Washington State University Office of Internal Audit FY 2015 Audit Plan

Similar documents
Office of Internal Audit Status Update Fiscal Year 2016 Quarter 2 Reporting Period: October 1, 2015 through December 31, 2015

Administrative Services

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

3.6.2 Internal Audit Charter Adopted by the Board: November 12, 2013

The University of Texas at San Antonio. Internal Audit Annual Report For Fiscal Year As required by the Texas Internal Auditing Act

Financial Resources: Control of finances The institution exercises appropriate control over all its financial resources.

Annual Report FY2017 A YEAR OF CHANGE NEW FACES

CGIAR System Management Board Audit and Risk Committee Terms of Reference

4.5 discuss with the external auditor the auditor s judgments about the quality and acceptability of the Group s accounting principles;

FY 2013 Internal Audit Annual Report

1. The NHS Health Scotland Board has established a Committee to be known as the Audit Committee.

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

Texas Workforce Commission

BEST BUY CO., INC. AUDIT COMMITTEE CHARTER

FY INTERNAL AUDIT ACCOMPLISHMENTS REPORT AND ANNUAL STRATEGIC WORK PLAN

Office of Audit Services Annual Audit Plan For the Year Ending August 31, 2018

ADELAIDE BRIGHTON LIMITED ACN

Audit & Risk Committee Charter

Texas Facilities Commission (TFC) Office of Internal Audit (OIA)

BARBADOS DAIRY INDUSTRIES LIMITED AUDIT COMMITTEE CHARTER

Anheuser-Busch Companies, Inc. Audit Committee Charter

THE FLORIDA INTERNATIONAL UNIVERSITY BOARD OF TRUSTEES AUDIT AND COMPLIANCE COMMITTEE CHARTER

INTERNAL AUDIT PLAN AND CHARTER 2018/19

Policy Analysis: Internal Controls #1.11 1/2009

Corporate Governance Guidelines

VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY COMPLIANCE, AUDIT, AND RISK COMMITTEE OF THE BOARD OF VISITORS COMPLIANCE, AUDIT, AND RISK CHARTER

OFFICE OF INTERNAL AUDIT AUDIT MANUAL

Executive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update

BIOSCRIP, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Audit Committee Charter Matrix

Regents of the University of Michigan Committee Charters Last updated June 17, 2010

Audit & Risk Management Committee Charter

CORPORATE GOVERNANCE PRACTICES

CORPORATE GOVERNANCE PRACTICES

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

Internal Audit Charter

Audit Committee Charter

Conseil des écoles publiques de l Est de l Ontario

Annual Report. NC STATE UNIVERSITY INTERNAL AUDIT DIVISION FISCAL YEAR (Data as of June 26, 2012)

AUDIT COMMITTEE CHARTER

Internal Audit Policy and Procedures Internal Audit Charter

identifying areas for improvement with respect to the Institute s research administration internal control structure.

OFFICE OF INSPECTOR GENERAL. Department of Veterans Affairs

January 29, Members of the Board of Trustees. Peg Fish, Director of Audits. Approval of 2017 Annual Report of the Director of Audits

The Sub-committee shall meet as and when required. Formal minutes of each meeting will be taken.

NRCS AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

A. Independence/Composition. The Committee shall be comprised of not less than three members. The members of the Committee:

INFRAREIT, INC. Corporate Governance Guidelines

1. Definition & Mission

Finance & Audit Committee Meeting

Guidelines of Corporate Governance

Office of the President TO MEMBERS OF THE COMPLIANCE AND AUDIT COMMITTEE: INFORMATION ITEM. For Meeting of November 15, 2017

Office of Internal Audit Fiscal Year Quarter 3 Status Report January 1, 2018 through March 31, 2018

City of Santa Monica FY Internal Audit Program. Audit Subcommittee Meeting August 23, 2017

BOARD OF REGENTS OF THE UNIVERSITY OF WISCONSIN SYSTEM

Nido Petroleum Limited Audit & Risk Management Committee Charter (AS APPROVED 24 MAY 2011)

Audit and Risk Committee Charter

Community Bankers Conference

Group Technology Committee Charter

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

See your auditor clearly. Transparency report: How we perform quality audit engagements

EY Center for Board Matters. Leading practices for audit committees

Audit and Risk Management Committee Charter

CHARTER OF THE BOARD OF DIRECTORS

Sheena Tran, CPA May 19, 2014

Office of Internal Auditing

AUDIT COMMITTEE CHARTER

Internal Control in Higher Education

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

AUDIT AND RISK COMMITTEE CHARTER

Internal Audit Division FY 17 - Audit Plan Overview

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF DROPBOX, INC.

Southern Oregon University Internal Audit Plan Fiscal Year 2017

SEACOR Holdings Inc. CORPORATE GOVERNANCE GUIDELINES (Effective as of November 13, 2018)

INTERNATIONAL ORGANIZATION FOR MIGRATION. Keywords: internal audit, evaluation, investigation, inspection, monitoring, internal oversight

INTERNAL AUDIT CHARTER

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

DineEquity, Inc. Corporate Governance Guidelines

Defence Health Governance Structure

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

Office of Internal Auditing

BOM / BSD 7 /April 2001 BANK OF MAURITIUS. Guideline on Corporate Governance

JACOBS ENGINEERING GROUP INC. CORPORATE GOVERNANCE GUIDELINES

THE UNIVERSITY OF TOLEDO AUDIT COMMITTEE MEETING. October 19, 2009

By-Law Finance and Risk Management Committee

Department of Biology

Audit and Risk Management Committee Charter

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY 2017

(

CISV INTERNATIONAL TERMS OF REFERENCE REGIONAL DELIVERY TEAM EDUCATIONAL PROGRAMMES

TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY FINANCE AND AUDIT COMMITTEE OF THE BOARD OF VISITORS AUDIT CHARTER

EASTMAN CHEMICAL COMPANY. Corporate Governance Guidelines

FUNCTION: To Protect and Enhance the Nonprofit Organization s Capacity to Serve the Community.

Actual Expenditures, Last Three Budgets, include funding sources:

2017 Corporate Governance Statement

AUDIT COMMITTEE FARM CREDIT CANADA Enacted May 29, 2002 CHARTER Last Reviewed: October 18, 2017 Minute No. 17/18:03:08

Maryland Transportation Authority

BOARD STANDING AND AD HOC COMMITTEES

AT&T INC. CORPORATE GOVERNANCE GUIDELINES

Transcription:

Washington State University Office of Internal Audit FY 2015 Audit Plan The purpose of the Audit Plan is to outline audits and other activities the WSU Office of Internal Audit will conduct during fiscal year 2015. The types of audits listed in the plan demonstrate the variety of approaches Internal Audit takes to address its mission of assisting the University achieve its goals and objectives in an efficient and effective manner. Deliverables for audits and projects may include audit reports, technical assistance, data analysis, and other written and oral communications. Audits and projects in the plan were primarily identified through a University-wide risk assessment process. This process includes surveys, interviews, data analysis, and research of audit issues and trends. From this process, 36 unique areas/issues were identified. An independent IT risk assessment was also performed to apply ranking to the 18 Control Family Categories defined by NIST (National Institute of Standards and Technology). Note, issues common to both the general assessment and the IT specific process were the areas of IT Security and IT Contingency Planning. Because not all issues identified during the assessment process are auditable and, audit resources limit the number of projects to engage, further assessment is performed to evaluate and rank the identified concerns based on: likelihood of the risk concern occurring, potential impact to the University if the risk event occurred, and, auditor judgment. As a result, we identified to engage eight audits, two consulting engagements that will include technical advice, and, continuous auditing in the areas of travel, cash and time reporting. Further description of the audits is provided on the next page. The specific scope of each audit in the plan will be determined once the audit team has completed its audit planning process for each engagement. The audit planning process includes consideration of the risk management, control and governance processes in place to provide reasonable assurance that: Information is accurate, reliable and timely. Employee actions are in compliance with policies, standards, procedures and applicable laws and regulations. Operations are efficient and effective. Resources are acquired economically, used efficiently, and adequately protected. Page 1

The planned audits and projects for FY 2015 are as follows: Project Purpose IT Contingency Planning Cybersecurity Insurance Athletics Physical Security FISMA Grant reporting Human Subject Research Select Agents Department Review Service Centers Assurance audit - per NIST standards, perform procedures to ensure continuity of IT operations/data recovery in the event of loss, breach or other impact to services. Advisory - provide analysis and recommendation pertaining to insurance coverage in the event of a cybersecurity incident occurring. Risk assessment will be performed at engagement of audit to define scope. Assurance audit to assess controls over keys. Advisory - provide assessment of ability to comply with FISMA (Federal Information Security Management Act of 2002) related to IT infrastructure and systems. Assurance audit - assess controls to ensure timely, accurate and reliable reporting. Grants to be selected based on further risk assessment at project engagement. Assurance audit - evaluate program for compliance with federal requirements. Assurance audit - ensure adequate controls are in place to provide security and safeguarding of biological agents used in research. Assurance audit review of controls over general fiscal processes including payroll, purchasing, revenue and assets. Specific department to be identified by audit team as further planning procedures engaged. Assurance audit evaluate operations and controls over operational, financial and compliance requirements. Service centers for review to be selected as a result of further risk assessment at engagement planning. Page 2

Other Types of Audits/Activities Continuous Audits Continuous auditing is the application of computer assisted audit tools and techniques on organizational processes, transactions, systems and/or controls to provide greater audit coverage. Benefits of continuous auditing include the review of 100% of auditable transactions/data in a scope period versus a sampling, the identification of errors or other issues through frequent monitoring and review, and the facilitation of trend analysis to identify problems and/or other concerns. In prior years, an approach to continuous auditing has been performed in the areas of cash receipting, purchasing cards, time and leave reporting and travel. As a result of risk assessment, areas for consideration of continuous auditing include cash handling, travel expenses and time reporting. Follow up Audits Audits and formal investigations yielding a report with actionable recommendations will have a follow-up review conducted 6-12 months after audit report is issued to evaluate management response and corrective action. Advisory Assistance/Consulting Internal audit staff may participate and/or assist University members in developing and maintaining strong governance, risk management, and control processes and systems. Activities may include serving as a member of a work group or committee, and providing consultative advice on financial, operational and compliance issues. Auditors also assist as audit liaison between the University and external audit groups. Ethics Advisor The Director of Internal Audit is the University s Ethics Advisor. In this role, she serves as liaison between the University and the Washington State Executive Ethics Board, providing to University members guidance on ethics rules and advising on policy statements. Internal Audit Major Goals for FY 2015 Complete at least 80% of audit projects listed; Page 3

Provide value added recommendations to improve controls, mitigate identified risks and increase efficiency and effectiveness within operations; Improve efficiency of audit activities and audit reporting resulting in quicker turnaround of audit results without compromising quality; Continue to develop data mining tools and processes to effect more timely and complete review of the selected functions and share these processes with management for their use as related to their ongoing management and oversight responsibilities; Continue to engage in opportunities to develop the skills and expertise of auditors, including active participation in peer conferences by attendance, organization and serving as conference faculty; and, Achieve positive recommendations for improvement as a result of Quality Assurance Review, to be engaged in FY 2015, in accordance with Institute of Internal Audit Standards. Audit Resources The audit plan for FY 2015 is based on a professional staffing complement of six auditors: three staff auditors, an IT auditor, an audit manager, and the director. In addition, each academic semester a student intern is recruited for a.5 FTE appointment. Approximately 70% of Internal Audit s available resources are committed to the completion of planned audit projects and follow-up audit procedures. The remaining 30% is held as contingency for unplanned activities such as consulting, liaison activities and investigations. Available resources include all workable hours per FTE less a 20% reserve for employee professional development, administrative projects (e.g. internal quality improvement projects) and, internal administration including issues pertaining to personnel. We have a number of audit projects from prior year audit plans initiated but not yet completed. The amount of carryover work into FY 2015 is greater than normal due in part to staffing fluctuations. It is normal audit process to have a few audits begun in the last few months of the year completed and issued in the following year. The audit plan was submitted for review by the Audit Steering Committee on November 26, 2015. Page 4

Office of Internal Audit Status Update Reporting period: July 1 September 30, 2014 Internal Audit engages in three primary activities audits, advisory services and investigations. Our focus is to assist management to understand financial and compliance risk and exposures. Audit activities completed during the reporting period and included within this status report demonstrate the variety of approaches Internal Audit takes to address its mission of assisting the University achieve its goals and objectives in an efficient and effective manner. This status report includes the results of one investigation and one follow up review completed in the reporting period: Project Audit/Project Name Status I 15-01 Conference Conflict Investigation P 12-04F VTH Accounts Receivable follow up 12 of 19 prior issues resolved Planned audits in progress Consulting: Policy Manual Continuous Audit: Pcards Continuous Audit: Travel Research Lab Safety Grant Administration Compliance Risk Assessment Accounts Receivable IT Contingency Planning (FY 2015) Other Audit Activity During this reporting period, IA was also involved in the following projects: Consulting to operating units and University members as requested: 16 advisories on topics of internal controls, ethics, policy review and system reviews. Auditor time invested in consulting/advisories range from 15 minutes to six hours each. Facilitate education: training (four sessions) for the University community on internal controls, audit and fraud. Professional engagement: o WSU IA team hosted Pacific Northwest Higher Ed Internal Audit conference in August, 30 attendees from 10 institutions WSU Internal Audit Status Report FY 2015, Q1 December 11, 2014 Page 1

o IA Director served as faculty for one session at annual conference Association of College and University Auditors (ACUA) and continues in third year on ACUA Membership committee As audit liaison, provided ongoing support for external, o One active SAO Whistleblower investigation, closed post quarter 10/14/14 o One referred SAO Whistleblower IA designated to perform investigation, in progress The audit team includes three staff auditors, IT auditor, audit manager, director and audit intern. Audit resources are sufficient to ensure minimum continued professional education and support for the audit team. Provisions are made for equipment and audit-related travel expenses as needed. COMPLETED REPORTS SUMMARY Report #I 15-01, Conference Conflict Summary Our office was contacted to review assertions of conflict of interest and misuse of resources. We found sufficient evidence to substantiate the assertions and provided recommendations to the unit, Global Campus, accordingly. In addition, opportunities for improvement to controls in the areas of personnel and time management were noted and communicated with unit. WSU Internal Audit Status Report FY 2015, Q1 December 11, 2014 Page 2

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback