Department of Biology

Similar documents
THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES. Department of Communication Report No

College of Engineering and Computer Science Dean's Office

Assets Management Audit

The University of Texas at Tyler. Contract Administration Audit

Understanding Internal Controls Office of Internal Audit

Procurement Card Continuous Auditing

University System of Maryland University of Maryland, College Park

The University of Texas at Tyler. Procurement and Travel Card Audit

THE UNIVERSITY OF TEXAS AT DALLAS Office of Internal Audit 800 West Campbell Rd., ROC 32, RICHARDSON, TX (972)

Financial Services Job Summaries

APPENDIX 2 COMMUNITY DEVELOPMENT COMMISSION FINANCIAL CHECKLIST REQUIRED FOR ALL APPLICANTS (A SITE VISIT MAY BE CONDUCTED LATER)

CAPE FEAR COMMUNITY COLLEGE VICE PRESIDENT OF BUSINESS SERVICES

CSU COLLEGE REVIEWS. The California State University Office of Audit and Advisory Services. California State University, Northridge

Guide to Internal Controls

University Internal Audit

HFTP Hospitality Financial and Technology Professionals

Stephen F. Austin State University

DEPARTMENTAL CONTROL SELF-ASSESSMENT. Dept.: Date:

Company LOGO C B T. An Educational Computer Based Training Program

CITY OF CORPUS CHRISTI

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

University System of Maryland University of Baltimore

Wire Transfer Audit. Craig Hametner, CPA, CIA, CMA, CFE City Auditor. Prepared By: Jed Johnson Senior Audit Analyst. Michelle Taylor Audit Analyst

Financial Controls Checklist

Eric Anderson, City Manager. Scottie Nix, Internal Auditor

Sheena Tran, CPA May 19, 2014

EMPLOYEE FRAUD OPPORTUNITIES CHECKLIST

Internal Audit Policy and Procedures Internal Audit Charter

Internal Control System Components. Workers Compensation Board

Testing Services - D0046 Baseline Standards FY 2017

Minnesota State Community and Technical College

Annual Financial Sub-certification

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

Internal Audit Work Plan

FRAUD SCHEMES. South Carolina HFMA Finance & Reimbursement Forum. November 13, 2012 WITH RELATED INTERNAL CONTROLS

OFFICE OF INTERNAL AUDIT AUDIT MANUAL

Audit of. Accounts Payable Procedures

Maryland School for the Deaf

INTERNAL CONTROLS MANUAL DICKSON COUNTY SCHOOLS DANNY L. WEEKS, ED.D. DIRECTOR OF SCHOOLS LINDA FRAZIER BUSINESS MANAGER JUNE 2016

July 18, THOMAS G. MASTERS Director, Institute of Geophysics and Planetary Physics 0225

INDEPENDENT ACCOUNTANT'S REPORT ON APPLYING AGREED-UPON PROCEDURES BACKGROUND

Seattle Public Schools The Office of Internal Audit

ROSWELL PARK CANCER INSTITUTE CORPORATION INTERNAL CONTROLS OVER PROCUREMENT AND REVENUES. Report 2005-S-15 OFFICE OF THE NEW YORK STATE COMPTROLLER

File. Audit. City Auditor

The Episcopal Diocese of Kentucky

Several unallowable expenditures and exceptions to policy were noted.

Department of Health and Mental Hygiene Laboratories Administration

K-State Athletics, Inc. Report on Internal Controls related to the Contracting, Travel, and Expenditure processes.

