La lecture en ligne est gratuite
Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres
Télécharger Lire

GUMC & Internal Audit

De
6 pages
Georgetown UNIVERSITY Internal Audit Internal Audit Plan FY2010 to FY2012 As of April 2010 Discussion Points: I. Planning Overview II. Background, Assumptions, Internal Audit Services III. Audit Subjects FY2010 – FY2012 1 of 6 I. Planning Overview Georgetown UNIVERSITY Internal Audit Depicted below is the internal audit planning process. The process identified 30 audit subjects as priorities over the next three years. Internal Audit Planning Process2 3Audit UniverseSelection MethodologyAudit Subjects Prioritize Audit Subjects in FeedbackManagement Feedback Available for a 3 Year Audit Planning Internal AuditCycle Evaluate & Guide41Audit Transition from Audit SourcesCommittee Subjects to Audit ProjectsInput Internal & External Governance Specific Projects Executed Information UtilizedActivities Each Fiscal Year7 6 5DashboardInternal Audit Services Budget AvailableSummary Outputs from Audit Allocate Resources to Information: Projects Delivered to Audit Projects in a 3 Year Audit Services, Management & the Audit Audit Planning CycleBudget, TrendsCommittee2 of 6 II. Background, Assumptions, Internal Audit Services Georgetown UNIVERSITY Internal Audit BACKGROUND A risk adjusted audit plan establishes audit subjects; and then identifies, evaluates, prioritizes, and reports audit results relative to the following broad criteria: • Key Institutional Goals (to be adapted and coordinated with Campus ...
Voir plus Voir moins
1 of 6
Georgetown
UNIVERSITY
Internal Audit
Internal Audit Plan FY2010 to FY2012
As of April 2010
Discussion Points:
I.
Planning Overview
II.
Background, Assumptions, Internal Audit Services
III.
Audit Subjects FY2010 – FY2012
I. Planning Overview
2 of 6
Georgetown
UNIVERSITY
Internal Audit
Depicted below is the internal audit planning process. The process identified 30 audit subjects as priorities over the next three years.
Internal Audit Planning Process
Sources
Internal & External
Information Utilized
Audit Universe
Audit Subjects
Available for
Internal Audit
Selection Methodology
Prioritize Audit Subjects in
a 3 Year Audit Planning
Cycle
Transition from Audit
Subjects to Audit Projects
Specific Projects Executed
Each Fiscal Year
Budget Available
Allocate Resources to
Audit Projects in a 3 Year
Audit Planning Cycle
Internal Audit Services
Outputs from Audit
Projects Delivered to
Management & the Audit
Committee
Dashboard
Summary
Information:
Audit Services,
Budget, Trends
Audit
Committee
Governance
Activities
Input
Management
Feedback
Evaluate & Guide
1
2
3
4
5
6
7
Feedback
II. Background, Assumptions, Internal Audit Services
3 of 6
Georgetown
UNIVERSITY
Internal Audit
BACKGROUND
A risk adjusted audit plan establishes audit subjects; and then identifies, evaluates, prioritizes, and reports audit results relative to the
following broad criteria:
Key Institutional Goals (to be adapted and coordinated with Campus specific goals)
o
Be competitive, attract the very best students (faculty and staff)
o
Deliver a great Jesuit based education experience (product)
o
Deliver a sustainable, good financial performance
o
Assure institutional longevity
The Institution’s Risk Management Approach
o
Coordinated with the Senior Vice President’s Office and other stakeholders.
Management Corrective Action
o
Business continuity plan, process and control improvements, etc.
Coordinate with PricewaterhouseCoopers audit plans for the University’s financial statement and A-133 audits.
PLANNING ASSUMPTIONS
Key terms:
o
Audit Subjects: The processes, events, or organizational units prioritized in the three year audit planning cycle.
o
Audit Projects: Audits, reviews, and investigations delivered within a fiscal year and representing an ‘auditable’ scope
of work linked to an audit subject. These projects constitute the Internal Audit services delivered to the Audit
Committee and Management.
