identifying areas for improvement with respect to the Institute s research administration internal control structure.

Similar documents
Accomplishments Audit Operations

MIT Reports to the President

1. Definition & Mission

Group Internal Audit Charter

Finance Division Strategic Plan

Guide to Internal Controls

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

Charter for Group Internal Audit. Approved by the Chairman on behalf of the Board of Directors on 18 January 2018.

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

2013 STRATEGIC PLAN: INTRODUCTION

INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC

METROPOLITAN TRANSPORTATION AUTHORITY

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

Audit of Information Management. Internal Audit Report

AUDITING. Auditing PAGE 1

Toyota Financial Services (South Africa) Limited: King III Principles

POLICY. Number: Title: Internal Control Responsible Office: USF System Audit I. PURPOSE AND INTENT

Charter for Enterprise Risk Management

Follow-up Audit of the CNSC Performance Measurement and Reporting Frameworks, November 2011

Enterprise Risk Management Plan FY Submitted: April 3, 2017

Washington State University Office of Internal Audit FY 2015 Audit Plan

Single Audit and Yellow Book / Govt. Audit Standards Update Presented by: William Blend, CPA, CFE

UNIVERSITY OF PITTSBURGH POLICY CATEGORY: RESEARCH ADMINISTRATION SECTION: Research SUBJECT:

UC MERCED INTERNAL AUDIT ANNUAL REPORT. Fiscal Year in Review

The University of Texas at San Antonio 2014 External Quality Assessment of the Auditing and Consulting Services Office

Guidelines of Corporate Governance

Internal Audit Charter

FY17-FY18 Audit Plan. Office of Internal Auditing

VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY COMPLIANCE, AUDIT, AND RISK COMMITTEE OF THE BOARD OF VISITORS COMPLIANCE, AUDIT, AND RISK CHARTER

Internal Audit Charter

The Regents of the University of California. COMMITTEE ON AUDIT November 15, 2001

PD, CC&E, & Planning. Created Tuesday, September 25, 2012 By Kale Braden

LEVERAGING COSO ACROSS THE THREE LINES OF DEFENSE

S23 - Hallmarks of a Strong Audit Function Lilian Fong and Marta O'Shea

Internal Control Questionnaire and Assessment

This Internal Audit Charter is intended to define the role, responsibility and accountability of the Society s Internal Audit function.

LI & FUNG LIMITED ANNUAL REPORT 2016

INTERNAL CONTROLS ON OUR CAMPUS. Kara Kearney-Saylor Director of Internal Audit, UB

COLLEGE OF PHYSICIANS AND SURGEONS OF ONTARIO GOVERNANCE PROCESS MANUAL

USC Compliance and Ethics Program Governance and Standards

Application of King III Corporate Governance Principles

Green Labs. Written Program. Ellen Sweet, Laboratory Ventilation Specialist Cornell Department of Environmental Health and Safety 12/2/16

new Board members are provided with a thorough orientation process;

Policy and Procedures Date: November 5, 2017

PART 6 - INTERNAL CONTROL

Diablo Valley College Professional Development Plan (Approved by College Council December 16, 2015)

California Resources Corporation. Health, Safety & Environmental Management System

Finance Division. Strategic Plan

IIROC Strategic Plan

PROJECT SUMMARY. Summary of Significant Results

Review of Duke Energy Florida, LLC Internal Audit Function

September Terms of Reference for the Office of the Auditor General

Strate Compliance with King III. Prepared by: Company Secretary

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Internal Audit Vice Presidency (IADVP) FY11 First Quarter Activity Report

Corporate Governance Guidelines of The AES Corporation

Fiscal Year 2016 Retrospective

Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

CORPORATE GOVERNANCE GUIDELINES OF LIQUIDMETAL TECHNOLOGIES, INC.

