Internal Controls In Higher Education

Similar documents
Assessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive

Internal Audit of Compensation and Benefits

Audit of Entity Level Controls

Southern Oregon University Internal Audit Plan Fiscal Year 2017

Audit and Advisory Services Integrity, Innovation and Quality. Audit of Internal Controls over Financial Reporting

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Audit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment

The purpose of the Global Risk Institute is the continuous improvement of the financial services sector through applied research into the integrative

Auditor General s Office REVIEW OF THE CITY SAP COMPETENCY CENTRE APPENDIX 1. June 1, 2010

Internal Controls: Need Them, Have Them, Love Them

Saskatchewan Government Insurance

HSBC HOLDINGS PLC GROUP AUDIT COMMITTEE. Terms of Reference

WORLD-CLASS AUDIT REGULATION November Big Four Inspections Report.

Operating revenues of businesses in the Employment Services Industry decreased 7.1% in 2009, dropping to $8.7 billion from a year earlier.

Managing the transition A new accounting framework for Not-for-Profit Organizations in the private sector

Operational Excellence Implementation Plan

PROFESSIONAL LEVEL PART-A: OVERVIEW OF AUDITING AND ASSURANCE

Draft Internal Audit Plan for Institute of Technology Blanchardstown 2017

2013 COSO Internal Control Framework Update. September 5, 2013

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

Conseil des écoles publiques de l Est de l Ontario

See your auditor clearly. Transparency report: How we perform quality audit engagements

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Catalogue no X. Electric Power Generation, Transmission and Distribution

IPO Readiness. Sarbanes-Oxley Compliance & Other Considerations. Presented by:

BOARD CHARTER TOURISM HOLDINGS LIMITED

Report on Inspection of Deloitte LLP (Headquartered in Toronto, Canada) Public Company Accounting Oversight Board

Operating revenue for the employment services industry rose 9.5% in 2012, increasing to $11.5 billion.

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

Prepared by: Murray Jose-Boerbridge, OODP Consultant Edits by: Wendy Pinder, OODP Program Administrator and Dionne A. Falconer, OODP Consultant

The school has a schedule of delegation which sets out where authority lies for each key area of decision making. This is reproduced below.

Office of Audit Services Annual Audit Plan For the Year Ending August 31, 2018

Provide an overview of PWGSC s commitment to improve service delivery to small departments and agencies (SDA).

WELLS FARGO & COMPANY CORPORATE GOVERNANCE GUIDELINES

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

AUDIT OF EARNINGS LOSS

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Management Practices Audit of the Treaties and Aboriginal Government Sector

External Quality Assurance Review of the Office of the Auditor General Proposed Statement of Work for the Audit Sub- Committee.

Internal Audit How the Internal Audit Function Facilitates Internal Controls. Office of the City Auditor City of Tallahassee

LIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Nonprofit Organizations

Maryland School for the Deaf

Guidance: Transition for Logbooks for RCA Applications under RG 180 Auditor registration (2016)

Pre-Engagement Activities and Audit Planning By: Tariq Mahmood FCA, ACMA

GOVERNMENT OF YUKON POLICY 1.13 GENERAL ADMINISTRATION MANUAL

REPORT NO MARCH 2012 UNIVERSITY OF SOUTH FLORIDA. Operational Audit

Employer Implementation Overview

Shareholder s Expectations For British Columbia Crown Agencies

Frequently Asked Questions August 2013

ADMINISTRATIVE AUTHORITIES LEVERAGING SECTOR EXPERTISE TO DELIVER PROGRAMS AND REGULATORY OVERSIGHT

Loch Lomond & The Trossachs National Park Authority. Annual internal audit report Year ended 31 March 2015

Sample Audit Committee. of Auditors and Management

Advisory Services Governance, Risk & Compliance

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

PRUDENTIAL FINANCIAL, INC. CORPORATE GOVERNANCE PRINCIPLES AND PRACTICES

Chapter 1 The Demand for an Auditing and Assurance Profession

Financial Reporting Council BDO LLP AUDIT QUALITY INSPECTION

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

AUDIT COMMITTEE CHARTER

CRESCENT CAPITAL BDC, INC. AUDIT COMMITTEE CHARTER

SAMPLE Marketing Slides for Building a Compliance Program

COMMUNITY LIVING BRITISH COLUMBIA 2017/ /20 SERVICE PLAN. February 2017

Audit of Cultural Industries Branch

AUDIT RISK ASSESSMENT AND RESPONSES TO ASSESSED RISK BY Geoffrey Byamugisha Partner, Ernst & Young. Lessons on Audit Risk. Responding to fraud risk

Final Report: Canada Transportation Act Review Part II (Rail Freight Traffic)

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

Internal Financial Controls New perspectives as per Companies Act 2013 and CARO 2016