INTERNAL CONTROL HANDBOOK

LOUISIANA SCHOOL FOR THE DEAF BOARD OF ELEMENTARY AND SECONDARY EDUCATION DEPARTMENT OF EDUCATION STATE OF LOUISIANA

Diocese of Covington Policies & Procedures Manual Section: Compliance Accounting Policy: Internal Control & Segregation of Duties

REPORT NO NOVEMBER 2013 FLORIDA ATLANTIC UNIVERSITY. Operational Audit

FY 2017 YEAR-END CLOSING CALENDAR Page 1

Independent Validation of the Internal Auditing Self-Assessment

STEPHEN F. AUSTIN STATE UNIVERSITY FISCAL YEAR 2013 ANNUAL AUDIT REPORT TABLE OF CONTENTS

Office of Internal Audit and Compliance

Whether you take in a lot of money. or you collect pennies

NEMO WIB WIA Title I-B Substate Monitoring Plan

Fiscal Year 2014 Internal Audit Annual Report

OBSERVATIONS, RECOMMENDATIONS, AND RESPONSES

The Texas A&M University System Internal Audit Department MONTHLY AUDIT REPORT

Internal Control Questionnaire

AGENDA. I. Certification of notice posted for the meeting Dr. Wright Lassiter

Internal Control Evaluation


Job Title: Managing Director Department: Job/Salary Scale: Accountable To: Responsible For: Job Purpose: Key Result Areas:

POSITION DESCRIPTION

Audit Report# May 30, 2017

Internal Audit Report

Cost Control Systems. Conclusion. Is the District Using the Cost Control Systems Best Practices? Internal Auditing. Financial Auditing

GRAMBLING STATE UNIVERSITY Risk Assessment Annual Audit Plan

GRAND AERIE SURVEY PLEASE CIRCLE THE FOLLOWING TO DETERMINE IF THE AERIE IS OPERATING IN COMPLIANCE WITH OUR FRATERNAL LAWS.

OFFICE OF FLEET MANAGEMENT AUDITOR S REPORT FISCAL YEARS

Office of Internal Audit 800 W. Campbell Rd. SPN 32, Richardson, TX Phone Fax January 23, 2017

Internal Audit Report. Contract Administration: 601CT Contracts TxDOT Internal Audit Division

Central Oregon Intergovernmental Council

Audit Engagement Fixed Assets Follow Up Audit

Summit County Probate Court 1 st Audit Follow-up General Report

May 15, There is inadequate documentation in the Daycare to support funds being deposited.

THE UNIVERSITY OF GEORGIA INTERNAL AUDITING DIVISION INTERNAL CONTROL QUESTIONNAIRE GENERAL

Finance Committee, Board of Health Elizabeth Bowden, Interim Director of Administrative Services FINANCIAL CONTROLS CHECKLIST

Office of the City Auditor. Committed to increasing government efficiency, effectiveness, accountability and transparency

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

BOARD SELF-EVALUATION TOOL

Contract and Procurement Fraud. Fraud in Procurement without Competition

Office of Internal Audit Report for the Quarter Ending September 30, 2017

TTC AUDIT COMMITTEE REPORT NO.

C. B. Smith Park Cash Handling Process

REPORT NO MARCH 2012 UNIVERSITY OF SOUTH FLORIDA. Operational Audit

2/27/2017. Segregation of Duties/ Internal Controls. Objectives. Agenda

X.XX Wireless Communication Devices (Cell Phones) I. POLICY STATEMENT II. RATIONALE III. SCOPE IV. WEBSITE ADDRESS FOR THIS POLICY

Audit of. Olympic Heights High School Drama Ticket Sales

SAN FRANCISCO COURT APPOINTED SPECIAL ADVOCATE PROGRAM

Comptroller of the Treasury Central Payroll Bureau

Cash Processing and Handling Audit

This charter defines the purpose, authority and responsibility of News Corporation s (the Company ) Corporate Audit Department.

Chapter 7 Internal Controls

Associate Vice President of Facilities Management

Finance, Budget & Planning Job Family: Manager Finance (Non-Transaction Ctr) Progression

Monitoring and Oversight Standards and Guidelines

Transcription:

THE UNIVERSITY OF TEXAS-PAN AMERICAN OFFICE OF AUDITS & CONSULTING SERVICES Department of Biology Report No. 14-10

OFFICE OF INTERNAL AUDITS THE UNIVERSITY OF TEXAS - PAN AMERICAN 1201 West University Drive Edinburg, Texas 78539-2999 Office (956) 665-2110 May 13, 2014 Dr. Robert S. Nelsen, President The University of Texas-Pan American 1201 W. University Drive Edinburg, TX 78539 Dear Dr. Nelsen, As part of our fiscal year 2013 Audit Plan, we completed a change in management audit of the Department of Biology. The objective of the audit was to evaluate the adequacy and effectiveness of the Department of Biology s system of internal controls with an emphasis on financial and administrative controls. The specific internal control areas we focused on included the control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring and information technology. Our scope encompassed activity from FY 2012 (September 1, 2011 through August 31, 2012). We performed audit procedures that included completion of an internal control questionnaire; interviews with staff; testing controls related to compliance with University policies and procedures; and performing substantive testing, on a sample basis, related to proper approvals of expenditures; time reporting; assets management; and segregation of duties. Overall, we concluded that the Department of Biology had established a moderate system of internal controls in the areas evaluated. We identified areas where improvements to internal controls are necessary, and management will take corrective action. The detailed report is attached for your review. We appreciate the courtesy and cooperation received from management and staff during our audit. Sincerely, Eloy R. Alaniz, Jr., CPA, CIA, CISA Executive Director of Audits, Compliance & Consulting Services

The University of Texas Pan American Table of Contents EXECUTIVE SUMMARY 1 BACKGROUND 2 AUDIT OBJECTIVE 2 AUDIT SCOPE AND METHODOLOGY 2 AUDIT RESULTS 3 CONCLUSION 10

EXECUTIVE SUMMARY (department) is committed to excellence in instruction, student performance, research, scholarly accomplishment, and professional service, and promoting the expansion of national and international emphasis in all major areas of institutional endeavor. The department strives to provide its students and faculty an environment of academic freedom that will ensure the exchange of ideas and the dissemination of knowledge. The department chair was hired on January 1, 2013. As required by The University of Texas System s (System) 1996 Action Plan to Enhance Internal Controls, a change in management audit is performed when a department undergoes a change in management or a significant change in reporting lines. The objective of the audit was to evaluate the adequacy and effectiveness of the system of internal controls with an emphasis on administrative and financial controls. The specific internal control areas we focused on included the department s control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring, and information technology. Our scope encompassed activity from September 1, 2011 through December 31, 2012. The audit was conducted in accordance with guidelines set forth in The University of Texas System s Policy 129 and the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing. Overall, the Department of Biology established a moderate system of internal controls and we observed the following: A risk assessment was not completed. Discrepancies were identified between the time reported on employees timecards and the leave approved by their supervisor. The department did not follow the University s policy on cash handling, including lack of proper segregation of duties. Project account reconciliations were not conducted properly or reviewed by the project manager. 1

BACKGROUND The department offers majors in biology and environmental science leading to a bachelor of science degree and a minor in biology. Biology students may elect a curriculum for a major in biology, pre-medical, pre-dental, pre-optometry, or teaching certification (elementary or secondary). There are currently 26 faculty members who actively engage in integrative and organismal biology research as well as research in cellular and molecular biology. The department also offers study beyond the bachelor's degree leading to a master of science in biology. The former chair was responsible for 10 project accounts during FY 2012. The following table summarizes the department s accounts as of August 31, 2012. Project Account Budget Encumbrances Actual Funds Available 140BIOL00 $2,284,148 $7,675 $2,276,472 $0 142BIOL00 $61,394 $8,191 $48,331 $4,872 180BIOL00 $48,303 $11,341 $36,963 $0 185BIOL01 $162,386 $492 $78,594 $83,300 21BIOL000 $9,740 $0 ($6,091) $15,831 21BIOL001 $1,331 $351 $94 $886 21BIOL002 $77,277 $67,634 ($14,025) $23,668 21BIOL004 $138,585 $57,939 $64,973 $15,673 24BIOL000 $2,366 $5,639 ($4,360) $1,088 24BIOL001 $679 $0 ($10,233) $10,912 Totals $2,786,209 $159,262 $2,470,718 $156,229 AUDIT OBJECTIVE The objective of the audit was to evaluate the adequacy and effectiveness of the department s system of internal controls with an emphasis on financial and administrative controls. AUDIT SCOPE & METHODOLOGY We evaluated the department s internal controls related to establishing a control conscious environment, approval and authorization, segregation of duties, safeguarding of assets, monitoring, and information technology. Our scope included activity from September 1, 2011 through December 31, 2012. To accomplish the audit objective, we performed the following procedures: We interviewed the new department chair and discussed an internal control questionnaire to obtain an understanding of department operations and related internal controls. We interviewed department employees for additional input on internal controls. 2

We determined whether the former chair had established a control conscious environment, whether goals and objectives for the department had been developed, and whether a risk assessment and implementation plan had been developed. We selected account reconciliations to determine whether the reconciliations had been performed and approved on a timely basis and whether segregation of duties existed. We determined whether the department had established adequate procedures and segregation of duties over funds handling. We examined operating and financial information for reliability. We tested a sample of expenditures and examined supporting documentation for proper approval and authorization from the department s accounts with the most activity. We reviewed employee leave and tested timecards for proper approval and authorization. We performed property inventory testing for the existence of selected assets, and determined whether selected assets were properly recorded on the University s assets management system. We reviewed controls for personal computers and portable drives to evaluate physical and data security. We verified the department s compliance with University policies and procedures. The audit was conducted in accordance with guidelines set forth in The University of Texas System s Policy UTS 129 Internal Audit Activities and the Institute of Internal Auditor s International Standards for the Professional Practice of Internal Auditing. The audit was conducted during the months of February 2013 through February 2014. Control Conscious Environment AUDIT RESULTS A control conscious environment encompasses technical competence and ethical commitment, and it is an important factor for the establishment of effective internal controls. In order to establish an adequate control conscious environment, a department should have the following: goals and objectives, a mission statement, a risk assessment and implementation plan, and a policies and procedures manual. These items should be updated on a regular basis. Additionally, employees should receive adequate training, performance evaluations should be conducted regularly and any conflicts of interest should be identified and addressed. Based on testing, we found that the department established an adequate control conscious environment. We selected 25 employees to test for completion of annual trainings and nepotism certification. Additionally, we tested three employees to determine whether annual performance evaluations were performed. The results of our tests are as follows: 5 out of 25 (20%) employees did not complete their annual compliance training acknowledgement 6 out of 25 (24%) employees did not complete their annual nepotism certification 3

1 out of 25 (4%) employees did not complete their annual sexual harassment training 1 out of 25 (4%) employees did not complete their standards of conduct training 25 out of 25 (100%) employee completed their annual information technology training 3 out of 3 (100%) employees completed an annual performance evaluations Although the department was not fully compliant with the mandatory trainings, the majority of the faculty and staff completed those requirements. The chair continues to work with the faculty and staff towards full compliance. The department s administrative assistant II provided us with a copy of their policies and procedures manual. The manual included general guidelines, expectations, and faculty recruitment and employment policies as well as other topics. We determined that this manual was adequate for the department. We noted that the department had not completed an assessment of their risks. Recommendation: 1. As part of our audit procedures, we identified areas of risk and assessed its impact and probability of occurrence and produced a risk assessment. The department chair should utilize this document as a starting point towards developing a department risk assessment. This risk assessment should be evaluated annually and an action plan should be developed to mitigate high risks. Management Response: 1. The Biology Department will develop a risk assessment and action plan using materials provided by the auditor. After development, the risk assessment will be evaluated annually. Implementation Date: August 31, 2014 Approval & Authorization Adequately established approval and authorization controls help to ensure that expenditures are allowable and appropriate. During the audit period, the former chair was account manager for 10 project accounts, with the administrative assistant II listed as the project reviewer, and a faculty member as alternate approver. 4