Designing and Implementing Mentoring Programs for Early Career Faculty

Creating Business Value Through Optimized Compliance Practices

Internal Audit Charter

Office of the President TO MEMBERS OF THE COMPLIANCE AND AUDIT COMMITTEE: INFORMATION ITEM. For Meeting of November 15, 2017

Canada. Internal Audit Charter 1+1. Canadian Nuclear Safety Commission. Office of Audit and Ethics. April 18, 2011

SKYWEST, INC. CORPORATE GOVERNANCE GUIDELINES

SEACOR Holdings Inc. CORPORATE GOVERNANCE GUIDELINES (Effective as of November 13, 2018)

TRA Internal Audit Fiscal Year 2019 Audit Plan

Operational Plan

PERFORMANCE REVIEW INTERNAL CONTROL REVIEW OF THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD S OFFICE OF CHIEF AUDITOR (IOPA )

Finance & Audit Committee Meeting

Strengthening Control and integrity: A Checklist for government Managers

Internal Audit Mandate

Kentucky State University Office of Internal Audit

Internal Audit Department Update. December 7, 2016 Cassaundra Rouse

2. Board Committee Charters

Audit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment

INTERNATIONAL ORGANIZATION FOR MIGRATION. Keywords: internal audit, evaluation, investigation, inspection, monitoring, internal oversight

Office of Audit Services Annual Audit Plan For the Year Ending August 31, 2018

EY Center for Board Matters. Leading practices for audit committees

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Conversation with Representative Hill A Financial Services Perspective

Internal Control Questionnaire and Assessment

Internal Audit & the Audit Committee

Corporate Governance Principles. As Amended June 7, 2017

OPTINOSE, INC. CORPORATE GOVERNANCE GUIDELINES

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update

20 Years in the Making. Meet the New ICIF: Revisions to COSO s Internal Control Integrated Framework. Dr. Sandra Richtermeyer COSO Board Member

Regents of the University of Michigan Committee Charters Last updated June 17, 2010


Structuring Compliance: The Duke Model

INVESTMENT INDUSTRY REGULATORY ORGANIZATION OF CANADA ( IIROC ) BOARD CHARTER

Structuring Compliance: The Duke Model

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2016

Financial Resources: Control of finances The institution exercises appropriate control over all its financial resources.

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

HeiTech Padu Berhad. The Board will be the main decision making forum at the Group level. It will consider the following:-

James Cook University. Internal Audit Protocol

INTERNAL AUDIT CHARTER

Internal Controls: COSO, the Uniform Guidance, and More!

Transcription:

The MIT delivers audit services through a risk-based program of audit coverage, including process audits, targeted reviews, and advisory services. These efforts, in coordination with the Institute s external auditors, PricewaterhouseCoopers, provide assurance to management and to the Audit Committee of the MIT Corporation that good business practices are adhered to, adequate internal controls are maintained, and assets are properly safeguarded. The s scope of services is equal to the full extent of MIT s auditable activities. Audit resources are prioritized and allocated using a model of risk evaluation for defined entities at the Institute. The is fully attentive to the support and service of its primary customer, the Audit Committee of the Corporation. In accordance with its charter, the Audit Committee meets three times a year. This schedule lends momentum to the Audit Division s goals for monitoring internal controls and supporting the Institute s risk management processes. The Audit Committee continues to enhance its operations to include offline review with management of mission-critical activities, such as the Research Administration Improvement Initiative (RAII) and the SAP Payroll implementation; this process is supported with the assistance of the Institute auditor. The experienced some turnover this year with the voluntary departure of two staff members, one to an administrative position for an academic department and the other to a technology project management role in another organization. Efforts to fill these openings were well under way at the end of the fiscal year. Fully staffed, the Audit Division employs 16 professional staff (14.9 full-time equivalents), including the Institute auditor. Core resources are organized into two distinct functions: Audit Operations and the Research Administration Compliance Program (RACP). Audit Operations, comprising 12 professional staff (11.4 full-time equivalents), carries out a priority-based program of audits and reviews to evaluate the effectiveness of management s systems of controls over financial, operational, and compliance risks within the Institute s activities, including information technology controls. Approximately 15,400 person hours are devoted to the activities of Audit Operations annually. This group is directed by the associate audit director for Audit Operations. RACP provides ongoing research administration compliance monitoring by four dedicated staff members (3.5 full-time equivalents) who report to the associate audit director for operational and compliance risk management. RACP s efforts have two key elements: department-level site visits, designed to assess internal controls within the departments, labs, and centers (DLCs) and provide research compliance support to DLC staff; and ongoing compliance monitoring, which includes DLC-level monitoring and Institute-wide reviews. Our site visit program is in the process of completing a full cycle of visits to the 30 areas on campus that receive the majority of MIT s federal funding. We have also performed a series of Institute-wide reviews with the cooperation of the assistant deans, the Controller s Office, and the Office of Sponsored Programs, 18 5

identifying areas for improvement with respect to the Institute s research administration internal control structure. Through delivery of these advisory services, RACP represents an outreach effort to the Institute s numerous and varied departments, labs, and centers. The relationships developed extend from the schools assistant deans out through the DLC administrative and support staff. The also houses a specialized function called Professional Standards and Strategy (0.8 full-time equivalents), led by an experienced member of the division with the title assistant audit director. Working with the Institute auditor and the audit management team, this function guides the division in setting policy and direction to help us achieve our long-term goal of assuring that MIT s audit function is world-class. Accomplishments Audit Operations The primary objective of Audit Operations is to perform reviews and evaluations of the Institute s business processes and to provide management with assurance that controls are functioning as intended. Accordingly, we strive to perform this work in accordance with The International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors. These standards require that we maintain independence when conducting our reviews throughout the Institute. This is achieved through the independent reporting line to the Audit Committee, and by not assuming operational roles or undertaking responsibility for designing or implementing controls. Audit Operations substantially completed its fiscal 2007 audit plan as of June 30, 2007. The 2007 Audit Plan comprised 31 internal audit engagements of various Institute business processes. Among these engagements were audits of SAP Information Security, the Broad Specialized Service Facility (service center), and the World Wide Web Consortium, as well as advisory services performed in conjunction with requests by management. Audit Plan time is also devoted to ongoing review for capital construction cost recovery opportunities; this program continues to yield benefits well in excess of the resources and related costs employed to identify excessive and unallowable costs. Research Compliance Administration Program RACP consists of a site visit function and a monitoring program. In addition, these resources have fulfilled special requests of management and the Audit Committee for advisory services in research administration topical areas. Site Visits RACP completed 17 site visits in FY2007, bringing the total number of site visits since the commencement of RACP in FY2005 to 35. Site visits are designed to identify existing or developing compliance problems and to recommend solutions on the spot ( find and fix ). These inquiry-based audit techniques are supplemented with focused audit testing in key areas. As a prelude to each visit, RACP has developed a suite of 18 6

electronic tools designed to target areas for discussion during the site visit; as noted below, these tools have become increasingly popular and represent a step toward DLC self-monitoring for compliance. In addition to fulfilling audit objectives, site visits are excellent opportunities to build and maintain constructive working relationships with DLC administrative staff. Ongoing Monitoring Program Ongoing monitoring activities at both the Institute and department level include: Institute-wide inspections particular compliance areas are selected on an annual basis for testing Institute-wide. The first round of these inspections was completed in 2007, and the results have been communicated to management. Quarterly DLC self-monitoring reports DLCs may request quarterly compliance indicator reports, and nearly all of those visited in the site visit program are doing so. Currently, 27 DLCs receive quarterly reports from RACP. Executive information system dashboard this user-friendly dashboard system, which mirrors the quarterly reports described above, is available to DLCs and allows them to generate self-monitoring reports within their departments. Personnel Updates Audit Staff Changes Effective mid-february, a senior information technology (IT) auditor voluntarily left the for another opportunity outside the Institute. In addition, a senior compliance specialist on the RACP team left at the end of May to take a position as administrative officer for the Program in Writing and Humanistic Studies. A third senior auditor has been out on extended maternity leave for approximately six months. To compensate for reduced staff, management brought in additional audit expertise to conduct several predefined reviews managed by supervisors. Professional Development We emphasize professional development on the part of all our staff. Members of the audit staff find opportunities for training in their discipline and affiliate with industry peers through conferences, seminars, and group meetings. Peer group affiliation was an important theme in 2007. The Institute auditor is a member of the Little 10+ association of Ivy League and other peer institutions, which meets semiannually. The fourth annual meeting of the manager-level group representing the same Little 10+ institutions took place in October 2006, paving the way for future intercollegiate collaboration among audit groups. In addition, IT staff representing the same group of institutions convened this year. These meetings each provided a forum for exchanging ideas and determining approaches to common problem areas. Four members of the audit staff recently attended the annual audit best-practices conference SuperStrategies, sponsored by the MIS Training Institute. Four keynote speakers and dozens of other industry professionals spoke on topics that included: 18 7

enterprise risk management; tone at the top (ethics and governance); the evolution of audit partnership with management; effective risk assessment methodologies; articulating a definition of business objectives, risks, and controls; the benefits of increased outreach to business process owners and stakeholders; the need to work harder at relationship building; and continuous auditing and monitoring. Audit management and supervisors are looking at current practices to identify opportunities for improvement based on what they learned at the conference. Presentations at Industry Conferences Members of the s RACP presented at two conferences of the National Council for University Research Administrators. Topics included: an overview of the compliance guidance for research institutions proposed by the Health and Human Services Commission s Office of the Inspector General, recent federal audit findings at institutions of higher education, and what principal investigators need to know about their research administration. Staff Training In November 2006, most of the staff attended two full days of training on campus on techniques from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for effective audit scoping and planning. The training, delivered by a recognized consultant in the field, was customized to MIT s environment and focused on ways to enhance audit planning. A case study was conducted during training to emphasize the application of COSO concepts to risk-based process audits, documentation of audit results, and development of reasonable and useful audit plans and strategies. Following training, the department s existing standard audit methodology was further reviewed and modified to reflect knowledge gained, particularly along the lines of consistency and efficiency in execution. To kick off the new fiscal year, management will host an all-day retreat at Endicott House for audit staff in early July 2007. This retreat is designed to provide staff with multiple financial perspectives, and will include presenters from the Controller s Office, the Office of Budget Operations, and the Office of Finance. Administrative Initiatives Office Relocation Fiscal year 2007 opened with the relocation of the entire, formerly located on two floors of Building E19, to Building NE49 (600 Technology Square). With this move, the gained a unified office area with designated team spaces, a shared office support staff arrangement with the Controller s Office, and the possibility of expanding shared services arrangements of other types. Update on Audit Management System The has been successfully running the Pentana Audit Management System (PAWS) for just over a year. Its full integration encompasses risk rating and subsequent identification of business processes and units for review at a universe 18 8

level; data capture and reporting of business objectives, risks, and controls; work paper generation and archiving; report writing; and issue tracking. Audit management periodically organizes training sessions at staff meetings to highlight and present system features so the staff can maximize productivity and work consistently. As the division s use of PAWS is further developed and improved, changes to methodology (designed from a COSO perspective) are incorporated in departmental operating standards. PAWS will further improve and increase the s ability to report meaningful information to the Audit Committee and senior Institute management. Quality Assurance Review Initiative In its February report to the Audit Committee, audit management committed to the performance of a quality assurance review by self-assessment with independent validation within FY2008. Subsequently, the executive vice president, the chair of the Audit Committee, the chairman of the Corporation, the Institute auditor, and the engagement partner at PricewaterhouseCoopers agreed that this initiative was not necessary at this time. The topic will be reintroduced for discussion late in FY2008. Current Goals and Objectives The has set the following goals for 2008: Audit Coverage Provide effective audit coverage of the Institute s activities (including affiliate and auxiliary areas), in order to assure management that controls designed to achieve important business objectives are adequate; Prioritize activities and areas representing material expenditures or investments and/or significant exposure, as well as those that have not received prior or recent audit coverage Respond to and prioritize requests from management for audit services as resources permit; Strive for a broad span of audit services to help build a greater understanding of the Institute s extraordinary diversity of activities Coordinate the RACP and operations initiatives in the Audit Plan RACP efforts are classified as advisory services, reflecting planned audit coverage by the integration of site visits, quarterly monitoring, data mining, and continuous compliance testing of industrial and international awards and agreements. Audit Methodology Strengthen our ability to pinpoint business objectives and evaluate related controls helping to mitigate risks and enhance achievement of business objectives Seek and build on opportunities to develop and strengthen relationships throughout the Institute s business areas, including academic administration; Use these opportunities to become more knowledgeable of business processes and emerging initiatives, thus informing our risk assessment practices and facilitating the audit planning process and prioritization of resources 18 9

Leverage relationships to educate business process owners and stakeholders about risk and control responsibilities and benefits Benchmarking and Development Continue to work toward adherence to the division s operational standards, as these standards are designed to promote a world-class audit function. Design a balanced scorecard to benchmark comprehensively, to manage audit services, and to measure improvement in key performance areas Maintain current levels of employee development activities, including encouraging the pursuit of relevant certifications, cost-effective training opportunities, and engaged participation in industry conferences and seminars Time in the Audit Plan has been allocated to the achievement of these goals, which are owned principally by the management of the division and are articulated to staff members continually, at division staff meetings, periodic retreats, and in the conduct of daily work. These goals were presented to the Audit Committee and senior administration in June 2007. Deborah L. Fisher Institute Auditor More information about the MIT can be found at http://web.mit.edu/audiv/www/. 18 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback