Physician Assistant Program



Similar documents
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Rehabilitation Report No

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Public Affairs & Security Studies Report No.

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Criminal Justice Report No

Department of Environmental Health & Safety

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Office of Alumni Relations Report No

VETERANS SERVICES CENTER

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES LAPTOP ENCRYPTION. Report No

Server Management-Scans & Patches

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Records and Information Management Report No.

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES PHYSICAL SECURITY. Report No

INTERNAL CONTROL QUESTIONNAIRE OFFICE OF INTERNAL AUDIT UNIVERSITY OF THE VIRGIN ISLANDS

October 21, Ms. Joan A. Cusack Chairwoman NYS Crime Victims Board 845 Central Avenue, Room 107 Albany, New York

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

The University of Texas at Brownsville. FY 2013 Audit of Laptops Encryption

Community Ambulance Service District

Internal Control Guide & Resources

Manager Control Self-Assessment Certification

Community Ambulance Service District

PROCUREMENT CARD AUDIT ANALYTICAL REVIEWS OCTOBER 14, 2013

Division of Insurance Internal Control Questionnaire For the period July 1, 2013 through June 30, 2014

Oklahoma Workers Compensation Commission

. Health MEMORANDUM. Rex M. McCallum, MD Vice President & Chief Physician Executive, Faculty Group Practice TO:

AUDIT OF THE HUMAN RESOURCES PROCESS

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, CPA, CIA AUDITOR GENERAL DATA SECURITY USING MOBILE DEVICES PERFORMANCE AUDIT OF

Internal Audit Information Technology Equipment

Report on Practice Acquisition Process- Integrated Audit # and

July 30, Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the Institutional Audit Committee:

May 2007 Report No

FOLLOW-UP OF HUMAN RESOURCES DEPARTMENT PAYROLL REPORT NO F. City of Albuquerque Office of Internal Audit and Investigations

University of Colorado Health Sciences Center Administrative Policy for Faculty Compensation

Report of independent certified public accountants in accordance with Government Auditing Standards and Circular A-133 State of Hawaii, Department of

Overall Conclusion. Summary of Significant Results. Patient Billings and Collections at the Family Medicine Clinic

Environmental Services Solid Waste Management Division Audit Report

Human Resources Departmental Summary FY 2012 Department Budget $ 1,193, Number of Employees 17

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

Sharon Kurek, CPA, CFE Director of Internal Audit

FASHION INSTITUTE OF TECHNOLOGY SELECTED FINANCIAL MANAGEMENT PRACTICES. Report 2006-S-71 OFFICE OF THE NEW YORK STATE COMPTROLLER

Northeast Higher Education District Itasca Community College

RESPONSE Department Audits

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL 400 MARYLAND AVENUE, S.W. WASHINGTON, DC

Larry Laine, Deputy Land Commissioner and Chief Clerk. Annual Report on the Internal Audit Quality Assurance and Improvement Program

AUDIT AND FINANCE COMMITTEE Wednesday, February 25, 2009

Reportable Conditions:

Office of the Chief Internal Auditor. Audit Report. Lap Top Inventory Audit

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Network Security Management Phases 1 and 2 Follow up Report

Weaknesses in the Smithsonian Tropical Research Institute s Financial Management Require Prompt Attention

FY 2015 Internal Audit Annual Report

July 6, Mr. Michael L. Joseph Chairman of the Board Roswell Park Cancer Institute Elm & Carlton Streets Buffalo, NY 14263

DIXON MONTESSORI CHARTER SCHOOL FISCAL CONTROL POLICY

An Overview. August 2007 Internal Control - An Overview 1

O L A. Department of Employee Relations Department of Finance SEMA4 Information Technology Audit OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA

April 17, ROBERT N. WEINREB, M.D. Chair Department of Ophthalmology 0946

May 2011 Report No An Audit Report on Substance Abuse Program Contract Monitoring at the Department of State Health Services

Inventory Control Internal Audit

Austin Fire Department Worker Safety Audit

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

AUDIT OF PURCHASING/CASH DISBURSEMENTS/ ACCOUNTS PAYABLE

MANAGEMENT AUDIT REPORT ACCOUNTS PAYABLE

Office of the Auditor General Performance Audit Report. Clarety Office of Retirement Services Department of Technology, Management, and Budget

Audit Report. Division of Mental Health and Developmental Services Substance Abuse Prevention and Treatment Agency

Agenda Item: 7.6 Prepared by: Mark Majek, Kathy Thomas, Deborah Bell, Tamara Cowen and Jaye Stepp Meeting Date: October 2014

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

AUDIT REPORT PERFORMANCE AUDIT OF COMPUTER EQUIPMENT INVENTORY DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET. February 2014

CREDIT CARDS CALIFORNIA STATE UNIVERSITY, EAST BAY. Audit Report June 28, 2013

Payroll Process Final Audit Report Report Nr. 13/12 August 30, 2012

TAMPA CONVENTION CENTER SERVICE CONTRACTS AUDIT MARCH 14, 2013

City of Berkeley. Prepared by:

OFFICE OF THE CITY AUDITOR

Internal Control Guidelines

AUDIT REPORT Audit of Controls over GPO s Fleet Credit Card Program. September 28, 2012

Social Services Contract Monitoring Audit

FOLLOW-UP OF COMPUTER EQUIPMENT TRACKING CONTROLS AND PROCEDURES REPORT NO F

State of Louisiana Budget Planning and the AFR audit

SUBSIDIARY LEDGER MANAGEMENT AND INTERNAL CONTROLS

The Commonwealth of Massachusetts

1. The records have been created, sent or received in connection with the compilation.

Financial Management Information System Centralized Operations

UCLA Policy 360: Internal Control Guidelines for Campus Departments

Audit of Controls over Government Travel Cards FINAL AUDIT REPORT

How To Check If The University Has A Computer System That Is Full Or Full Of Memory Cards

Audit of Financial Reporting Controls

How To Prevent Fraud On A Credit Card

OPERATIONAL AUDIT OKLAHOMA BOARD OF LICENSED ALCOHOL AND DRUG COUNSELORS FOR THE PERIOD JULY 1, 2006 THROUGH JUNE 30, 2008

Woodward County Emergency Medical Service District

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY2015

TEXAS ACADEMY OF PHYSICIAN ASSISTANTS

Finance and Accounting Control, Record Keeping and Reporting Services

CITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR. Follow-Up Audit of Finance Department. San Antonio eprocurement System (SAePS) Controls

UF IT Risk Assessment Standard

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

Audit of Management of the Government Purchase Card Program, Number A-13-04

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE

UNITED STATES GOVERNMENT. Summary of the Status of the Library s Fixed Asset Control System

WHO SHOULD READ THIS POLICY

Chapter 9 The Study of Internal Control and Assessment of Control Risk

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

An Audit Report on Selected Management Controls at Certified Non-Profit Health Corporations. December 1998

Arizona State Real Estate Department

Transcription:

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Physician Assistant Program Report No. 14-12

OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive Edinburg, Texas 78539-2999 Office (956) 665-2110 June 9, 2014 Dr. Robert S. Nelsen, President The University of Texas-Pan American 1201 W. University Drive Edinburg, TX 78539 Dear Dr. Nelsen, As part of our fiscal year 2014 Audit Plan, we completed a departmental audit of the Physician Assistant Program. The objective of the audit was to evaluate the adequacy and effectiveness of the Physician Assistant Program s system of internal controls with an emphasis on financial and administrative controls. The specific internal control areas we focused on included the control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring and information technology. Our scope encompassed activity from FY 2013 (September 1, 2012 through August 31, 2013). We performed audit procedures that included completion of an internal control questionnaire; interviews with staff; testing controls related to compliance with University policies and procedures; and performing substantive testing, on a sample basis, related to proper approvals of expenditures; time reporting; assets management; and segregation of duties. Overall, we concluded that the Physician Assistant Program had established a moderate system of financial and administrative internal controls in the areas evaluated. We identified areas where improvements to internal controls are necessary, and management will take corrective action. The detailed report is attached for your review. We appreciate the courtesy and cooperation received from management and staff during our audit. Sincerely, Eloy R. Alaniz, Jr., CPA, CIA, CISA Executive Director of Audits, Compliance & Consulting Services

The University of Texas Pan American Physician Assistant Program Table of Contents EXECUTIVE SUMMARY 1 BACKGROUND 2 AUDIT OBJECTIVE 2 AUDIT SCOPE AND METHODOLOGY 2 AUDIT RESULTS 3 CONCLUSION 9

EXECUTIVE SUMMARY The mission of the (department) is to provide an advanced education to physician assistant students who are capable of rendering preventive and primary health care to the multicultural population of South Texas. The physician assistant program promotes the importance of lifelong learning and ongoing self-evaluation in its students. The department was part of a cooperative with the University of Texas Medical Branch at Galveston (UTMB) from 1994-1999. In 1999 the program was transferred to UTPA, and the director of the program under UTMB became the interim director for the department. In 2009 he was assigned as an associate clinical professor, and the chair/program director. The objective of the audit was to evaluate the adequacy and effectiveness of the department s system of internal controls with an emphasis on financial and administrative controls. The specific internal control areas we focused on included the control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring, and information technology. Our scope encompassed activity from September 1, 2012 through August 31, 2013. The audit was conducted in accordance with guidelines set forth in The University of Texas System s Policy 129 and the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing. Overall, the department established a moderate system of financial and administrative internal controls. We observed the following: The department did not have a risk assessment; Not all required training and nepotism certifications were completed; Employee sick and vacation leave did not agree to support documentation; Lack of monitoring for personal laptops and unencrypted portable storage devices; The department used unencrypted portable storage devices. No sensitive or confidential information was found on the tested devices. 1

BACKGROUND Physician Assistants (PAs) practice medicine under the supervision of physicians and surgeons. PAs are formally trained to provide diagnostic, therapeutic, and preventive health care services as delegated by a physician. Working as members of a health care team, they take medical histories, examine and treat patients, order and interpret laboratory tests, and make diagnoses. Many PAs work in primary care specialties, such as general internal medicine, pediatrics, and family medicine. The UTPA physician assistant department matriculates 50 students each year. The program is 28 months in length. In the fall 2013 semester the program had 150 students and graduated 50 during the December 2013 graduation. The chair was responsible for 12 project accounts that had financial activity during FY 2013. The following table summarizes account activity as of August 31, 2013. Project Account Budget Encumbrances Actual Funds Available 140PASP00 $900,363 $4,343 $895,830 $190 185PASP00 $54,000 $0 $54,000 $0 185PASP02 $312,733 $325 $306,097 $6,311 21PASP000 $48,802 $1,793 $33,913 $13,096 24PASP000 $6,044 $0 ($1,575) $7,619 24PASP001 $2,701 $0 $1,128 $1,573 41PASP012 $1,320,000 $0 $440,000 $880,000 41PASP014 $12,201 $0 $8,160 $4,041 41PASP015 $104,982 $3,097 $67,134 $34,751 41PASP016 $650,000 $0 $635,000 $15,000 41PASP017 $18,000 $0 $10,500 $7,500 41PASP018 $609,635 $0 $0 $609,635 Totals $4,039,461 $9,558 $2,450,187 $1,579,716 AUDIT OBJECTIVE The objective of the audit was to evaluate the adequacy and effectiveness of the department s system of internal controls with an emphasis on financial and administrative controls. AUDIT SCOPE & METHODOLOGY We evaluated the department s internal controls related to a control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring, and information technology. Our scope included activity from FY2013 (September 1, 2012 through August 31, 2013). To accomplish the audit objective, we: 2

Interviewed the chair and discussed an internal control questionnaire to obtain an understanding of the department s operations and related internal controls. Interviewed department employees for additional input on internal controls. Determined whether the department established a control conscious environment, whether goals and objectives had been developed, and whether a risk assessment and implementation plan had been developed. Determined whether account reconciliations had been performed and approved on a timely basis and whether segregation of duties existed. Examined operating and financial information for reliability. Tested a sample of expenditures and examined supporting documentation for proper approval and authorization. Reviewed employee leave and tested timecards for proper approval and authorization. Performed property inventory testing for the existence of selected assets, and determined whether selected assets were properly recorded on the University s assets management system. Reviewed information security controls for portable drives. Verified the department s compliance with University policies and procedures. The audit was conducted in accordance with guidelines set forth in The University of Texas System s Policy UTS 129 Internal Audit Activities and the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing. The audit was conducted during the months of October 2013 through May 2014. AUDIT RESULTS Control Conscious Environment A control conscious environment encompasses technical competence and ethical commitment, and is necessary for the establishment of effective internal controls. To establish an adequate control conscious environment, a department should have goals and objectives, a mission statement, a risk assessment and implementation plan, and a policies and procedures manual. These items should be reviewed regularly and updated as needed. Additionally, adequate training should be provided, performance evaluations should be conducted regularly, and any conflicts of interest should be identified and addressed. Based on testing, we found that the department established a moderate control conscious environment. We tested 20 employees for completion of annual trainings and nepotism certification. Additionally, we tested five (5) employees to determine whether an annual performance evaluation had been performed. The results of our tests are as follows: 3

7 out of 20 (35%) employees tested did not complete their sexual harassment training; 4 out of 20 (20%) employees tested did not complete their annual standards of conduct training; 2 out of 20 (10%) employees tested did not complete their information security training; 13 out of 20 (65%) employees tested did not complete their annual nepotism certification; 5 out of 5 (100%) employees tested completed a performance evaluation. We found that the department developed a policies and procedures manual to help guide employees in their daily operations. While the department had developed a Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis, they had not completed a risk assessment. Recommendation: 1. As part of our audit procedures, we identified areas of risk and assessed its impact and probability of occurrence and produced a risk assessment. The chair should utilize this document along with the SWOT analysis as a starting point towards developing a department risk assessment. This risk assessment should be evaluated annually and an action plan should be developed to mitigate high risks. Management Response: 1. The department will develop a risk assessment and action plan using material provided by the auditor. The risk assessment will be evaluated on an annual basis. The assistant program director is assigned responsibility for this task and will be overseen by the department chair. Implementation Date: July 1, 2014 Recommendation: 2. A new tool called the Supervisor Accountability Report was made available for management to utilize beginning in June of 2011. The report is issued frequently and lists all employees who are out of compliance with their required trainings. The chair should utilize the Supervisor Accountability Report to ensure that all employees are up to date with required trainings. Management Response: 4

2. The chair will utilize the Supervisor Accountability report to ensure that all employees are up to date with required training. The chair will establish December of each academic year as the deadline for all faculty and staff to complete training. An email to all faculty and staff will be sent out in early October to remind department employees to complete training before December 15 th. Faculty will also be reminded during faculty meetings held in October and November. The chair will meet with employees who have not completed the training. New staff and faculty will be required to complete the trainings within 45 days of their date of hire. Additionally, an agenda item will be assigned to the department s administrative assistant. Implementation Date: October 1, 2014 Approval & Authorization Adequately established approval and authorization controls help to ensure that expenditures are allowable and appropriate. During the audit period, the department chair was account manager for 12 project accounts, with the administrative assistant listed as the project reviewer and the assistant program director as alternate approver. We reviewed operating, travel, and payroll expenditures to test for compliance with University procedures. We tested a sample of expenditures in each category and examined supporting documentation for proper approval, accuracy, and whether the expenditures were reasonable. The department did not have a procurement card. Operating and Travel Expenditures We judgmentally selected a sample of 25 operating and 10 travel transactions representing 56% and 28% of the total dollar value of the populations, respectively. The expenditures were properly approved, appropriate, and supported with adequate documentation. No exceptions were noted. Payroll and Employee Leave We judgmentally selected nine (9) employees and selected one (1) month to test payroll accuracy. We verified that the employees compensation agreed with their memorandum of employment, and we determined that the payroll for employees tested was accurate. We also evaluated the process for leave taken by employees, reconciliations of leave reports to the official university timecards, and determined whether timecards were properly approved. The department uses a Leave Approval Request form to document employee leave. We tested three (3) employees vacation and sick leave for the months of November and December 2012. Based 5

on our employee leave test, we determined that all employee timecards were approved by their supervisor; however, we identified several discrepancies between the University timecards and the support documentation provided. In 5 out of 9 (56%) instances, the department was unable to provide the Leave Approval Request form to support the absences reported on the employees timecards. According to HOP section: 7.6.3 Annual Vacation Leave and HOP section: 7.6.4 Sick Leave, the supervisor is responsible for reviewing and approving annual vacation leave requests, maintaining accurate records of employees use of annual vacation leave, maintaining accurate records of employee sick leave, and verifying monthly timecards for accuracy. Therefore, we concluded that controls over maintaining employee leave documentation to support timecards was inadequate. Recommendation: 3. The chair should ensure that all employee leave is supported by the Leave Approval Request form. Additionally, the chair should ensure that all employee leave documents are maintained in accordance with the Texas State Records Retention Schedule, which states that these documents must be retained for a period of four (4) years. Management Response: 3. The chair will ensure that all employee leave is supported by the Leave Approval Request form. The department s administrative assistant will be responsible for monitoring all leave requests and submitting a monthly report to the chair, as well as ensuring the documentation is retained in the department files in accordance with the Texas State Records Retention Schedule. Implementation Date: June 1, 2014 Segregation of Duties Adequate segregation of duties should be maintained between the individuals who authorize transactions, record transactions, and who have custody of assets. We reviewed areas such as 6

revenues and funds handling, purchases, timecards, and statement of account reconciliations to evaluate segregation of duties. The chair had signature/approval authority over the department s accounts, including account reconciliations, purchases, and timecards. The department s accounts were set up with separate individuals listed as the project manager, project reviewer, and alternate approver. The department s administrative assistant maintained accounting records and was responsible for preparing the account reconciliations. Account reconciliations were reviewed and approved by the chair, and we determined that the department did not handle cash. We found that adequate controls over segregation of duties for the areas evaluated were in place and functioning as intended. Safeguarding of Assets Tangible assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposal. We performed property inventory testing to determine the existence of assets and whether assets were properly recorded in the Oracle Fixed Assets system. We judgmentally selected a sample of 15 assets with a historical cost greater than $1,300 from the department s inventory records and verified their existence. In addition, we selected three (3) assets within the department and verified that they were accurately recorded in inventory records. Based on our inventory testing, we determined that the department s inventory was complete and accurate. Monitoring In accordance to the Handbook of Operating Procedure Section 8.6.4: Fiscal Accountability Policy, project managers are responsible for providing assurance for the accuracy of their accounts by certifying that the account has been reconciled for the fiscal year and that all reconciling items have been satisfactorily resolved. Without adequate monitoring of project account reconciliations, items that require attention may go unnoticed. Additionally, monitoring of personal equipment (e.g. laptops, tablets, portable storage devices, etc.) should be conducted to ensure that proper safeguards are in place to prevent loss of mission critical data. The department had a total of 12 project accounts. We reviewed two (2) months of account reconciliations for the DOE/FS Physician Assistance Program account 140PASP00 and determined that account reconciliations were accurately completed and reviewed timely. We inquired as to whether the department maintains information on employees that use personal laptops and unencrypted portable storage devices to conduct University business and found that the department did not have a procedure in place for monitoring such equipment. All laptops issued by the University, as well as any personally owned computers used to conduct University 7

business must be encrypted. Employees are responsible for contacting the Office of Privacy and Security about their use of personally owned laptops to conduct University business. They should encrypt their laptops on their own using the software provided by the University or request assistance from the University s Help Desk. Recommendation: 4. The chair should develop a procedure to identify individuals who utilize personal equipment to conduct University business, specifically, which individuals utilize unencrypted portable storage devices and personal laptops, as well as the type of information stored on them. The chair should notify the Office of Privacy and Security about the use of these personally owned laptops, if any. Management Response: 4. The chair will develop a procedure to ensure individuals will not utilize personal equipment to conduct University business. Faculty utilize department issued encrypted laptops. The department does not encourage or allow personal laptops for business related activities. All faculty attended the information technology sensitive data session provided by the Office of Privacy and Security. Implementation Date: May 28, 2014 Information Technology Adequately established information technology controls help to protect sensitive information entrusted to the department. These controls include limited access to the University s computer systems and restricting downloads of sensitive information. Another control is encryption software on equipment storing sensitive information. Ensuring employees have appropriate levels of system access helps prevent loss of vital University data and also prevents other abuses of the system. We reviewed a sample of employee access levels for Oracle and verified that these employees received appropriate access given their job responsibilities. We determined that all employees tested were granted the appropriate level of access to Oracle. In addition, we inquired whether the department used portable storage devices such as external hard drives or thumb drives. We found that the department chair knew employees were using unencrypted portable storage devices; however, the department was not keeping track of which employees were using such devices or what type of information was being stored on them (see 8

section on monitoring). We tested four (4) unencrypted flash drives and found that none of the devices stored sensitive data. Department employees were provided encrypted portable storage devices from the University s Office of Privacy and Security. Recommendation: 5. The chair should notify all employees that they should cease using unencrypted storage devices and only use University issued encrypted portable storage devices. Management Response: 5. The chair will notify all employees that they should cease using unencrypted storage devices and only use University issued encrypted portable storage devices. Faculty have been issued encrypted flash drives for use to transport sensitive data. The department does not support the use of personal flash drives that may store sensitive data. The chair will issue a memo to all employees of the department reminding them of the University and department policy on securing sensitive information, compliance training in this area and encourage all employees to use only encrypted drives to store sensitive date. Implementation Date: June 1, 2014 CONCLUSION Overall, the department established a moderate system of financial and administrative internal controls. We identified opportunities to improve the department s internal controls related to conducting a risk assessment, ensuring that employees complete their required annual training, and nepotism certifications. In addition, opportunities exist for improved controls related to maintaining employee leave documentation, as well as monitoring employees personally owned devices and the use of unencrypted portable devices to conduct University business. Isabel Benavides CIA, CGAP, CFE Director, Audits and Consulting Services Khalil Abdullah, CIA, CGAP Internal Auditor I 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information