Department of Audit and Compliance. Quality Self-Assessment

Similar documents
Practice guide. quality assurance and IMProVeMeNt PrograM

Internal Audit Quality Assessment. Presented To: World Intellectual Property Organization

Establishing a Quality Assurance and Improvement Program

Effective Internal Audit in the Financial Services Sector

The Framework for Quality Assurance

Management Advisory Postal Service Transformation Plan (Report Number OE-MA )

The Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL USA

Internal Auditing Guidelines

Standards for the Professional Practice of Internal Auditing

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Data Analysis: The Cornerstone of Effective Internal Auditing. A CaseWare Analytics Research Report

BOARD OF EDUCATION OF BALTIMORE COUNTY OFFICE OF INTERNAL AUDIT - OPERATIONS MANUAL INTERNAL AUDIT OPERATIONS MANUAL

Internal Audit and Advisory Services DRAFT

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

DATA ANALYSIS: THE CORNERSTONE OF EFFECTIVE INTERNAL AUDITING. A CaseWare IDEA Research Report

Quality Assurance Checklist

Internal Audit Standards

Internal Audit Quality Assessment Framework

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Audit of the Test of Design of Entity-Level Controls

B o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing

University of California Regents Policy 7702 Senior Management Group Performance Management Review Process

Performance Measures for Internal Auditing

INTERNAL AUDIT MANUAL

How quality assurance reviews can strengthen the strategic value of internal auditing*

GAO DEFENSE CONTRACT AUDITS. Actions Needed to Improve DCAA's Access to and Use of Defense Company Internal Audit Reports

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program

INTERNAL AUDITING S ROLE IN SECTIONS 302 AND 404

Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology

Adding Value to the UK Community

Internal Auditing: Assurance, Insight, and Objectivity

Practice Guide COORDINATING RISK MANAGEMENT AND ASSURANCE

Audit of Policy on Internal Controls: Selected Business Processes

Action Plan to Enhance Institutional Compliance. THE UNIVERSITY OF TEXAS SYSTEM Updated 2003

The IIA Global Internal Audit Competency Framework

Internal Audit Practice Guide

October 20, Sincerely. Anthony Chavez, CIA, CGAP, CRMA Director, Internal Audit Division

Internal Audit Manual

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

QUALITY MANAGEMENT SYSTEM MANUAL

State University of New York Charter Renewal Benchmarks Version 5.0, May 2012

Comptroller of Public Accounts Effectiveness of Internal Engagement May 1997

Public Sector Internal Audit Standards. Applying the IIA International Standards to the UK Public Sector

Sample Professional Learning Plan for Administrator

Position Title: ID #: Evaluation Type: Annual Bi-Annual Other PERFORMANCE RATINGS:

York Catholic District School Board

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

PRACTICE GUIDE. Formulating and Expressing Internal Audit Opinions

Internal Oversight Division Internal Audit Manual

IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Audit of the Policy on Internal Control Implementation

Annual Risk Assessment and Audit Plan Fiscal Year 2015/2016

Implementation of a Quality Management System for Aeronautical Information Services -1-

IIA Global Strategic Plan

Professionalism does not occur overnight. Rather, it is a process that evolves out of focused commitment and dedication, ongoing study and

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

Corporate Governance Report

PRO-NET. A Publication of Building Professional Development Partnerships for Adult Educators Project. April 2001

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

PRACTICE ADVISORIES FOR INTERNAL AUDIT

Public Sector Internal Audit Standards

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting

OFFICE OF FINANCIAL REGULATION COLLECTION AGENCY REGISTRATIONS MORTGAGE-RELATED AND CONSUMER COLLECTION AGENCY COMPLAINTS PRIOR AUDIT FOLLOW-UP

Office of Budget and Financial Planning

LATE SUBMISSION OF TRAVEL EXPENSE CLAIMS, UNFILED TRAVEL EXPENSE REPORTS, AND RECONCILIATION OF PREPAID EXPENSES

J u n e N a t i o n a l R e s e a r c h C o u n c i l C a n a d a. I n t e r n a l A u d i t, N R C. Audit of Risk Management.

Strategic Plan for the Enterprise Portfolio Project Management Office Governors Office of Information Technology... Ron Huston Director

Practice Guide. Selecting, Using, and Creating Maturity Models: A Tool for Assurance and Consulting Engagements

September 28, Audit s Role in Governance, Risk Management and Internal Control

Guide to Pcaob Inspections

Enterprise Risk Management

Report of Don McLure, Corporate Director of Resources

The University of Texas at San Antonio. Business Affairs 2016 STRATEGIC PLAN December 2007

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

INTERNATIONAL NETWORK FOR QUALITY ASSURANCE AGENCIES IN HIGHER EDUCATION

Explanation where the company has partially applied or not applied King III principles

How To Ensure That A Quality Control System Is Working Properly

SBBC: JJ-002 FL: 28 THE SCHOOL BOARD OF BROWARD COUNTY, FLORIDA JOB DESCRIPTION. Approved School-based Administrators Salary Schedule

MNsure Compliance Program Strategic Plan. December 17, 2014

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Company A Project Plan

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

GAO PERFORMANCE MANAGEMENT SYSTEMS. IRS s Systems for Frontline Employees and Managers Align with Strategic Goals but Improvements Can Be Made

Transcription:

Department of Audit and Compliance Quality Self-Assessment November 2014

CONTENTS EXECUTIVE SUMMARY... 2 PURPOSE OF SELF-ASSESSMENT... 4 SELF-ASSESSMENT SCOPE OF WORK... 4 RESULTS OF SELF-ASSESSMENT WORK... 5 Significant Progress Has Been Made in Addressing Deficiencies... 5 Workpapers Comply with Professional Standards... 6 operations Generally Conform with Professional Standards... 6 Plans for continuing enhancements... 6 Governance... 6 Adopt Newly issued IIA model Charters... 6 Staff... 7 Training needs analysis & training plan... 7 Management... 8 Long-range audit plan... 8 Communication with audit committee... 8 University ethics, performance & Risk management... 8 Process... 8 Audit finding Follow-up/Resolution... 8 Efficiency through technology... 9 Continuous improvement environment... 9

EXECUTIVE SUMMARY We have conducted a self-assessment in accordance with our Quality Assurance and Improvement Program (QAIP). Our self-assessment procedures covered the Division of Audit and Compliance s (DAC) operations for the audit year July 1, 2013 June 30, 2014, and we conducted fieldwork from August 2014 through September 2014. Carl Threatt, Audit Services/Investigations Administrator, Ruoxu Li, Audit Services/Investigations Administrator facilitated our internal self-assessment with independent external validation by Angela Poole, a Florida licensed Certified Public Accountant and Assistant Vice President within the Division of Finance and Administration at Florida Agricultural and Mechanical University. Our observations were based on information gathered through the following procedures: Conducted interviews with key stakeholders of the DAC representing the Audit Committee, Senior Administration and the DAC staff. Assessed the DAC s charter, policies and procedures, organization charts, auditor responsibilities, risk assessment methodology and results, internal audit standards and guidelines, selected audit engagement workpapers and reports, learning and development activities, and reporting to the Audit Committee and the Board of Trustees. The self-assessment considered prior deficiency issues, involved workpaper review of two completed audits, and utilized the Institute of Internal Auditors (IIA) Quality Assessment Manual. The results indicated (1) that DAC has continued to make significant progress in addressing deficiencies that were disclosed in earlier assessments, (2) the workpapers were adequate to support audit reporting and meet the requirements of professional standards, and (3) the operations generally conform to professional [2]

standards (IIA assessment ranking options are: generally conform, partially conform, and does not conform). To provide for a longer-term perspective and foster an environment of continuous improvement, we plan to continue to enhance our quality and efficiency in each operational area: governance, staff, management, and process. Our plans include: 1. Monitor and recommend updates of Audit Committee and audit activity governing charters to adopt recently released IIA model charters; 2. Maintain a qualified staff and establish a staff training plan to monitor and track staff knowledge and proficiency; 3. Develop a multi-year audit approach and resource utilization plan based upon our risk assessment; 4. Further contributing to University governance, risk management and control processes by conducting trainings and promoting the University s ethics hotline and improving the visibility of the unit across the campus; 5. Enhance utilization of performance metrics and efficiency through implementation of audit management software; 6. Embrace continuous improvement through use of tools such as those in the IIA s International Professional Practices Framework (IPPF), which includes benchmarking. [3]

PURPOSE OF SELF-ASSESSMENT In accordance with our QAIP, we conducted a self- assessment to evaluate our conformity with auditing standards and identified areas for improvement. The QAIP is designed to provide assurance that we (a) perform our work in accordance with our governing charter, consistent with The IIA International Standards for the Professional Practice of Internal Auditing Standards (Standards) and Code of Ethics, (b) operate in an effective and efficient manner, and (c) are perceived by stakeholders as adding value to and improving University operations. Our QAIP requires a self-assessment each year, with an external quality assurance review every three years. SELF-ASSESSMENT SCOPE OF WORK The self-assessment scope of work provided for four overall tasks to be conducted to assess the extent of compliance with the IIA Standards: 1. Reviewing our progress in response to deficiencies previously reported to the University in audit, consultant reports and prior year self-assessment and external quality assurance reviews; 2 Reviewing two audit work paper files completed in fiscal year 2014; 3 Interviewing key stakeholders of the DAC representing the Audit Committee, Senior Administration and the DAC to assess the perception of the University s internal audit activity; 4 Gathering and reviewing documents necessary for completing the Institute of Internal Auditor s Quality Assurance Manual s Governance, Audit Staff, Management and Process questionnaires and preparing for DAC s next external quality assessment. [4]

RESULTS OF SELF-ASSESSMENT WORK SIGNIFICANT PROGRESS HAS BEEN MADE IN ADDRESSING DEFICIENCIES We have made significant progress since earlier assessments that includes: 1. Adoption of a QAIP: DAC established a QAIP on January 25, 2013. The QAIP provides for a quality audit review function and an annual self-assessment process, in addition to an external quality assurance review every three years. 2. Risk Assessment & Audit Planning: A risk assessment and annual audit plans for fiscal years 2012-13, 2013-14 and 2014-15 were developed. DAC continuously evaluates and updates its strategic plan to ensure that short and long term goals, objectives, and initiatives remains current. 3. Staff Proficiency: We have attended all required training required by staff professional certifications and have implemented a robust audit review process. 4. Performance Tracking: Status reports have been submitted to the audit committee. In addition, we have instituted a formal on-going internal review process. 5. Budget Needs: The University has funds available to us that are necessary to ensure a quality audit department. 6. Audit Finding Follow-up: A database has been developed to track audit findings and recommendations and monitor management responses and implementation of corrective action plans. [5]

WORKPAPERS COMPLY WITH PROFESSIONAL STANDARDS Internal auditors must document relevant information to support conclusions and engagement results. In addition, there must be appropriate evidence of supervision and review. Upon our inspection, we found our workpapers to be in conformance with the quality standards of the professional practice of internal auditing. OPERATIONS GENERALLY CONFORM WITH PROFESSIONAL STANDARDS The operations generally conform with the IIA Standards. PLANS FOR CONTINUING ENHANCEMENTS Following are our plans to continue enhancing our department by operational area to ensure conformance with the IIA Standards: Governance, Staff, Management, and Process. GOVERNANCE ADOPT NEWLY ISSUED IIA MODEL CHARTERS We adopted our current Audit Committee as well as Audit Charters in fiscal year 2012 and 2013 respectively. These charters provide formal definition of the purpose, authority, and responsibility of the audit committee and the internal audit activity. We will review the Audit Committee and DAC charters and consider the following enhancements during FY14: 1. Ensure that the DAC Vision and Mission statement are explicitly disclosed within the DAC charter and is in alignment with the University s Mission statement; [6]

2. Ensure that DAC responsibilities, reporting lines, etc. as described in the Audit Committee Charter dated April 2012 correspond with the DAC responsibilities as described in the DAC Charter dated October 2013; 3. Consider obtaining the current FAMU President s approving signature on both the DAC and Audit Committee Charters; 4. Ensure that the Audit Committee Charter discloses the functional responsibility of the Audit Committee to approve decisions regarding the appointment, removal, and salary of the Chief Audit Executive (CAE). STAFF TRAINING NEEDS ANALYSIS & TRAINING PLAN IIA Standards require that auditors possess the knowledge, skills and other competencies to effectively carry out their professional responsibilities. The IIA Standards also require that internal auditors enhance their knowledge, skills, and other competencies through continuing professional development. We will continue to address training needs by conducting a training needs analysis and establishing a formal training plan that includes objectives to (1) ensure that DAC staff is knowledgeable of both the professional standards and the department s operating policy and procedure manual and (2) provide for continuing professional development. DAC will also develop staff to become subject matter experts over significant University operations and processes (i.e., Construction, Grants and Contracts, Athletics, and Financial Aid). Finally, DAC will continue to encourage its staff to pursue additional professional certifications. [7]

MANAGEMENT LONG-RANGE AUDIT PLAN We will develop a long-range audit plan that ensures budget and staff levels adequately address University high-risk areas, which have been identified. These tasks will be made in accordance with the IIA Resource Management Standard, which requires ensuring that internal audit resources are appropriate, sufficient, and effectively deployed to achieve a risk-based audit plan. COMMUNICATION WITH AUDIT COMMITTEE DAC will establish an audit risk based planning process and continuously identify and report new risks to management as well as evaluate and mitigate existing risks. UNIVERSITY ETHICS, PERFORMANCE & RISK MANAGEMENT We will continue our efforts to identify improvements in the areas of (a) ethics, (b) performance management and accountability, and (c) risk and control. We will develop University wide trainings and seek out opportunities to increase awareness of the internal audit function. PROCESS AUDIT FINDING FOLLOW-UP/RESOLUTION We will continue to augment our audit finding follow-up process and visibility to closely monitor and assess if management corrective actions have been effectively implemented or whether management has accepted the risk of not taking corrective action on previously diagnosed internal control deficiencies and issues. In accordance with the IIA Standards, we will report to the Audit Committee the results and status of our follow-up efforts. [8]

EFFICIENCY THROUGH TECHNOLOGY We will utilize more computer assisted auditing tools (CAAT) to provide for a more continuous improvement environment. We will continue to evaluate audit management software to enable a framework for electronic workpaper preparation, review, and retention to enhance DAC s effectiveness. This effort will also provide for a more efficient internal audit activity and support the QAIP in accordance with IIA Standards. Additionally, DAC will enhance our filing system to ensure that all DAC working papers are adequately secured and can be precisely and timely retrieved when needed. CONTINUOUS IMPROVEMENT ENVIRONMENT DAC will ensure that all departmental working papers are timely reviewed and document the nature, timing, and extent of audit procedures performed and will assess whether objectives were met prior to the issuance of the DAC final report. DAC will also establish a more robust performance metrics framework that will assist staff in fulfilling and supporting better prioritization of staff activities to optimize staff engagement as well as DAC s evaluation of ongoing performance to enhance our communication to governance. DAC is in the process of implementing IDEA, which will enhance our ability to analyze data trends and identify patterns and anomalies while conducting a comprehensive analysis of transactional data. departments as our clients. Finally, we will continue to treat audits as a service and audited This will be accomplished by DAC performing more consulting engagements during FY14 to continuously add value to the University. [9]

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information