La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

Fiscal Year 2009 Annual Internal Audit Report

De
70 pages
        FISCAL YEAR 2009 ANNUAL INTERNAL AUDIT REPORT THE OFFICE OF INTERNAL AUDIT BOX 19112 ARLINGTON, TX 76019-0112 817-272-0150 www.uta.edu/internalaudit    University of Texas at Arlington Annual Audit Report Fiscal Year 2009   TABLE OF CONTENTS I. Internal Audit Plan for Fiscal Year 2009………….………………….……………….……… 3 II. External Quality Assurance Review…….……………………………………………….……. 5 III. List of Audits Completed ……………………………...………………………………..…….. 11 IV. List of Consulting Engagements and Non-audit Services Completed …...…………………. 66 V. Organizational Chart ………………….…………………………………………….………. 67 .. VI. Report on Other Internal Audit Activities…………..……...…..…………………….…….…. 68 VII. Internal Audit Plan for Fiscal Year 2010……………………………………..……………….. 68 VIII. External Audit Services........................................................................................................ 69... ... IX. Reporting Suspecting Fraud and Abuse..................................................................................... 69 2   University of Texas at Arlington Annual Audit Report Fiscal Year 2009   Purpose of the Annual Report: To provide information on the benefits and effectiveness of the internal audit function. In addition, the annual report assists central oversight agencies in their work planning and coordinating efforts. I. Internal Audit Plan for the ...
Voir plus Voir moins
               
  FISCALYEAR2009 ANNUALINTERNALAUDITREPORT                  THE OFFICE OF INTERNAL AUDIT BOX 19112 ARLINGTON, TX 76019-0112 817-272-0150 www.uta.edu/internalaudit   
  TABLE OFCONTENTS  
I. II. III. IV. V. VI. VII. VIII. IX. 
        AnnUunailv eArsuidtiyt  oRf Tpeorxta sF iastc aArlington e l Year 2009
Internal Audit Plan for Fiscal Year 2009………….………………….……………….……… 3 External Quality Assurance Review…….……………………………………………….……. 5 List of Audits Completed ……………………………...………………………………..…….. 11 List of Consulting Engagements and Non-audit Services Completed …...………………… 66 Organizational Chart ………………….…………………………………………….………... 67 Report on Other Internal Audit Activities…………..……...…..…………………….…….…. 68 Internal Audit Plan for Fiscal Year 2010…………… ………………………..……………….. 68 External Audit Services.................................................................................................... 69 Reporting Suspecting Fraud and Abuse........................................................................... 69   
2  
 
