Internal Audit and Advisory Services DRAFT

Internal Audit and Advisory Services DRAFT

PAGE(S) Message from the Internal Audit and Advisory Services...1-2 Internal Audit and Advisory Services Plan...3-5 Objectives...6-7 Risk Assessment Process...8 Summary of Proposed Internal Audit and Advisory Services Plan...9-13 Resource Allocation Work Plan...14 Staff Development and Professional Involvement...15

We are pleased to provide you with the proposed Internal Audit and Advisory Services (IAAS) Plan in accordance with University policies and procedures. The IAAS team is committed and dedicated to the mission of the Delaware State University (University). We are interested in creating innovative internal audit methodologies to enhance and strengthen controls. IAAS is an independent, objective assurance and consulting activity designed to add value and improve University operations. It assists the University to accomplish its objectives by bringing a systematic but disciplined approach to evaluate risk and improve the effectiveness of control and governance processes. The purpose of the IAAS is to provide the Board of Trustees with an independent appraisal of the adequacy and the effectiveness of the University's system of internal administrative and accounting controls and the quality of performance when compared with established standards. The primary objective is to assist the Board of Trustees and the University management in the effective discharge of their responsibilities. As per Charter of the IAAS, it prepares an audit and advisory services plan based on a risk assessment which encompasses various components of the University and then present the plan to the Audit Committee to ensure coordination efforts are identified and sufficient resources are available. A risk/ fraud assessment survey was conducted wherein input was received from the senior management of University. Meetings were also scheduled with key management personnel Page 1

throughout the University to identify sensitive or high exposure areas and to identify high risk functions and compliance that are hot topics in the higher education industry and should be scheduled for review. The results of risk assessment survey/ outcome of meetings with senior management personnel are used to develop an audit plan to minimize the risk of losses to the University, to prioritize audits and to use our audit staff and time in an effective and efficient manner. In a nut shell, the IAAS plan depicts that it is providing the necessary oversight over the quality and integrity of the internal control, management practices and the direction of the IAAS function. The ongoing support of the Audit Committee along with rest of the Board of Trustees is greatly appreciated. We hope you will find the results of our efforts useful and informative. Zafar Chaudhry Associate Vice President Internal Audit and Advisory Services Dr. Teresa Hardee SVP and Chief Operating Officer Page 2

The Internal Audit and Advisory Services plan is provided for the information and consideration of Audit Committee/ Board of Trustees, the President s cabinet, management, and other constituents of the University. The plan is a living document requiring continual monitoring and revisions as conditions warrant. The plan is established by IAAS as a result of assessment of various criteria including: Existing control environment Regulatory climate Management concerns/issues Stakeholder concerns Business and industry challenges The plan is intended to support the mission of the University and to articulate the broad framework, direction, and priorities of the IAAS function. The plan is designed to address relevant risks that may negatively impact University operations and/or performance. Our approach is responsive to the many changes affecting the University. As is common in higher education, there are far more potential audits and other activity identified than can be conducted given the resources available. The plan identifies the proposed audit activity from July 2015 through June 2016. It provides flexibility to conduct audits as requested during the year in addition to the annually required audits as well as advisory services. Each year there may be some carry-over of prior year projects. Discussion of the plan with you helps the IAAS to understand your concerns so that we agree on mutual needs and expectations to provide the highest level of service quality. Page 3

IAAS coordinates with the University external auditors to ensure there is no duplication of efforts and to share ideas on high risk areas and planned audit approaches and coverage. In addition, University divisions may find it useful to have Audit and Advisory Services act as a liaison between any external audit groups. IAAS will perform some financial investigation services that may include looking in to suspected financial irregularities whether reported by whistleblowers, uncovered in the course of regular audits, or based upon concerns conveyed by management. When investigating suspected or alleged misuse of DSU resources, IAAS objectives are to verify the facts, provide an objective and confidential review, and recommend corrective actions to help ensure similar actions do not occur in the future. Advisory services are reviews designed to improve an organization s governance, risk management, and control processes without the internal auditor assuming management responsibility. Advisory services are available to respond to requests from management for services that are more advisory in nature than traditional audits. These types of advisory services can include items such as consultations, special projects, internal control and accountability reviews, and systems development and reengineering projects. The IAAS may provide the following management advisory services: Consulting Provided in response to a request from management and designed to provide expertise in the resolution of internal control issues. It includes answering questions, developing solutions to problems, recommending courses of action and/or formulating an opinion. Control and Risk Assessment Training Practical training in risk management processes that can be used to ensure cost effective systems are in place that support the achievement of University objectives. It helps University divisions to improve their operations through an enhanced understanding of the business value of internal control and business ethics. Training sessions may be conducted by IAAS or by the University divisions with IAAS support. Page 4

Fraud Awareness Training Introductory training to increase awareness of "red flags" of fraud, management's responsibilities and cost-effective control systems to reduce the likelihood of fraud. This offering is tailored to reflect areas of risk in each division. Business Process Improvement Identify and minimize control deficiencies in processes, and assist departments in making process changes that result in strengthened internal controls and optimal performance. Self-Assessment Tool Client-based, self-assessment tools to assess the effectiveness of critical control processes. IAAS provides ongoing support to assist in the analysis of control issues and development of action plans. Special Projects IAAS provides review and advisory services as requested by the senior leadership of the University. Coordinating with External Auditors The IAAS performs liaison functions for all external auditors working on campus. It coordinates with external auditors and University divisions/ departments to ensure that the external auditors receive all required assistance and information. Page 5

Our Objectives Internal Audit and Advisory Services Objectives Our objectives at internal audit and advisory services are directed towards delivering our services at three levels: For Administration assistance to the University higher administration and the Board of Trustees in discharging its compliance responsibilities and governance For Management observations and advice on internal controls, compliance issues, and operating policies and procedures, including sharing experience on industry best practices For Stakeholders independent opinions and reports that add credibility to information released by Delaware State University Page 6

Plan Objectives Address the University s significant financial, operational, and compliance risks Leverage existing efforts by others to identify, evaluate, and mitigate risks Serve the needs of the University administrators, and top leadership Delivery of Audit, Investigation, and Advisory Services Assist with ensuring significant legislative or regulatory issues impacting the University are recognized and appropriately addressed Meet the challenges to enhance the value of the Internal Audit and Advisory Services Page 7

Page 8

SUMMARY OF PROPOSED INTERNAL AUDIT AND ADVISORY SERVICES PLAN Period AUDIT AND ADVISORY ACTIVITIES July 2015 through Dec 2015 Jan 2016 Through June 2016 Misc. International Programs The audit objective is to ascertain the effectiveness of existing policies and procedures related to international programs and to determine the adequacy of controls that ensure compliance with relevant governmental regulations, and University policies and procedures. Parking To determine if there are adequate internal controls to help ensure that departmental resources are being effectively and efficiently utilized and the department s activities comply with University policies and procedures. This will help to assess 1) If Public Safety is properly and accurately charging University employees and students. 2) Are policies and procedures in place to monitor appropriate and authorized access to University parking lots and facilities? 3) Are accounts receivable processes and appropriate cash handling policies and procedures in place? Student Housing The review of the University s student housing operations will focus on the areas of cash receipts; billing; financial accounting and reporting; receivables; deferred maintenance; reserves; rates; and safety and security. This will help to determine if there are adequate internal controls to ensure that department resources are being effectively and efficiently utilized and the department s activities comply with statues, regulations, and University policies and procedures. Page 9

Book vouchers Review if University policies and procedures are followed and reconciliation of book vouchers is done on a regular basis. Book vouchers are based on a student s estimated credit balance per semester. The voucher may be used to purchase books and supplies only and cannot be exchanged for cash. Accounts Payable Review adequacy of internal controls and timeliness over accounts payable processing. Follow-up review of Jeanne Clery Act Compliance Purpose of this audit is to determine if recommendations made in previous audit review are implemented by observing Evaluate the accuracy of the University s 2014 Annual Security and Fire Report (ASFR) and evaluate the policies and procedures in place used to prepare the Security and Fire Reports. Follow-up Review of Post Issuance Compliance of DSU issued bonds The purpose of this review is to assess the progress of implementation of our recommendations made in previous review report of University s post issuance compliance of its tax exempt bonds regarding University s compliance with the IRS regulations and other related requirements. DSU must meet IRS requirements as per Sections 103 and 148 of the Internal Revenue Service Code of 1986 as amended. Follow-up Review of Athletics/ Events Ticket Office The objective of this follow up review is to determine whether corrective actions have been taken to address the findings and implement the recommendations made in the previously prepared Ticket Office audit report. This will help us to determine whether proper controls exist in the sale, processing, reconciliation and accounting for all tickets issued by the athletic/ events ticket sales office. Page 10

Follow-up Review of University Provided Cell Phones To determine whether corrective actions have been taken to address the findings and implement the recommendations made in the previously prepared review report of University provided cell phones. To achieve this, we will review data/ records to determine if University policy is being followed in issuance and usage of University provided cell phones and due internal controls are in place. Follow-up review of University Copy Center and Mail Room Cash Collections To determine whether corrective actions have been taken to address the findings and implement the recommendations made in the previously prepared review report. Follow-up Review of University Libraries Cash Collections To determine whether corrective actions have been taken to address the findings and implement the recommendations made in the previously prepared review report. Follow-up Review of the Office of Testing To determine if corrective actions have been taken to address the findings and implement the recommendations made in the previously prepared review report. The follow-up review will include tests of the accounting records and such other reviewing procedures as we consider necessary. We will observe current practices and processing techniques, interview responsible personnel, and test sample transactions. Follow-up Review of Travel Card The purpose of the audits will be to ensure that the cardholders and their respective departments are adhering to proper policies and procedures and recommendations made in previous audit review are implemented. Page 11

Follow-up Review of Petty Cash Purpose of this audit is to determine if recommendations made in previous audit review are implemented by observing 1)-DSU Petty Cash Policies and Procedures are being adhered to. 2)-Petty cash funds are properly secured and safeguarded from loss. 3)-Proper accountability for the petty cash funds exist on a consistent basis 4)-Authorized amounts of petty cash funds were consistent with expenditure levels. If the recommendations made in previous audit review are implemented. Follow-up Review of Inventory Management as per OMB circular A-110, Uniform Administrative Requirements for Grants and Other Agreements with Institutions of Higher Education, Hospitals and Other Non- Profit Organizations Purpose of this audit is to make sure if recommendations made in previous audit review are implemented. The property and equipment acquired with federal funds are properly identified and equipment records are accurately maintained. Follow-up Review of Bank Accounts Reconciliation To determine if the Controller s office is operating in accordance with the policies of the University, to review internal procedures and controls and to test financial accountability to make sure if recommendations made in previous audit review are implemented. Follow-up Review of Construction Projects To determine DSU s construction processes are in compliance with University standards and where applicable State and Federal regulations and recommendations made in previous audit review are implemented. Page 12

Coordination with External Auditors Coordinate external audit activities through; 1)periodic meetings to discuss matters of mutual interest, such as planned audit activities, 2) access to each other s audit programs and working papers, 3)- exchange of audit reports and management letters and 4) common understanding of audit techniques, methods, and terminology. Advisory Services To respond to requests that are more advisory in nature such as consultations, special projects, internal control and accountability reviews and systems development and reengineering. In addition, provide fraud/ risk awareness training to University faculty and staff. Special Projects and Investigations resulting from Hotline established by the University. Special projects, investigations and advisory services as requested by senior management of the Other Misc. Page 13

DESCRIPTION DAYS Total days available * 402 PERCENTAGE OF EFFORT A. Direct Services Audits/ reviews 169 42% Investigations 44 11% Management advisory services 40 10% Review policies, procedures, and establish/ update training materials 20 5% Upgrade, manage and maintain website, etc. 8 2% Total Direct Service Days 281 70% B. Indirect Support Administration including coordination with external auditors 40 10% C. Other Train University employees on how to reduce risks and frauds and how to use modes of alerts 8 2% Committees liaison 12 3% Other meetings 28 7% Continuing professional education 32 8% Total Non-Planned/Indirect Services Days 121 30% Grand Total 402 100% *After adjusting weekends, holidays, vacation/sick, etc. for two employees (Associate VP and Senior Auditor) Page 14

STAFF DEVELOPMENT AND PROFESSIONAL INVOLVEMENT The IAAS is committed to provide educational opportunities to our staff in order to enhance our audit knowledge and abilities. Ever-changing government regulations, new technologies, and new developments in auditing principles and methods dramatically affect not only what we audit, but also how we audit. We will constantly strive to stay abreast of new developments and improve our audit proficiency in order to enhance the overall quality of our audits. To accomplish this, we pursued a variety of methods to continue our staff's professional education. Our departmental memberships with the Institute of Internal Auditors (IIA) and the Association of College and University Auditors (ACUA provide staff members with the opportunity to attend seminars and conferences that specifically address current issues and techniques in internal auditing. The interaction of our staff members with their peers through these professional organizations helps to keep us up-to-date on the latest auditing trends and issues affecting higher education. Page 15