College of Engineering and Computer Science Dean's Office

Similar documents
Department of Biology

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

UTPA FY2013 Financial Audit

UTS Segregation of Duties and Account Reconciliation Audit

Assets Management Audit

Executive Management Travel and Entertainment Expenses

Control Self Assessment Questionnaire

Understanding Internal Controls Office of Internal Audit

Common Questions on Segregation of Duties

Procurement Card Continuous Auditing

PROJECT SUMMARY. Summary of Significant Results

Division of Student Affairs General Fund Units Internal Control Questionnaire FY 2012

Common Questions on Segregation of Duties

Committee for Senior Business Administrators. Segregation of Duties

The University of Iowa

The Texas A&M University System Internal Audit Department

Audit Report. An Audit of the Expenditures of the Salt Lake County Council. Our Mission: Our Mission: To foster informed decision making,

Guide to Internal Controls

Bank Account Creation, Management, and Oversight at University of Wisconsin-Stevens Point. Office of Internal Audit

POLICY. Number: Title: Internal Control Responsible Office: USF System Audit I. PURPOSE AND INTENT

The University of Texas at Tyler. Contract Administration Audit

Cancer Prevention and Research Institute of Texas

Finance & Audit Committee Meeting

THE UNIVERSITY OF TEXAS AT DALLAS Office of Internal Audit 800 West Campbell Rd., ROC 32, RICHARDSON, TX (972)

Company LOGO C B T. An Educational Computer Based Training Program

The definition of a deficiency is also set forth in the attached Appendix I.

Annual Financial Sub-certification

Tarleton State University: Review of Financial Management Services PROJECT SUMMARY. Summary of Significant Results

Consulting Services Floyd Curl Dr. MC#7974 San Antonio, Texas ,567,2370 Fax: 210,567,2373

TEXAS SOUTHERN UNIVERSITY MANUAL OF ADMINISTRATIVE POLICIES AND PROCEDURES. SECTION: Fiscal Affairs NUMBER:

DEPARTMENTAL AUDIT OF STUDENT ACTIVITIES, UNIVERSITY EVENTS & THE LEADERSHIP CENTER JUNE 24, 2013

STATE OF LOUISIANA LEGISLATIVE AUDITOR

This Questionnaire/Guide is intended to assist you in decision making, as well as in day-to-day operations. Best Regards,

Internal Audit Work Plan First Half of Fiscal Year Department of Management and Finance

Division of Student Affairs Internal Control Questionnaire FY 2011

INDEPENDENT ACCOUNTANT'S REPORT ON APPLYING AGREED-UPON PROCEDURES BACKGROUND

Internal Control in Higher Education

Several unallowable expenditures and exceptions to policy were noted.

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 3 STATE OF IOWA OCTOBER 24-25, 2012 INTERNAL AUDIT REPORTS ISSUED

Date: December 21, Gerard Long, Assistant Vice President for Business Affairs. John Lazarine, Chief Audit Executive Internal Audit & Consulting

County of Summit Alcohol, Drug Addiction and Mental Health Services Board Audit Report

UCSD DEPARTMENT KEY CONTROLS DOCUMENTATION All Control Activities Sorted by Frequency

May 17, Glenn Spencer, CPA Chief Audit Executive

The definition of a deficiency is also set forth in the attached Appendix I.

AUDIT UNDP COUNTRY OFFICE AFGHANISTAN ASSET MANAGEMENT. Report No Issue Date: 14 February 2014

AN AUDIT OF INTERNAL CONTROL THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS: GUIDANCE FOR AUDITORS OF SMALLER PUBLIC COMPANIES

AGENDA. I. Certification of notice posted for the meeting Dr. Wright Lassiter

DEPARTMENTAL CONTROL SELF-ASSESSMENT. Dept.: Date:

THE UNIVERSITY OF TEXAS AT DALLAS Office of Internal Audit 800 West Campbell Rd., SPN 32, RICHARDSON, TX (972)

Maryland School for the Deaf

City Property Damage Claims Processing and Collection

STATE OF NEW YORK OFFICE OF THE STATE COMPTROLLER. September 28, 2004

AUDIT OF: Richmond Pubic Schools PAYROLL

University System of Maryland University of Maryland, College Park

TABLE OF CONTENTS. Page OBJECTIVES, SCOPE AND METHODOLOGY... 1 BACKGROUND Personnel Financial Information... 4

