Internal Audit Annual Report Fiscal Year 2015

Transcription

1 Internal Audit Annual Report Fiscal Year 2015 Office of Internal Audit 800 West Campbell Rd., SPN 32 Richardson, TX

2 October 22, 2015 Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the Institutional Audit Committee: We are pleased to submit the annual report of the Office of Internal Audit for the fiscal year ended August 31, This report is required by the Texas Internal Auditing Act and provides information on the assurance services, consulting services, and other activities of the internal audit function. During fiscal year 2015, we issued 35 reports related to audits, consulting reviews, and investigations. We believe the work of our office has enhanced university operations and provided value to management with recommendations relating to governance, risk management, and control processes at the University of Texas at Dallas. If you have any questions about the contents of this report, please do not hesitate to contact me. Respectfully submitted, Toni Stephens, CPA, CIA, CRMA Institutional Chief Audit Executive, UT System at UT Dallas Report Distribution: State Auditor s Office Governor s Office of Budget, Planning, and Policy Legislative Budget Board Sunset Advisory Commission Members of the UT Dallas Audit Committee UT System Office of the Executive Vice Chancellor for Academic Affairs UT System Staff Attorney UT System Audit Office 2

3 TABLE OF CONTENTS Purpose of the Internal Audit Annual Report... 4 I. Compliance with House Bill 16 (Texas Government Code, Section ): Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit Information on Internet Web Site... 5 II. Compliance with the Benefits Proportionality Audit Requirements for Higher Education Institutions... 5 III. Internal Audit Plan for Fiscal Year IV. Consulting Services and Nonaudit Services V. External Quality Assurance Review VI. Internal Audit Plan for Fiscal Year VII. External Audit Services Procured in Fiscal Year VIII. Reporting Suspected Fraud and Abuse IX. Office of Internal Audit Internal Audit Staff Organization Chart

4 PURPOSE OF THE INTERNAL AUDIT ANNUAL REPORT The purpose of this annual report is to provide information on the assurance services, consulting services, and other activities of the internal audit function. In addition, the annual internal audit report assists oversight agencies in their planning and coordination efforts. The Texas Internal Auditing Act, Texas Government Code, Chapter 2102, requires that an annual report on internal audit activity be filed by November 1st of each year and submitted to the Governor, the Legislative Budget Board, the Sunset Advisory Commission, the State Auditor s Office (SAO), and the entities governing boards and chief executives. The SAO prescribes the form and content of the report. The annual report was prepared using the guidelines provided by the Texas State Auditor s Office. In addition to the minimum requirements, we also included other information we felt was important to the internal audit operations during fiscal year (FY) Additional information regarding the UT Dallas Office of Internal Audit can be found at the following website: 4

5 I. COMPLIANCE WITH HOUSE BILL 16: POSTING THE INTERNAL AUDIT PLAN, INTERNAL AUDIT ANNUAL REPORT, AND OTHER AUDIT INFORMATION ON INTERNET WEB SITE In accordance with House Bill 16, the UT Dallas Office of Internal Audit has posted its Fiscal Year 2015 Internal Audit Annual Report and the approved Fiscal Year 2016 Audit Plan at the following web site: II. COMPLIANCE WITH THE BENEFITS PROPORTIONALITY AUDIT REQUIREMENTS FOR HIGHER EDUCATION INSTITUTIONS Rider 8, page III-39, the General Appropriations Act (84 th Legislature, Conference Committee Report), requires that higher education institutions conduct an internal audit during fiscal year 2016 of benefits proportional by fund, using a methodology prescribed by the State Auditor s Office. The rider requires that the audit examine appropriation years (AY) 2012 through 2014, and be completed no later than August 31, To comply with Rider 8, a benefits proportionality audit is included in the UT Dallas FY 2016 annual audit plan. An internal audit of the proportionality of higher education benefits process was conducted during FY 2015 at the request of the Governor. The scope of the audit included benefits funding proportionality for appropriation year (AY) Audit procedures were consistent with the methodology prescribed by the State Auditor s Office to comply with Rider 8, and included review of source information obtained from the internal accounting system and the State s Uniform Statewide Accounting System (USAS), review of the benefits proportionality reporting process, validation of the accuracy of information and proportional funding calculations reported to the State Comptroller on the Benefits Proportionality by Fund Report (APS 011), and testing to verify eligibility of employee benefits paid with appropriated funds. Because AY 2013 was included in the prior year audit, the benefits proportionality audit conducted during FY 2016 will include only AY 2012 and AY The results of the AY 2013 audit will be included in the resulting audit report, with a statement certifying that the procedures followed were consistent with the methodology prescribed by the State Auditor s Office. 5

