Embed Size (px)
Citation preview
Fiscal Year 2011 Annual Audit Report
0
FISCAL YEAR 2011 ANNUAL INTERNAL AUDIT REPORT
THE OFFICE OF INTERNAL AUDIT BOX 19112
ARLINGTON, TX 76019-0112 817-272-0150
www.uta.edu/internalaudit
Fiscal Year 2011 Annual Audit Report for State Auditor’s Office
1
TABLE OF CONTENTS
I. Internal Audit Plan for Fiscal Year 2011………….………………….……………….………
II. External Quality Assurance Review…….……………………………………………….…….
III. List of Audits Completed ……………………………...………………………………..……..
IV. List of Consulting Engagements and Non-audit Services Completed …...………………….
V. Organizational Chart ………………….…………………………………………….………...
VI. Report on Other Internal Audit Activities…………..……...…..…………………….…….….
VII. Internal Audit Plan for Fiscal Year 2012……………………………………..………………..
VIII. External Audit Services..............................................................................................................
IX. Reporting Suspecting Fraud and Abuse.....................................................................................
2
3
5
23
24
24
25
26
26
Fiscal Year 2011 Annual Audit Report for State Auditor’s Office
2
Purpose of the Annual Report: To provide information on the benefits and effectiveness of the internal audit function. In addition, the annual report assists central oversight agencies in their work planning and coordinating efforts. I. Internal Audit Plan for the Fiscal Year 2011
AUDIT BUDGETED HOURS
FINANCIAL AUDITS FY 2010 Financial Statement Audit (AFR) 800.00 FY 2011 Financial Statement Audit (Interim) 100.00 Presidential Housing, Travel & Entertainment Expense Audit 100.00 NCAA Financial Audit 150.00 Joint Admission Medical Program "JAMP" (Biennial Requirement) 80.00 Financial Portion to the Statewide Single Audit (assistance to SAO) follow-up 40.00
Financial Audits Subtotal 1,270.00 OPERATIONAL AUDITS (C/F) Disability Services/Fire and Life Safety 200.00 Procurement Card Audit 200.00 Employee Check-Out Process 250.00 Operational Review of Grant & Contract Administration and Accounting 238.00
Operational Audits Subtotal 888.00 COMPLIANCE AUDITS (C/F) New Construction and Renovation Projects Review Against THECB Requirements 200.00
Advanced Technology Program/Advanced Research Program (ATP/ARP) 140.00 Institutional Compliance Program Audit 240.00 Travel Policy Compliance and Spending Review 200.00 Federal Portion of Statewide Single Audit (assistance to the SAO) follow-up 60.00 Endowments' Stewardship 220.00
Compliance Audits Subtotal 1,060.00 INFORMATION TECHNOLOGY (C/F) Information Technology Governance Audit IIA Standards 2110.A2 25.00 TAC 202 Biennial Requirement 250.00 Information Security Program Audit 200.00 Security Review of Decentralized Servers 250.00
Information Technology Subtotal 725.00 FOLLOW-UP AUDITS Follow-Up Audits (IT Related) 252.00 Follow-Up Audits (Non IT Related) 200.00
Follow-Up Audits Subtotal 452.00AUDIT PROJECTS UT System Requests 400.00 FY 2012 Annual Audit Plan Preparation 140.00 Annual Internal Audit report 60.00
Fiscal Year 2011 Annual Audit Report for State Auditor’s Office
3
Special Audits & Other Audit-Related Activities 250.00 Spot Audits of Petty Cash Funds 40.00
Audit Projects Subtotal 890.00 CONSULTING PROJECTS Special Requests – Consulting 150.00
Consulting Projects Subtotal 150.00 OTHER PROJECTS Quality Assurance Review Follow Up 60.00 Committees (e.g. Internal Audit, Compliance and other Committee Involvement) 200.00
Investigations 160.00 TeamMate Conversion and Procedures 250.00 Special Requests – Projects 180.00
Other Projects Subtotal 850.00
TOTAL AUDIT HOURS 6,285.00 Deviations from plan: The Institutional Audit Committee approved cancelling the Operational Review of Grant & Contract Administration and Accounting audit in view of a ERP system implementation and the SAO A-133 Audit of the Research Cluster. The audit’s remaining 102 hours were re-allocated to Follow-Up Audits, IT Related.
Audit Original Budgeted Hours Change After
Approval Follow-Up Audits IT Related 150.00 102.00 252.00Operational Review of Grant & Contract Administration and Accounting
340.00 (102.00) 238.00
Total 490.00 -- 490.00 The Security Review of Decentralized Servers audit was cancelled, due to policy and procedure changes that significantly reduced the risk in this area and these hours were used in other audit work plan areas. II. External Quality Assurance Review UT Arlington’s Department of Internal Audit completed a Quality Assurance Review in May 2009. Members of the review team were: Kathryn Kapka (The University of Texas at Tyler), Scott Pierce (Georgia Southern University), and Paul Tyler (The University of Texas at San Antonio). The review reports that the Department of Internal Audit generally conforms with the standards in all areas. The following table contains the analysis of how the Department of Internal Audit at The University of Texas at Arlington’s activities conform to each section of the Standards.
Fiscal Year 2011 Annual Audit Report for State Auditor’s Office
4
Standard Type and Description Opinion Attribute Standards 10- Purpose, Authority and Responsibility Generally Conforms 1- Independence and Objectivity Generally Conforms 12- Proficiency and Due Professional Care Generally Conforms 13- Quality Assurance and Improvement Program Generally Conforms Performance Standards 20- Managing the Internal Audit Activity Generally Conforms 2- Nature of Work Generally Conforms 22- Engagement Planning Generally Conforms 23- Performing the Engagement Generally Conforms 24- Communicating Results Generally Conforms 25- Monitoring Progress Generally Conforms 26- Resolution of Senior Management's Acceptance of Risks Generally Conforms The Institute of Internal Auditors' Code of Ethics Generally Conforms
All members of management interviewed were complimentary of Internal Audit and its interaction with audit clients throughout the University. This level of satisfaction was reflected in the audit committee and audit client surveys that were reviewed. The entire report can be requested from the Director of Internal Audit at (817) 272-2018. Note the department is planning for their next Quality Assurance Review around April/May 2012.
Fisc
al Y
ear
2011
A
nnua
l Aud
it R
epor
t
III.
