The University of Texas
at Austin
Office of Internal Audits
Annual Audit Report
For the Fiscal Year Ended
August 31, 2014
Table of Contents
Page
I. Compliance with House Bill 16: A Brief Description
3
II. Planned Work Related to the Proportionality of Higher Education Benefits
4
III. Internal Audit Plan for Fiscal Year 2014
5
This schedule shows:
Project Status
Recommendations
Management Action Plans
Implementation Status
Explanation for Changes in the Audit Plan
IV Consulting Engagements and Non-audit Services Completed
1
5
V. External Quality Assurance Review (Peer Review)
17
VI. Internal Audit Plan for Fiscal Year 2015
1
9
a. The Audit Plan
b. Risks Ranked as High and Are Not on the FY 2015 Audit Plan
c. Description of Risk Assessment or Methodology
VII. External Audit Services Procured in Fiscal Year 2014
2
7
VIII. Reporting Suspected Fraud and Abuse
2
8
This report will be posted on the website:
http://www.utexas.edu/admin/audit/reports.html
Annual Report Distribution:
Governor's Office of Budget, Planning, and Policy
State Auditor's Office
Legislative Budget Board
Sunset Advisory Commission
House Bill 16 requires The University of Texas at Austin to post the Internal Audit Plan, Internal Audit
Annual Report, and Other Audit Information on the Internet Web site.
Office of Internal Audits’ Description of Plans to Comply:
We plan to continue posting the Internal Audit Annual Report on the Office of Internal Audits’ internet
Web site,
http://www.utexas.edu/admin/audit/reports.html
. We plan to include all required
At the request of the Governor, an internal audit of the proportionality of higher education benefits
process is underway during the first quarter of fiscal year 2015. A consistent audit methodology has
been deployed across the UT System that will assess the reporting process and accuracy of benefits
funding information provided to the State Comptroller as applicable under the General Appropriations
Act, Article IX, Sec. 6.08: Benefits Paid Proportional by Fund. The audit will be complete by November
30, 2014.
O
O
F
F
F
F
I
I
C
C
E
E
O
O
F
F
I
I
N
N
T
T
E
E
R
R
N
N
A
A
L
L
A
A
U
U
D
D
I
I
T
T
S
S
Financial Audits
UT System Requested/Externally Required Audits
FY 2013 Financial Statement Audit -
Assistance to External Auditor completed for FY 14 no report
not applicable
(N/A) to provide assistance N/A N/A N/A
FY 2014 Financial Statement Audit - Assistance to External Auditor (interim financial work and IT work)
completed for FY 14 no report N/A to provide assistance N/A N/A N/A
Operational Audits
UT System Requested/Externally Required Audits
Presidential Travel, Entertainment, and Housing Expenses - Assistance to UT System
completed for FY 14 no report N/A to assist UT System N/A N/A N/A
Executives' Travel, and Entertainment
Expenses FY14 Postponed***
Risk-Based Tier Two Audits
Change in Management Audits, FY14 Near Completion Camps - Departmental Cancelled*** Human Resources - General Controls Postponed***
UT Market Near Completion
Payroll - Overtime Hours Postponed*** Tuition and Fees Postponed*** Building Security Postponed*** Longhorn Foundation/Business Office In Progress***
Carryforward - Risk-Based Tier Two Audits Change in Management Audits, FY13:
Office of the Vice President for Student
Affairs completed 805.13 3/28/2014
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems
security.
Management agreed and plans to implement recommendations.
fully implemented This schedule presents the FY 2014 Audit Plan, displays changes to the audit plan, and provides explanations for the changes (an explanation for changes is at the end of this schedule). This schedule also shows the status of each project. To comply with Texas House Bill 16, high level objectives, recommendations, management action plans, and status of implementing those action plans are provided.
Nuclear Engineering Teaching Laboratory completed 805.13 11/18/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems security, inventory, and
entertainment.