6 III. INTERNAL AUDIT PLAN FOR FISCAL YEAR 2015 The University of Texas at Dallas (UTD) fiscal year 2015 Audit Plan is a description of the internal audit activities that were planned to be completed by the UTD Office of Internal Audit during fiscal year Our overall objective was to develop a standardized audit plan which addressed the highest risks within UTD, consistent with the Internal Audit Charter and UTD s Strategic Plan. The Plan complied with the Texas Internal Auditing Act (Texas Government Code 2102), The University of Texas (UT) System Policy UTS129, Internal Audit Activities, The Institute of Internal Auditors' (IIA) International Standards for the Professional Practice of Internal Auditing, Government Auditing Standards, and specific instructions from The UT System Audit Office. The information on the following pages contains the Internal Audit Plan for FY 2015, including the status of the plan at October 30, FY 2015 Audit Plan Engagement Report Title Report No. Report Date Status at 10/30/15 Financial FY 2014 Financial Statement Audit Annual Financial Report R /25/2014 FY 2014 Financial Statement Audit Assistance to Deloitte FY 2015 Interim Financial Statement Audit Work Institutional Data Reporting Deleted Journal Entry and Interdepartmental Journal Entry and Interdepartmental Transfer Process Transfer Process R /20/2015 Receivables Receivables R1601 9/8/2015 Comments Audit Committee approval to delete due to external audit of Formula Funding (3rd Quarter FY15 ) 6

7 FY 2015 Audit Plan Engagement Operational Career Center Enrollment Management Gifts Hiring and Compensation Report Title Report No. Report Date Status at 10/30/15 Deleted Carried Forward to FY 16 Carried Forward to FY 16 - In Process Comments Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Audit Committee approval to delete due to external audit of Formula Funding (3rd Quarter FY15) Client requested delay due to new systems - Audit Committee approved at 3rd Quarter FY 16 meeting. Carried forward to FY 16 Intercollegiate Athletics Athletics and NCAA Compliance R1520 8/31/2015 Combined with NCAA audit International Study Abroad Programs Education Abroad Investigation Memo 7/13/2015 Investigation Naveen Jindal School of Management Carried Forward to FY 16 - In Process Audit Committee approval to delay 3rd Quarter FY15 - carried forward to FY 16 Policy and Procedures Governance In Process In process and plan to issue report November 2015 President's Travel and Entertainment (assistance to UT System) Scholarships School of Engineering and Computer Science Student Housing Technology Commercialization Tuition & Fees Callier Center for Communication Disorders Cash Handling/Treasury Management In Process In Process Carried Forward to FY 16 Caller Center for Communication Disorders R /10/2014 Center for Brain Health Center for Brain Health R1517 7/20/2015 Executive Education Executive Education R1518 7/30/2015 Executive Travel & Entertainment Executive Travel and Entertainment R1510 3/4/2015 Meals & Catering Construction Management Review - Work Order System Work Order System R1515 5/1/2015 UT System requested only minimal assistance - no hours charged Awaiting management's responses to report recommendations. Audit report to be issued November 2015 In process and plan to issue report November 2015 In process and plan to issue report November 2015 Audit Committee approval to delay 3rd Quarter FY15 - carried forward to FY 16 Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Bioengineering Change in Leadership Bioengineering R /18/2014 ISSO Change in Leadership Audit International Programs R /14/2014 VP Diversity & Community Engagement Change in Leadership Audit VP for Diversity and Community Engagement R1513 4/21/2015 7

8 FY 2015 Audit Plan Engagement Compliance Report Title Report Date Comments Benefits Funding Proportionality Benefits Proportionality by Fund R /26/2015 Contract and Grants Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Executive Travel and Entertainment Executive Travel and Entertainment R1510 3/4/2015 Combined with R1510 Export Controls Export Controls R1602 9/9/2015 Financial Aid Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Lena Callier Trust Lena Callier Trust for the Hard of Hearing and the Deaf R1511 4/6/2015 Implementation) One Card Implementation Memo 8/28/2015 Consulting Review Records Retention Combined with audit of Business Continuity Planning (IT audits) Endowments & Gifts Endowment Compliance R1512 4/21/2015 Human Subjects (Greenphire Implementation) Greenphire ClinCard Implementation Memo 8/26/2015 Consulting Review Lab Safety Lab Safety R1516 5/28/2015 NCAA Compliance/Athletics Athletics and NCAA Compliance R1520 8/31/2015 Follow-up of Prior Audit Time & Effort Follow-up Recommendations R1519 8/6/2015 Information Technology TAC 202 Emergency Management & Records Retention VPN (Virtual Private Network) IT Roadmap, Strategic Planning, and Funding Wireless Networking Physical Access Controls Management Deleted Deleted Deleted Databases pp y Carried Forward to FY 16 Review Comet Card Application Security R1514 4/22/2015 UT Dallas Marketplace Monitoring TeamMate, IDEA, and Website IT Meetings and Consulting Confidential Data Report No. Status at 10/30/15 In Process and plan to issue report November 2015 and plan to issue report November 2015 Audit Committee approval 3rd Quarter to delete due to new CIO initiatives and future purchase of VPN. To be reconsidered at later date. Audit Committee approval 3rd Quarter to delete due to new CIO initiatives and reorganization. To be reconsidered at later date. Audit Committee approval 3rd Quarter to delete due to new CIO initiatives and reorganization. To be reconsidered at later date. Awaiting management's responses to report recommendations. Audit report to be issued November 2015 Audit Committee approval 3rd Quarter to carry forward to FY 16 due to new CIO initiatives. In process and plan to issue report November 2015 N/A - not an audit N/A - not an audit N/A - not an audit Confidential Data Management and Data Loss Prevention Memo 9/15/2015 Consulting Review Data Centers Data Centers R1509 1/29/2015 elearning elearning R /6/2015 PeopleSoft Roles PeopleSoft Access Controls Memo 8/27/2015 Consulting Review Unix In Process In process and plan to issue report November 2015 Vulnerability Scanning Vulnerability Scanning Process R /3/2014 OnBase OnBase R1501 9/12/2014 8

9 FY 2015 Audit Plan Engagement Follow Up Report Title Report Date Comments Quarter 1 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Quarter 2 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Quarter 3 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Quarter 4 Follow-up of Prior Audit Recommendations R1519 8/6/2015 FY 14 Follow-up Follow-up of Prior Audit Recommendations R1519 8/6/2015 Projects Annual Internal Audit Report FY 2014 Internal Audit Annual Report N/A 10/31/2014 Auditors N/A - not an audit Audit Committee N/A - not an audit Executive Management and Leadership of the IA Department N/A - not an audit and Awareness N/A - not an audit FY 2016 Audit Plan Fiscal Year 2016 Audit Plan N/A 8/21/2015 Hotline Team Participation N/A - not an audit Internal Audit Staff Meetings N/A - not an audit IT and Audit Manager Leadership N/A - not an audit Institutional Committee Participation N/A - not an audit Participations N/A - not an audit Participation on Quality Assurance Reviews for Other Audit Departments Participated on peer review at University of Virginia Program N/A - not an audit Training y and Assistance g to UT Dallas N/A - not an audit Projects N/A - not an audit UT System Reporting N/A - not an audit Reserves Change in Management Audits Investigations Reserve for Requests and Consulting Services Report No. Status at 10/30/15 Internal Audit completed three change in management audits during FY Internal Audit completed 10 investigations during FY Two remain in process. Internal Audit completed five consulting reviews during FY