Lis
t of A
udits
Com
plet
ed
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Obs
erva
tions
/ Res
ults
&
Rec
omm
enda
tions
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
Im
plem
ente
d,
Inco
mpl
ete/
Ong
oing
, or
Not
Impl
emen
ted)
with
br
ief d
escr
iptio
n if
not y
et
impl
emen
ted.
1
Fisc
al Im
pact
/Oth
er
Impa
ct
10-0
1
9/6/
2010
IT G
over
nanc
e
To a
sses
s whe
ther
the
IT
gove
rnan
ce fr
amew
ork
sust
ains
and
supp
orts
the
Uni
vers
ity’s
stra
tegi
c ob
ject
ives
1A. T
he IT
Gov
erna
nce
Com
mitt
ee sh
ould
upd
ate
its
impl
emen
tatio
n pl
an a
nd ti
mel
ines
an
d en
sure
that
the
proc
esse
s are
es
tabl
ishe
d.
1B. T
he IT
Gov
erna
nce
Com
mitt
ee
shou
ld id
entif
y an
d no
tify
all
mem
bers
of t
he a
dvis
ory
com
mitt
ees o
f the
ir ro
les a
nd
resp
onsi
bilit
ies.
1C
. To
fulfi
ll th
eir r
espo
nsib
ilitie
s in
the
IT g
over
nanc
e pr
oces
s, al
l co
mm
ittee
s sho
uld
mee
t reg
ular
ly
and
prov
ide
stat
us u
pdat
es to
the
Exec
utiv
e an
d IT
Gov
erna
nce
com
mitt
ees.
2)
The
OIT
man
agem
ent s
houl
d ad
dres
s the
five
are
as c
ited
and
set
targ
et im
plem
enta
tion
date
s for
co
mpl
etio
n --
(ite
ms a
. thr
ough
e.
abov
e).
2A. A
repo
rting
mec
hani
sm is
not
in
pla
ce to
upd
ate
Exec
utiv
e
Full
Impl
emen
ted
Fully
Impl
emen
ted
Fully
Impl
emen
ted
Fully
Impl
emen
ted
Fully
Impl
emen
ted
Lack
of i
mpl
emen
ted
IT G
over
nanc
e St
ruct
ure
5
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
IT
Gov
erna
nce
(Con
tinue
d)
man
agem
ent o
n th
e st
atus
of I
T go
vern
ance
. A re
porti
ng
mec
hani
sm p
rovi
des a
war
enes
s of
the
valu
e of
IT g
over
nanc
e in
te
rms o
f mee
ting
the
Uni
vers
ity's
stra
tegi
c ob
ject
ives
. OIT
pla
ns to
pr
ovid
e se
nior
man
agem
ent a
st
atus
upd
ate
of th
e IT
gov
erna
nce
impl
emen
tatio
n pr
ogre
ss o
n an
an
nual
bas
is. F
urth
erm
ore,
OIT
pl
ans t
o pr
ovid
e up
date
s on
IT
gove
rnan
ce o
n its
web
site
. 2B
. An
IT g
over
nanc
e pr
oces
s is
not i
n pl
ace
to p
rom
ote
a co
llabo
rativ
e bu
sine
ss a
nd IT
pa
rtner
ship
for s
trate
gy
deve
lopm
ent a
nd sh
ared
focu
s on
high
-val
ue IT
-ena
bled
inve
stm
ents
. O
IT p
lans
to p
rovi
de a
foru
m fo
r in
put a
nd h
ave
web
tran
spar
ency
to
keep
the
cam
pus i
nfor
med
. 2C
. A p
roce
ss is
not
in p
lace
that
pr
ovid
es v
isib
ility
and
tra
nspa
renc
y of
pro
ject
por
tfolio
m
anag
emen
t. In
the
futu
re, O
IT
plan
s to
publ
ish
IT p
roje
ct
portf
olio
info
rmat
ion
on it
s web
Fully
Impl
emen
ted
Fully
Impl
emen
ted
6
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
IT G
over
nanc
e (C
ontin
ued)
site
. 2D
. A st
ruct
ure
is n
ot in
pla
ce to
ob
ject
ivel
y ev
alua
te w
hich
pro
ject
s pr
ovid
e th
e gr
eate
st v
alue
to sa
tisfy
U
nive
rsity
nee
ds. O
IT p
lans
to
star
t with
a m
ore
subj
ectiv
e pr
ojec
t ev
alua
tion
met
hodo
logy
bas
ed o
n sa
tisfa
ctio
n of
cam
pus s
trate
gic
goal
s, im
pact
on
the
cam
pus,
and
valu
e ad
ded,
con
side
ring
the
size
of
the
cust
omer
bas
e.
2E. A
per
form
ance
mea
sure
men
t ha
s not
bee
n es
tabl
ishe
d to
:
i. tra
ck th
e ac
hiev
emen
t of
the
obje
ctiv
es o
f IT-
rela
ted
serv
ices
and
solu
tions
;
ii. im
plem
ent b
usin
ess-
orie
nted
IT sc
orec
ards
, as
sess
men
t and
ass
uran
ce
activ
ities
with
focu
s on
cont
inua
l per
form
ance
im
prov
emen
t;
iii. m
onito
r if t
he re
quire
d st
rate
gic
dire
ctio
n is
bei
ng
Fully
Impl
emen
ted
Fully
Impl
emen
ted
7
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
IT G
over
nanc
e (C
ontin
ued)
follo
wed
and
take
tim
ely
corr
ectiv
e m
easu
res,
if ne
eded
; iv
. cal
cula
te a
nd tr
ack
reso
urce
usa
ge.
3.
The
OIT
man
agem
ent s
houl
d co
ordi
nate
with
Uni
vers
ity
Com
plia
nce
Serv
ices
to a
sses
s w
hich
dep
artm
enta
l IT-
rela
ted
risks
may
neg
ativ
ely
impa
ct th
e U
nive
rsity
's op
erat
ions
. The
OIT
m
anag
emen
t sho
uld
wor
k w
ith th
e va
rious
dep
artm
ents
to a
ddre
ss
thes
e IT
-rel
ated
risk
s.
Fully
Impl
emen
ted
10-0
8 9/
7/20
10
NC
AA
Stu
dent
Fi
nanc
ial A
id
Com
plia
nce
To e
nsur
e th
at th
e A
thle
tics
Dep
artm
ent i
s in
com
plia
nce
with
the
2009
-201
0 N
CA
A
Div
isio
n1 M
anua
l, B
ylaw
15,
pe
rtain
ing
to S
tude
nt F
inan
cial
A
id
Whe
n th
e st
anda
rd c
ost o
f at
tend
ance
figu
re is
adj
uste
d fo
r a
stud
ent a
thle
te, w
e re
com
men
d th
at
both
the
Ath
letic
Off
ice
and
the
Fina
ncia
l Aid
Off
ice
mai
ntai
n su
ffic
ient
doc
umen
tatio
n to
ev
iden
ce th
e ci
rcum
stan
ces a
nd th
e m
etho
dolo
gy u
sed
to m
ake
the
adju
stm
ent.
Fully
Impl
emen
ted
Failu
re to
adh
ere
to
NC
AA
scho
lars
hip
limita
tions
per
spor
t an
d pe
r ind
ivid
ual
Fa
ilure
to
appr
opria
tely
pro
cess
G
rant
-in-A
id
docu
men
ts
Failu
re to
dis
tribu
te
stud
ent-a
thle
te
scho
lars
hips
in a
8
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
NC
AA
Stu
dent
Fi
nanc
ial A
id
Com
plia
nce
(Con
tinue
d)
timel
y m
anne
r Fa
ilure
to h
ave
inst
itutio
nal o
vers
ight
by
the
Fina
ncia
l Aid
O
ffic
e an
d A
thle
tic
Com
plia
nce
Com
mitt
ee
Failu
re to
mon
itor
non-
athl
etic
rela
ted
aid
(TPE
G, r
otar
y cl
ub
scho
lars
hips
, etc
.) Lo
ss o
f sch
olar
ship
s du
e to
failu
re to
reta
in
and
grad
uate
stud
ent-
athl
etes
10-1
3 11
/30/
2010
FY
201
0 A
nnua
l Fi
nanc
ial R
evie
w
(AFR
)
Ann
ual F
inan
cial
Rep
orts
(A
FRs)
and
rela
ted
foot
note
in
form
atio
n ar
e pr
epar
ed b
y th
e fin
anci
al re
porti
ng o
ffic
ers
at e
ach
UT
inst
itutio
n an
d U
T Sy
stem
Adm
inis
tratio
n in
ac
cord
ance
with
acc
ount
ing
1.W
e re
com
men
d th
at A
ccou
ntin
g Se
rvic
es re
cord
in D
EFIN
E al
l no
n-ca
sh d
onat
ions
as s
oon
as th
ey
are
valu
ed ra
ther
than
wai
ting
until
ye
ar e
nd.
Add
ition
ally
, not
atio
ns
shou
ld b
e m
ade
on th
e re
conc
iliat
ion
indi
catin
g th
e
Fully
Impl
emen
ted
Red
uce
the
risk
of
finan
cial
mis
stat
emen
t th
roug
h im
prov
ed
cont
rols
.
9
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
FY 2
010
Ann
ual
Fina
ncia
l Rev
iew
(A
FR) (
Con
tinue
d)
and
finan
cial
repo
rting
re
quire
men
ts p
rom
ulga
ted
by
UT
Syst
em p
olic
y an
d th
e Te
xas C
ompt
rolle
r of P
ublic
A
ccou
nts t
o be
incl
uded
in th
e U
T Sy
stem
Con
solid
ated
A
FR. T
he A
FRs f
or th
e U
T in
stitu
tions
and
UT
Syst
em
Adm
inis
tratio
n do
not
incl
ude
foot
note
s, w
hich
wou
ld b
e ne
cess
ary
for t
he A
FRs t
o be
in
acc
orda
nce
with
gen
eral
ly
acce
pted
acc
ount
ing
prin
cipl
es. I
n ad
ditio
n, c
erta
in
supp
ortin
g do
cum
ents
and
ac
coun
ting
info
rmat
ion
whi
ch
wer
e us
ed to
pre
pare
the
UT
inst
itutio
ns’ A
FRs a
re n
ot
avai
labl
e at
the
UT
inst
itutio
ns, b
ut a
re m
aint
aine
d at
UT
Syst
em A
dmin
istra
tion.
Th
e C
ontro
ller’
s Off
ice
of U
T Sy
stem
Adm
inis
tratio
n co
nsol
idat
es A
FRs f
rom
all
UT
inst
itutio
ns a
nd U
T Sy
stem
Adm
inis
tratio
n an
d pr
epar
es a
ppro
pria
te fo
otno
tes
and
othe
r rel
ated
dis
clos
ures
so
that
the
UT
Syst
em
disp
ositi
on o
f any
reco
ncili
ng
item
s to
ensu
re th
at a
ll re
conc
iling
ite
ms a
re p
rope
rly c
lear
ed.
2. A
ccou
ntin
g Se
rvic
es sh
ould
w
ork
with
the
Tech
nolo
gy T
rans
fer
Off
ice
with
in R
esea
rch
Adm
inis
tratio
n to
des
ign
a pr
oces
s to
kee
p A
ccou
ntin
g Se
rvic
es
info
rmed
thro
ugho
ut th
e ye
ar, i
n th
e ev
ent t
hat t
here
may
be
mat
eria
l int
angi
ble
asse
ts to
be
reco
gniz
ed.
3A. T
he A
dmis
sion
s man
agem
ent
shou
ld re
ques
t the
Off
ice
of
Info
rmat
ion
Tech
nolo
gy (O
IT) M
y M
av A
cces
s Con
trol t
o im
med
iate
ly re
mov
e ac
cess
from
th
e 10
liste
d us
ers.
3B. T
he A
dmis
sion
s man
agem
ent
shou
ld c
ondu
ct a
per
iodi
c re
view
of
the
acce
ss ri
ghts
to c
ritic
al
stud
ent i
nfor
mat
ion
such
as t
he
resi
denc
y fie
ld.
4. W
e re
com
men
d th
at th
e O
ffic
e of
Info
rmat
ion
Tech
nolo
gy (O
IT)
Fully
Impl
emen
ted
Fully
Impl
emen
ted
Fully
Impl
emen
ted
Subs
tant
ially
Impl
emen
ted
10
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
FY 2
010
Ann
ual
Fina
ncia
l Rev
iew
(A
FR) (
Con
tinue
d)
Con
solid
ated
AFR
is p
repa
red
in a
ccor
danc
e w
ith g
ener
ally
ac
cept
ed a
ccou
ntin
g pr
inci
ples
. The
info
rmat
ion
incl
uded
in th
e in
stitu
tion’
s A
FR a
nd re
late
d fo
otno
te
info
rmat
ion,
whi
ch is
av
aila
ble
at th
e in
stitu
tion,
is
the
resp
onsi
bilit
y of
UT
Arli
ngto
n’s m
anag
emen
t.
wor
k w
ith A
sset
Man
agem
ent t
o ex
plor
e ot
her o
ptio
ns o
f atta
chin
g th
e in
vent
ory
tags
to e
quip
men
t su
ch a
s ser
vers
, whe
re th
ere
is a
m
inim
um v
isib
le a
rea
to a
ttach
the
inve
ntor
y ta
gs, 1
0 su
ch th
at th
e ta
gs a
re v
isib
le o
r ver
ifiab
le
with
out m
ajor
dis
rupt
ion
to th
e eq
uipm
ents
' fun
ctio
ns.
Sect
ion
III
of U
T A
rling
ton'
s Pro
cedu
res 2
-43:
R
espo
nsib
ilitie
s, In
vent
orie
s, R
epor
ting
and
Trac
king
of
Uni
vers
ity P
rope
rty, s
tate
s tha
t if
an it
em c
anno
t be
tagg
ed d
ue to
the
natu
re (s
ize,
use
, mat
eria
l, et
c.) o
f th
e ite
m, t
he in
vent
ory
tag
will
be
affix
ed to
a 5
x7 c
ard
and
the
card
w
ill b
e re
tain
ed in
the
depa
rtmen
t’s
inve
ntor
y fil
e fo
r ver
ifica
tion.
The
m
anag
emen
t cou
ld u
se th
is
met
hodo
logy
to tr
ack
the
asse
ts
iden
tifie
d in
this
aud
it an
d al
so
othe
r sim
ilar a
sset
s. 5.
Hum
an R
esou
rces
shou
ld is
sue
a re
min
der t
o al
l dep
artm
ents
abo
ut
the
impo
rtanc
e of
com
plet
ing
and
reta
inin
g th
e m
onth
ly a
bsen
ce
repo
rt to
pro
perly
and
acc
urat
ely
Fully
Impl
emen
ted
11
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
FY 2
010
Ann
ual
Fina
ncia
l Rev
iew
(A
FR) (
Con
tinue
d)
acco
unt f
or le
ave
take
n by
em
ploy
ees.
11-0
3 11
/30/
2010
Pr
esid
entia
l Hou
sing
, Tr
avel
and
En
terta
inm
ent
Expe
nditu
res A
udit
To p
rovi
de a
ssur
ance
that
the
Fisc
al Y
ear 2
009
trave
l and
en
terta
inm
ent e
xpen
ses f
or th
e Pr
esid
ent c
ompl
y w
ith th
e U
T A
rling
ton-
esta
blis
hed
pol
icie
s an
d pr
oced
ures
for t
rave
l, en
terta
inm
ent a
nd h
ousi
ng
expe
nditu
re re
imbu
rsem
ents
to
empl
oyee
s tha
t inc
lude
Sta
te,
Fede
ral,
and
Boa
rd o
f R
egen
ts’ R
ules
and
R
egul
atio
ns.
[No
findi
ngs w
ere
note
d in
this
au
dit.]
-
Red
uce
the
risk
of
non-
com
plia
nce
with
U
T A
rling
ton
polic
ies
and
proc
edur
es.
11-0
4 3/
21/2
011
Info
rmat
ion
Secu
rity
Prog
ram
Inde
x (I
SPI)
Obj
ectiv
e is
to d
eter
min
e if
the
ISPI
ass
essm
ent a
ccur
atel
y re
flect
s the
Uni
vers
ity’s
st
reng
ths i
n th
e ar
eas o
f fo
unda
tion,
pra
ctic
es a
nd
com
plia
nce
with
rega
rd to
in
form
atio
n se
curit
y.
1. T
he IS
O sh
ould
wor
k w
ith
appr
opria
te m
anag
emen
t to
acco
unt f
or a
ll in
form
atio
n re
sour
ce o
wne
rs. T
he li
st o
f ow
ners
shou
ld b
e do
cum
ente
d an
d m
aint
aine
d.
2. T
he IS
O sh
ould
dev
elop
a
met
hod
to m
onito
r and
mea
sure
the
exte
nt to
whi
ch o
wne
r re
spon
sibi
litie
s and
dut
ies a
re
bein
g pe
rfor
med
.
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
In
com
plet
e/O
ngoi
ng (b
eing
fo
llow
ed-u
p on
FY
201
2)
Ris
k of
secu
rity
brea
ches
to
inst
itutio
n’s n
etw
ork
and
data
12
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Info
rmat
ion
Secu
rity
Prog
ram
Inde
x (I
SPI)
(C
ontin
ued)
3.Th
e IS
O sh
ould
revi
ew th
e IS
PI
scor
e ca
lcul
atio
n an
d sh
ould
di
scus
s and
agr
ee w
ith th
e U
T Sy
stem
Chi
ef In
form
atio
n Se
curit
y O
ffic
er if
ther
e ar
e di
ffer
ence
s in
the
calc
ulat
ion.
4.
The
ISO
shou
ld d
evel
op a
ve
rifia
ble
basi
s for
det
erm
inin
g th
e to
tal n
umbe
r of U
nive
rsity
-ow
ned
com
pute
rs.
5. T
he IS
O sh
ould
wor
k w
ith O
IT
to e
nsur
e th
at th
e vC
ente
r co
nfig
urat
ion
man
agem
ent c
lient
is
inst
alle
d an
d ru
nnin
g on
all
Uni
vers
ity c
ompu
ters
. 6.
The
vul
nera
bilit
ies d
etec
ted
from
the
vario
us sc
ans s
houl
d be
ra
ted
in te
rms o
f sec
urity
risk
s and
po
tent
ial i
mpa
ct to
the
Uni
vers
ity.
The
secu
rity
inci
dent
tick
etin
g pr
oces
s sho
uld
docu
men
t the
risk
ra
ting
of e
ach
iden
tifie
d vu
lner
abili
ty. T
he p
riorit
izat
ion
of
rem
edia
tion
shou
ld b
e ba
sed
on th
e ris
k ra
ting.
The
ISO
shou
ld o
btai
n O
IT’s
agr
eem
ent t
o be
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
In
com
plet
e/O
ngoi
ng (b
eing
fo
llow
ed-u
p on
FY
201
2)
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
In
com
plet
e/O
ngoi
ng (b
eing
fo
llow
ed-u
p on
FY
201
2)
13
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Info
rmat
ion
Secu
rity
Pr
ogra
m In
dex
(ISP
I)
(Con
tinue
d)
imm
edia
tely
invo
lved
in th
e re
med
iatio
n pr
oces
s for
vu
lner
abili
ties w
ith h
igh
and
med
ium
risk
ratin
gs.
7. F
or re
med
iatio
n of
ope
n se
curit
y in
cide
nts t
hat h
ave
budg
et im
pact
or
shor
tage
, the
ISO
shou
ld p
rese
nt
the
mat
ter t
o th
e IT
Sec
urity
Ex
ecut
ive
Wor
king
Gro
up fo
r pr
oper
dis
posi
tion.
8.
The
ISO
shou
ld e
xped
ite th
e hi
ring
of a
staf
f mem
ber w
hose
po
sitio
n is
ded
icat
ed to
man
agin
g in
cide
nt ti
cket
ing
and
mon
itorin
g.
9. A
s req
uire
d by
UT
Syst
em, t
he
ISO
nee
ds to
incl
ude
in th
e A
nnua
l R
epor
t to
the
Pres
iden
t ess
entia
l el
emen
ts su
ch a
s an
exec
utiv
e su
mm
ary
and
the
com
plia
nce
stat
us to
regu
latio
ns a
nd U
T Sy
stem
pol
icie
s. In
add
ition
, per
IS
PI m
etric
scor
e of
9, t
he A
nnua
l R
epor
t sho
uld
also
incl
ude
com
preh
ensi
ve m
onito
ring
plan
s fo
r log
ical
acc
ess a
nd p
hysi
cal
cont
rols
.
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
In
com
plet
e/O
ngoi
ng (b
eing
fo
llow
ed-u
p on
FY
201
2)
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
14
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Info
rmat
ion
Secu
rity
Prog
ram
Inde
x (I
SPI)
(C
ontin
ued)
10.T
he IS
O sh
ould
agr
ee w
ith th
e U
T Sy
stem
Chi
ef In
form
atio
n Se
curit
y O
ffic
er to
con
side
r di
sreg
ardi
ng in
the
aver
age
scor
e co
mpu
tatio
ns, t
he P
CI s
tand
ards
th
at a
re n
ot a
pplic
able
to e
ither
C
entra
lized
or D
ecen
traliz
ed IT
. 11
. To
com
ply
with
TA
C 2
02.7
1,
Man
agem
ent a
nd S
taff
R
espo
nsib
ility
-- it
ems “
a” a
nd
“b”,
the
ISO
shou
ld w
ork
with
the
Exec
utiv
e M
anag
emen
t to
ensu
re
that
info
rmat
ion
reso
urce
ow
ners
ar
e fo
rmal
ly id
entif
ied
and
appr
oved
by
the
Pres
iden
t or h
is
desi
gnee
; and
that
info
rmat
ion
reso
urce
ow
ners
are
form
ally
ch
arge
d to
per
form
the
resp
onsi
bilit
ies s
tate
d in
bot
h TA
C
202.
71 a
nd in
UTS
165
, UT
Syst
em In
form
atio
n R
esou
rces
Use
an
d Se
curit
y Po
licy,
whi
ch is
su
mm
ariz
ed a
s fol
low
s:
• G
rant
s/ap
prov
es a
cces
s to
the
Info
rmat
ion
Syst
em u
nder
hi
s/he
r res
pons
ibili
ty
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
In
com
plet
e/O
ngoi
ng (b
eing
fo
llow
ed-u
p on
FY
201
2)
15
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Info
rmat
ion
Secu
rity
Prog
ram
Inde
x (I
SPI)
(C
ontin
ued)
• Cla
ssifi
es D
igita
l Dat
a ba
sed
on D
ata
sens
itivi
ty a
nd ri
sk
• Bac
ks u
p D
ata
unde
r his
/her
re
spon
sibi
lity
in a
ccor
danc
e w
ith ri
sk m
anag
emen
t de
cisi
ons a
nd se
cure
s bac
k-up
m
edia
• D
esig
nate
s an
indi
vidu
al to
se
rve
as a
n In
form
atio
n Se
curit
y A
dmin
istra
tor (
ISA
) to
impl
emen
t inf
orm
atio
n se
curit
y po
licie
s and
pr
oced
ures
and
for r
epor
ting
inci
dent
s to
the
ISO
• P
erfo
rms a
n an
nual
in
form
atio
n se
curit
y ris
k as
sess
men
t and
iden
tifie
s, re
com
men
ds, a
nd d
ocum
ents
ac
cept
able
risk
leve
ls fo
r in
form
atio
n re
sour
ces u
nder
hi
s/he
r aut
horit
y 12
. The
ISO
sh
ould
dev
elop
a d
efin
itive
pl
an a
nd ti
me
fram
e to
es
tabl
ish
a pr
oces
s tha
t an
alyz
es th
e co
nfig
urat
ion
data
be
ing
colle
cted
by
the
conf
igur
atio
n m
anag
emen
t
16
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Info
rmat
ion
Secu
rity
Prog
ram
Inde
x (I
SPI)
(C
ontin
ued)
clie
nt a
nd d
eter
min
e if
Uni
vers
ity c
ompu
ters
are
co
mpl
ying
with
the
inst
itutio
n’s s
ecur
ity st
anda
rds.
11-0
5 4/
15/2
011
Endo
wm
ent
Stew
ards
hip
Endo
wm
ent
Stew
ards
hip
To d
eter
min
e w
heth
er th
e U
nive
rsity
is in
com
plia
nce
with
the
UT
Syst
em p
olic
y U
TS 1
17 –
End
owm
ent
Com
plia
nce
Plan
Sys
tem
-Wid
e St
anda
rds a
nd G
uide
lines
, w
ith sp
ecia
l em
phas
is o
n no
n-sc
hola
rshi
p en
dow
men
t sp
endi
ng. A
lso
revi
ew
endo
wm
ents
with
no
activ
ity.