We reviewed operating, travel, and payroll expenditures to test for compliance with University procedures. We tested a sample of expenditures in each category and examined supporting documentation for proper approval, accuracy, and whether the expenditures were reasonable. The Office did not have a procurement card. Operating and Travel Expenditures We randomly selected a sample of 22 operating and four (4) travel transactions representing 4% and 5% of the total dollar value of the population, respectively. We found that expenditures were properly approved, appropriate, and supported with adequate documentation. No exceptions were noted. Payroll and Employee Leave We judgmentally selected eight (8) employees and selected the months of November 2011 and September 2012 to test for payroll accuracy. We verified that the employees compensation agreed with their memoranda of employment. We determined that the payroll for employees tested was accurate. We also evaluated the process for leave taken by employees, reconciliations of leave reports to the official timecard of the University, and ensured that timecards were properly approved by the employee s supervisor. The department uses a Leave Approval Request form to document employee leave. We determined that all employee timecards were approved by their supervisor; however, we identified several discrepancies between employee leave support documentation and the leave reported on the employee s official University timecard. Specifically, we found two (2) instances where the leave reported on the Leave Approval Request did not agree with the hours of leave reported on the employee s timecard. Conversely, we also found one (1) instance where the hours of leave reported on the employee s timecard was not supported by leave documentation. According to HOP Section: 7.6.3 Annual Vacation Leave and HOP Section: 7.6.4 Sick Leave, the supervisor is responsible for reviewing and approving annual vacation leave requests, maintaining accurate records of employees use of annual vacation leave, maintaining accurate records of employee sick leave usage, and verifying monthly timecards for accuracy. Based on testing we determined that there were inadequate controls in place related to ensuring the accurate recording of employee leave. Recommendation: 2. The chair should ensure that employee leave requests are accurately documented and reconciliations of leave requests to official timecards should be conducted on a monthly basis in accordance with University policy. 5

Management Response: 2. Leave requests will be submitted in a timely manner and will be reviewed on monthly basis. The leave request forms will be inputted monthly into the department chair s calendar and will be reviewed at the time when time cards are submitted to make sure the staff has accounted for any days that were taken. Leave request documentation will be maintained in the staff office files. Implementation Date: April 30, 2014 Segregation of Duties Adequate segregation of duties should be maintained between the people who authorize transactions, record transactions, and have custody of assets. We reviewed areas such as revenues and funds handling, purchases, timecards and statement of account reconciliations to evaluate segregation of duties. The chair had signature/approval authority over the department s accounts, including account reconciliations, purchases, and timecards. The department s accounts were set up with separate individuals listed as the project manager, project reviewer, and alternate approver. The department s administrative assistant II maintained the accounting records and was responsible for preparing the account reconciliations. We determined that the department receives royalty payments from a publishing company for sales of a lab manual developed by the department. The administrative assistant II was responsible for preparing the royalty check deposits as well as preparing the department s account reconciliations as mentioned above. The administrative assistant II had incompatible duties that are contrary to proper segregation of duties. We concluded that the department had inadequate segregation of duties over funds handling. Recommendation: 3. The chair should ensure that incompatible job duties are appropriately segregated or compensating controls are in place to address the royalty checks received. Management Response: 3. The department will ensure that the person making deposits does not also prepare the monthly account reconciliations. Appropriate segregation of duties will be 6

maintained until a process is developed for royalty checks to be deposited directly into the department s project account. Implementation Date: August 31, 2014 Safeguarding of Assets Tangible assets, vital documents, critical systems, and confidential information must be safeguarded against unauthorized acquisition, use, or disposal. We performed property inventory testing to determine the existence of assets and whether assets were properly recorded on the Oracle Fixed Assets system. We judgmentally selected a sample of 10 assets with a historical cost greater than $1,000 to test for existence. The total selected sample represented 40 percent of the department s total inventory value. We were able to account for 100% of the assets in testing for existence. In addition, we selected five (5) assets in the department to verify inclusion in the assets management system. We were able to trace all five (5) assets back to the inventory records. We noted that the department received checks during the audit scope totaling $9,702 related to royalty payments from the sale of lab manuals. For each manual sold, the department receives a $5 royalty. We verified that each of the deposits made to the department s accounts were supported by adequate documentation. However, we were unable to test for completeness since there is no set amount expected to be received from the publishing company. The checks were deposited under the object code 43199 other revenue and services and not to object code 44201 royalty income. In addition, we determined that the checks were paid to the order of the dept., the University and included the chair s name on the check. We determined that the department was not following the University s policy 8.6.6 Handling of University Funds as follows: The department had not received authorization from the vice president for business affairs to collect cash; Procedures for handling and securing cash were not documented; A copy of HOP 8.6.6 was not maintained by the department; The department employees designated to accept payment have not completed training on cash handling; Checks were not restrictively endorsed with the University name. While the department s process for safeguarding property inventory was adequate, the department s funds handling process was inadequate. 7

