Activities

Oversight by Followed Up Implemented In processNot to be

Implemented

Percent

Implemented

Percent

Implemented

Prior Year

1 – Academic Affairs 26 18 8 0 69% 67%

2 – Finance & Administration 17 14 3 0 82% 71%

3 – Health Affairs 22 15 7 0 68% 60%

4 – UAA 16 8 8 0 50% N/A

5 – UFF 7 6 1 0 86% 100%

6 – Bridges 2 1 1 0 50% N/A

7 – IFAS 1 0 0 1 0% 81%

Totals 93 63 29 1 68% 68%


14 Annual Report

OTHER ACTIVITIES

Professional Activities

OACR staff participated in various nationalinitiatives, training and organizations including:

· Board Member – Association of College andUniversity Auditors (ACUA)

· Member – Institute of Internal Auditors (IIA)

· Member – Association of Healthcare InternalAuditors (AHIA)

· Member – American Institute of Certified PublicAccountants (AICPA)

· Member – Florida Institute of Certified PublicAccountants (FICPA)

· Member – Association of Certified FraudExaminers (ACFE)

· Member – IIA North Central Florida Chapter

· Program Committee – IIA North Central FloridaChapter

· Board Member – IIA North Central FloridaChapter

· Webmaster – IIA North Central Florida Chapter

· Volunteer Instructor – IIA

· Session Facilitator – Large campus auditdirectors roundtable, Association of College andUniversity Auditors

· Member – State University AuditorsConsortium (SUAC)

· Participant – Florida Audit Forum

· President-Elect – IIA Leadership Conference

University Service

During 2004-2005, OACR members participated invarious university-wide initiatives andassignments including:

· Member – Auxiliary Review Committee

· Instructor – Department Security AdministratorTraining

· Member – University Information TechnologyAdvisory Committee – Information SecurityManagement (ITAC-ISM)

· Member – University Hurricane/DisasterCommittee

· Presenter – Performance Auditing—School ofAccounting graduate accounting course

· Participant – Search Committee, SeniorAssociate Controller

· Participant – Search Committee, Vice Presidentfor Human Resources


2004-2005 15

*Substantially completed as of June 30, 2005

Table 6 Reports Issued 2004 05

TITLE PERIODISSUE

DATEREPORT NO. PROJECT

Privately Funded Restricted

Programs7/1/02 – 6/30/03 10/22/04 UF 04 398 02 Internal Audit

Customer Relations Bridges As of 6/18/04 11/15/04 UF 04 410 14 Internal Audit

UAA Continuing Academic

EligibilityAs of 9/1/04 12/15/04 UF 04 411 15 Internal Audit

Payroll 12/1/04 – 1/31/05 1/31/05 71.200503 MAS

Role Security Management 11/1/04 – 1/31/05 1/31/05 71.200506 MAS

Upward Bound Program 7/1/03 – 6/30/04 2/16/05 UF 05 422 01 Internal Audit

Contracts & Grants 12/1/04 – 3/15/05 2/23/05 71.200504 MAS

Treasury Management 11/22/04 – 2/28/05 2/23/05 71.200505 MAS

Contract Management Bridges As of 8/31/04 3/4/05 UF 04 413 17 Internal Audit

Florida Museum of Natural

History Butterfly Exhibit3/29/05 – 4/18/05 5/9/05 72.200502 MAS

Purchasing Card 7/1/04 – 12/31/04 5/27/05 UF 05 442 21 Internal Audit

Remote Access As of 5/13/05 6/8/05 UF 05 425 04 Internal Audit

Foundation Seed Producers, Inc. As of 12/31/04 6/8/05 UF 05 445 24 Internal Audit

Material & Supply Lab Fees As of Spring 2005 6/9/05 UF 05 445 25 Internal Audit

UAA Ticket Office As of 12/31/04 6/29/05 UF 05 437 16 Internal Audit

Gator Boosters Internal Controls As of 12/31/04 6/30/05 UF 05 426 05 Internal Audit

*President’s Travel & Expense 7/1/04 – 5/6/05 8/9/05 72.200504 MAS

*myUFL Enterprise Reporting As of 5/31/05 8/24/05 UF 05 423 02 Internal Audit

*myUFL IT Controls As of 5/31/05 8/24/05 UF 05 438 17 Internal Audit

*UFF Donor Compliance 7/1/03 – 12/31/04 9/05 UF 05 436 15 Internal Audit

*UFF Other Expenses As of 2/28/05 9/05 UF 05 447 26 Internal Audit

*Health Center Billing &

Compliance9/05 71.200501 MAS

*HIPAA Compliance 9/05 71.200502 MAS


16 Annual Report

CONTACTS & RESOURCESThe Office of Audit & Compliance Review workscollaboratively and cooperatively with many otheroffices. Below is a partial listing of the contacts andresources used frequently.

State Auditor Generalhttp://www.state.fl.us/audgen/Gainesville Office: (352) 334-1740Campus Office: (352) 392-5255

Department of Financial ServicesConsumer Helpline: 1-800-342-2762Get Lean Hotline: 1-800-GET LEAN

University Controller’s Officehttp://fa.ufl.edu/(352) 392-1321

Florida Department of Educationhttp://www.fldcu.org/

UF Board of Trusteeshttp://www.trustees.ufl.edu/

Health Science Center Compliancehttp://www.med.ufl.edu/complian/(352) 265-8359

Division of Sponsored Researchhttp://rgp.ufl.edu/research/(352) 392-1582

Institutional Review Boardhttp://irb.ufl.edu/

UF Contracts & Grantshttp://fa.ufl.edu/cg/(352) 392-1235

IFAS Sponsored Programshttp://grants.ifas.ufl.edu(352) 392-2356

Engineering Contract & Grantshttp://www.eng.ufl.edu/home/cng/(352) 392-6626

University Athletic Associationhttp://www.uaa.ufl.edu/(352) 375-4683

Equal Opportunity Programs Officehttp://www.aa.ufl.edu/aa/affact/(352) 392-6004

Ombudsmanhttp://www.ombudsman.ufl.edu/(352) 392-1308

University General Counselhttp://www.generalcounsel.ufl.edu/(352) 392-1358

University Police Departmenthttp://www.police.ufl.edu/(352) 392-1111

Shands Auditing(352) 265-7969

University Vice President for Human Resourceshttp://www.hr.ufl.edu/(352) 392-1075

University Vice-President for Finance &Administrationhttp://www.admin.ufl.edu/(352) 392-1336

Documents

A n n u A l R e p o R t · MAS Investigations Follow 1Up Training/Leave Use/Operational Support Planned Actual Chart 1B ,Allocation 1of 1Time 1Available 1 for 1Projects 1 Prior 1vs