Strategic Direction #7 Business Operations. Final Report

Quality Assessments what you need to know

Self Assessment Workbook

Client: Model File Limited Prepared by: MK Date: 30/03/17

ACC 269 Auditing and Assurance Services

Internal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11

September 9, 2016 kpmg.ca

IoD Code of Practice for Directors

Fiscal Year 2016 Audit Plan

AUDITING. Auditing PAGE 1

Office of Internal Auditing

Horizontal Audit of the Acquisition Cards Process

Enterprise Risk Management Handbook. June, 2010

Implementation Tool for Auditors

Director of Finance and Operations 1 July 2018

Assurance Research Advisory Group Firm Data

Executive Steering Committee Meeting. Department of Revenue Building 2, Room 1250 July 27, 2016

Audit of Departmental Security

CORPORATE GOVERNANCE STATEMENT 2016

Audit Committee Charter

The Episcopal Diocese of Kentucky

A Summary of the Government of British Columbia s Crown Agency Accountability System

DISTRICT SCHOOL BOARD OF NIAGARA EXECUTIVE COMPENSATION PROGRAM FOR ONTARIO S PUBLICLY FUNDED SCHOOL BOARDS

Risk Based Internal Audit Plan

Waterloo Region District School Board

IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS

Business and Finance Manager

A Value Management Approach to Business Transformation

Our Vision: To establish a standard of partnership, innovation, value added resource maximization, and financial expertise such that:

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

Roles and Responsibilities of the Audit Committee. Gema Ptasinski CPA, Partner

IVSC Purpose, Structure and Strategy

Internal Audit Work Plan

Transcription:

Internal Controls In Higher Education A Queen s University Experience June 2016 Caroline Davis, Vice-Principal (Finance and Administration) Queen s University Carol Devenny Partner - PricewaterhouseCoopers

About Queen s Established in 1841 by Royal Charter Located in Kingston, Ontario 23,500 students 3,342 Faculty 4,947 Staff 6 faculties Assets of $2.2B Net assets of $1.2B 2

About PwC Dedicated Higher Education Advisory Practice Assurance, Advisory and Tax Services Over 50 Clients across Canada Academic Research Institutions Colleges Part of broader North American Education Network, which serves as auditor to: Nearly 120 colleges and universities Four of the 8 Ivy League institutions Ten of top 15 medical schools Seven of the top 10 schools of engineering Canadian University Clients University of British Columbia Simon Fraser University University of Calgary University of Alberta Athabasca University University of Lethbridge University of Saskatchewan University of Manitoba University of Ontario Institute of Technology Guelph University Nipissing University University of Ottawa Carleton University Ryerson University York University University of Toronto McMaster University University of Waterloo Queen s University Concordia University McGill University 3

What are internal controls? Activities that organizations put in place to mitigate risks and provide reasonable assurance in the following broad categories: o The effectiveness and efficiency of programs, operations and resource management, including safeguarding of assets; o The reliability of financial reporting; and o Compliance with legislation, regulations, policies and delegated authorities. Internal controls are an integral part of the existing risk management frameworks and core management practices that are in place. 4

To demonstrate that adequate internal controls are in place within the university. Why did Queen s launch the Internal Controls Project? Outcome demonstrates accountability to the Board of Trustees 5

What is the Internal Controls Project? Objective: Risks relating to the stewardship of resources are adequately managed through effective internal controls. Focus also on efficiency and best practices on the campus Long-Term Expected Results: Effective management of financial risks through effective internal controls. Evidence of effective internal controls. Ongoing monitoring program 6

Internal Controls over Financial Reporting (ICFR) Framework 7

The Roadmap 1 2 3 Complete risk assessment and scoping at both the entity and the business process level Documentation of control activities Evaluate design effectiveness of control activities Entity level controls 4 Remediate design deficiencies 5 6 Document and determine the operating effectiveness of control activities Evaluation of internal control deficiencies Information technology general controls 7 Remediation of internal control deficiencies 8

Entity level and IT General Controls Risks assessment and review of Entity Level Controls concluded on an elevated level of inherent risk: Financial sustainability risks Current state of most internal controls is informal Accountability rests with centralized, administrative functions, but authority has been delegated to faculties (misalignment) Reporting / regulatory reporting requirements are increasing IT General Controls Includes things like the IT control environment, program development, program changes, access to programs and data, and computer operations Queen s is focussing first on remediating deficiencies identified in a general IT Security review 9

Risk Assessment and Scoping 1. Entity level risk assessment focuses on business risks that have an impact on the system of internal control. 2. Process mapping - Identify relevant business processes using financial statements - See example in appendix 3. Process level risk assessment - Consider characteristics that increase risk: - Complexity of the process - # of transactions - Centralized or decentralized? - Reputational risk - Fraud risk - Other (internal audit findings, etc.) 10

Process level risk assessment Process Characteristics Processes for Scoping Impact (High, Moderate, Low or N/A) Complexity of Process (High, Moderate, Low, N/A) Volume of Transactions (High, Moderate, Low, N/A) Decentralization of Process Activities (High, Moderate, Low) Reputational Risk (High, Moderate, Low) Inherent Fraud Risk (High, Moderate, Low) weighting 20 25 15 30 10 10 HIGH 25 25 25 25 25 25 MODERATE 15 15 15 15 15 15 LOW 5 5 5 5 5 5 Overall Risk Score Overall Risk Level (High, Moderate, Low) Payroll 25 25 25 25 5 25 23.2 High Research 25 25 25 25 25 15 24.1 HIgh Purchases, Payables and Payments 25 15 25 25 15 15 20.9 HIgh This table represents the inherent risk of business processes (before any controls are put in place) 11

Business Process Documentation and evaluation Provides answers to the following questions: 1. What is the risk being mitigated? 2. What is the control activity (when applicable)? 3. Why is the activity performed? 4. Who (or what system) performs the control activity? 5. When (how often) is the activity performed? 6. What mechanism (reports and systems) is used to perform the activity? Outputs: Process description (narrative format) Process description (flowchart format) Risk control Matrix Identification of opportunities for improvement Recommendations for mitigation and improvement Overall reporting 12

Timing of activities Risk Assessment and Scoping Report Completed Assessment of Control Environment Completed Service provider engaged Initiate next steps discussion Research process complete Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Remediation 2014 2015 2016 Assessment of P2P completed Assessment of payroll process completed Report to Audit and Risk Committee Report to Internal Controls Steering Committee 13

Program maintenance Options around overall Internal Controls Program maintenance are still being discussed. Possibilities include: Evaluate design and operating effectiveness for only high risk processes (3 out of 18 processes); or Evaluate design and operating effectiveness risk and some or all moderate risk processes In either case, Queen s will likely: Begin operating effectiveness testing on high risk processes (even if all remediation is not complete) Implement an annual sign off process 14

Key success factors and lessons learned 1. Focus on the areas of highest risk 2. Governance and engagement 3. Understand the environment 15

Focus based on risk To optimize resources, efforts must be focussed only on the areas of highest risk Significant Elevated Normal 16

Governance and engagement How you do things is just as (or more) important than what you do Stakeholder involvement is KEY on all areas of the project Governance and project structure Scoping, documentation and evaluation Remediation 17

Governance and engagement: Project structure Audit and Risk Committee Oversight of project Vice-Principal, Finance and Administration Project Sponsor Steering Committee Co-Chaired by Controller and Director, Internal Audit Remediation Working Groups Groups formed to remediate gaps in decentralized processes 18

Governance and engagement Benefits of extensive stakeholder involvement Promotes understanding of end to end processes, and how units fit Promotes an appreciation for different practices even within faculties and departments Assists in identification of best practices Promotes business centric solutions that will work for stakeholders Identifies opportunities to standardize or streamline Increases engagement of faculties and other units Promotes ownership and understanding of issues and remediation 19

Understand the environment External Environment - What are other universities doing? - What initiatives exist in the broader public sector? - Expectations of external stakeholders (regulators, donors, members of the public) Having this understanding helps put the project in the proper context with internal and external stakeholders. 20

Understand the environment Internal Environment What does the Audit Committee expect? Key point: Understand concerns - Why should we do this? - Internal controls increase bureaucracy - I don t have time for this - I don t have these problems in my business unit This understanding is key to highlight where value needs to be demonstrated to get buy in. 21

Outcomes The Internal Controls Project has brought several benefits to Queen s: Higher awareness and better understanding of risks, controls, and processes; Identification of opportunities for process improvement; Faculties are working with shared services to remediate gaps in internal controls; More structured framework to measure and monitor internal controls. Internal control gaps are being remediated 22

Thank you and questions Contacts: Caroline Davis, VP (Finance & Administration) vpfa@queensu.ca Heather Woermke (Controller) woermkeh@queensu.ca Carol Devenny, Partner carol.devenny@ca.pwc.com 23

Appendices 24

Scoping example 2013 PRELIMINARY PROCESS SCOPING REVENUES PwC To identify business processes to be evaluated, financial statement line items are broken down into the processes that feed them Grants and contracts $356,501 Operating Grants, Research, Other grants Fees 233,095 Fees Ancillary sales of service and products 77,841 Ancillary Sales Donations 21,522 Advancement Amortization of deferred capital contributions 26,676 Advancement, Other grants Other 21,496 Other revenue Investment income (note 8) 62,033 Investments & Endowments EXPENSES 799,164 Salaries and benefits 433,193 Payroll, Pension Supplies and services 118,164 Purchases, Payables, Payments Student assistance 57,186 Student Assistance Amortization of capital assets 53,001 Capital Assets Externally contracted services 50,979 Purchases, Payables, Payments Utilities and insurance 20,870 Purchases, Payables, Payments Travel and conferences 16,844 Travel Purchases, Payables, Payments, PPS project Renovations and alterations 13,607 management Interest on long-term debt 12,371 Long Term Debt 776,215 Excess of revenues over expenses $ 22,949 Slide 25

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback