Office of Internal Auditing

Transcription

1 Office of Internal Auditing

2 CONTENTS Executive Summary... 4 Introduction... 5 Personnel/Proficiency/Professional Development... 6 Resources - Allocation... 7 FY19 Goals and a Vision for the Road Ahead... 8 FY18 Project Details... 9 Outstanding Issues & Follow Up UNF Ethics Hotline & Investigations Quality Assurance & Improvement Mandatory Disclosures... 13

3 EXECUTIVE SUMMARY The Office of Internal Auditing s (OIA) activities for the year are summarized as follows. Special thanks to the President s Office and the Board of Trustees Audit and Compliance Committee for their support of our department. Projects Issued five (5) internal audit reports. Completed one (1) consulting project. Completed two (2) investigations. Launched an internal controls departmental self-assessment and best business practices training. Follow Up to External Reports OIA began follow-up to the State of Florida Auditor General Operational Audit Report # dated March Seven (7) issues were reported with four (4) recommendations in-progress for corrective action in FY19. Further, all corrective action was completed by management to the Florida Department of Law Enforcement Criminal Justice Agency Technical Audit. Personnel The Office is staffed with a chief audit executive, IT internal auditor, senior internal auditor and office manager. Two internal auditor intern positions were added for fall and spring semester. The students work 12 hours per week and assist in audit fieldwork Personnel Statistics Authorized Audit FTE 4 Total # Staff 4 Professional Achievements We are proud that our audit personnel continue to receive honors in professional education. Student interns have also achieved degrees and professional positions. In addition, staff served in leadership roles for The Institute of Internal Auditors Northeast Florida Chapter and the Association of College and University Auditors. Internal Reports Summary The following table shows the number of recommendations issued per internal audit. Fifteen (15) reportable items remained in progress at the end of the fiscal year. Management is remediating risks in a timely manner. Internal Audit Recommendations Issued Osprey Internal Audits Critical Notable Opportunity /Minor Total Issues Open Student Health Services Brooks College of Health, Dean's Office Personal Identifiable Information Performance Based Funding College of Arts and Sciences, Dean's Office Total University of North Florida Office of Internal Auditing 4

4 INTRODUCTION This report is the Office of Internal Auditing s Annual Report to the Board of Trustees (the Board) for the fiscal year. In this report is information regarding the Office of Internal Auditing personnel such as education and professional development, financial resources, audit engagements, open items follow up, and performance measurements. The Office of Internal Auditing assists the Board by providing services designed to evaluate the organization s risk mitigation policies, procedures and practices to add value to the University. To perform the role effectively, organizational independence from management is required. As a result, the OIA reports functionally to the Board via the Audit and Compliance Committee and administratively to the University President. Internal Auditing s support role is best expressed by the following definition from The Institute of Internal Auditors: University of North Florida Office of Internal Auditing 5

5 PERSONNEL/PROFICIENCY/PROFESSIONAL DEVELOPMENT The University of North Florida has numerous operational functions spanning a multitude of industries and disciplines. Therefore, it is essential the Office of Internal Auditing contains a group of professionals with diverse backgrounds and experiences. The department is made up of individuals with experiences in a variety of industries. Personnel also maintain several professional designations including: Diane Scott Senior Auditor Robb Hartman Chief Audit Executive Julia Hann IT Auditor Khareem Gordon - Certified Public Accountant - Certified Internal Auditor - Certified Information Systems Auditor - Certified Information Systems Security Professional - Certified Fraud Examiner Professional designations require continuous professional training. Continuous development ensures staff are adequately trained, provides excellent networking opportunities and allows personnel to stay current of industry trends. - Master of Business Administration - Master of Accountancy University of North Florida Office of Internal Auditing 6

6 Ultimately, professional development enables OIA to provide its clients with the best service possible. The department s goal is to provide at least 40 hours of training per employee per year. This goal was achieved during the 2018 fiscal year. Professional development enables us to provide our clients the best service possible. It is important to ensure training and professional development is directly related to, and applicable in, a higher education environment. As a result, we attend training provided by relevant reputable organizations. We also encourage personnel to take an active role in professional organizations. During the year, personnel; Served as board members for the Association of College and University Auditors Volunteered for committees in professional organizations. Volunteered at training events. RESOURCES ALLOCATION The Office of Internal Auditing (OIA) had a total FY18 budget of $375,142. This includes $31,670 (8%) for operations. An increase from last year covered campus-wide 2% merit increases and student internship positions. Operating expenses include such items as staff training and travel, equipment, data analytic software, copying, telephone, supplies and the third party contracted hotline provider. University of North Florida Office of Internal Auditing 7

7 FY19 G o a l s a n d a V i s i o n f o r t h e R o a d A h e a d The Office of Internal Auditing (OIA) has focused on creating consistent audit practices which align with The Institute of Internal Auditing Professional Practices Framework. As OIA moves forward, it is essential to reassess previous goals, establish new goals, and reaffirm the vision and mission of the internal audit function. Mission The Office of Internal Auditing s mission is to provide an independent, objective assurance and consulting activity that will add value and improve UNF s operations. Vision The Office of Internal Auditing s vision is to be a respected advisor and positive change agent to assist management in maintaining consistent practices for secure operational effectiveness. In doing so, Internal Audit will seek on-going relationships throughout campus to be a go-to consultant in higher education best practices. Follow-Up to FY18 Goals 1. Implement remediation plans from the FY17 Quality Assurance Review. [Carry-forward] 2. Create internal control awareness tools and resources for departments. [Complete] 3. Help foster a strategic process to risk management within OIA and university-wide. [Complete] FY19 Goals 1. Engage a strategic alliance in each audit to the University s strategic goals. 2. Continue to streamline audit practices by creating efficiencies through automation in accordance to the Standards. 3. Improve internal control awareness tools and resources for departments. University of North Florida Office of Internal Auditing 8

8 FY18 Audit Project Details During the year, OIA released five (5) internal audit reports. Additional details of each audit are described below. Fieldwork for the Title IX and Clery Act audits were completed in FY18, but audit report preparation was carried forward to FY19. Student Health Services # The Student Health Services audit was a departmental checkup scoped to review the adequacy of internal controls, safeguarding of assets and compliance to campus policies and procedures. A specific emphasis was placed on information technology security controls using Health Insurance Portability and Accountability Act of 1996 (HIPAA) security rule as a best practice. Brooks College of Health, Dean s Office # The Brooks College of Health, Dean s Office was a departmental checkup upon the onset of a dean transition. The objectives included the assessment of the unit s adequacy of internal controls, safeguarding of departmental assets, compliance to campus policies and procedures, efficient use of resources, and integrity of financial information. Personal Identifiable Information (PII) # The PII audit objectives were to provide management with an assessment of PII policies and procedures and their operating effectiveness. The audit included identifying weaknesses in controls that could negatively impact the reliability, accuracy, and security of enterprise data. Performance Based Funding # At the request of the Florida Board of Governors (BOG), OIA conducted an audit of the University s processes to ensure the completeness, accuracy and timeliness of data submissions to the BOG. Performance funding is based on data submitted to the BOG. As such, the methods and controls to ensure integrity of the process applied by University management were subject to several key audit procedures. College of Arts and Sciences, Dean s Office # The College of Arts and Sciences, Dean s Office was a departmental checkup upon the onset of a dean transition. The objectives included the assessment of the unit s adequacy of internal controls, safeguarding of departmental assets, compliance to campus policies and procedures, efficient use of resources, and integrity of financial information. University of North Florida Office of Internal Auditing 9

9 OUTSTANDING ISSUES & FOLLOW UP Standards for the Professional Practice of Internal Auditing, promulgated by The Institute of Internal Auditors, state, The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. Additionally, The chief audit executive must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action. The Office of Internal Auditing s audit reports include control issues along with management action plans and the estimated time for remediation. Reports issued by the external auditors, including the State of Florida Office of Auditor General, also contain issues and recommendations for which university management must provide corrective action plans. The OIA monitors audit issues via an in-house developed application. Issues are closed once corrective controls are implemented or management accepts risks. OIA provides a status update of outstanding issues to the UNF Board of Trustees, Audit and Compliance Committee each quarter. Specifically: 34 internal audit recommendations were reported in FY18. There are 15 which remain in-progress with corrective action plans carried forward to FY19. Ten (10) recommendations from external audit reports were tracked in FY18 and four (4) items remain open with corrective action plans in progress for FY19. University of North Florida Office of Internal Auditing 10

10 UNF ETHICS HOTLINE & INVESTIGATIONS The Office of Internal Auditing collaborates with a triage workgroup to oversee the UNF Ethics Hotline. The 2018 Association of Certified Fraud Examiners Report to the Nations stated 40% of occupational fraud is reported by tips, which demonstrates the importance for employees and others to have a mechanism to report issues anonymously. Issues reported to the UNF Ethics Hotline are reviewed by Internal Audit, Legal, Compliance, Human Resources and Equal Opportunity and Diversity. The nature of any reported issue(s) may result with the corresponding office taking the lead of an investigation. The work group appropriately reviews issues and conducts due diligence in responding. The current reporting mechanism is a third party contracted service which administers an internet form and phone number allowing users to anonymously submit allegations of noncompliance, fraud, waste or abuse. In FY18 a total of 24 people used the hotline. Many reported issues were classified as personnel related, and not fraud, waste or abuse. Only one personnel related issue was substantiated by HR. In other cases, complaints were not substantiated but preventive measures were added. The State University System (SUS) of Florida, Board of Governors, Regulation 4.001, also states in part: Each board of trustees shall have a process for university staff, faculty, students, and board of trustee members to report allegations of waste, fraud, or financial mismanagement to the university chief audit executive. In accordance with Sections (6) and (1), of the Florida Statutes, the president has delegated the Chief Audit Executive to receive whistle-blower complaints for the University. During FY18, there were five (5) issues reported directly to OIA. None warranted whistle-blower protection. Specifically, the five issues were as follows: Substantiated: Employee travel fraud. Substantiated: Faculty outside activities and travel reimbursement abuse. Unfounded: Vendor conflicts. Unfounded: Endowment funds misuse. Faculty absence complaint. Referred to Provost. University of North Florida Office of Internal Auditing 11

11 QUALITY ASSURANCE & IMPROVEMENT Standards for the Professional Practice of Internal Auditing, promulgated by The Institute of Internal Auditors, state that, The chief audit executive must develop and maintain a quality assurance and improvement program. Overall, the program should be designed to enable an evaluation of the internal audit activity s conformance to standards and allow an assessment of the efficiency and effectiveness of the internal audit activity. In response to this requirement, OIA had developed performance measurements designed as a basis for evaluating the department s performance. The measurements include goals for personnel, productivity, communication, quality and effectiveness. On the horizon, OIA will review past performance measures and reassess for fiscal year 2018 to synchronize the department s services with UNF s strategic priorities. Performance Measurement Summary Measurement Goal/Criteria Personnel Measurements Target Range Achieved Number of Staff Certifications / department 3 or more 7 Professional Development Hours/ department 120 hours or more 120 hrs. Productivity Measurements Number of Audits completed per year 5 to 7 audits 5 audits Percentage of University Budget Reviewed 5% or more 16% Number of Departments Engaged 10 or more 10 depts. Communications Audit Status Updates with Board of Trustees 4 to 6 per year 4 Number of VP Updates Meetings / year 40 or more 50 Quality and Effectiveness Overall Client Satisfaction Score, % Agree and Strongly Agree with Services 75% or more 100% University of North Florida Office of Internal Auditing 12

12 MANDATORY DISCLOSURES As mentioned previously, the Office of Internal Auditing s activities are governed by standards promulgated by The Institute of Internal Auditors. Further, the State University System of Florida Board of Governors have implemented regulation which further details the roles and responsibilities for Chief Audit Executives. These standards require the reporting of specific items to an organization s Board and Senior Management. The following is a list of disclosures not previously addressed in the body of this document. Organizational Independence As required by the standard, the Office of Internal Auditing (OIA) must confirm to the board, at least annually, the organizational independence of the internal audit activity. UNF s OIA reports administratively to the President s Office and functionally to the Audit and Compliance Committee (ACC). Reporting to the ACC helps promote the independence necessary for the OIA to adequately perform its job function. Impairments to Independence or Objectivity If independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed. There were no impairments to independence or objectivity for any engagements performed during the 2018 fiscal year. Disclosure of Partial Conformance Occasionally circumstances require the completion of projects/engagements in a manner that is not consistent with applicable standards. When this occurs, OIA must disclose the partially conforms and the impact to Senior Management and the Board. During the 2018 fiscal year, there were no instances in which individual projects were performed in a manner that did not comply with applicable standards. However, OIA did receive a partially conforms for The IIA required Quality Assurance Review (QAR) date June 22, A QAR is a review of the audit function from a third party. Resolution of Management s Acceptance of Risks Each audit engagement can potentially produce items that may pose risks to university operations. Some items will require management s attention while others may be situations in which management decides to accept the risk associated with continuing the current practice. This is normal in limited circumstances and is often due to cost/benefit constraints. The OIA is required to disclose (to Senior Management and the Board) any situations in which it is believed university personnel have accepted a level of residual risk that may not adequately reduce/mitigate the risk of loss. There have been no such instances during the 2018 fiscal year. University of North Florida Office of Internal Auditing 13

13 Contact the Office of Internal Auditing WEBSITE MAIL 1 UNF Drive Hicks Hall, Suite 2340 Jacksonville, Florida PHONE UNF Ethics Hotline