Monitoring Recommendation: 4. The chair should consider either having all future royalty payments sent directly to the Payments and Collections Office or ensuring that funds handling is performed in accordance with HOP 8.6.6 Handling of University Funds. In addition, the chair should consult with the Accounting Department to verify that the funds are deposited to the correct object code. Management Response: 4. The Biology Department is in the process of contacting publishers Hayden and Kendall regarding the royalty payments to determine how the amount of $5.00 for each lab manual was established and whether we can negotiate a higher amount. Additionally, the publishers will be notified that future royalty payments must be sent directly to the Payments and Collections Office. Implementation Date: August 31, 2014 Monitoring is the assessment of internal controls over time. We reviewed the department s procedures for monitoring accounts, off-campus use of University property, and addressing complaints. Account reconciliations should be reviewed timely to ensure that any necessary account corrections are made. In accordance to Handbook of Operating Procedure Section 8.6.1: University Budget Policy/Fiscal Accountability, project managers are responsible for providing assurance as to the accuracy of their accounts by certifying that the account has been reconciled for the fiscal year and that all reconciling items have been satisfactorily resolved. Without adequate monitoring of project account reconciliations, items that require attention may go unnoticed. We selected two (2) months of account reconciliations to review in order to verify that the department was actively monitoring financial account activity. Based on the information provided by the department, we were unable to obtain sufficient evidence to support that the project account reconciliations were completed and reviewed by the former chair. Therefore, we determined that inadequate controls were in place for the department s financial activity. Additionally, we reviewed the department s process for monitoring employee complaints and tracking departmental property checked out to employees, and determined that the department established adequate processes for those activities. 8

Recommendation: 5. The chair should ensure that the department s project accounts are reconciled and that timely project manager reviews are conducted. Management Response: 5. The reconciliation will be reviewed on a monthly basis and will include the Reconciliation Steps & Certification form as well as a checklist with a detailed spreadsheet detailing all of the month s transactions. The chair and administrative assistant II will meet each month to review the transactions and go over any discrepancies or issues identified during the reconciliation process. Once review of the reconciliation spreadsheet is complete the chair will sign and date the reconciliation and it will be filed for future reference. Implementation Date: August 31, 2014 Information Technology Adequately established information technology controls help to protect sensitive information entrusted to the department. These controls include limited access to the University s computer systems, and restricting downloads of sensitive information. Another control is encryption software on equipment storing sensitive information. Ensuring employees have appropriate levels of system access helps prevent loss of vital University data and also prevents other abuses of the system. We reviewed employee access levels for Oracle and verified that employees received appropriate level of access for their job responsibilities. We determined that all employees were granted the appropriate level of access to the Oracle system based on their individual job responsibilities. We also inquired whether the department used portable storage devices such as external hard drives or thumb drives. Department faculty use portable storage devices to back up data files. The department has taken steps to ensure that sensitive data is safeguarded by issuing faculty encrypted thumb drives. Each faculty member receiving an encrypted thumb drive was required to sign a document acknowledging receipt of the drive and that they were aware that the device is the property of the University and that sensitive data should be stored on encrypted devices only. We determined that the department established adequate information technology controls. 9

CONCLUSION Overall, we concluded that the department established a moderate system of financial and administrative controls. We identified areas where improvements could be made to internal controls and departmental procedures in the areas of control conscious environment, approval and authorization, segregating duties, safeguarding of assets, and monitoring. These controls include developing a risk assessment, ensuring that employee leave requests are accurately documented and reconciled to their official timecard, adhering to the University s policy on funds handling, and ensuring that account reconciliations are conducted. Isabel Benavides CIA, CGAP, CFE Director, Audits and Consulting Services Khalil Abdullah, CIA, CGAP Internal Auditor I 10

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback