Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
LEVERAGING INTERNAL AUDIT
Brian J. Daniels
Associate Director of Internal Audit
Virginia Tech
INTERNAL AUDIT OVERVIEW
Internal Audit Overview
Mission of Internal Auditing
Scope of Audit Activities
Audit Types
Risk Assessment and Audit Plan
Compliance Review Program
Advisory Services Program
Questions?
THE BIG PICTURE
University-wide, Internal Audit can help university
leadership allocate limited resources
Improving operational efficiency
Enhance budgetary processes
Streamline business operations
Help decentralized departments more efficiently and
appropriately communicate
WAYS TO ENHANCE INTERNAL AUDIT
Expand Internal Audit’s focus: include reviews that focus on operational and strategic risks rather than simply traditional reporting and compliance
Use internal auditors as trusted business advisors: University management can and should request reviews from Internal Audit as a response to system or process changes, leadership concerns or transitions, emerging risks in higher education, etc.
Make the most of technology: Continuous auditing is an example of an automated approach that allows auditors to gather critical information. Also, tools such as data analytics and predictive modeling can help to spot anomalies
Implement quality assurance reviews i.e. audit the auditors
Source: http://www.pscpa.com/thought-leadership/our-newsletters/public-company-insights/5-ways-to-leverage-internal-audits
EVOLUTION OF INTERNAL AUDIT
Tactical Strategic
Reactive Proactive
Backward looking Forward looking
Focused on accounting Focused on business
Singular focus on
compliance
An appropriate complement of risk-
based and compliance-based auditing
Disciplinary Helpful ally
Source: http://www.bakertilly.com/uploads/how-to-work-with-internal-audit-leveraging-internal-audit-for-success_HE_Article.pdf
Internal Audit
Board of Visitors Finance and Audit Committee
President
POLICY 3350: INTERNAL AUDIT CHARTER
ORG STRUCTURE
FUNCTIONALLY ADMINISTRATIVELY
Provide independent, objective assurance and
advisory services designed to add value and
improve the university's operations
Help university departments accomplish their
objectives by bringing a systematic, disciplined
approach to identify opportunities for improvement
INTERNAL AUDIT: MISSION
SCOPE OF ACTIVITIES: GOVERNANCE
Internal Audit assesses governance and
recommends improvements in the areas of:
Ethics and values within the university
Accountability and performance management
Risk and control information
Internal Audit also provides coordination among
the board, external auditors, and management
SCOPE OF ACTIVITIES: RISK MANAGEMENT
Internal Audit aims to:
Identify and evaluate significant risk exposure
Assess effectiveness of the university's risk management
system
Promote continuous improvement
Risk Topics:
Reliability and integrity of financial and operational info
Effectiveness and efficiency of operations
Safeguarding of assets
Compliance with laws, regulations, and contracts
SCOPE OF ACTIVITIES: INTERNAL CONTROLS
Assist university in maintaining effective controls by:
Evaluating effectiveness and efficiency
Promoting continuous improvement
Assess Internal Controls by assessing whether:
Objectives are established and conform with university
Management has established adequate criteria to determine
whether objectives have been accomplished
Actual results conform with objectives
INTERNAL CONTROL FRAMEWORK
Monthly reviews of
performance reports
Internal audit
function
Reporting
University
communications
MONITORING: INFORMATION &
COMMUNICATIONS
CONTROL ACTIVITIES: RISK ASSESSMENT:
Purchasing limits
Approvals
Security
Reconciliation
Specific policies
Internal and
external events
Internal audit risk
assessment
A strategy to
manage risks
Monitoring
Information & Communication
Control activities
Risk assessment
Control Environment
CONTROL ENVIRONMENT Tone from the top
Corporate Policies
Organizational Authority
Perform
Risk Assessment
Monitor
Performance
Implement
Control
Activities
Information
Communication
Tra
inin
g T
ra
inin
g
Promote
Culture of
Accountability,
Responsibility,
and Ethics
RISK CONTROL PROCESS
The annual audit plan is published on the University Internal Audit
website after approval by the Board of Visitors.