We
reco
mm
end
that
the
Off
ice
of
Dev
elop
men
t and
the
endo
wm
ent
acco
unt a
dmin
istra
tors
for
the
unfil
led
endo
wed
aca
dem
ic
posi
tions
wor
k to
geth
er to
dev
elop
an
act
ion
plan
and
set d
eadl
ines
for
the
acco
mpl
ishm
ent o
f the
en
dow
men
t pur
pose
s. C
onsi
dera
tion
shou
ld b
e gi
ven
to w
heth
er a
n ex
istin
g fa
culty
m
embe
r cou
ld b
e se
lect
ed a
s the
ho
lder
of t
hese
end
owm
ents
and
ro
utin
ely
eval
uate
d fo
r whe
ther
he
or sh
e ca
n co
ntin
ue a
s the
hol
der o
f th
ese
endo
wed
pos
ition
s.
Fully
Impl
emen
ted
Inef
ficie
nt st
ewar
dshi
p pl
an a
nd in
abili
ty to
re
tain
don
ors
11-0
9 6/
15/2
011
Inst
itutio
nal
Com
plia
nce
Prog
ram
A
udit
1.
The
Com
plia
nce
Off
icer
shou
ld
ensu
re th
e co
mpl
ianc
e pr
ogra
m h
as
a de
taile
d w
ork
plan
with
bud
gete
d ho
urs,
and
that
the
stat
us o
f the
pl
an is
shar
ed w
ith th
e Ex
ecut
ive
Com
plia
nce
Com
mitt
ee to
ass
ist
them
in th
eir o
vers
ight
role
. 2. T
he C
ompl
ianc
e O
ffic
e sh
ould
co
nsid
er m
akin
g th
e co
mpl
ianc
e
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
N
/A –
as c
lient
dee
med
not
to
impl
emen
t
17
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Inst
itutio
nal
Com
plia
nce
Prog
ram
A
udit
(Con
tinue
d)
risk
info
rmat
ion,
such
as t
he h
igh-
risk
area
s/fu
nctio
ns, a
vaila
ble
for
exec
utiv
es, d
eans
and
cha
irs th
at
do n
ot se
rve
on th
e co
mm
ittee
. It
coul
d be
ben
efic
ial t
o in
clud
e a
rota
ting
mem
ber o
n th
e Ex
ecut
ive
Com
plia
nce
Com
mitt
ee, e
spec
ially
fr
om th
e ac
adem
ic a
rea.
3. W
e re
com
men
d th
at th
e C
ompl
ianc
e O
ffic
e en
sure
that
cr
imin
al b
ackg
roun
d ch
ecks
are
be
ing
perf
orm
ed b
y m
onito
ring
this
pro
cess
. It c
ould
be
done
eith
er
by th
e C
ompl
ianc
e O
ffic
e pe
riodi
cally
test
ing
whe
ther
new
em
ploy
ees h
ad c
rimin
al
back
grou
nd c
heck
s or b
y ha
ving
H
uman
Res
ourc
es d
evel
op a
m
onito
ring
plan
with
the
resu
lts o
f th
e m
onito
ring
bein
g re
view
ed
quar
terly
. 4. W
e re
com
men
d th
at P
roce
dure
3-
48: C
rim
inal
Bac
kgro
und
Che
cks f
or S
ecur
ity-S
ensi
tive
Posi
tions
be
revi
sed
to st
ate
the
actu
al p
roce
dure
s whi
ch a
re th
at
crim
inal
bac
kgro
und
chec
ks sh
ould
Fully
Impl
emen
ted
Fu
lly Im
plem
ente
d
18
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Inst
itutio
nal
Com
plia
nce
Prog
ram
A
udit
(Con
tinue
d)
be o
btai
ned
on a
ll po
sitio
ns ra
ther
th
an ju
st fo
r sec
urity
-sen
sitiv
e po
sitio
ns.
5. W
e re
com
men
d th
at th
e co
mpl
ianc
e tra
inin
g m
ater
ial
incl
ude
a po
st-te
st fe
atur
e in
the
train
ing
to e
valu
ate
whe
ther
the
empl
oyee
und
erst
ands
the
train
ing
mat
eria
l and
to p
rovi
de a
mea
ns fo
r em
ploy
ees t
o ev
alua
te th
e tra
inin
g. 6.
We
reco
mm
end
that
the
Com
plia
nce
Off
ice
cond
uct a
pe
riodi
c re
view
of t
he c
ompl
ianc
e pr
ogra
m’s
eff
ectiv
enes
s and
id
entif
y op
portu
nitie
s to
impr
ove
the
prog
ram
, thr
ough
surv
eys a
nd
othe
r act
iviti
es.
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
In
com
plet
e/O
ngoi
ng (b
eing
fo
llow
ed-u
p on
FY
201
2)
Inco
mpl
ete/
Ong
oing
(bei
ng
follo
wed
-up
on F
Y 2
012)
11-0
2 7/
1/20
11
Nor
man
Hac
kerm
an
Adv
ance
d R
esea
rch
Prog
ram
Aud
it (N
HA
RP)
– fo
rmer
ly
the
Adv
ance
d Te
chno
logy
Pr
ogra
m/A
dvan
ced
Res
earc
h Pr
ogra
m
(ATP
/AR
P)
The
obje
ctiv
e w
as to
pro
vide
re
ason
able
ass
uran
ce th
at th
e U
nive
rsity
is c
ompl
ying
with
th
e pr
oced
ures
spec
ified
by
the
Texa
s Hig
her E
duca
tion
Coo
rdin
atin
g B
oard
(TH
ECB
) pe
rtain
ing
to th
e N
HA
RP
gran
ts a
nd th
e gr
ant
cond
ition
s.
1. T
he O
ffic
e of
Gra
nt a
nd
Con
tract
Ser
vice
s sho
uld
deve
lop
a pr
oces
s to
ensu
re th
at a
ll gr
ant-
rela
ted
fore
ign
trave
l is r
evie
wed
ag
ains
t the
gra
nt p
ropo
sal t
o en
sure
th
at it
is a
n al
low
able
exp
ense
and
ap
prov
ed b
efor
e th
e tra
vel i
s m
ade.
2.
The
Off
ice
of G
rant
and
Fully
Impl
emen
ted
Fully
Impl
emen
ted
19
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
NH
AR
P (C
ontin
ued)
Con
tract
Ser
vice
s and
Gra
nt
Acc
ount
ing
are
resp
onsib
le fo
r m
onito
ring
the
gran
ts a
nd th
e ex
pend
iture
s on
the
gran
ts.
In
orde
r to
impr
ove
cont
rols
ove
r bu
dget
tran
sfer
s, w
e re
com
men
d th
at a
pol
icy/
proc
edur
e be
de
velo
ped
to e
nsur
e th
at th
e bu
dget
tra
nsfe
r req
uest
s are
cha
nnel
ed
thro
ugh
OG
CS
for p
rope
r app
rova
l be
fore
the
trans
fers
are
mad
e.
Als
o, it
shou
ld b
e co
mm
unic
ated
to
the
depa
rtmen
ts a
nd th
e Pr
inci
pal I
nves
tigat
ors (
PIs)
hav
ing
NH
AR
P gr
ants
to m
ake
writ
ten
requ
ests
(suc
h as
em
ails
, mem
o,
etc.
) to
OG
CS
for b
udge
t tra
nsfe
rs.
11-1
0 7/
22/2
011
Trav
el P
olic
y C
ompl
ianc
e an
d Sp
endi
ng R
evie
w
The
obje
ctiv
e w
as to
de
term
ine
com
plia
nce
with
U
T A
rling
ton’
s tra
vel p
olic
ies
and
iden
tify
any
abno
rmal
sp
endi
ng p
atte
rns.
1. T
rave
l Sup
port
Serv
ices
shou
ld
esca
late
non
-com
plia
nce
with
Pr
oced
ure
2-90
, Com
plet
ing
Requ
ired
Doc
umen
tatio
n fo
r Tr
avel
Rei
mbu
rsem
ents
, Sec
tion
II,
Tim
ing,
to th
e de
partm
ent h
eads
fo
r em
ploy
ees w
ho fa
iled
to su
bmit
trave
l vou
cher
s and
supp
ortin
g do
cum
ents
with
in 6
0 da
ys fr
om th
e da
te o
f tra
vel.
Tra
vel S
uppo
rt Se
rvic
es sh
ould
als
o se
nd
rem
inde
rs to
the
cam
pus
Fully
Impl
emen
ted
Inac
cura
te a
mou
nts o
f re
imbu
rsem
ents
, m
isap
prop
riatio
ns o
f fu
nds,
fals
ifica
tion
of
docu
men
tatio
n eq
uatin
g th
eft o
f U
nive
rsity
mon
ey
20
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
Rep
ort
No.
R
epor
t Dat
e N
ame
of R
epor
t H
igh-
Lev
el C
onsu
lting
E
ngag
emen
t/Non
-Aud
it Se
rvic
e O
bjec
tive(
s)
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d,
Subs
tant
ially
O
bser
vatio
ns/ R
esul
ts &
R
ecom
men
datio
ns
Impl
emen
ted,
Fi
scal
Impa
ct/O
ther
In
com
plet
e/O
ngoi
ng, o
r Im
pact
N
ot Im
plem
ente
d) w
ith
brie
f des
crip
tion
if no
t yet
im
plem
ente
d. 1
Trav
el P
olic
y C
ompl
ianc
e an
d Sp
endi
ng R
evie
w
(Con
tinue
d)
com
mun
ity p
erio
dica
lly re
min
ding
em
ploy
ees t
o pr
epar
e m
ileag
e ca
lcul
atio
ns u
sing
eith
er th
e em
ploy
ee's
odom
eter
read
ing
or b
y us
ing
Map
Que
st, w
hich
is th
e on
ly
map
ping
serv
ice
acce
pted
by
the
Uni
vers
ity.
2. W
e re
com
men
d th
at th
e O
ffic
e of
Acc
ount
ing
and
Bus
ines
s Se
rvic
es (O
AB
S) d
evel
op
Uni
vers
ity p
roce
dure
s to
spec
ifica
lly a
ddre
ss th
e A
thle
tics
Dep
artm
ent h
andl
ing
of tr
avel
ca
rds s
uch
as fo
rmal
issu
ance
, us
age,
and
mon
itorin
g of
ath
letic
co
ache
s’ tr
avel
car
d pu
rcha
ses.
3.
Tra
vel S
uppo
rt Se
rvic
es sh
ould
es
cala
te n
on-c
ompl
ianc
e w
ith
Proc
edur
e 2-
80, R
eque
st fo
r Tra
vel
Auth
oriz
atio
n an
d O
btai
n Pe
rmis
sion
to T
rave
l, Se
ctio
n IV
.E,
Trav
el A
dvan
ces,
to th
e de
partm
ent
head
s for
em
ploy
ees w
ho fa
iled
to
depo
sit u
nuse
d fu
nds a
t the
B
ursa
r’s O
ffic
e af
ter t
he a
llow
ed
15 d
ays f
rom
the
last
day
of t
rave
l.
Fully
Impl
emen
ted
Fully
Impl
emen
ted
21
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
22
__
____
____
____
____
____
____
____
____
____
____
____
____
____
____
___
1 Def
initi
ons o
f im
plem
enta
tion
stat
us a
re a
s fol
low
s:
• Fu
lly Im
plem
ente
d: S
ucce
ssfu
l dev
elop
men
t and
use
of a
pro
cess
, sys
tem
, or p
olic
y to
impl
emen
t a p
rior r
ecom
men
datio
n •
Subs
tant
ially
Impl
emen
ted:
Suc
cess
ful d
evel
opm
ent b
ut in
cons
iste
nt u
se o
f a p
roce
ss, s
yste
m, o
r pol
icy
to im
plem
ent a
prio
r rec
omm
enda
tion
• In
com
plet
e/O
ngoi
ng: O
ngoi
ng d
evel
opm
ent o
f a p
roce
ss, s
yste
m, o
r pol
icy
to a
ddre
ss a
prio
r rec
omm
enda
tion
• N
ot Im
plem
ente
d: L
ack
of a
form
al p
roce
ss, s
yste
m, o
r pol
icy
to a
ddre
ss a
prio
r rec
omm
enda
tion.
Fi
scal
Yea
r 20
11
Ann
ual A
udit
Rep
ort f
or S
tate
Aud
itor’
s Off
ice
23
IV.
Lis
t of C
onsu
lting
Eng
agem
ents
and
Non
-aud
it Se
rvic
es C
ompl
eted
Sho
win
g H
igh-
Lev
el O
bjec
tives
/
O
bser
vatio
ns/R
esul
ts, R
ecom
men
datio
ns, a
nd Im
plem
enta
tion
Stat
us
Rep
ort
No.
R
epor
t D
ate
Nam
e of
Rep
ort
Hig
h-L
evel
C
onsu
lting
E
ngag
emen
t/Non
-au
dit S
ervi
ce
Obj
ectiv
e(s)
Obs
erva
tions
/ R
esul
ts &
R
ecom
men
datio
ns
Cur
rent
Sta
tus (
Fully
Im
plem
ente
d, S
ubst
antia
lly
Impl
emen
ted,
In
com
plet
e/O
ngoi
ng, o
r N
ot
Impl
emen
ted)
2 w
ith b
rief
de
scri
ptio
n if
not y
et
impl
emen
ted.
Fisc
al
Impa
ct/O
ther
Im
pact
Non
e N
one
Non
e N
one
Non
e N
one
Non
e __
____
____
____
____
____
____
____
____
____
____
____
____
____
__
2 Def
initi
ons o
f im
plem
enta
tion
stat
us a
re a
s fol
low
s:
• Fu
lly Im
plem
ente
d: S
ucce
ssfu
l dev
elop
men
t and
use
of a
pro
cess
, sys
tem
, or p
olic
y to
impl
emen
t a p
rior r
ecom
men
datio
n •
Subs
tant
ially
Impl
emen
ted:
Suc
cess
ful d
evel
opm
ent b
ut in
cons
iste
nt u
se o
f a p
roce
ss, s
yste
m, o
r pol
icy
to im
plem
ent a
prio
r rec
omm
enda
tion
• In
com
plet
e/O
ngoi
ng: O
ngoi
ng d
evel
opm
ent o
f a p
roce
ss, s
yste
m, o
r pol
icy
to a
ddre
ss a
prio
r rec
omm
enda
tion
• N
ot Im
plem
ente
d: L
ack
of a
form
al p
roce
ss, s
yste
m, o
r pol
icy
to a
ddre
ss a
prio
r rec
omm
enda
tion.
Fiscal Year 2011 Annual Audit Report
V. Organizational Chart
VI. Report on Other Internal Audit Activities
Activity Impact Participated with the University Institutional Compliance Office in Enterprise Risk Management Reviews
This participation provides a service to the University by facilitating the review and identification of the University’s high risks.
Participated in numerous Web-based seminars/trainings.
These trainings provide information on current trends and important topics useful to the audit team.
Assistant Director on steering committee for the University’s transition to PeopleSoft – a UT System shared ERP application system
Steering committee assists with general analysis during design, testing, and implementation phases, helps establish and oversee transition processes and standards, and provides leadership to enhance and support the UT System shared applications transition.
24
Fiscal Year 2011 Annual Audit Report
25
VII. Internal Audit Plan for Fiscal Year 2012
The following Audit Plan Table identifies 2011 audit projects for various audit categories and indicates planned audit hours. Please note that the detailed schedules, risk assessments and analysis for preparation of the work plan are not included. A complete copy of the Work Plan schedules may be requested from the Director of Internal Audit at (817) 272-2018.
AUDIT BUDGETED HOURS
FINANCIAL AUDITS FY 2011 Financial Statement Audit (AFR) 400.00 FY 2012 Financial Statement Audit (Interim) 100.00 Presidential Housing, Travel & Entertainment Expenses Audit 100.00
NCAA Financial Audit 150.00 Spot Audits of Petty Cash Funds 30.00
Financial Audits Subtotal 780.00 OPERATIONAL AUDITS Change in Management Audit of the Office of Information Technology 250.00 Audit of University-Owned Tablet Computers such as iPads 200.00 Telecommunications Operational Review/Physical Controls 250.00(C/F) Disability Services/Fire & Life Safety 100.00(C/F) Procurement Card Audit 75.00(C/F) Employee Check-Out Process 75.00Special Requests TBD 120.00Special Audits & Other Audit-Related Activities 150.00
Operational Audits Subtotal 1,220.00 COMPLIANCE AUDITS Dependent Eligibility Audit 300.00Statewide Single Audit (assistance to the SAO) 80.00NCAA Compliance Audit – Recruiting 220.00Nursing Shortage Reduction Program FY 2011 Awards 230.00UT Arlington Nursing Simulation Award Audit 250.00Research Compliance Review 100.00Special Requests TBD 120.00Special Audits & Other Audit-Related Activities 150.00
Compliance Audits Subtotal 1,450.00 INFORMATION TECHNOLOGY & CONSULTING TAC 202 Biennial Requirement (Phase I) 200.00TAC 202 Biennial Requirement (Phase II) 200.00 (C/F) TAC 202 Biennial Requirement (FY 2011) 50.00PeopleSoft Implementation 500.00Deloitte IT Security Consulting Follow-Up 50.00TeamMate Conversion and Procedures 200.00
Information Technology & Consulting Subtotal 1,200
Fiscal Year 2011 Annual Audit Report
26
FOLLOW-UP AUDITS Follow-Up Audits (IT Related) 150.00 Follow-Up Audits (Non IT Related) 150.00
Follow-Up Audits Subtotal 300.00PROJECTS Audit Projects UT System Requests 400.00FY 2013 Audit Work Plan Preparation 140.00Annual Internal Audit Report 40.00Other Projects Quality Assurance Review 250.00Committees (e.g. Internal Audit, Compliance and Other Committee Involvement) 250.00
Investigations 200.00Projects Subtotal 1,280.00
TOTAL AUDIT HOURS 6,230.00 VIII. External Audit Activities
• SAO A-133 Student Financial Aid • SAO Assistance for A-133, Research and Development audit • Deloitte &Touche LLP Conducting FY 2011 Annual Financial Statement audit
IX. Reporting Suspected Fraud and Abuse The University of Texas at Arlington has implemented requirements as mandated in Article IX, Section 17.05 and Article XII, Section 5 (c), the General Appropriations Act (81st Legislature) and Texas Government Code, Section 321.022. Actions Taken:
• The fraud reporting direct link to the state is maintained on the “Reports to State” (Resources Section bottom of page) link on the University’s home page www.uta.edu.
• UT Arlington policies have been updated to provide information on reporting fraud involving State Funds to the SAO.
• Policies and Procedures have been updated for the requirement that the Chief Administrative Officer shall report suspected fraud to the State Auditor’s Office.
• With respect to ARRA reporting, information is provided on our website at http://www.uta.edu/research/recovery/memo.html with a link to www.recovery.gov.