Management agreed and plans to implement recommendations.
substantially implemented
Special Education completed 805.13 9/17/2013, 4/1/14
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems
security, travel, entertainment, employee
time reporting, cash and cash equivalent handling, and procurement cards.
Management agreed and plans to implement recommendations.
substantially implemented
Kinesiology and Health Education completed 805.13 11/18/2013, 4/1/14
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems security
(policy changes), inventory, account reconciliations, cash and cash equivalent
handling, procurement cards, entertainment, and
travel.
Management agreed and plans to implement recommendations.
substantially implemented
University Health Services completed 805.13 9/17/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems security, procurement cards,
and entertainment.
Management agreed and plans to implement recommendations.
fully implemented
Art & Art History completed 805.13 6/13/2014
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems
security, inventory, purchasing, petty cash, procurement cards, travel, entertainment, and handling
of cash and cash equivalents.
Management agreed and plans to implement recommendations.
fully implemented
Marine Science Institute Completed 817.13 8/19/2014
to evaluate the internal control environment to determine compliance with
University policies
19 recommendations were made to improve internal controls and compliance in
the areas of information systems security, cash
handling, inventory, procurement cards, and
travel.
Management agreed and plans to implement recommendations.
substantially implemented
Change in Management Audits, FY12
Anthropology completed 779.12 9/6/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information security, entertainment, handling of cash and cash equivalents,
and purchasing.
Management agreed. substantially implemented
Department of Finance completed 779.12 9/6/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems security
and cashier training.
Management agreed. substantially implemented
Department of Accounting (academic) completed 779.12 9/6/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems
security.
Management agreed. substantially implemented
Department of Electrical & Computer
Engineering completed 779.12 9/6/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems security
and cash/cash equivalents.
Management moved their IT operations to UT Austin's
centralized IT services.
substantially implemented
Department of Middle Eastern Studies completed 779.12 9/6/2013
to determine compliance with certain UT policies and
procedures
Enhance compliance with policies regarding information systems
security, inventory, entertainment, purchasing,
and handling of cash and cash equivalents.
Management agreed. substantially implemented
Carryforward - Management Requests
Executive Travel and Entertainment Audit
FY13 completed 812.13 11/12/2013
to determine compliance with University travel and
entertainment rules
Two campus-wide issues need to be addressed through revisions to the University policy: serving
alcohol at off-campus university sponsored events and revising the process for approval of executive level
entertainment expenses. Several recommendations were made at the individual
executive level to improve compliance with University
policy.
Administration agrees that the policy needs to be
revised. Individual executives agreed with the recommendations and plan
to implement them.
substantially implemented
Compliance Audits
UT System Requested/Externally Required Audits
Cancer Prevention Research Institute of
Texas (CPRIT) Grant Cancelled*** Education Research Center FY 14 Postponed***
NCAA Football Attendance completed 14.013 2/10/2014
to determine whether football attendance averaged 15,000 or more
for all home games, as required by NCAA to qualify
for Division I status
in compliance none none
Management Requests
UT System Policy 175 Conflicts of Interest in
Research cancelled***
Risk-Based Tier Two Audits
Research - Export Controls Postponed***
University Health Services (UHS) and Forty
Acres Pharmacy Postponed***
NCAA Bylaw 13 - Camps and Clinics Near Completion NCAA Bylaw 15 - Financial Aid In Progress
Texas Relays Completed
14.017 8/26/2014
to evaluate controls related to the receiving, processing, and reconciling
of participant entry fee proceeds and spectator
ticket sales
recommend enhancements to controls over participant
entry fees
management agrees and plans to implement recommendations incomplete - to be implemented for the 2015 Texas Relays
NCAA Bylaw 10/14 - Academic
Integrity/Eligibility Postponed***
Carryforward - Risk-Based Tier Two Audits Research - Technology Commercialization/
Intellectual Property Near Completion
Clery Act Completed 822.13 7/3/2014
to determine compliance with the Clery Act regarding
gathering and reporting crime and fire safety statistics and policies
Recommendations were made in the following areas:
geography, daily crime log, emergency response and evaluation procedures, the Annual Security Report, missing student notification
procedures and fire safety log.