General Government and Gainesville Regional Utilities Vendor Master File Audit

December 28, Ms. Vita Rabinowitz Interim Chancellor City University of New York 205 East 42nd Street New York, NY 10017

Internal Controls Overview

Sheena Tran, CPA May 19, 2014

FY16 Departmental Change in Management Review Center for STEM Education

Internal Audit Work Plan

CITY OF CORPUS CHRISTI

Office of Internal Auditing

Citywide Payroll

March 1, Ms. Selena Cuffee-Glenn Chief Administrative Officer

K-State Athletics, Inc. Report on Internal Controls related to the Contracting, Travel, and Expenditure processes.

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

CONSERVATION DISTRICT OPERATIONS REVIEW: A conservation district s self-guide to better operations CDB CD REVIEW VERSION. District Operations

Audit Follow-Up. As of March 31, Summary

OFFICE OF INTERNAL AUDIT AUDIT MANUAL

THE UNIVERSITY OF TEXAS AT DALLAS Office of Audit & Compliance 800 West Campbell Rd., ROC 32, RICHARDSON, TX (972)

Final Audit Follow-up

Fiscal Year 2014 Internal Audit Annual Report

Inventory Controls for Water and Sanitary Sewer Line Repairs Audit Follow-up

Fraud Prevention Training

File. Audit. City Auditor

UNIVERSITY OF NEVADA, LAS VEGAS ALUMNI RELATIONS Internal Audit Report July 1, 2009 through December 31, 2010

Policy Analysis: Internal Controls #1.11 1/2009

Chapter 7: Fraud, Internal Control, and Cash. Vocabulary Quiz. Solutions to Vocabulary Quiz

The University of Texas at Tyler. Procurement and Travel Card Audit

BOARD OF REGENTS AUDIT/COMPLIANCE AND INVESTMENT COMMITTEE 2 STATE OF IOWA February 7, 2012 INTERNAL AUDIT REPORTS ISSUED

Stephen F. Austin State University

ACADEMIC DEPARTMENT FISCAL REVIEW

July 2013 SANTA BARBARA COMMUNITY COLLEGE DISTRICT CLASS TITLE: THEATRE OPERATIONS SUPERVISOR BASIC FUNCTION:

LOUISIANA SCHOOL FOR THE DEAF BOARD OF ELEMENTARY AND SECONDARY EDUCATION DEPARTMENT OF EDUCATION STATE OF LOUISIANA

Northern Oklahoma College Tonkawa, Oklahoma

Prairie View A&M University Audits Fiscal Office

MANATEE COUNTY CLERK OF THE CIRCUIT COURT INTERNAL AUDIT DIVISION PUBLIC WORKS WATER DIVISION A U D I T R E P O R T

CORRECTIVE ACTION MATRIX

Anti-Fraud Programs and Control Policy

Office of Internal Auditing

STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA

ADMINISTRATIVE RESPONSIBILITIES FOR UNIVERSITY AND COLLEGE ADMINISTRATORS, DEPARTMENT HEADS, AND DIRECTORS

OFFICE OF FLEET MANAGEMENT AUDITOR S REPORT FISCAL YEARS

What Happens When Internal Controls Fail

LOYOLA MARYMOUNT UNIVERSITY POLICIES AND PROCEDURES

NEVADA STATE COLLEGE BOOKSTORE OPERATIONS Internal Audit Report July 1, 2011 through June 30, 2012

Ken Burke, CPA CLERK OF THE CIRCUIT COURT AND COMPTROLLER PINELLAS COUNTY, FLORIDA

UNIVERSITY OF NEW MEXICO INTERNAL AUDIT CONTROL SELF ASSESSMENT QUESTIONNAIRE. School/Organization Phone Organization Code

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

Transcription:

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES College of Engineering and Computer Science Dean's Office Report No. 13-16

OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive Edinburg, Texas 78539-2999 Office (956) 665-2110 September 3, 2013 Dr. Robert S. Nelsen, President The University of Texas-Pan American 1201 W. University Drive Edinburg, TX 78539 Dear Dr. Nelsen, As part of our fiscal year 2013 Audit Plan, we completed a change in management audit of the. The objective of the audit was to evaluate the adequacy and effectiveness of the department s system of internal controls with an emphasis on financial and administrative controls. The scope of this audit included activity from fiscal year 2012 (September 1, 2011 through August 31, 2012). We performed audit procedures that included interviews with staff; testing controls related to compliance with University policies and procedures; and performing substantive testing, on a sample basis, related to proper approvals of expenditures; time reporting; assets management; and segregation of duties. We concluded that the former dean established a moderate system of internal controls. While a control conscious environment was evident and controls were in place to allow for segregation of duties, we determined that opportunities for improvement related to financial and information security controls exists. We appreciate the courtesy and cooperation received from management and staff during our audit. Sincerely, Eloy R. Alaniz, Jr., CPA, CIA, CISA Executive Director of Audits, Compliance & Consulting Services

The University of Texas Pan American Table of Contents EXECUTIVE SUMMARY 1 BACKGROUND 2 AUDIT OBJECTIVE 2 AUDIT SCOPE AND METHODOLOGY 2 AUDIT RESULTS 3 CONCLUSION 10

EXECUTIVE SUMMARY The College of Engineering and Computer Science (CoECS) aspires to produce the technological leaders of tomorrow and further the knowledge and practice of the engineering and computer science professions nationally and internationally. It consists of the Departments of Computer Engineering, Computer Science, Electrical Engineering, Engineering Management Program, Information Technology Program, Manufacturing Engineering, Civil Engineering, and Mechanical Engineering. The Dean s Office (Office) is responsible for managing CoECS. The dean announced his resignation and his employment ended on April 1, 2013. As required by the 1996 Action Plan to Enhance Internal Controls, a change in management audit is performed when a department undergoes a change in management or a significant change in reporting lines. The objective of the audit was to evaluate the adequacy and effectiveness of the department s system of internal controls with an emphasis on financial and administrative controls. The specific internal control areas we focused on included the control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring and information technology. Our scope encompassed activity for fiscal year 2012 (September 1, 2011 through August 31, 2012). The audit was conducted in accordance with guidelines set forth in The University of Texas System s Policy 129 and the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing. Overall, the former dean established a moderate system of internal controls. While a control conscious environment was evident and controls were in place to allow for segregation of duties, we identified opportunities for improvement related to financial and information security controls. We observed the following during the course of the audit: The Office did not have a policy and procedures manual or risk assessment. The former dean received reimbursement for the same meal twice by receiving per diem as well as getting reimbursed for the full cost of the meal as a business expense. Inadequate internal controls over recording employee leave. The administrative service officer (ASO) was responsible for performing job tasks that would be better suited for the administrative associate. Project account reconciliations were not properly conducted and there was no evidence of review by the former dean. Removal of state property from campus without obtaining proper authorization. The Office used unencrypted portable storage devices, with one containing student records. 1

BACKGROUND The former dean was responsible for 21 project accounts, 19 of which had financial activity during FY 2012. The former dean s project account financial activity during FY 2012 is summarized below. Project Account Budget Encumbrances Actual Funds Available 110ENCS00 $540,715.44 $1,141.25 $539,573.98 $0.21 110ENCS01 $19,081.85 $0.00 $18,880.23 $201.62 140ENCS00 $46,860.85 $983.72 $45,877.13 $0.00 160ENCS01 $18,739.69 $0.00 $18,739.69 $0.00 185ENCS00 $80,000.00 $0.00 $56,689.00 $23,311.00 21ENCS001 $2,915.41 $0.00 $132.71 $2,782.70 21ENCS003 $34,562.28 $2,762.15 $18,895.00 $12,905.13 21ENCS004 $61,909.07 $2,215.21 ($18,143.62) $77,837.48 21ENCS009 $2,417.48 $0.00 $0.00 $2,417.48 21ENCS014 $2,163.53 $701.90 ($1,137.34) $2,598.97 21ENCS015 $276,333.75 $300.40 $159,030.79 $117,002.56 21ENCS018 $50,434.30 $4,054.66 ($8,361.44) $54,741.08 21ENCS019 $3,544.45 $0.00 $3,544.45 $0.00 21ENCS020 $9,061.44 $40.00 $4,062.74 $4,958.70 21ENCS022 $4,020.56 $4,443.25 ($1,772.75) $1,350.06 24ENCS000 $27,148.65 $3,916.43 $10,639.33 $12,592.89 45ELEC001 $199,064.45 $0.00 ($68,069.40) $267,133.85 45EMFG000 $497.96 $0.00 ($34,371.20) $34,869.16 45ENCS000 $1,117.31 $0.00 ($653.20) $1,770.51 Totals $1,380,588.47 $20,558.97 $743,556.10 $616,473.40 AUDIT OBJECTIVE The objective of the audit was to evaluate the adequacy and effectiveness of the department s system of internal controls with an emphasis on financial and administrative controls. AUDIT SCOPE & METHODOLOGY We evaluated the department s internal controls related to approval and authorization, segregation of duties, safeguarding of assets, as well as monitoring and information technology. Our scope included activity from fiscal year 2012 (September 1, 2011 through August 31, 2012). To accomplish the audit objective we performed the following procedures: 2

We interviewed the former dean and discussed responses to an internal control questionnaire to obtain an understanding of Office operations and related internal controls. We interviewed the Office employees for additional input on internal controls. We determined whether the dean had established a control conscious environment, whether goals and objectives for the department had been developed, and whether a risk assessment and implementation plan had been developed. We selected account reconciliations under the former dean s purview to determine whether account reconciliations had been performed and approved on a timely basis and whether segregation of duties existed. We determined whether the Office had established adequate procedures and segregation of duties over funds handling. We examined operating and financial information for reliability. We tested a sample of expenditures and examined supporting documentation for proper approval and authorization from the former dean s accounts with the most activity. We reviewed employee leave and tested timecards for proper approval and authorization. We conducted property inventory testing for the existence of selected assets, and determined whether selected assets were properly recorded on the University s assets management system. We reviewed controls for personal computers and portable drives to evaluate physical and data security. We verified the Office s compliance with University policies and procedures. The audit was conducted in accordance with guidelines set forth in The University of Texas System s Policy UTS 129 Internal Audit Activities and the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing. The audit was conducted during the months of February through August 2013. Control Conscious Environment AUDIT RESULTS A control conscious environment encompasses technical competence and ethical commitment, and it is an important factor for the establishment of effective internal controls. In order to establish an adequate control conscious environment, an office should have the following: goals and objectives, a mission statement, a risk assessment and implementation plan, and a policies and procedures manual. These items should be updated on a regular basis. Additionally, employees should receive adequate training, performance evaluations should be conducted regularly and any conflicts of interest should be identified and addressed. Based on testing, we found that the former dean established an adequate control conscious environment. The Office staff completed their required compliance and sexual harassment training, their annual nepotism statements, and employee evaluations were completed. 3

Additionally, the Office had outside employment/financial disclosures for the employees engaged in outside employment. However, the Office did not have a departmental policies and procedures manual. This manual is an essential part of an organization that gives specific guidance on department operations and University policies. Additionally, the Office had not completed an assessment of their risks. 1. The current dean should develop a policies and procedures manual to help guide employees in the day-to-day operations. This manual should include information such as employee training requirements, account reconciliation processes, annual inventory certification procedures, complaint procedures, telephone usage, information on security controls, and other relevant information. 1. We will develop and implement a policies and procedures manual. April 30, 2014 2. As part of our audit procedures, we identified areas of risk and assessed its impact and probability of occurrence and produced a risk assessment. The current dean should utilize this document as a starting point towards developing a risk assessment. This risk assessment should be evaluated annually and an action plan should be developed to mitigate high risks. 2. This document will be utilized as a starting point, and we will look for and assess areas of risk and establish guidelines to mitigate risks. December 31, 2013 Approval & Authorization Adequately established approval and authorization controls help to ensure that expenditures are allowable and appropriate. During FY 2012, the former dean was account manager for 21 4

project accounts, with the administrative services officer (ASO) listed as the project reviewer, and the associate dean listed as the alternate approver. We reviewed operating, travel, and payroll expenditures to test for compliance with University procedures. We tested a sample of expenditures in each category and examined supporting documentation for proper approval, accuracy, and whether the expenditures were reasonable. The Office did not have a procurement card. Operating and Travel Expenses We randomly selected a sample of 19 operating and 10 travel transactions representing 5% and 22% of the population, respectively. We found that expenditures were properly approved and supported with adequate documentation. However, we identified an instance where the former dean received reimbursement twice for the same meal while on a trip to Washington DC. The former dean was reimbursed for a business dinner that he had with faculty members. Additionally, the former dean also received full per diem on his travel reimbursement voucher for the same trip. We reviewed supporting documentation on each of the faculty members in attendance and discovered that each of their per diem was reduced to exclude the cost of the business dinner with the exception of the former dean, resulting in an overpayment of $36. Payroll and Employee Leave We judgmentally selected three (3) employees and selected the months of December 2011, as well as January, March and April of 2012 to test for payroll accuracy. We determined that the payroll for the employees tested was accurate. We also evaluated the process for leave taken by employees, reconciliations of leave requests to the official timecard of the University, and ensured that timecards were properly approved by the employee s supervisor. The Office utilizes two processes for requesting leave. Employees can complete and submit a Leave Approval Request form or request supervisor approval via e-mail. We found that the emailed leave approvals did not accurately document the number of hours of leave taken. Therefore, we discovered several discrepancies in our employee leave test. We identified seven (7) instances where documentation requesting leave was in existence; however, no corresponding leave was recorded on the employee s timecard. Conversely, we found 11 instances where employees reported leave on their timecards; however, documentation to support the approval or notification of the leave was missing. All timecards tested were approved by the former dean; however, documentation was either insufficient or nonexistent to facilitate a proper reconciliation of leave requests to the official timecard of the University. According to HOP Section: 7.6.3 Annual Vacation Leave and HOP Section: 7.6.4 Sick Leave, the supervisor is responsible for reviewing and approving annual vacation leave requests, maintaining accurate records of employees use of annual vacation leave, maintaining accurate records of employee sick leave usage, and verifying monthly timecards for accuracy. 5

Therefore, we determined that the former dean established inadequate controls over approvals and authorizations. While expenditures were approved and supported with adequate documentation, evaluation of reimbursements was not adequately conducted. Additionally, controls over employee leave were not conducted in accordance to University policy. 3. The administrative services officer should evaluate all of the Office s business expense reimbursements to ensure that overpayments do not occur. 3. We will implement this immediately. August 31, 2013 4. The current dean should require the use of the Leave Approval Request Form for all leave taken by employees, and reconciliations of leave requests to the official timecards should be conducted on a monthly basis. 4. We will implement this immediately. Segregation of Duties August 31, 2013 Adequate segregation of duties should be maintained between the people who authorize transactions, record transactions, and have custody of assets. We reviewed areas such as revenues and funds handling, purchases, timecards and statement of account reconciliations to evaluate segregation of duties. The former dean had signature/approval authority over the Office s accounts, which included account reconciliations, purchases, and timecards. We determined that the dean s office did not handle funds such as cash. The ASO was responsible for processing purchases as well as conducting project account reconciliations. The administrative associate was responsible for processing travel requests and reimbursements. We noted that the ASO is unaware of travel 6

requests calculations until after the expenses have already been reimbursed to the employee. It is at this time that the ASO receives the information necessary for preparing the account reconciliations. The ASO expressed her concerns to the former dean about her incompatible duties and that ideally those responsibilities should be separated, but the former dean chose to keep this structure in place. While the ASO had incompatible duties, the former dean s approval of all transactions served as a compensating control. However, we determined that certain job tasks performed by the ASO are better suited for the administrative associate. 5. The current dean should consider having all requisitions prepared by the administrative associate, thus providing an ideal segregation of duties structure and allowing the ASO to focus on project account reconciliations. 5. We will implement this and in addition we plan on using graduate students in the office to also support in the activities to prepare requisitions. August 31, 2013 Safeguarding of Assets Tangible assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposal. We performed property inventory testing to determine the existence of assets and whether assets were properly recorded on the Oracle Fixed Assets system. We judgmentally selected a sample of five (5) assets to test for existence. We were able to account for four (4) out of five (5) assets in testing for the existence. We were unable to view one (1) of the assets, a laptop, because it had been removed from campus. See monitoring section. In addition, we identified five (5) assets in the Office to verify that the assets were recorded in the assets management system. We were able to trace all five (5) assets back to the inventory records to satisfy our inclusion test. Based on our test of inventory, we determined that the Office established adequate safeguarding of asset controls. Monitoring Monitoring is the assessment of internal controls over time. We reviewed the Office s procedures for monitoring accounts, off-campus use of University property, and addressing complaints. Account reconciliations should be reviewed timely to ensure that any necessary account corrections are made. In accordance to Handbook of Operating Procedure Section 8.6.1: 7

University Budget Policy/Fiscal Accountability, project managers are responsible for providing assurance as to the accuracy of their accounts by certifying that the account has been reconciled for the fiscal year and that all reconciling items have been satisfactorily resolved. Without adequate monitoring of project account reconciliations, items that require attention may go unnoticed. We reviewed several months of account reconciliations. In evaluating the accuracy of these reconciliations, we were unable to agree these reconciliations to the Oracle statements of account. Although the ASO provided evidence to demonstrate that the former dean had an active role in staying informed about activity in his project accounts, there was no evidence to support that the former dean documented his review of the account reconciliations. While performing the inventory test, we were unable to verify the existence of one (1) asset. The asset, a laptop, had been removed from campus and no documentation was provided to substantiate that proper approval was obtained to remove the asset from campus. University guideline #BA-ASSM-01 stipulates that University equipment may not be taken off the University campus unless it is to be used for official business and approval has been obtained to remove the equipment from campus. The Office follows HOP policy in addressing all types of complaints. We identified one (1) complaint that took place during the audit scope. We evaluated the process taken by the Office to address the complaint and noted that the Office complied with University policy. No exceptions were noted. 6. The current dean should ensure that a process to approve and track University equipment removed from campus is in place through submission of the UTPA Asset Removal Approval Workflow in Oracle Fixed Assets. 6. We will develop and implement a process that uses our technological assets in ensuring that property is better tracked. We will ensure that all staff is trained in using the appropriate system. December 31, 2013 8

7. The current dean should document his review of account reconciliations and ensure that the reconciliation balances agree to the statement of account balances. 7. This process will immediately be developed and implemented with the ASO. August 31, 2013 Information Technology Adequately established information technology controls help to protect sensitive information entrusted to the department. These controls include limited access to the University s computer systems, and restricting downloads of sensitive information. Another control is encryption software on equipment storing sensitive information. Ensuring employees have appropriate levels of system access helps prevent loss of vital University data and also prevents other abuses of the system. We reviewed employee access levels to Oracle and verified whether employees received appropriate access based on their job responsibilities. We determined that all employees were granted the appropriate level of access to the Oracle system based on their individual job responsibilities. We inquired whether the Office used portable storage devices such as external hard drives or thumb drives. We found that the employees were using six (6) unencrypted thumb drives and one (1) employee was using a personal external hard drive capable of storing a terabyte of data. We evaluated the information stored on these devices and determined that the external hard drive was used to back up financial information and all of the thumb drives except for one (1) had nonconfidential information. Student grades were maintained on one (1) of the Office s portable storage devices. Unencrypted portable storage devices pose a significant risk to the University. Information stored on these devices is not secured and the potential exists for uploading harmful applications into the University's network. 8. The current dean should not allow the use of personal thumb drives. In addition, the dean should ensure all external storage devices such as laptops, thumb drives, external hard drives, etc. are encrypted. 9

8. We will work with the University s Chief Information Security Officer (CISO) to ensure that portable storage devices are either encrypted or appropriate for use at the University. August 31, 2013 CONCLUSION Overall, we concluded that the former dean established a moderate system of internal controls. While a control conscious environment was evident and controls were in place to allow for segregation of duties, we determined that opportunities for improvement related to financial and information security controls exists. These controls include properly evaluating expenditures, performing accurate account reconciliations, properly documenting and reconciling employee leave to the timecards, and not storing sensitive information on unencrypted drives. Khalil Abdullah CIA, CGAP Internal Auditor I 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback