Auditing ADA-IT Compliance: How to Leverage Judgments from Other Institutions
|
|
- Elinor Wilkins
- 6 years ago
- Views:
Transcription
1 Auditing ADA-IT Compliance: How to Leverage Judgments from Other Institutions Presenter Deena King Director of Compliance Texas Woman s University Introduction TWU, You, and the Agenda 1
2 About Texas Woman s University The nation s largest university primarily for women Founded in 1901 Girls Industrial College Located in Denton, Texas Denton 12,868 Dallas 1,426 Houston 1,361 Total: 15,655 About Texas Woman s University Part and Full time Faculty/Staff: 1,328 Adding GA, Adjunct, Students: 2,200 (as of ) Undergraduate/Graduate: 66.5%/33.5% Women/Men (1972/1994): 87.5%/12.5% 2
3 Management Principle Seek first to understand, then to be understood. Stephen R. Covey The Seven Habits of Highly Effective People About You: Survey 1 How many of you are new to compliance audit? 2 How many of you are experienced with compliance audit? 3 How many of you just did not want to go to another session? 3
4 About You: Survey 1 Audit Committee? 2 Chief Audit Executive? 3 Director? 4 Manager? 5 Auditor/Sr. Auditor? About You: Survey In your organization Do you have an institutional ethics and compliance (E&C) program? Is E&C separate from internal audit? Is E&C combined with internal audit? 4
5 About You: Survey How many of you attended my session last year? If yes, be prepared for some repetition. Agenda Overview of the primary compliance activities/principles Three primary levels of internal controls Eight controls activities required by the federal guidelines Apply these principles to ADA Web Access How to leverage judgments Popular management principles 5
6 Compliance in Higher Ed Compliance is not new to higher education. Some universities have had institutional compliance programs for over 20 years. Compliance Activities and Principles The Framework 6
7 Management Principle Concentrate on building an organization building a ticking clock rather than telling time...take an architectural approach and concentrate on building organizational traits Jim Collins & Jerry Porras Built to Last, pp (paraphrased) Primary Compliance Activities and Principles Three levels of control IIA Lines of Defense Organizational Hierarchies COSO Integrated Framework Eight Effective Compliance Program control activities 7
8 Three Levels of Internal Control Control Objective: Verify there are internal controls in place at all three levels Board Governance Management Executives; Directors Managers; Front Line Performance/Operational IIA s Three Lines of Defense Control Objective: Verify there are internal controls in place at all three levels Management Board Operations 8
9 IIA s Three Lines of Defense U.S. Sentencing Guidelines (aka Federal Sentencing Guidelines or FSG) 9
10 U.S. Sentencing Guidelines (aka Federal Sentencing Guidelines or FSG) Three Levels of Internal Control Board: The organization s governing authority shall be knowledgeable and shall exercise reasonable oversight USSG 8B2.1.b.2.A (emphasis added) 10
11 Three Levels of Internal Control Management: High level personnel of the organization shall ensure that the organization has an effective compliance and ethics program. USSG 8B2.1.b.2.B (emphasis added) Three Levels of Internal Control Operational: Specific individual(s) within the organization shall be delegated day to day operational responsibility for the compliance and ethics program. USSG 8B2.1.b.2.C (emphasis added) 11
12 Three Levels of Internal Control and COSO COSO Cube Control Objective Verify there are internal controls in place at all levels U.S. Sentencing Guidelines (aka Federal Sentencing Guidelines or FSG) 12
13 U.S. Sentencing Guidelines (aka Federal Sentencing Guidelines or FSG) The Eight Control Activities at TWU 1 1. Identify Requirements/Assess Risk 2. Establish/ Modify Compliance Organization 3. Document Standards, Policies, and Procedures 4. Communicate Standards, Policies, and Procedures 5. Implement, Promote, and Enforce 6. Monitor, Audit, and Report 7. Continuous Improvement 8. Leadership/Campus Culture 1 Adapted from Compliance in One Page Used with permission. 13
14 Continuous Improvement Laws Regulations Regulators Identify Requirements/ Assess Risk Laws Regulations Regulators Monitor, Audit, and Report TWU Compliance Process: The Model 2 Leadership/ Campus Culture Establish/Modify Compliance Organization Document Standards, Policies, and Procedures Implement, Promote, and Enforce Communicate Standards, Policies, and Procedures Disclaimer: This model is provided as guidance only and can be modified to meet your needs. This document does not guarantee prevention of lawsuits, judgments, or fines and is not a substitute for the advice of an attorney. All information is provided without warranty, express, implied, or otherwise, including as to their legal effect and completeness. 2 Adapted from Compliance in One Page Used with permission. Workshop: The Eight Control Activities The Eight Control Activities 1. What should the Board be doing? 2. What should management be doing? 3. What should people on the front lines be doing? 14
15 Leveraging Judgments from Other Institutions Case Study: Miami Ohio ADA IT (Web Access) The Eight Control Activities at TWU 1 1. Identify Requirements/Assess Risk 2. Establish/ Modify Compliance Organization 3. Document Standards, Policies, and Procedures 4. Communicate Standards, Policies, and Procedures 5. Implement, Promote, and Enforce 6. Monitor, Audit, and Report 7. Continuous Improvement 8. Leadership/Campus Culture 1 Adapted from Compliance in One Page Used with permission. 15
16 Applying the Three Lines ADA-IT Web Access From Two Angles IIA Consulting (Implementation) and IIA Assurance (Operations) 16
17 Background January 2014 Background January
18 Background October 2016 ADA-IT Web Access Implementation: Leveraging Judgments as an Internal Audit Consultant 18
19 IIA Standards - Consulting Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. Consulting services generally involve two parties: (1) the person or group offering the advice the internal auditor, and (2) the person or group seeking and receiving the advice the engagement client. When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility. Internal Audit Consulting Engagement Organization s Assumption: We are not in full compliance and are setting up a team to get us there. 19
20 Initial Sources Compliance News, Blogs, s, Notifications Alternate Sources NACUA Resource Library Attorney Blogs SME Blogs 1a. Identify Requirements Primary Sources Consent Decrees NACUA Research 20
21 NACUA Research Legal and Regulatory Developments in Digital Accessibility, June 26 29, 2016, by Teresa L. Jakubowski o Laws and Regulations o Case Law o Settlements and OCR Resolution Agreements o Multiple lists of summary university agreements o Rulemaking NACUA Research No Speed Limit: Avoiding ADA Roadblocks and 504 Potholes, March 11 13, 2015, by Jeanne M. Kincaid o o o o o o o Accessibility Audit EIT Accessibility Policy and Procedures University Websites Procurement Library Course/Learning Management Systems Other Fantastic Comparison Table 21
22 Introduction p. 23 (PDF) Consent Decrees (i.e. Judgments) 22
23 Summary of Miami-Ohio Decree 18 categories 50 prescriptive tasks Applicable deadlines 2 months 6 months 18 months Entire timeline 2.5 years 1 1Expected to be fully compliant by the end of the academic year Internal Audit Consulting Engagement Recommendation: Someone convert the contents of the Consent Decree (and other research) into an Action Plan. 23
24 5Within six (6) months 9/12/2017 Sample Task Based on Consent Decree Done? (Yes/No/Partial) and Status Item # and Brief Description Details Who When* TWU Compliance Step B. Web Content Accessibility 21. Within six (6) months of the entry of this Consent Decree Miami will: B.21.a Requirements for new and redeveloped content a. Subject to Paragraph 22, infra, provide in conformance with the World Wide Web Consortium's ("W3C") Web Content Accessibility Guidelines ("WCAG") 2.0 AA all new (i.e., non existent until on or after entry of this Consent Decree) and redeveloped (i.e., existing before entry of this Consent Decree but substantially changed in terms of functionality or structure) web pages, web applications, and web content, created by Miami, on websites and subdomains used for Miami's academic divisions, academic departments, and administrative offices (listed at Exhibit A). Plain English, Please! 21.Within six (6) months of the entry of this Consent Decree Miami will: a. Subject to Paragraph 22 [videos and electronic documents], infra, provide in conformance with the World Wide Web Consortium's ("W3C") Web Content Accessibility Guidelines ("WCAG") 2.0 AA all new (i.e., non existent until on or after entry of this Consent Decree) and redeveloped (i.e., existing before entry of this Consent Decree but substantially changed in terms of functionality or structure) web pages, web applications, and web content, created by Miami, on websites and subdomains used for Miami's academic divisions, academic departments, and administrative offices (listed at Exhibit A). 24
25 1b. Assess Risk What do we currently have in place? Where are we strong? Where are we weak? Are we at risk of lawsuits/judgments? Where should we start? 2. Establish/Modify Compliance Organization Possible Team Composition ADA (HR and Student Life) IT Marketing/Communications Learning and Teaching with Technology Compliance Audit (IIA Consulting) 25
26 Steps Document Standards, Policies, and Procedures Have they designed an Action Plan based on what was learned in Step 1a? Much of what will happen in this step is creating procedures for operational personnel. 4. Communicate Standards, Policies, and Procedures Does the Plan have a communications component? Part of this is creating training for operational personnel. Steps Implement, Promote, and Enforce Are they executing the Plan? 6. Monitor, Audit, and Report Is someone monitoring execution of Plan? Reporting to Cabinet? Is audit provided exemplary internal controls guidance? 26
27 Steps Continuous Improvement Is there a process for making changes to the Plan as new issues emerge? 8. Leadership/Campus Culture Monitor behavior of leaders and culture during the process The Eight Control Activities at TWU 1 1. Identify Requirements/Assess Risk 2. Establish/ Modify Compliance Organization 3. Document Standards, Policies, and Procedures 4. Communicate Standards, Policies, and Procedures 5. Implement, Promote, and Enforce 6. Monitor, Audit, and Report 7. Continuous Improvement 8. Leadership/Campus Culture 1 Adapted from Compliance in One Page Used with permission. 27
28 ADA-IT Web Access Operations: Leveraging Judgments for an Assurance Engagement IIA Standards Assurance Assurance services involve the internal auditor s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters. The nature and scope of an assurance engagement are determined by the internal auditor. Generally, three parties are participants in assurance services: (1) the person or group directly involved the process owner, (2) the person or group making the assessment the internal auditor, and (3) the person or group using the assessment the user. 28
29 Internal Audit Assurance Engagement Organization s Assumption: We are pretty sure we are in full compliance and would like internal audit to provide some assurance. Three Lines Applied to ADA Web Access Operations 29
30 1a. Identify Requirements Same research, but with a different objective Audit for compliance Miami will comply with the requirements of Title II, the Title II regulation, and the requirements of this Decree. Existing program should contain a lot (but not necessarily all) of what was learned in Step 1a as discussed in Consulting above Allowance Made for Undue Burden Q.63 Requirements for asserting undue burden For any technology related requirement in this Decree for which the University asserts undue burden or fundamental alteration such assertion may only be made by: (a) the President of Miami or (b) an individual designated by the President and 30
31 1b. Assess Risk Assess risk of each item to set priorities Consider organizational constraints when required items are not in place Undue Burden Goal: Coverage Internal Audit Assurance Engagement Major Task: Convert of the Consent Decree (and other research) into an Audit Program. 31
32 Sample Test Using Consent Decree Test No: Objectives Met? Comments and Evidence Key Contact Additional Notes and Findings Audit Objective: Assess the state of the current internal compliance program. Identify gaps and make recommendations. B. Web Content Accessibility B.21.a Requirements for new and redeveloped content 21. Within six (6) months of the entry of this Consent Decree Miami will: a. Subject to Paragraph 22, infra, provide in conformance with the World Wide Web Consortium's ("W3C") Web Content Accessibility Guidelines ("WCAG") 2.0 AA all new (i.e., non existent until on or after entry of this Consent Decree) and redeveloped (i.e., existing before entry of this Consent Decree but substantially changed in terms of functionality or structure) web pages, web applications, and web content, created by Miami, on websites and subdomains used for Miami's academic divisions, academic departments, and administrative offices (listed at Exhibit A). Y/N, NA/P Workshop: Designing Audit Tests 1. Rephrase each item into a plain English control objective. 2. How would you test each control objective? 3. If this control objective is not in place, what would your audit recommendation be? 32
33 2. Establish Compliance Organization Student Disability Services University Accessibility Committee Accessible Technology Specialist Web Accessibility Coordinator Accessible Technology Coordinator Chair of Accessibility Committee 3. Document Standards, Policies, and Procedures Reasonable policies, practices, and procedures Procedures for timely access to accessible textbooks and course materials Accessible Technology Policy How to Make Web Content Accessible Technology Procurement Policy 33
34 4. Communicate Standards, Policies, and Procedures Communicate with students at least once a month Communicate with instructors at least twice a semester Train its personnel who are responsible for converting, or coordinating the third party conversion of, textbooks, workbooks, and course materials for students Accessible Technology Policy Training New hires Faculty, Admins, TAs, etc. Relevant personnel annually 5. Implement, Promote, and Enforce Write a plan to make pre existing web pages, web applications, and web content comply with WCAG 2.0 AA and complete it within 18 months. Cause such third party content, websites, or applications to conform with WCAG 2.0 AA. Make any web content relating to applications for admission or financial aid that Miami posts to its web pages or web applications conform to WCAG 2.0 AA. 34
35 6. Audit, Monitor, and Report Conduct a University wide Accessibility Audit of digital technologies. Miami will obtain an automated accessibility testing tool to evaluate conformance of its web pages and web applications. Provide a method by which visitors to Miami's websites can submit feedback on how accessibility can be improved. 7. Continuous Improvement Within one (1) month of conducting each automated accessibility test, Miami will bring into conformance with this Decree any nonconformance identified. Create an Accessibility Audit Corrective Action Plan that will address, in order of priority, the following findings of the University wide Accessibility Audit. By the conclusion of the academic year, Miami will remedy the findings of the University wide Accessibility Audit. 35
36 8. Leadership/Campus Culture Miami will comply with the requirements of Title II, the Title II regulation, and the requirements of this Decree. Miami must take appropriate steps to ensure that communications with individuals with disabilities are as effective as communications with others. 8. Leadership/Campus Culture Miami will comply with the requirements of Title II, the Title II regulation, and the requirements of this Decree. Miami must take appropriate steps to ensure that communications with individuals with disabilities are as effective as communications with others. 36
37 The Eight Control Activities at TWU 1 1. Identify Requirements/Assess Risk 2. Establish/ Modify Compliance Organization 3. Document Standards, Policies, and Procedures 4. Communicate Standards, Policies, and Procedures 5. Implement, Promote, and Enforce 6. Monitor, Audit, and Report 7. Continuous Improvement 8. Leadership/Campus Culture 1 Adapted from Compliance in One Page Used with permission. The Eight Control Activities at TWU 1 1. Identify Requirements/Assess Risk 2. Establish/ Modify Compliance Organization 3. Document Standards, Policies, and Procedures 4. Communicate Standards, Policies, and Procedures 5. Implement, Promote, and Enforce 6. Monitor, Audit, and Report 7. Continuous Improvement 8. Leadership/Campus Culture 1 Adapted from Compliance in One Page Used with permission. 37
38 Internal Audit Assurance Engagement Super Out of the Box: How could what we just discussed be converted to a self audit validation engagement? Management Principle they infused the entire process with the brutal facts of reality [when] you start with an honest and diligent effort to determine the truth of the situation, the right decisions often become self evident. Jim Collins Good to Great, pp
39 Management Principle Synergy [and the] Principles of Creative Cooperation. Stephen R. Covey The Seven Habits of Highly Effective People TWU s Draft Action Plan Compliance Forms and Documents Miami Ohio University ADA IT Decree Draft Action Plan 39
40 Summary Summary Reviewed the primary compliance activities/principles Three primary levels of internal controls Eight controls activities required by the federal guidelines Applied these principles to ADA Web Access Leveraging as an internal controls consultant Leveraging during an audit assurance engagement Popular management principles 40
41 Questions (If Time Allows)?? Thank you!! Auditing ADA-IT Compliance: How to Leverage Judgments from Other Institutions Presenter Deena King Director of Compliance Texas Woman s University dking16@twu.edu 41
Compliance Program Full Self-Assessment Draft1
Page 1 of 18 Departmental Contract Office of Research and Sponsored Programs Administrator: Rene Paulson Welcome, dking16@twu.edu Hosting Account Balance Start: 01/11/2016 Questions: Unlimited End: 09/05/2016
More informationTexas Woman s University University Compliance Program. TWU Office of Compliance. June 22, Version: 1.1
Texas Woman s University University Compliance Program TWU Office of Compliance June 22, 2016 Version: 1.1 For more information please contact: Deena King, MS, MEd, CISA, CCEP Director of Compliance Texas
More informationDexia Group Audit Charter
January 2013 Dexia Group Audit Charter The present Charter states the fundamental principles governing the internal audit function in the Dexia Group, describing its objectives, its role, responsibilities
More informationIAASB Main Agenda (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1
Agenda Item 3-A Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Objectives of the IAASB Discussion The objective of this agenda item are to: (a) Present initial background
More informationThe Red (Book) Rocks The Latest and Greatest Audit Standards
The Red (Book) Rocks The Latest and Greatest Audit Standards Presenter Toni Stephens Chief Audit Executive The University of Texas at Dallas Insert Logo Here Course Objectives Explain the development of
More informationCOMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University
COMPLIANCE AT LARGER INSTITUTIONS November 11 13, 2009 Robert F. Roach Chief Compliance Officer New York University I. Introduction - What is Compliance? We re Watching You! In a University setting, the
More informationGOVERNMENT OF YUKON POLICY 1.13 GENERAL ADMINISTRATION MANUAL
GOVERNMENT OF YUKON POLICY 1.13 GENERAL ADMINISTRATION MANUAL VOLUME 1: CORPORATE POLICIES - GENERAL TITLE: GOVERNMENT INTERNAL AUDIT SERVICES (GIAS) EFFECTIVE: 16-04-01 1.0 INTRODUCTORY PROVISIONS 1.1
More informationSIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure
SIAAB Guidance #02 Internal Audit Independence- Interaction with Agency Head, Senior Staff and Placement Within the Organizational Structure SIAAB Interpretation Adopted July 9, 2013 Revised In Accordance
More informationCGIAR System Management Board Audit and Risk Committee Terms of Reference
Approved (Decision SMB/M4/DP4): 17 December 2016 CGIAR System Management Board Audit and Risk Committee Terms of Reference A. Purpose 1. The purpose of the Audit and Risk Committee ( ARC ) of the System
More informationSA 230 Audit Documentation SA 300 Planning an Audit of FS
ICAI YMEC & AASB Hosted by WIRC of ICAI Workshop on Auditing Standards SA 230 Audit Documentation SA 300 Planning an Audit of FS 22 nd November 2014 Disclaimer These are my personal views and can not be
More informationFinancial Reporting Council BDO LLP AUDIT QUALITY INSPECTION
Financial Reporting Council BDO LLP AUDIT QUALITY INSPECTION JUNE 2017 The Financial Reporting Council (FRC) is the UK s independent regulator responsible for promoting high quality corporate governance
More informationMoving to the AS9100:2016 series. Transition Guide
Moving to the AS9100:2016 series Transition Guide AS9100-series - Quality Management Systems for Aviation, Space and Defense - Transition Guide Successful aviation, space and defense businesses understand
More informationCOSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions
COSO 2013 What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions Today s Presenter Jonathan Reiss is a Director in Protiviti s New York office in the Internal Audit Practice.
More informationSee your auditor clearly. Transparency report: How we perform quality audit engagements
See your auditor clearly. Transparency report: How we perform quality audit engagements February 2014 Table of contents 1) A message from the CEO and Managing Partner Assurance 2 2) Quality control policies
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Establishing an Effective Anti-Fraud, Compliance, and Ethics Function 2018 Association of Certified Fraud Examiners, Inc. Discussion
More informationIAASB CAG Public Session (March 2016) Agenda Item. Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1
Agenda Item C.1 Initial Discussion on the IAASB s Future Project Related to ISA 315 (Revised) 1 Objectives of the IAASB CAG Discussion The objective of this agenda item are to: (a) Present initial background
More information2012 IIA Standards Update
2012 IIA Standards Update International Internal Audit Standards Board (IIASB) October 2012 1 Session Overview Why the Standards matter Standards-setting due process The key changes in 2012 Best practices
More informationUniversity of Nebraska Central Administration Job Description
University of Nebraska Central Administration Job Description General Information Working Job Title: SAP Systems and Compliance Lead Position Number: 776 Employee s Name: SAP Personnel #: Job Family: Information
More informationValue-Added Internal Audit: Myth or Reality?
Value-Added Internal Audit: Myth or Reality? Istanbul 12 November 2013 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA Polling question #1 For how long
More informationCompliance and Enforcement under the AODA
Compliance and Enforcement under the AODA Background With the enactment of the Accessibility for Ontarians with Disabilities Act (AODA), Ontario became the first jurisdiction to mandate accessibility reporting
More informationIndependent Validation of the Internal Auditing Self-Assessment
Minnesota State Colleges & Universities Office of Internal Auditing Independent Validation of the Internal Auditing Self-Assessment Final Report March 7, 2007 Reference Number: 2007-03-004 INDEPENDENT
More informationImplementation Guides
Implementation Guides Implementation Guides assist internal auditors in applying the Definition of Internal Auditing, the Code of Ethics, and the Standards and promoting good practices. Implementation
More informationINSTANT EXECUTIVE BRIEFING. FLSA Self-Audit: Exempt vs. Nonexempt. Compensation & Benefits SPECIALIST BLSA
INSTANT EXECUTIVE BRIEFING FLSA Self-Audit: Exempt vs. Nonexempt HR SPECIALIST Compensation & Benefits BLSA Contents DOL stops issuing opinion letters...................... 2 Audit: Test your compliance...........................
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationAUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance
AUDIT COMMITTEE REPORTING: TRENDS & BEST PRACTICES Timothy Etoori Head of Internal Audit UGAFODE Microfinance The Internal Auditors Workshop Institute of Certified Public Accountants of Uganda 1 2 February,
More informationMeeting Stakeholder Expectations for Assurance: Internal Audit s Role in a Group Effort
Meeting Stakeholder Expectations for Assurance: Internal Audit s Role in a Group Effort Urton Anderson The University of Texas at Austin 1 2 Agenda The IA Value Proposition The Demand for Assurance Assurance
More informationRogers Centre and the Toronto Blue Jays Multi-Year Accessibility Plan
Rogers Centre and the Toronto Blue Jays Multi-Year Accessibility Plan Updated September Contents 1 Statement of Commitment to Accessibility... 3 2 Introduction... 4 3 Report on Measures to Identify, Remove
More informationStatement on February 2014 Auditing Standards 128. Using the Work of Internal Auditors
Statement on February 2014 Auditing Standards 128 Issued by the Auditing Standards Board Using the Work of Internal Auditors (Supersedes Statement on Auditing Standards [SAS] No. 65, The Auditor's Consideration
More informationChapter 10 Crown Corporation Governance
Crown Corporation Governance Contents Background............................................................. 123 Scope................................................................... 124 Results in
More informationMonash University Procedure. Research Outputs Data Collection Procedures. Research Outputs Data Collection Policy
Procedure Title Parent Policy Date Effective Review Date Procedure Owner Category Research Outputs Data Collection Procedures Research Outputs Data Collection Policy 05-June-2013 05-June-2016 Academic
More informationUsing a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness
Using a Compliance Program Assessment to Elevate Institutional Compliance Effectiveness Kevin Robinson Associate Vice President, Office of Audit, Compliance & Privacy Auburn University Michael Somich Executive
More informationCHARTER OF THE BOARD OF DIRECTORS
SUN LIFE FINANCIAL INC. CHARTER OF THE BOARD OF DIRECTORS This Charter sets out: 1. The duties and responsibilities of the Board of Directors (the Board ); 2. The position description for Directors; 3.
More informationBakersfield College Program Review Annual Update 2017
Program Name: Human Resources Bakersfield College Program Review Annual Update 2017 Program Type: Instructional Student Affairs Administrative Service Other Bakersfield College Mission: Bakersfield College
More informationMulti-Year Accessibility Plan
Multi-Year Accessibility Plan 2013 2015 Accessibility for Ontarians with Disabilities Act (AODA), 2005 Ontario Regulation 191/11 Integrated Accessibility Standards Introduction In 2005, the government
More informationLos Angeles Community College District
Operation & User Manual Los Angeles Community College District Evaluation Alert System (EASY) Operation & User Manual Prepared by: Revision 3.0 Andy Duran TABLE OF CONTENTS EVALUATION ALERT SYSTEM (EASY)...1
More informationPolicy and Procedures Date: November 5, 2017
Virginia Polytechnic Institute and State University No. 3350 Rev.: 8 Policy and Procedures Date: November 5, 2017 Subject: Charter for the Office of Audit, Risk, and Compliance 1. Purpose... 1 2. Policy...
More informationExternal Quality Assessment of the Internal Audit Activity at. County of Orange. April County of Orange Final Report: June 13,
Eternal Quality Assessment of the Internal Audit Activity at County of Orange April 2017 County of Orange Final Report: June 13, 2017 1 EXECUTIVE SUMMARY... 3 OPINION AS TO CONFORMANCE... 3 PART I MATTERS
More informationQuality Assurance and Improvement Program
Internal Audit Foundations Standards 1000, 1010, 1100, 1110, 1111, 1120, 1130, 1300, 1310, 1320, 1321, 1322, 2000, 2040 There is an Internal Audit Charter in place Internal Audit Charter is in place The
More informationCompliance Monitoring and Enforcement Program Implementation Plan. Version 1.7
Compliance Monitoring and Enforcement Program Table of Contents TABLE OF CONTENTS NERC Compliance Monitoring and Enforcement Program... 1 Introduction... 2 NERC Compliance Monitoring and Enforcement Program
More informationThe Three Lines of Defense Model: A framework for risk management and internal control. Office of the Inspector General Internal Audit services
The Three Lines of Defense Model: A framework for risk management and internal control Author: Daniel Ramirez León Date: December 2016 The Three Lines of Defense Model - A framework for risk management
More informationPerformance Appraisal Process Review
Performance Appraisal Process Review Feedback Summary and Recommendations Submitted on Behalf of the Ad Hoc Performance Appraisal Committee June 24, 2013 Background In the fall of 2012 the Department of
More informationChapter 3. The meaning and. importance of auditor independence
Chapter 3 The meaning and importance of auditor independence Learning objectives To explain importance of auditor independence and practical implications for auditor in meeting demands of audit role. To
More informationInternal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)
Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Assessor 1: Assessor 2: Date: Date: Legend: Generally
More informationInternal Controls: Need Them, Have Them, Love Them
Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial
More informationAnthony M. Tocco CCEP, CIA, CFE Chief Compliance Officer DTE Energy
Anthony M. Tocco CCEP, CIA, CFE Chief Compliance Officer DTE Energy Define a Performance Assessment Governance Planning the Assessment Selecting the Assessor Common Assessment Practices Rating Scales Communication
More informationBakersfield College Program Review Annual Update 2015
Bakersfield College Program Review Annual Update 2015 I. Program Information: Program Name: Human Resources Program Type: Instructional Student Affairs Administrative Service Bakersfield College Mission:
More informationThe University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office
www.pwc.com The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office July 9, 2014 Mr. Dick Dawson Chief Audit Executive The University of Texas
More informationAssessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive
Assessment of the Design Effectiveness of Entity Level Controls Office of the Chief Audit Executive February 2017 Cette publication est également disponible en français. This publication is available in
More informationRegulations of the Audit, Risk & Sustainability Committee (It also conducts the Function of Related Party Transactions Committee)
Regulations of the Audit, Risk & Sustainability Committee (It also conducts the Function of Related Party Transactions Committee) Approved by the Board of Directors on 20 April 2017 1. FORMATION 1.1 The
More informationDIAMOND OFFSHORE DRILLING, INC. Corporate Governance Guidelines
Revised 19 October 2009 DIAMOND OFFSHORE DRILLING, INC. Corporate Governance Guidelines Introduction The following Corporate Governance Guidelines ( Guidelines ) have been adopted by the Board of Directors
More informationFLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06
FLORIDA STATE UNIVERSITY Office of Inspector General Services Report #17-06 Self-Assessment with External Independent Validation May 9, 2017 Sam McCall, PhD, CPA, CGMA, CGFM, CIA, CGAP, CIG, Chief Audit
More informationOffice of Compliance, Risk and Ethics Program Report. January 2016 December 2016
Office of Compliance, Risk and Ethics Program Report January 2016 December 2016 Table of Contents Table of Contents Executive Summary... 2 Higher Education Trends in Compliance and Risk Management... 4
More informationTERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS 1. Purpose An Audit Committee (hereinafter called the Committee ) of the Board of Directors (hereinafter called the Board ) of the Business
More informationSOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER
SOUTHWEST AIRLINES CO. AUDIT COMMITTEE CHARTER The Audit Committee of the Board of Directors of Southwest Airlines Co. shall consist of at least three directors, each of whom shall meet the independence
More informationAB. OUR ISO CONFORMANCE AUDIT QUESTIONNAIRES 8. ASSESS HOW WELL YOU CONFORM TO ISO S REMEDIAL REQUIREMENTS
8.1 PLANNING REQUIREMENTS 1 Do you plan monitoring, measurement, and analytical processes? 2 Do you plan how monitoring will be used to ensure conformity and effectiveness? 3 Do you plan how it will be
More informationConducting an Audit Committee Self-Evaluation: Guidelines and Questions
Conducting an Audit Committee Self-Evaluation: Guidelines and Questions Purpose of This Tool. Audit committees should consider conducting a comprehensive selfevaluation on an annual basis. This can be
More informationMoving from ISO 14001:2004 to ISO 14001:2015 Transition Guide
ISO Revisions Final Standard Moving from ISO 14001:2004 to ISO 14001:2015 Transition Guide ISO 14001 - Environmental Management System - Transition Guide Successful businesses understand that it is the
More informationBLOOMSBURG UNIVERSITY Bloomsburg, Pennsylvania DEPARTMENT OF MANAGEMENT COLLEGE OF BUSINESS - INTERNSHIP GUIDELINES
1 STATEMENT OF OBJECTIVE The University's definition is: BLOOMSBURG UNIVERSITY Bloomsburg, Pennsylvania 17815 DEPARTMENT OF MANAGEMENT COLLEGE OF BUSINESS - INTERNSHIP GUIDELINES "An internship is an educational
More informationFRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY
FRONTERA ENERGY CORPORATION CORPORATE GOVERNANCE POLICY Frontera Energy Corporation, including all of its subsidiaries (as such term is defined in the Code of Business Conduct and Ethics) and Fundación
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More informationImplementation Guide 1312
Implementation Guide 1312 Standard 1312 External Assessments External assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the
More informationProfessional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised)
IFAC Board Final Pronouncement December 2014 International Education Standard (IES ) 8 Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised) This document
More informationINTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS
INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and
More informationAudit and Risk Assurance Committee Effectiveness Checklist
vember 2017 Audit and Risk Assurance Committee Effectiveness Checklist Introduction 1 Audit and Risk Assurance Committees play a crucial role in supporting the effective governance of central government
More informationDEPARTMENT OF BUSINESS AND ADMINISTRATION
DEPARTMENT OF BUSINESS AND ADMINISTRATION BBA INTERNSHIP PROGRAM CHECKLIST Deadlines to apply for internship program: August 1 st for fall semester December 1 st for spring semester May 1 st for summer
More informationTITLE 21 - AUDIT. Chapter 01. Audit Committee Chair... 2
TITLE 21 - AUDIT Chapter 01. Audit Committee Chair... 2 Sec. 21.01.001 Purpose... 2 Sec. 21.01.002 Authority... 2 Sec. 21.01.003 Membership... 2 Sec. 21.01.004 Meetings... 3 Sec. 21.01.005 Responsibilities
More informationImplementation Guide 2050
Implementation Guide 2050 Standard 2050 Coordination and Reliance The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external
More informationMott Community College Job Description
Title: Department: Human Resources Office (HRO) Employee Group & Grade: Exempt, 11 Reports To: Associate Vice President (AVP) Date Prepared/Revised: November 17, 2004/December 11, 2017 Purpose, Scope &
More informationRISK AND AUDIT COMMITTEE TERMS OF REFERENCE
RISK AND AUDIT COMMITTEE TERMS OF REFERENCE Brief description Defines the Terms of Reference for the Risk and Audit Committee. BHP Billiton Limited & BHP Billiton Plc BHP Billiton Limited & BHP Billiton
More informationInternal Audit Report. Toll Operations Contract Management TxDOT Office of Internal Audit
Internal Audit Report Toll Operations Contract Management TxDOT Office of Internal Audit Objective To determine whether the Toll Operations Division (TOD) contract management structure is designed and
More informationBenchmarking 101: Shaping your E&C Program for Maximum Value
Benchmarking 101: Shaping your E&C Program for Maximum Value Presented on November 15, 2016 Copyright 2016NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented by Mary Bennett Vice President, Advisory Services,
More informationPOLICY FRAMEWORK. Contents
POLICY FRAMEWORK Document ID Related Documents Policy Framework Policy Template Date 4 November 2016 Date of Next Review 4 November 2018 Authorised by Director of Accreditation, Compliance and Quality
More informationLambton College AODA Multiyear Plan
Lambton College 2012 2021 AODA Multiyear Plan The Accessibility for Ontarians with Disabilities Act, 2005 The Accessibility for Ontarians with Disabilities Act (AODA) was established to achieve a barrier-free
More informationGuidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Audit Committee March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance Audit Committee (the Guidance Note )
More informationFormat and organization of GAGAS Auditor preparation of financials is a significant threat to independence 3 party arrangements in government State
The Yellow Book = GAGAS GAGAS = Generally Accepted Government Auditing Standards Overlay of Generally Accepted Auditing Standards (GAAS) issued by the Auditing Standards Board GAGAS contains the framework
More informationDraft Faculty Mentoring
Draft Faculty Mentoring This draft document begins the conversation of how to tailor a mentoring program for our college by offering two methods along a spectrum of possible vehicles for implementation
More information10-B Service organizations ISAE 3402 Significant issues
IAASB Main Agenda (September 2007) Page 2007 2877 Agenda Item 10-B Service organizations ISAE 3402 Significant issues A. The Framework and ISAE 3000 A.1 The Assurance Framework and ISAE 3000 lay the foundations
More informationJames Cook University. Internal Audit Protocol
James Cook University Internal Audit Protocol Table of Contents A. Introduction 2 B. Management Consultation during the Annual Internal Audit Planning Process 2 C. Support Provided to QAO/External Auditor
More informationContinuing Professional Development (CPD) Requirements for New Zealand Licensed Auditors
Policy and guidance Continuing Professional Development (CPD) Requirements for New Zealand Licensed Auditors (Effective 1 July 2016) CONTENTS 1 CPD Policy for New Zealand licensed auditors... 3 1.1 Introduction...
More informationPractice Advisory : Quality Assurance and Improvement Program
Practice Advisory 1300-1: Quality Assurance and Improvement Program Primary Related Standard 1300: Quality Assurance and Improvement Program The chief audit executive must develop and maintain a quality
More informationCan the public sector deliver a zero tolerance approach to corruption risk?
Can the public sector deliver a zero tolerance approach to corruption risk? Australian Public Sector Anti-Corruption Conference November 2017 Disclaimer The presentation and accompanying slide pack are
More informationMcGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
McGraw-Hill/Irwin Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 03 Engagement Planning "Vision without action is a daydream. Action without vision is a nightmare. Japanese
More informationJACOBS ENGINEERING GROUP INC. CORPORATE GOVERNANCE GUIDELINES
JACOBS ENGINEERING GROUP INC. CORPORATE GOVERNANCE GUIDELINES Role of the Board of Directors The primary responsibilities of the Board of Directors of the Company (the Board ) are oversight, counseling
More information2014 BOARD OF DIRECTORS SELF-ASSESSMENT MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC.
2014 BOARD OF DIRECTORS SELF-ASSESSMENT MIDCONTINENT INDEPENDENT SYSTEM OPERATOR, INC. In order to assess the performance of the MISO Board of Directors in carrying out its responsibilities, the Board
More informationGuide to Ethical Use of Social Media for Texas Lawyers. Zach Wolfe.
I. Introduction www.fiveminutelaw.com First, the bad news. The Texas Disciplinary Rules of Professional Conduct that apply to use of social media are poorly written, ambiguous, byzantine, and potentially
More informationChina Southern Airlines Company Limited Terms of Reference of Audit and Risk Management Committee
China Southern Airlines Company Limited Terms of Reference of Audit and Risk Management Committee Chapter 1 General Provisions Article 1 In order to ensure the sustainable, regular and healthy development
More informationHF GROUP LIMITED BOARD CHARTER
The primary objective of the Group's Board Charter is to set out the responsibilities of the Board of Directors ("the Board") of HF Group and its subsidiaries. The Board of the Parent Company, HF Group,
More informationAdministrative Exemption
Federal Guidelines Administrative Exemption To qualify for the administrative employee exemption, all of the following tests must be met: - The employee must be compensated on a salary or fee basis (as
More informationPosition Description Cover Sheet
Position Description Cover Sheet In order to make an objective and accurate evaluation of a position, it is very important that the position description (PD) contain specific data. Therefore, please provide
More informationIFIAR: International Forum of Independent Audit Regulators
IFIAR: International Forum of Independent Audit Regulators Marjolein Doblado, IFIAR SCWG Chair International Auditing and Assurance Standards Board Consultative Advisory Group Meeting Paris, 8 March 2016
More informationTABLE OF CONTENTS 1.0 INTRODUCTION...
Advisory Circular Subject: Quality Assurance Programs Issuing Office: Civil Aviation, Standards Document No.: AC QUA-001 File Classification No.: Z 5000-34 Issue No.: 01 RDIMS No.: 9376810-V14 Effective
More informationReview of agreed-upon procedures engagements questionnaire
Review of agreed-upon procedures engagements questionnaire Review code Reviewer Review date Introduction Standards on Related Services (ASRSs) detail the responsibilities of an assurance practitioner,
More informationREVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION
January 9, 2015 Secretariat of the Basel Committee on Banking Supervision Bank for International Settlements CH-4002 Basel, Switzerland Submitted via http://www.bis.org/bcbs/commentupload.htm REVISED CORPORATE
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationLegal Responsibilities for BHS System Board Members. G. Dan Neel Director-Saluda BHS
Legal Responsibilities for BHS System Board G. Dan Neel Director-Saluda BHS What is your role as a Board Member? All BHS organizations are legal entities All are governed by Boards of Directors or Advisory
More informationAPPLICATION for SCRIPPS HEALTH EMERGING LEADER PROGRAM
PROGRAM GUIDELINES AND CRITERIA PROGRAM OBJECTIVE: The objective of the Scripps Health Emerging Leader Program is to give non-managerial staff an understanding of the role, challenges and skills required
More informationCOSO Internal Control Integrated Framework Proposed Update
COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes
More information1. Definition & Mission
1. Definition & Mission 1.1 Internal Auditing is an independent, objective assurance and consulting activity that is guided by a philosophy of adding value to improve the operations of. 1.2 Group Internal
More informationFREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING
FREQUENTLY ASKED QUESTIONS ABOUT INTERNAL CONTROL OVER FINANCIAL REPORTING Nature and Timing of the Reporting Requirement When must registrants begin to report on internal control over financial reporting?
More informationQuality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation
Quality Management System Guidance ISO 9001:2015 Clause-by-clause Interpretation Table of Contents 1 INTRODUCTION... 4 1.1 IMPLEMENTATION & DEVELOPMENT... 5 1.2 MANAGING THE CHANGE... 5 1.3 TOP MANAGEMENT
More information