http://www.audit.vt.edu/
BOV – AUDIT PLAN TIMELINE
JUNE Draft Audit Plan Submitted
AUGUST Audit Plan Approved
Audits and Reviews
Risk-Based Operational &
IT Audits
Compliance Reviews
Advisory Services
Fraud, Waste, and Abuse Reviews
AUDIT TYPES
ANNUAL RISK ASSESSMENT
Relative business risk was assessed on a judgmental
basis for the following qualitative and quantitative
factors
Factors
Quality and Stability of Control Environment
Business Exposure (Materiality and Liquidity of Operational Resources)
Public and Political Sensitivity
Compliance Requirements
Information Technology and Management Reporting
SENIOR LEADERSHIP INPUT
Surveys
Meetings w/ Supporting Documents
Department contact listing
Historical audit listing
Summary of VT Critical Issues
Academic department data (by college and by expend.)
Informs audit plan development
CRITICAL AREAS FOR CORE PLAN INCLUSION
(RISK-BASED AUDITS)
Academic Units
Sponsored Research
Administration
Service Centers
Lab Safety
International Travel and
Activity
Departmental Scholarships
Auxiliary Enterprises and
Athletics
Campus Safety and
Security
Enrollment Services
Facilities and Operations
Financial Management
Human Resources
Information Technology
Off-Campus Locations
Research
Student Services
HIGH-RISK, MULTI-YEAR AUDITS
Rotational approach to 4 key high-risk areas
High external compliance risk and complex operations
University Scholarships and Financial Aid
Intercollegiate Athletics
Research
Human Resources
AUDIT TYPE EFFORT
COMPLIANCE REVIEWS
Tests of controls related to university wide
policies and procedures (e.g., payroll, capital
assets, purchase cards, funds handling)
Formerly completed during risk-based audits;
became separate audit type in 2004
Completed at the Dean or Vice President level on
a five-year cycle
Random sampling and full data analysis on data
sets of up to 10,000 records
VARIOUS POPULATIONS
Senior Management Areas EEs
Fixed Assets P-Card
Deposits (in millions)
Athletics 447 1,327 $997,133 $55.9
College of Architecture 514 2,374 $436,323 $0.2
College of Engineering 2,829 14,742 $1,781,666 $5.5
Office of the President 58 126 $19,900 $0.003
VP for NCR 11 79 $24,900 $0.04
University Libraries 282 722 $241,340 $0.05
Office of the Executive VP and Provost
896 112 $334,424 $0.6
FIXED ASSETS
Summarize data by organization code
Stewardship tests
Current custodian assigned
Missing/stolen assets
Assets assigned as “Home Use”
Assets not inventoried in two years
LEAVE REPORTING
100% testing on timely electronic leave report
submission
Summarize data by employee on # of leave hours taken
PURCHASE CARDS
Summarize data by org. code and by cardholder
No. Cardholders or Last Purchase Date
Purchases (No. and $$)
Credits (No. and $$)
Total charges
Avg. charge
Identify purchases made over the weekend
Identify possible split transaction
Round numbers purchases
COMPLIANCE REPORT
Assessment (opinion)
1. Effective
2. Improvements are Recommended (Adequate)
3. Significant or Immediate Improvements are Needed
4. Unreliable
Compliance Scorecard: Summary data by functional
area for Senior Management Division
Scope: Detail data by department and functional area
Detailed Issues, Recommendations & Management
Action Plans
ADVISORY SERVICES
Performed at the request of management
Nature and scope of which are agreed with the client,
consultative in nature
Intended to add value and improve the university's
governance, risk management, and control processes
without the internal auditor assuming management
responsibility.
RECENT ADVISORY REVIEWS
Turnover engagements
Benchmarking operations and alignment
Out of Sight, Out of Mind
Offsite or remote locations
“What keeps me up at night…” topics
ADVISORY SERVICES ON AUDIT PLAN
ADVISORY SERVICES ON AUDIT PLAN
Brian J. Daniels Associate Director of Internal Audit
540-231-5883
Visit our website at: http://www.audit.vt.edu/
QUESTIONS?