10 IV. CONSULTING SERVICES AND NON-AUDIT SERVICES COMPLETED Report Date* Title of Report Objectives Observations, Results and Recommendations 8/11/15 Risks of Procurement Fraud Consulting Review Review requested by executive management to address risks of fraud in procurement. Internal Audit provided information regarding potential fraud schemes that could occur if adequate internal controls were not in place, a list of audits that had been performed in procurement areas of high risk, and ways for management to mitigate the various 8/26/15 UT Dallas Retiree Association 8/26/15 Greenphire ClinCard Implementation 8/27/15 PeopleSoft Access Controls 8/28/15 One Card Implementation Review of the UT Dallas Retiree Association, required every five years based on their operating guidelines. Review the current status of implementation of the ClinCard system. Review over PeopleSoft access controls. Review of the status of implementation of One Card (purchasing card) and PeopleSoft Travel and Expense Module. *Consulting and non-audit services were not issued report numbers fraud risks in procurement. Association revenues and expenses appeared to be materially accurate and supported by appropriate documentation. Recommendations included updating procedures, designating a responsible party for administering the program, developing a close-out process, defining user access, ensuring tax compliance, ensuring separation of duties and reconciliation process. Will follow up on recommendations during a complete audit of Research Subject Payments, proposed for 1 st Quarter FY 17. Recommendations included ways to enhance access and developing a role privilege catalog. Recommendations will be followed up during FY 2016 as CIO implements organizational and process changes. Recommendations included updating the risk management plan, enhancing monitoring procedures, and adapting the project plan due to delays. Will conduct full audit and follow up on recommendations from this review during planned audit in 4 th Quarter of FY

11 V. EXTERNAL QUALITY ASSURANCE REVIEW An external quality assessment was performed during fiscal year Such reviews are required every three years by the Texas Internal Auditing Act and every five years by the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing (Standards). The results of the assessment are indicated below. An action plan to address the recommendations included in the report has been prepared and is in process. 11

12 12

13 13

14 14

15 VI. INTERNAL AUDIT PLAN FOR FISCAL YEAR 2016 The FY 2016 approved audit plan is shown on pages As required per the State Auditor s Office guidelines: The audit entitled Purchasing addresses the contract management and other requirements of Senate Bill 20 (84 th Legislature). The audit entitled Budget Process may address expenditure transfers, capital budget controls, or any other limitations or restrictions in the General Appropriations Act. A list of risks ranked as high that were identified but had another form of assurance work as well as a description of the risk assessment methodology is included after the plan. A brief description of the risk assessment methodology used to develop the plan, including consideration of risks applicable to information technology, is included after the plan on page

16 Financial Audits and Projects FY 2016 Audit Plan Engagements Assistance to Deloitte - FY 15 Fieldwork Assistance to Deloitte - FY 16 Interim Financial Statement Certifications (UTS 142) Consulting Review: Data Warehouse Reporting Reserve for FY 15 carryforward audits: Journal Entries/IDT Process Receivables Original Budget Operational Audits and Projects Financial Subtotal School of ATEC (School of Arts, Technology, & Emerging Communication) Honors College Executive Travel and Entertainment Assistance to UT System for President's Travel & Entertainment Audit Naveen Jindal School of Management Academic Advising Health Center Technology Commercialization One Card Outside Contractors Gifts, including Raiser's Edge Purchasing Research Hiring & Compensation Faculty Start-ups Budget Process Reserve for FY 15 carryforward audits: Cash Management Career Center Policy and Procedures Governance Scholarships School of Engineering and Computer Science Student Housing Meal Plans Tuition & Fees Operational Subtotal 4,

17 Compliance Audits and Projects FY 2016 Audit Plan Engagements Confucius Institute Lena Callier Trust OMB Uniform Guidance Benefits Proportionality Funding External Audit Assistance Minors on Campus International Travel Reserve for FY 15 carryforward audits Contracts and Grants Export Controls Financial Aid - Pell Grants Information Technology Audits and Projects Compliance Subtotal 1, Networking Consulting: Financial Aid Data Analysis - Eligibility PCI (Payment Card Industry) Compliance HIPAA Security Consulting: Staffing Data Analysis Databases IT Consulting and Participation Reserve for FY 15 carryforward audits Unix TAC 202 Business Continuity Planning & Emergency Management Physical Access Controls Management UT Dallas Marketplace Follow Up Original Budget Information Technology Subtotal 2, Quarter Quarter Quarter Quarter Follow Up Subtotal

18 FY 2016 Audit Plan Engagements Original Budget Development - Operations FY 2017 Audit Plan Internal Audit Committee Internal Audit Annual Report Participation on Institutional Committees Internal Quality Assurance and Improvement Program Reporting Requests Hotline Team Participation Executive Management and Leadership of the Internal Audit Department Manager Leadership Software Development and Maintenance Training Provided by Internal Audit to Other Departments Internal Audit Staff Meetings Development - Operations Subtotal 1, Development - Initiatives and Education Participation in System Initiatives Institutional Strategic or Quality Initiatives Participation in Professional Organizations/Associations Participation in Quality Assurance Reviews for Other Organizations Professional writing, publications, external presentations CPE Training CPE Travel Development - Initiatives and Education Subtotal 1, Reserve Investigations Special Requests 1, Reserve Subtotal 1, Total Budgeted Hours 13, Note: At the September 15, 2015 Institutional Audit Committee meeting, the Audit Committee approved the addition of the Texas Higher Education Coordinating Board (THECB) Facilities Audit to the FY 2016 Audit Plan. 18

19 RISK ASSESSMENT METHODOLOGY The UT Dallas 2016 Audit Plan outlines the internal audit activities that will be performed by Internal Audit during FY 2016 in accordance with responsibilities established by the UT System, the Texas Internal Auditing Act, the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing, and Generally Accepted Government Auditing Standards. The plan is prepared using a risk-based approach to ensure that areas and activities specific to UT Dallas with the greatest risk are identified for consideration to be audited. As part of the FY 2016 Audit Plan process, the UT System Audit Office executed a pilot risk assessment internally developed over the last year. The goals for this common risk assessment approach were to start at the top with an awareness of critical initiatives and objectives to ensure the risks assessed were the most relevant. The assessment process was standardized by creating common terms and criteria, enabling trending of risk and Systemwide comparisons. An emphasis was placed on collaboration with other functions that assess, handle, or manage risk. Information Technology risks represent a broad, high-risk category in our risk assessment and include specific information technology risks related to Title 1, Texas Administrative Code (TAC), Chapter 202, Information Security Standards. An audit of TAC 202 compliance was conducted in FY 2015, and the report will be issued in November The risk assessment approach was based on a top-down process that included conversations and requests for input with risk collaborators, executives, and managers from the various operating areas on campus. UT System will continue to develop and strengthen this process in the upcoming years. The graphic on page 20 depicts how broad areas of risk scored within UT Dallas. Risk factors evaluated are likelihood, vulnerability, and impact to the achievement of an objective. Larger circles represent more critical or high risks in an area. Dark red represents the highest risks, while green represents the lowest risks. 19

20 20

21 The following is a list of additional areas ranked as a high risk that we have identified but not included in the fiscal year 2016 audit plan with and explanation of risk mitigations. Risk Area Campus Growth Management Updated Strategic Plan Campus Safety and Security Business Continuity Planning / Disaster Recovery Student Housing Enrollment Management Financial Aid UT System Shared Services Mobile Devices Lab Safety Export Controls Title IX & EEO Campus Construction Risk Mitigation/Explanation Executive management monitoring; planned for FY 2017 SACS/COCS Review planned for FY 2017; new President to address Compliance Office inspection of Emergency Management planned for FY FY 2015 Audits (Business Continuity Planning and TAC 202) FY 2015 Audit of Student Housing Executive management monitoring; planned for FY 2017 FY 2015 Audits of Pell Grants and Scholarships Reliance on UT System Audit; participation on the UT Dallas Transition to Shared Services team FY 2015 UT System Audit FY 2015 Internal Audit FY 2015 Internal Audit New compliance program at UT Dallas planning audit FY 2017 as Compliance Office assists in developing their compliance program. Reliance on UT System Audit since most large construction projects handled at that level; THECB Facilities Audit, covering construction projects, was added to FY 2016 Audit Plan VII. EXTERNAL AUDIT SERVICES PROCURED IN FISCAL YEAR 2015 The following external audit services were procured or were ongoing in fiscal year These services include, but are not limited to, financial and performance audits and attestation engagements such as a review or an agreed-upon-procedures engagement. Deloitte - Cancer Prevention Research Institute of Texas (CPRIT) audit. The audit was performed to audit UT Dallas compliance with the types of compliance requirements specific to CPRIT grants. 21

22 VIII. REPORTING SUSPECTED FRAUD AND ABUSE The following actions were taken by The University of Texas at Dallas to implement the requirements of: FRAUD REPORTING Section 7.09, Fraud Reporting, General Appropriations Act (84 th Legislature, Conference Committee Report), Article IX A state agency or institution of higher education appropriated funds by this Act, shall use appropriated funds to assist with the detection and reporting of fraud involving state funds as follows: (a) By providing information on the home page of the entity's website on how to report suspected fraud, waste, and abuse involving state resources directly to the State Auditor's Office. This shall include, at a minimum, the State Auditor's Office fraud hotline information and a link to the State Auditor's Office website for fraud reporting; and (b) By including in the agency or institution's policies information on how to report suspected fraud involving state funds to the State Auditor's Office. The following actions have been taken by UT Dallas to ensure compliance with the fraud reporting requirements: UT Dallas has a link for fraud reporting under Required Links at the University s home page, which provides information about reporting fraud, waste and abuse to the State Auditor s office. UT Dallas has a hotline for reporting suspected noncompliance, ethics violations, and fraud at The Office of Internal Audit has a website for fraud at UT Dallas complies with this in conjunction with the UT System Policy UTS118, Statement of Operating Policy Pertaining to Dishonest or Fraudulent Activities, located at 22

23 COORDINATION OF INVESTIGATIONS Texas Government Code, Section , Coordination of Investigations a) If the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the state auditor. The state auditor may investigate the report or may monitor any investigation conducted by the department or entity. b) The state auditor, in consultation with state agencies and institutions, shall prescribe the form, content, and timing of a report required by this section. c) All records of a communication by or to the state auditor relating to a report to the state auditor under Subsection (a) are audit working papers of the state auditor. The following actions have been taken by UT Dallas to ensure compliance with the Coordination of Investigations requirements: UT Dallas reports such activities to the State Auditor s Office via their website at: sao.fraud.state.tx.us/hotline.aspx. The UT System Audit Office requires reporting of fraud The UT Dallas Office of Internal Audit Policies and Procedures Manual, Chapter 5, Investigations, also references this section to ensure compliance. IX. OFFICE OF INTERNAL AUDIT In alignment with UTD s overall mission, goals, and objectives, the mission of the Office of Internal Audit is: To provide an independent, objective assurance and consulting activity designed to add value and improve the University s operations. To help the University accomplish its mission in learning, research and public service by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. For more information about the Office, please see Internal Audit s website at This site gives links to audit information including our charter, services offered, audit reports and plans, fraud, the audit committee, and staff information. 23

24 INTERNAL AUDIT STAFF Staff Size: The organization chart, shown on page 25, consists of the organization structure as of October Staff Experiences and Certifications: The internal audit staff consists of highly qualified and skilled audit professionals with certifications including Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE) Certificate in Risk Management and Assurance (CRMA), and GIAC Systems and Network Auditor (GSNA). A complete list of internal audit qualifications can be found at Training: Internal Audit staff received an average of over 60 hours of continuing professional education during fiscal year Key areas of training included emerging audit issues, risk assessment, information systems auditing, fraud, compliance, and ethics. Most of the training was received by participating in conferences, seminars, and webinars offered by the Association of College and University Auditors (ACUA), the Dallas Chapter of the Institute of Internal Auditors (IIA), the Texas Association of College and University Auditors (TACUA), the Institute of Internal Auditors, the SANS Institute, and the Association of Certified Fraud Examiners (ACFE). Contributions to the Profession: Members of the staff contributed to the profession in numerous ways: The Chief Audit Executive (CAE) participated on the Association of College and University Auditors (ACUA) Faculty and served as the Chair of the Volunteer Appreciation Committee. The CAE served as a member of the Internal Auditing Education Partnership Program advisory board at the UT Dallas Naveen Jindal School of Management. The audit staff works with and mentors student interns in the Internal Auditing Education Partnership (IAEP) program as they participate in various audit projects as student auditors during the year. During fiscal year 2014, Internal Audit worked with 13 student interns. The CAE spoke at various professional conferences on topics such as risk assessment, human subjects, and dealing with difficult people; and to students in the IAEP class on risk assessment and audit planning. The CAE participated in a peer review of an institution of higher education. Staff members participated in various professional associations on committees such as the technology committee for the Dallas Chapter of the IIA and volunteered for conferences such as the Dallas Chapter of the IIA s Fraud Conference and the Super Conference. 24

25 ORGANIZATION CHART 25