        University of Texas at Arlington Annual Audit Report Fiscal Year 2009
   Purpose of the Annual Report:To provide information on the benefits and effectiveness of the internal audit function. In addition, the annual report assists central oversight agencies in their work planning and coordinating efforts.  I. Internal Audit Plan for the Fiscal Year 2009 FINANCIAL AUDITS FY 2008 -- Financial Statement Audit FY 2009 -- Financial Statement Audit (Interim) Presidential Housing, Travel & Entertainment Expense Audit Joint Admission Medical Program "JAMP" (Biennial Requirement) NCAA Financial Audit Financial Audits Subtotal OPERATIONAL AUDITS Campus Security/Emergency Preparedness Audit, including Clery Act Controls Over Cash Collection Areas and Security of Credit Card Information Follow-Up on FY 08 Health Services Audit Disability Services Registration Process Change In Management Audits Operational Audits Subtotal COMPLIANCE AUDITS UTS 166 -- Cash Management and Cash Handling Policy Student Fees Audit Advanced Technology Program/Advanced Research Program (ATP/ARP) NCAA Compliance Audit – Eligibility EHS: Review of High-Risk Areas, Chemical Safety Construction and Renovation Projects Review Against THECB Requirements Governance UTS 165 – Digital Sensitive Data Compliance with Payment Card Industry (PCI) Data Security Standards Compliance Audits Subtotal INFORMATION TECHNOLOGY Profile System Development ACL Exception Reporting with Focus on Payroll & Payables UTA 165 – IT Systems Change Management Audit Information Technology Subtotal FOLLOW-UP AUDITS IT Follow-Up Audits Follow-Up Audits (Non IT-Related)
Follow-Up Audits Subtotal
3  
BUDGETED HOURS  500  200  120  80  180  1,080  300  600 160  220 300 40  1,620  200 350 140 160 2500 200 120 140 200  1,760  300 100 140  540   120 200  320
        University of Texas at in t Annual Audit Report Fisc aAl rlYeagr o2n0 09 
 AUDIT PROJECTS UT System Requests 300 FY 2010 Audit Plan Preparation 160 Annual Internal Audit report 60 Procurement Card Continuous Auditing-ACL 160 Special Requests-Audits 150 Special Requests – Consulting 130 Police Security Staffing Review 200 Quality Assurance Review 160 ACL Training 40 Internal Audit and Institutional Compliance Committees 100 Investigations 160 Website Updates and TeamMate Procedures 200 Reserve for other Special Requests 260 Other Projects Subtotal2,080 Total Audit Hours 7,400  Explanations of Deviations from Work Plan: There were 32 priority audits identified within the FY 09 Work Plan. Of these, 28 were completed, in progress, or on-going as of August 31, 2009. Of the remaining priority audits, the Controls Over Cash Collection Areas and Security of Credit Card Information; Registration Department Processes Review; Construction Renovation Projects/Review Against THECB Requirements; and Student Fees Audits were moved to the Fiscal Year 2010 Work Plan with approval of the audit committee. The approval was given based upon the risk assessment for these areas and in consideration of timing for the audit. For example, the Construction Renovation Projects/Review Against THECB Requirements was postponed because a new facilities inventory management software will be implemented in the Fall of 2009. The committee also felt that more appropriate timing of the Student Fees audit would be in FY 2010 based upon recent changes to the student fee allocations. At the request of management, the Fiscal 2009 Work Plan included a consulting review of Police staffing levels, but based upon the economic turn-down, the audit committee requested that this consulting project not be performed. The Internal Audit Department also completed a Financial and Operational Audit of the Police Department which was at the request the UT System Chancellor.  The “Audit Projects” category includes hours allocatedfor a Police Security Staffing Level Review. The Police Security Staffing Level was originally categorized as consulting; however, UT System directed in mid-June that institutions audit the financial and operational internal controls of police departments. This financial and operational audit was, therefore, substituted for the Police Staffing Level audit mentioned above.  The plan’s status and accomplishment was reviewed with the Audit Committee at the August 27, 2009 committee meeting.   
4  
THE UNIVERSITY OF TEXAS AT TYLER 3900 University Boulevard, Tyler, TX  75799 (903) 5667114 Office of Audit Services 
        t on AnnUunailv eArusidiyt  oRfe pToerxt aFs iastc aAl rlYiengatr 2009  II. External Quality Assurance Review UT Arlington’s Department of Internal Audit completed a Quality Assurance Review in May 2009. The report is as follows:           May 21, 2009 Mr. Ken Schroeder Director of Internal Audit The University of Texas at Arlington  We have completed the external quality assurance review of the Department of Internal Audit of The University of Texas at Arlington (UTA) that you requested. This review was conducted May 1922, 2009, and covered departmental activities from 2006 through the date of our work. Members of the review team were: Kathryn Kapka, The University of Texas at Tyler, Scott Pierce, Georgia Southern University, and Paul Tyler, The University of Texas at San Antonio. Executive Summary There are three levels of conformance with the standards which are: generally conforms, partially conforms, and does not conform. In our opinion, the Department of Internal Audit generally conforms with the standards in all areas. All members of management interviewed were complimentary of Internal Audit and its interaction with audit clients throughout The University. This level of satisfaction was reflected in the audit committee and audit client surveys we reviewed.  Introduction  The Internal Audit Charter approved by the Institutional Audit Committee requires the Department of Internal Audit to maintain auditing standards consistent with those established by the Institute of Internal Auditors (IIA), Generally Accepted Governmental Auditing Standards (GAGAS) and The Texas Internal Auditing Act, which require an external assessment to be performed at least once every three years by a qualified, independent reviewer or review team from outside the organization. This report represents the results of the external quality assurance review we conducted using the IIA Quality Assessment Manual as a guide.  Our objective was to assess the level of the Department of Internal Audits compliance with the standards. Following is our report, which includes your responses to our observations. Scope 
5  
        University of Texas at Arlington Annual Audit Report Fiscal Year 2009  The scope of our review included: ƒ Selfassessment materials prepared by senior audit staff members, including the audit charter, audit manual and other organizational materials. ƒ The previous external quality assurance review issued May 25, 2006 and the followup report issued January 25, 2008. ƒ Review of the 2009 selfassessment report prepared by the Director of Internal Audit; ƒ Interviews with the Audit Committee and key administrators at The University who are responsible for some of the more significant areas subject to audit; ƒ Review of audit client surveys to determine satisfaction with the audit work performed by the Department; ƒ Interviews with the  Director and his staff; ƒ Examination of a sample of work papers and reports produced by the Department; and ƒ A comparison of the Department's audit practices with the Standards.  Conclusion The rating system that was used for expressing an opinion for this review provides for three levels of conformance: generally conforms, partially conforms, and does not conform. Generally Conforms means that the System has policies, procedures, and a charter that were judged to be in accordance with the Standards; however, opportunities for improvement may exist. Partially Conforms means deficiencies, while they might impair, did not prohibit Internal Audit from carrying out its responsibilities.  Does Not Conform means deficiencies in practice were found that were considered so significant as to seriously impair or prohibit Internal Audit in carrying out its responsibilities. The following table contains our analysis of how the Department of Internal Audit at The University of Texas at Arlingtons activities conform to each section of the Standards. Standard Type and Description Opinion Attribute Standards 1000 ‐Purpose, Authority, and Responsibility Generally Conforms 1100 ‐Independence and Objectivity Generally Conforms 1200 ‐Proficiency and Due Professional Care Generally Conforms 1300 ‐Quality Assurance and Improvement Program Generally Conforms Performance Standards 2000 Managing the Internal Audit Activity Generally Conforms 2100 ‐Nature of Work Generally Conforms 2200 Engagement Planning Generally Conforms 2300 ‐Performing the Engagement Generally Conforms 2400 ‐Communicating Results Generally Conforms 2500 ‐Monitoring Progress Generally Conforms 2600 ‐Resolution of Senior Management's Acceptance of Risks Generally Conforms The Institute of Internal Auditors' Code of Ethics Generally Conforms 6  
        AnUnailv eArusidtiyt  oRfe Tpeorxta sF iastc aAl rlYinegatr o2n0 09 nu  Department Strengths Observed:  As part of the Quality Assurance Review process, we noted certain strengths, as discussed below.  Executive Management views the Department of Internal Audit as a professional organization committed to providing valueadded services.  The effectiveness of the Departments recommendations, the thoroughness of the audit process, and the professionalism of the staff were recurring themes throughout the review.  Our review noted control strengths demonstrated by the department, which should be continued in the future.  These strengths include:  o The establishment of routine Internal Audit staff meetings; o Continuous communication throughout the audit; and o Recommendations in areas of risk key to University operations.   Our review of the department noted several instances of valueadded service to The University and demonstrated best practices.  Specifically:  o Senior Management from Intercollegiate Athletics and Health Services expressed their  appreciation for Internal Audits assistance with compliance and certification standards.  o Executive Management expressed appreciation for the audit recommendation followup process as it provides assistance in ensuring timely implementation and corrective action by management, which contributes to the overall control environment of The University.  o Independence forms were completed at the beginning of each project to ensure staff understood the importance of objectivity and independence.   The department staff demonstrated a high level of professionalism. We specifically noted:  o A strong desire for professional  growth; o Involvement of the Director and staff in professional organizations; o A commitment to providing valueadded services. Opportunities to Strengthen Operations The following are our comments related to general observations and best practices related to specific individual standards which comprise each of the sections of the Standards listed above: 1.  Efforts should be continued to integrate IT auditing within each audit engagement.  The skills of the IT auditor should be utilized during the planning, risk assessment, and performance of IT audit field work as it pertains to engagement objectives (IIA 2300).  
7  
 
        AnnUunailv eArusidtiyt  oRfe pToerxt aFs iastc aAl rlYienagrt o2n0 09 Response: Our Information Systems Auditor has developed an internal control questionnaire specifically addressing IT related controls which we will begin using in future nontechnical audits, as appropriate. We will involve our IS auditor to assist in identifying, evaluating, and documenting sufficient information during the planning, risk assessment, and field work phases of the audit and document this activity within our working papers. Target Date: All future audit engagements. 2. During the review of several audit projects and resulting reports, the QAR team noted that improvements could be made in the audit report format as follows:   The audit engagement scope must be clearly defined with regard to purpose and time frame in order to satisfy the audit objectives (IIA 2220).  Response: Going forward, the audit scope section of our audit reports will include the audited activities time period along with the purpose, nature and extent of audit tests performed. We will also include as statement that answers the question why the audit was done. Target Date: Ongoing.   Efforts should be made to improve timeliness of reports by decreasing the time period between end of fieldwork and report issuance.  Response: Timeliness of report issuance is a major goal and in order to achieve improvement, we will strive to: o Complete a draft of the audit report within 5 business days of field work completion. o Hold exit conference meetings within 10 days of field work completion. o Get management responses to report recommendations within 10 business days following the exit conference. o Issue reports within 30 days of field work completion. Target Date: Ongoing.   Reference should be made in the report to standards under which the audit was performed, i.e. Generally Accepted Governmental Auditing Standards (GAS 8.30).  Response: We will include a statement in the Scope and Methodology Section of our audit reports that the audit was conducted in accordance with Generally Accepted Governmental Auditing Standards. Target Date: Ongoing.   The Executive Summary portion of the audit report could be expanded to include the most critical audit observations and more clearly express the auditors opinion of the overall results.  Response: We will strive to clearly express significant observations and audit findings in the Executive Summary in support of our overall engagement conclusions. Additionally, some of the boilerplate will be removed to give the reader a quick summary of the audit. 
8