Projected budget for 10 audit projects per year, or 30 total over three years. Excludes investigations or other special project
requests.
Approximately every eight months the priority for audit subjects will be recalculated to incorporate updates such as, University
operating results, Management corrective action, significant external events, historical audit findings and recommendations, etc.
II. Background, Assumptions, Internal Audit Services
4 of 6
Georgetown
UNIVERSITY
Internal Audit
INTERNAL AUDIT SERVICES
Audit projects will provide the Audit Committee and Management the following outputs and deliverables:
Audits:
Audits are detailed evaluations of controls, risks, and operations resulting in the delivery of specific recommendations.
Recommendations are directed to a specific process owner or organizational unit leader.
Recommendations are expected to be closed in six months, unless another time frame is agreed to and appropriate.
Reviews:
Reviews are advisory and consultative, but may include compliance testing.
Compliance recommendations are expected to be closed in six months, unless another timeframe is agreed to and appropriate.
Advisory recommendations will not be tracked for two reasons.
o
A range of alternatives may be presented that are not particularly sensitive to timing or risk response.
o
A broad group of management stakeholders may need to evaluate the recommendations before implementation.
In all cases outputs will be incorporated into Internal Audit planning, enterprise risk assessments, and briefings provided to the
Audit Committee and/or Management.
Investigations:
Assessment of narrowly defined issues and risks typically associated with anti-fraud or workplace behavior (support for Human
Resources, Office of Institutional Diversity, Equity & Affirmative Action (IDEAA), and Office of Compliance & Ethics).
Recommendations should be closed in 30 days. However, recommendations requiring systematic, process, or long term human
resource corrective action will have a longer period for closure.
III. Audit Subjects FY2010 to FY2012
5 of 6
Georgetown
UNIVERSITY
Internal Audit
SOURCES
Internal Audit identified 351 audit subjects from the following sources incorporating qualitative and quantitative data available as of
March 2010:
Source
Subjects
Rationale
Operating Units
284
Controls over Procard (university credit cards) are reportedly less effective compared to
controls over A/P, consolidated billing, etc. Procard expenses were used to prioritize
operating units based on: total expenses, timeliness of expense reconciliation, JPMorgan
Chase purchase risk assessment, and input from Financial Affairs.
IT Applications &
Infrastructure
7
Application (for example, student information systems) and network infrastructure areas
utilized by UIS to support the university and key business processes.
Sponsored Research
Compliance Priorities
20
Huron Report compliance priorities identified for research institutions generally, and
Georgetown specifically.
Likely Fraud Schemes
Reported for the Higher
Education Industry
10
2008 biannual report prepared by the Association of Certified Fraud Examiners included 59
anonymous reports of fraud schemes at higher education entities.
Likely Control Weaknesses
Reported for the Higher
Education Industry
9
2008 biannual report prepared by the Association of Certified Fraud Examiners, when an
incident occurred at a higher education entity, the control(s) most likely to have failed
during a fraud scheme.
Other Risk Events or Themes
Chosen for Audit
21
Cross-cutting topics, such as effectiveness of Georgetown’s enterprise risk portfolio, or the
impact from new legislation such as the Higher Education Opportunity Act.
Total Audit Subjects
351
III. Audit Subjects FY2010 to FY2012
6 of 6
Georgetown
UNIVERSITY
Internal Audit
THREE-YEAR PLAN UPDATED WITH FY2010 PROGRESS
Within each source, audit subjects were prioritized on a scale from 5 (highest) to 1 (lowest). Priority determined using: ProCard
data, historic compliance events, priority assigned in reports such as the Huron report, and judgment.
All audit subjects were relative ranked to the average priority for all audit subjects across all sources. The result was a prioritized
list of audit subjects from P5 (highest) to P1 (lowest) over a three year period.