Strong Corporate Governance & Internal Controls: Internal Auditing in Higher Education

Similar documents
THE ABC S OF DATA ANALYTICS

Best Practices for Managing Bank Transaction Risk Using a Continuous Data Analytics Approach

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

FRAUD RISK ASSESSMENT

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

CONTINUOUS CONTROLS MONITORING

Total exception management

Using Technology to Automate Fraud Detection Within Key Business Process Areas

by: Scott Baranowski, CIA

An Auditor s Guide to Data Analytics

Vendor Audit and Cost Recovery: Improving Bottom Line Results WHITE PAPER

Better Business Through Data Analysis & Monitoring

ACL EBOOK. Detecting and Preventing Fraud with Data Analytics

WVU FOUNDATION & UNIVERSITY PURCHASING CARD PROGRAM POLICIES & PROCEDURES. Updated October 2012

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

Process Control Optimisation with SAP

Data Mining/Fraud Detection. April 28, 2014 Jonathan Meyer, CPA KPMG, LLP

UI Purchasing Card Program USBANK. User Manual

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

KAREN E. RUSHING. Audit of Purchasing Card Program

T&E Spend Analysis Report

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

TAKE COST CONTROL AND COMPLIANCE TO A NEW LEVEL. with ACL Travel & Entertainment Expense Fraud and Cost Control Solution

ISOLATE AND ELIMINATE FRAUD THROUGH ADVANCED ANALYTICS. BENJAMIN CHIANG, CFE, CISA, CA Partner, Ernst and Young Advisory Singapore

Why Nonprofits Need Nonprofit Accounting Software

Liberty County School District Purchasing Card Procedures

PREPARING AUDITORS IN THEIR USAGE OF DATA ANALYTICS TOOL IN FRAUD PREVENTION PROGRAM

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

The Power of Risk, Compliance & Security Management in SAP S/4HANA

Leveraging Big Data to Mitigate Health Care Fraud Risk

Operational and Strategic Benefits in Automating Accounts Payable

Privilege Gone Wild: The State of Privileged Account Management in 2015

White Paper - Travel & Entertainment Spend Analytics Best Practices

agility made possible

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

Being protected Using data analytics to detect fraud

Fraud Prevention and Detection in a Manufacturing Environment

Privilege Gone Wild: The State of Privileged Account Management in 2015

Optimizing government and insurance claims management with IBM Case Manager

AUDITING TRAVEL AND ENTERTAINMENT (T&E) EXPENSES USING IDEA

A Performance Audit of the State s Purchasing Card Program

The Informatica Solution for Improper Payments

Cleveland State University Purchasing Card Policy and Procedure Revised June Program Overview

Marquee. We provide tools to effectively manage your workforce and improve your bottom line. Managing the Workforce

Compliance Management, made easy

P-Card Fraud Controls. Introduction

Advanced Data Analytics, the Fraudsters Worst Enemy

PURCHASING CARD POLICY AND PROCEDURES

ICD-10 Advantages Require Advanced Analytics

Continuous Monitoring and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

COLORADO SCHOOL OF MINES CONTROLLER S OFFICE PROCUREMENT CARD HANDBOOK

UNCOVER WHAT S HIDDEN IN YOUR SAP ERP DATA TO HELP CUT COSTS AND RAISE COMPLIANCE

Strategically Detecting And Mitigating Employee Fraud

Continuous Audit and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

Fraud Prevention Checklist for Small Businesses

9 Trends that will Transform Purchase-to-Pay in 2015 An IOFM White Paper

Auditing for Value in the Procure to Pay Cycle Dallas IIA Chapter. October 1, 2009

Integrating Data Analytics into Internal Audit

Arkansas Tech University Procurement Card (P-Card) Program Policies and Guidelines Manual

Purchasing Card Policies and Procedure Manual

These are some labor burden test queries that auditors can make if they have the contractor s or vendor s labor burden breakdown:

Recognize the many faces of fraud

INTELLIGENCE AND HOMELAND DEFENSE INSIGHT

Samford University Purchasing Card (PCARD) Program Policy and Procedures May 1, 2016

DEMONSTRATING THE ROI FOR SIEM

Governance, Risk, and Compliance (GRC) White Paper

Predictive Analytics for Donor Management

Combatting: Purchasing Card: and T&E Expense Fraud: Getting Started Guide:

Leveraging Your ERP System to Enhance Internal Controls

Purchasing Card Procedure Manual

Miami University Purchasing Card Policy & Procedure

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Microsoft Confidential

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Internal Controls and Fraud Detection & Prevention. Harold Monk and Jennifer Christensen

The Impact of Payment Automation on Bottom-line Savings

FIVE MANAGEMENT SYSTEM Policies and Procedures Checklist

Accounts Payable Fraud Services

An Introduction to Continuous Controls Monitoring

Demonstrating the ROI for SIEM: Tales from the Trenches

GLOBAL PORTS INVESTMENTS PLC

California Department of Corrections and Rehabilitation Enterprise Information Services. Business Information System Project

How To Prevent Fraud On A Credit Card

Solve your toughest challenges with data mining

Solutions for Accounts Payable Process Optimization

University Credit Card Policies and Procedures Index

WellsOne Commercial Card Summary-Commercial Card Expense Reporting (CCER)

Product Complaints Management. Infosys Handbook for Life Sciences

SCOPE OF WORK FOR PERFORMING INTERNAL CONTROL AND STATUTORY/REGULATORY COMPLIANCE AUDITS FOR RECIPIENTS OF SPECIAL MUNICIPAL AID

Transcription:

Strong Corporate Governance & Internal Controls: Internal Auditing in Higher Education

Contents Introduction Internal Audit as Trusted Advisor & Business Partner Big Ticket Items: Fraud, Revenue Leakage & Non-compliance The Case for Data Analytics CaseWare Analytics for Higher Education Summary Introduction Today s colleges and universities do far more than educate students. To meet the needs of student body, faculty, and the organization s stakeholders, educational institutions often provide a broad range of ancillary services such as food, lodging, medical care, and security related services. By extending their services beyond education, colleges and universities face a number of laws and regulations. As the role of colleges and universities has evolved, so too have the departments within the organization, including the Internal Audit department.

Internal Audit as Trusted Advisor & Business Partner Assessing the degree of risk facing an organization is not a new role for Internal Audit. Given the department s detailed knowledge of the organization gathered during recurring audits, auditors know how to assess and modify business processes for maximum effectiveness. They also have the relevant data and independence to offer insights regarding emerging threats. Leveraging each department s know-how and Internal Audit s expertise results in a formidable partnership. Consequently, many colleges and universities now view Internal Audit as a trusted business partner who can help educational institutions proactively identify, mitigate and manage risk. Given the volume of transactions and the decentralized decision-making model employed by many institutions of higher learning, the temptation to commit fraud is sometimes too great to resist. Preventing fraud and consequently minimizing financial losses, is a task that Internal Audit is ideally positioned to perform. This paper details the types of fraud and abuse within colleges and universities that data analytics can help uncover. The paper also includes a case study detailing the implementation of CaseWare Analytics at The Georgia Institute of Technology.

Big Ticket Items: Fraud, Revenue Leakage & Non-compliance The financial, operational, regulatory and reputational risk within the education sector varies by the size of institution; however, the laws and regulations that apply to colleges and universities are considerable. Therefore, the risks that today s colleges and universities face comes in many forms. Colleges and universities often have disparate systems, and given the vast amount of information received from students and faculty in each academic year, there can be problems ensuring data integrity. They also have limited ongoing monitoring of data in place to detect fraud and non-compliance. With employee, staff and faculty turnover coupled with regular influxes of new students, and disparate software applications, it is relatively easy to see why fraud and data breaches, for example, may take considerable time to uncover, investigate and resolve. Consider the following challenges involving disparate data, data integrity and ongoing monitoring. Disparate Data and Purchasing Cards Challenge: Identify duplicate payments between p-card merchants and vendors. Often times, university personnel are in a rush to make a purchase and may use their P-Card while forgetting that they already submitted an invoice for the same purchase through the institution s ERP system. By using a p-card to make a purchase and accidentally submitting an invoice as well, the institution may end up paying twice. Since the p-card and ERP systems don t talk to each other, the double payment may go undetected. Data Integrity and Financial Aid Challenge: Identify aid in excess of needs assessment. Analyzing vast amounts of data with spreadsheets can lead to formula errors or miscalculations. Consider what happened to Birmingham-Southern College. Due to errors in calculating financial aid packages, the college provided students with millions of dollars in extra financial aid. As a direct result, the college had to trim 20% of its budget. Ongoing Monitoring and Payroll Challenge: Identify multiple paychecks sent to the same bank account or address. Analytics can help colleges and universities detect erroneous, suspicious and fraudulent activities before payments are made. In the case of employees colluding to commit fraud, ongoing analysis can detect unauthorized changes to employee records or payments sent to similar bank accounts as other employees. Advanced analytics can also exempt false positives such as a married couple who are legitimate employees with the same bank account details. Consequences In addition to generating financial losses, the existence of fraudulent activity can bring about violations of law as well as regulations governing the college or university s activity, and result in damage to the organization s reputation. Fraud prevention, detection and investigation within Higher Education requires the analysis of vast amounts of data. The difference between success and failure hinges on the availability of technology to analyze and integrate data from across, and within the organization and external third parties.

The Case for Data Analytics The return on investment (ROI) associated with analytics software involves a number of components. As an example, according to the Association of Certified Fraud Examiners, the median length of a fraud scheme is 18 months, with the actual length ranging from 12 months to 36 months, depending upon the scheme. Detecting and resolving fraud, before losses mount can increase the ROI associated with the investment in data analytics. In addition, the collaboration with Internal Audit and Operations allow for insights into the data that likely would otherwise never be made. As mentioned previously, marrying Internal Audit s expertise with that of operations plays to strengths and creates a formidable partnership. Developing one version of the truth by combining data from multiple sources is crucial to Internal Audit s fraud prevention efforts. However, data often resides within a number of systems that require advanced programming skills to segregate, compile, and analyze. The import functionality within audit analytics software allows Internal Audit to centralize data from across the institution, as well as combine data from third parties, such as purchasing card providers - without the use of advanced programming skills. Importing data into a centralized database also allows the organization to categorize data based on similar attributes, and uncover anomalies that in addition to detecting fraud and abuse, may also help unearth data quality issues. CaseWare Analytics for Higher Education As discussed previously, detecting fraud within a large organization requires consolidating data from a number of sources. Using CaseWare IDEA for data analysis, there is no programming required to import, analyze and report results. In fact, internal auditors need minimal training to begin using the software. IDEA s Import Assistant allows auditors to gather data quickly from a multitude of sources, including spreadsheets, databases, legacy mainframes, and ERP systems. Once the data resides within IDEA, the user can analyze the data s integrity using a number of techniques, including grouping by type of transaction, identification of duplicates, and many types of advanced Benford s law queries. Throughout the process, the original data remains intact as the data within IDEA is read only. Continuous Monitoring dramatically increases Internal Audit s ability to assess risk, and compliance as well as detect fraud. CaseWare Monitor facilitates continuous controls monitoring by automating the extraction of data, as well as the analysis. Once anomalies are detected, automatic alerts are sent to front line staff; these alerts contain guidelines on how to resolve the anomaly, empowering staff to address the problem before it impacts the organization. Continuous Monitoring allows colleges and universities to detect fraud immediately and before the fraudster can inflict significant losses. The real value of using data analytics is that it allows you to see fraud schemes that would be impossible to detect manually. Chief Audit Executive Georgia Institute of Technology *The Association of Certified Fraud Examiners, Report to the Nations on Occupational Fraud and Abuse, 2012 Global Fraud Survey

Data Analytics in Action Given the diversity of the services offered by today s colleges and universities, consider the following types of analytical techniques, and the number of areas within an educational institution that may benefit: Financial Aid Identify aid in excess of needs assessment & overpayments Monitor loan agreements for repayment Find course withdrawals below full-time course load, without a corresponding reduction in aid Travel & Expense Identify frequent travelers and corresponding compliance with travel policies and procedures Extract travel over holiday periods for potential personal travel Identify excessive expenditures Purchasing Cards Duplicate payments between p-card merchants and accounts payable vendors Charges at inappropriate Merchants (i.e. Travel, Food, Fuel) by MCC code Split charges to circumvent purchasing card limits Card used by terminated employees and/or employees on leave of absence Tuition Billing Compare refund check addresses to employee addresses or drop boxes Identify missing refund check numbers Compare refund payments to refund policy Review students with more than three address changes in academic year Salaries & Payroll Identify multiple paychecks to same bank account Compare check amounts per ledger to electronic bank files List employees with salary increases greater than a specified percent Compliance Identify expenditures made outside a grant s effective dates Identify unaccountable charges (administrative costs) based on grant rules Identify invalid cost transfers

A Case Study: Georgia Tech In the early 2000s, Georgia Tech searched for a more cost-effective procurement process which led to the adoption of purchasing cards (p-cards). Georgia Tech significantly lowered transaction costs, and as a result, the p-card program grew tenfold within a decade. However, the newfound time and cost savings achieved by empowering employees to make direct purchases presented unforeseen risks. Numerous state agencies, as well as Georgia Tech, were plagued with large scale incidents of fraud involving p-cards, such as employees purchasing gifts and paying off personal loans. A state audit uncovered inadequate monitoring of internal controls to identify and prevent misuse of p-cards by state employees. Georgia Tech sought to address these issues by hiring temporary staff to help with the manual analysis of transactions. They quickly found that using additional staff working overtime to analyze spreadsheets was still not sufficient to examine every transaction of 2,400 p-cards. The Georgia Tech team chose CaseWare IDEA for data analysis and CaseWare Monitor for continuous monitoring to deliver faster results. CaseWare s solutions did not require staff with programming language experience, only knowledge of the p-card process. The implementation achieved the following results: Uncovered more than $350k in fraudulent purchases during initial phase. IDEA ultimately detected millions in fraudulent purchases Enabled continuous monitoring of 100% of p-card and vendor data and the monitoring of more than $70 million of transactions annually Faster resolution of control breakdowns Achievement of Internal Audit s compliance objectives Georgia Tech s Internal Audit team is achieving true independent assurance of p-cards. By examining data from their card provider, they are able to get line item details independent of the p-card holders statements. This also allows Georgia Tech to have a larger window of opportunity to report non-compliant charges, which greatly increases the likelihood of receiving reimbursements. Georgia Tech will continue to expand the continuous monitoring platform to Financial Aid and Grants and Contracts. With continuous controls monitoring, we can analyze an entire of list of monthly transactions in a matter of minutes. We were able to find people that were using two purchasing cards together to circumvent our procurement process. This is something we could have not seen if we were doing this manually. Georgia Tech is consistently ranked in U.S. News & World Report s top ten public universities in the United States. Alumni include U.S. Presidents, Nobel Peace Prize winners and Fortune 500 CEOs. During the main sessions, Georgia Tech has up to 16,000 employees across numerous campuses around the world and is among the world s most esteemed research and academic institutions.

Summary Changes in the scope of services offered by today s colleges and universities have resulted in recognition of the importance of governance, risk and compliance and the role data plays in achieving organizational objectives. Consequently, Internal Audit s role is evolving from a back office function that few understood or embraced, to a trusted advisor with the ability to add tremendous value to an educational institution and its stakeholders. About Us CaseWare Founded in 1988, CaseWare is an industry leader in providing technology solutions for finance and accounting, governance, and risk and audit professionals. With over 400,000 users in 130 countries and 16 languages, CaseWare products deliver tremendous value across industries and continents. CaseWare Analytics 1200 St Laurent Blvd, Unit 004A Ottawa, ON, K1K 3B8 1-800-265-4332 Ext: 2803 www. Copyright 2013 CaseWare RCM Inc. All rights reserved. No part of this white paper may be transmitted, in any form or by any means (photocopying, electronic, mechanical, recording or otherwise) or reproduced, stored in a retrieval system, without permission in writing from the publisher. All trademarks are the property of their respective companies.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information