More training will be offered, policies will be revised, more information will be included on the Fire Safety
Log; communication to students and employees as
to the location of the Daily Crime Log will be increased
incomplete/ ongoing
Research Compliance Completed 815.13 8/21/2014
to evaluate whether UT Austin's research compliance program effectively manages high
risks
UT Austin's research compliance program effectively manages high
risks
N/A N/A
Education Research Center, FY 13
Completed 816.13 3/27/2014
to determine compliance with a contract with Tx Education Agency and Tx
Higher Education Coordinating Board
in compliance, no
Norman Hackerman Advanced Research
Program (ARP) Grants Completed 811.13 3/19/2014
to determine compliance with grant conditions specified by the Texas
Higher Education Coordinating Board
Recommendations were made in the following areas:
travel, reports, and published project material.
The Office of Accounting reminded department staff about the travel rules; grant
management will enhance monitoring the timeliness of
issuing progress and technical reports; researchers will be reminded with each new grant that the Coordinating
Board needs to be acknowledged on all publications from the grant
research
fully implemented
Research - Scientific Misconduct
Complete
818.13 3/26/2014
to determine compliance with University policies and
federal regulations on investigating and reporting
scientific misconduct
enhance investigation procedures by interviewing complainants and providing them an opportunity to
review their interview transcripts and providing respondents an opportunity
to review draft inquiry and investigation reports Management agrees to implement recommendations. incomplete/ ongoing
Information Technology Audits
UT System Requested/Externally Required Audits
Institute for Public School Initiatives (IPSI),
TEA Grant Near Completion
National Automated Clearinghouse
Association (NACHA) FY14 In Progress
Risk-Based Tier Two Audits
IT General Controls FY14 In Progress Change in Management Audits, FY14 - IT
portion In Progress
Sensitive Data Control Plans In Progress Payment Card Industry (PCI) Data Security
Standards (DSS) Postponed***
Commodity IT Services Postponed*** Health Insurance Portability and
Accountability Act (HIPAA) In Progress
Centralized Authentication System Postponed***
Carryforward Audits
IT General Controls FY13 In Progress Change in Management Audits, FY13 - IT
portion Near Completion
Laptop Encryption and IT Inventory Completed 820.13 7/1/2014
to determine whether laptop inventory was properly controlled and all
laptops were either encrypted or exempt from the exemption requirement
recommend improvements to controls over recording and tracking IT inventory and properly encrypting all
laptops
Management agreed and is taking correction actions.
substantially implemented
Texas Administrative Code 202 Completed 801.12 11/25/2013
to determine whether the UT Austin information security program comply with Texas Administrative
Code 202
generally complies; 5 recommendations to improve controls related to
information resources security safeguards, Security Standards Policy,
and Business Continuity Planning.
Management agreed and is taking correction actions.
substantially implemented
National Automated Clearinghouse
Association (NCAA), FY13 Completed 824.13 1/31/2014
to determine compliance with NACHA 2013 Operating Rules for
Internet-Initiated/Mobile Entries
in compliance, no
recommendations N/A N/A
Reserves
Reserve for Investigations completed for FY 14 no report Reserve for Management Requested Projects completed for FY 14 no report Reserve for Consulting Projects completed for FY 14 no report
Follow-up Audits completed for FY 14 no report
Projects
Quality Assurance Review, internal completed for FY 14 no report Quality Assurance Review, external completed for FY 14 no report Internal Audit Committee completed for FY 14 no report Technical Support for Internal Audit Office and
Staff completed for FY 14 no report
TeamMate Support and Maintenance completed for FY 14 no report Annual Audit Plan and Risk Assessment
Process completed for FY 14 no report
Annual Internal Audit Report completed for FY 14 no report Office Manual/Website Updates completed for FY 14 no report UT System Issues and Assistance completed for FY 14 no report SAO Issues and Assistance completed for FY 14 no report Professional Organizations and University
Committees completed for FY 14 no report Annual Financial Report - Monitoring Plan completed for FY 14 no report Data Mining completed for FY 14 no report Project Update/ Status Meetings completed for FY 14 no report
*Project Status Definitions:
Near Completion means reporting stage.
In Progress means field work stage.
**Status of Implementing Action Plans N/A - not applicable because there is no report or there are no recommendations
fully implemented - all action plans have been implemented
substantially implemented - most of the recommendations have been implemented
*** Explanation for Differences in the Audit Plan
UT Austin's closure for weather
three consulting projects that addressed new high risks the Laptop Encryption project requested by UT System
audits on the Audit Plan that required more time than planned
All changes to the Audit Plan were approved by the Internal Audit Committee at UT Austin.
Cancer Prevention Research Institute of Texas (CPRIT) Grant, cancelled: UT System Audit Office engaged Deloitte LLP to conduct this audit for the period through FY13.
Intercollegiate Athletics projects: Internal Audit (IA) management agreed to provide audit services to Intercollegiate Athletics; Athletics management decided which areas they wanted audited after the FY14 Audit Plan had become final. These projects were added after the Audit Plan was approved: NCAA Bylaws, Texas Relays, Longhorn Foundation.
two investigations
Projects were postponed or cancelled to provide more time for: one departmental management request of high IT risk
Central Business Office to provide advice regarding procedures, policies, and processes - this is a new
office not applicable not applicable Advice was provided throughout the year Chemistry/Biochemistry to determine whether a professor received appropriate approval of his work
outside UT and whether he was misusing university funds not applicable not applicable The professor had not received appropriate approval for outside employment. No evidence was found to support the allegation of misuse of funds. Office of Student Financial Services to determine whether procedures for securing social security numbers are
adequate and in compliance with relevant policies not applicable not applicable Department management is in the process of enhancing security over social security numbers.
Semester in Los Angeles The Director of the Semester in Los Angeles Program is alleged to be engaged in (a) financial mismanagement regarding the use/control of University resources and noncompliance with University policies & procedures, (b) misrepresentations of former students as current students for purposes of eligibility for internships in Los Angeles, and (c) a tolerance for alcohol at off-campus student events.
not applicable not applicable Rules were not followed.
Texas Box Office, Frank Erwin Center An hourly employee purchased athletics tickets and event tickets and then allocated them using his code in the Paciolan Ticketing System. Some of these tickets were allocated to prime seats for disabled patrons. Most were resold for profit.
not applicable not applicable Rules were not followed. Tuition Exemption Investigation A graduate student misused her former spouse's military status to gain a
tuition exemption for in-state tuition over six semesters. not applicable not applicable Rules were not followed. UT Austin User Accounts User accounts of former employees were noted to have access to University
computing resources, e.g. email and file storage. not applicable not applicable This was included in TAC 202 audit. UT Power Plant Store An assistant plant maintenance supervisor has a store where he sells
perishables such as candy, drinks, and chips, to subordinates for cash. The business is located in a storeroom in the UT Power Plant. In addition, UT vehicles are used to purchase goods needed to restock the store.
not applicable not applicable Department management has
discontinued the operation of the Power Plant Store.
Vice President for Research An anonymous caller made an allegation through the University Compliance Services hotline stating that the Vice President for Research (VPR) routinely overrides university policies in a way that has the potential to cause financial harm, create a substantial audit risk, and undermine the ability of staff who is supposed to ensure compliance; the VPR overrides in direct violation of university policy and federal regulations.
not applicable not applicable Based on information provided, the VPR has authority to approve a rate other than the negotiated rate. Internal Audits concludes that the VPR is not violating policies regarding reduced indirect costs; therefore the allegation does not appear to be valid.
Workday Implementation, Consulting Internal Audits is providing consulting assistance to the team implementing Workday, the new enterprise resource planning (ERP) solution for UT Austin. A work plan and deliverables will be finalized soon.
not applicable not applicable Advice was provided throughout the year.
External Quality Assessment
Executive Summary
Performed by PricewaterhouseCoopers, LLP
June 30, 2014
Mr. Mike Vandervort
Director of Internal Audit
The University of Texas at Austin
1616 Guadalupe Street, UTA Suite 2.302
Austin, TX 78701
We have completed an External Quality Assessment (“EQA”) of The University of Texas at Austin (“UT Austin”) Office of Internal Audit (“IA”). The EQA
included an assessment of the level of conformance with the Institute of Internal Auditors’ International Standards for the Professional Practice of
Internal Auditing (“the IIA Standards”), the Generally Accepted Government Auditing Standards (“GAGAS”) as well as the relevant requirements of the
Texas Internal Auditing Act (“TIAA”). Listed below is our overall assessment of IA’s adherence with these Standards and requirements:
•
IIA Standards - Based on our work, IA generally conforms. However, we did identify process enhancement opportunities.
•
GAGAS - No conformance observations were identified.
•
TIAA requirements – Other than the observations related to IIA Standards, no other observations were identified during our work.
Our Services were performed and this report was developed in accordance with our contract dated February 18, 2014 and are subject to the terms and
conditions included therein. Our Services were performed in accordance with the Standards for Consulting Services established by the American
Institute of Certified Public Accountants ("AICPA"). Accordingly, we are providing no opinion, attestation or other form of assurance with respect to our
work and we did not verify or audit any information provided to us. Our work was limited to the specific procedures and analysis described herein and
was based only on the information made available through April 11, 2014, when field work was substantially completed. Accordingly, changes in
circumstances after this date could affect the findings outlined in this report. This information has been prepared solely for the use and benefit of, and
pursuant to a client relationship exclusively with The University of Texas System Administration. PwC disclaims any contractual or other responsibility to
others based on its use and, accordingly, this information may not be relied upon by anyone other than The University of Texas System Administration
and UT Austin.
We would like to offer a sincere thank you to you and your staff, and the Internal Audit Committee and management of UT Austin, for the time and
attention they provided during this assessment. We appreciate the opportunity to serve The University of Texas System Administration on this important
engagement.
Very truly yours,
PricewaterhouseCoopers, LLP
PricewaterhouseCoopers LLP, 1201 Louisiana, Suite 2900, Houston, TX 77002-5678
T: (713) 356 4000, F: (713) 356 4717, www.pwc.com/us
O
O
F
F
F
F
I
I
C
C
E
E
O
O
F
F
I
I
N
N
T
T
E
E
R
R
N
N
A
A
L
L
A
A
U
U
D
D
I
I
T
T
S
S
External Auditor (interim financial work and IT work)
Statements; to include IT audit work prior to year-end
Financial Subtotal
20
Operational
UT System Requested/Externally Required Audits
Presidential Travel, Entertainment, and Housing
Expenses - Assistance to UT System
20
Required by Regents Rule 20205 - Assist UT System Audit with review of travel, entertainment,
and housing expenses for the president and spouse
Executives' Travel and Entertainment Expenses
FY2014/2015
400
Required by UT System Annually.
Appropriations Act, may be selected for review.*
All sources of funds, including funds from the General
Risk-Based Audits
Departmental Change in Management Audits, FY15
1,000
Review and evaluate departmental internal controls and compliance with UT rules.
All sources
of funds, including funds from the General Appropriations Act, may be selected for review.*
Human Resources - General Controls
600
Review general controls associated with the Human Resources Department, according to high
level of risk within the area (including overtime hours).
All sources of funds, including funds
from the General Appropriations Act, may be affected by this project.*
Bursar - Cash Management
300
Conduct cash counts using a sample of departments who receive and maintain funds in their area
Donor Scholarships
500
Determine whether donor scholarships are used for intended purpose
University Health Services - Billing
and Operations
500
Review and evaluate student health center for compliance with applicable federal, state, and
University rules regarding billing and operations
40 Acres Pharmacy
500
Review and evaluate the 40 Acres Pharmacy for compliance with applicable federal, state, and
University rules regarding billing and operations
Carryforward - Risk-Based Audits
Departmental Change in Management Audits, FY14
150
Review and evaluate departmental internal controls and compliance with UT rules.
All sources
of funds, including funds from the General Appropriations Act, may be selected for review.*
Longhorn Foundation/Business Office
425
Business Office (Transactional and Financial), Contracts (TBD), Longhorn Foundation Ticket
funds, including funds from the General Appropriations Act, may be affected by this
project.*
Operational Subtotal
4,895
Compliance
UT System Requested/Externally Required Audits
Proportionality Funding of Benefits
200
Per request from the Governor;
addresses the proportionality of benefits and related risks.
All
sources of funds, including funds from the General Appropriations Act, may be affected by
this project.*
Education Research Center FY2014/2015
400
Required by contract - Certify that the research center is in full compliance with all terms of the
contract and all applicable state and federal laws
NCAA Football Attendance
50
Required by NCAA - Review to verify football game attendance
Risk-Based Audits
NCAA Bylaw 10/14 - Academic Integrity/Eligibility
800
Academic Integrity - Tutors/ Mentor Program; Class auditing; Eligibility Certification
NCAA Bylaw 12 - Amateurism
600
Review amateurism (NCAA Bylaw 12) related to Intercollegiate Athletics
NCAA Bylaw 16 - Awards and Benefits
600
Review awards and benefits (NCAA Bylaw 16) related to Intercollegiate Athletics
NCAA Bylaws 18/20 - Post Season Events/Division
Membership
400
Review post season events/division membership (NCAA Bylaws 18 & 20) related to
Intercollegiate Athletics
Research - Export Controls
500
Review and evaluate export controls and compliance with federal, state, and University rules
UT System Policy 175 Conflicts of Interest in Research
600
Disclosure of significant financial interests and management and reporting of financial conflicts of
interest in research - Requested by Dr. Juan Sanchez
Environmental Health & Safety
500
Evaluate compliance with UT Austin/UT System policies, state/federal rules regarding
environmental health and safety procedures
Data Analytics
250
Data analysis to locate inappropriate transactions in various areas
Minors on Campus
500
Evaluate compliance with UT Austin/UT System policies, state/federal rules regarding minors on
campus
Carryforward - Risk-Based Audits
NCAA Bylaw 13 - Camps and Clinics
250
Camps/ Operational/ Financial MBB/ WBB/ BA - Fall 2013 - FB/VB - Spring 2014
NCAA Bylaw 15 - Financial Aid
425
Equivalency Calculations & Outside Scholarships
Institute for Public School Initiatives (IPSI), TEA Grant
150
Required annually by TEA - Assess security of electronically stored data. Annual audit
requirement specified in grant conditions
National Automated Clearinghouse Association
(NACHA) FY2015
125
Required annually by NACHA - Review controls over web-based check transactions
Texas Administrative Code (TAC) 202
600
Required every two years by TAC 202 - Review compliance with TAC 202 (Information Security
Standards)
Risk-Based Audits
Departmantal Change in Management Audits, FY15 - IT
portion
400
Review and test IT controls as part of Departmental Change in Management Audits
UT Facilities Network (FACnet)
800
Review sufficiency of controls in the university's network of facilites controllers and systems
Incident Handling
400
Review processes in place for monitoring, investigating, and responding to system breaches
Health Insurance Portability and Accountability Act
(HIPAA)
400
Review HIPAA covered entities for compliance with HIPAA and the Health Information
Technology for Economic and Clinical Health (HITECH) Act
Sensitive Data Control Plans
400
Assess security procedures utilized to protect confidential data used in research or other projects.
IT Audit Assistance for Non-IT Projects
400
Centralized Authentication System
400
Review related IT controls in the university's authentication system
Payment Card Industry (PCI) Data Security Standards
(DSS)
400
Review controls to ensure compliance with credit card industry standards (PCI DSS)
Carryforward - Risk-Based Audits
Departmental Change in Management Audits, FY14 - IT
Portion
100
Review and test IT controls as part of Departmental Change in Management Audits
Information Technology Subtotal
4,575
Follow-up
General Follow-up
150
Follow-up on Level-1 IT Recommendations
150
Follow-up Subtotal
300
Technical Support for Internal Audit Office and Staff
400
Internal support for office technology and software
TeamMate Support and Maintenance
125
Maintenance and support of electronic audit management system
Annual Audit Plan and Risk Assessment Process
500
Preparation of annual audit plan and risk assessment
Annual Internal Audit Report
40
Preparation of annual report required by the Texas Government Code, Chapter 2102 (The Internal
Auditing Act)
Office Manual/Website Updates
130
Updates to IA's office manual, standard forms/reports, processes, and website
UT System Issues and Assistance
100
Miscellaneous assistance provided to UT System Audit Office
SAO Issues and Assistance
35
Miscellaneous assistance provided to the State Auditor
Professional Organizations and University Committees
200
Support and participation in profession audit organizations
Annual Financial Report - Monitoring Plan
100
Required by UT System; UTS142.1 requires annual testing of the monitoring plan for the
segregation of duties and reconciliation of accounts.
Project Update/Status Meetings
300
Staff meetings regarding updates and status of audits and projects
Training for Dell Medical School
300
Projects Subtotal
2,730
Reserve
All sources of funds, including funds from the General Appropriations Act, may be affected
by projects using hours reserved for unplanned projects.*
Reserve for Management Requests
500
Reserve for Investigations
1,238
Reserve for Consulting
500
Reserve Subtotal
2,238
Total Hours
20,833
*Instructions for this schedule require identifying projects in these categories:
Projects with blue font address the proportionality of benefits or related risks.
Risk
Explanation/Mitigation
Compliance - Capturing All
Investigations - Incl Hotline Calls This area is currently in transition and controls are being reviewed for future best practices. Internal Audits will consider this area for the FY 2016 audit plan. Lack of effort reporting &/or
non-compliance with OMB Circular A-21 Internal Audits is planning to conduct two audits in the area of research for the FY2015 audit plan. This risk will be considered for the FY2016 audit plan. Non-compliance with federal purchasing
requirements Self Assessment Review Lack of license compliance monitoring &
enforcement Audited FY2014
Consent process with human subjects Human Subjects Research is externally accredited. Internal Audits reviewed this accreditation as an audit step in FY2014.
Lack of or inadeqate reporting of
Scientific Misconduct Audited FY2014
Inaccurate reporting on lobbying Internal Audits is planning to conduct two audits in the area of research for the FY2015 audit plan. This risk will be considered for the FY2016 audit plan. Facilities, Athletics Audited FY2014
IT Services, Athletics This area was reviewed in the FY2014 audit of Texas Box Office (Paciolan system). Internal Audits will consider a more thorough review of this risk for the FY2016 audit plan.
Servers/ Virtual Machines Services are currently being expanded in this area; IA will consider auditing this risk in future years.
Building Access Control System The UT Information Security Office recently performed a security review of BACS, and BACS is currently being reviewed by a 3rd party; IA will consider auditing this risk in future years.
Information Mgmt. - Development An audit of information management in the Development Office was performed by IA in FY09. Time constraints do not allow for this risk to be audited this year; IA will consider auditing this risk in future years.
Phishing Attacks - Financial Services Two-factor authentication is currently being implemented for payroll and additional areas are being implemented in future phases; IA will consider auditing this risk in future years.
Failure to manage contracts, ITS