• No results found

The University of Texas at Austin. Office of Internal Audits

N/A
N/A
Protected

Academic year: 2021

Share "The University of Texas at Austin. Office of Internal Audits"

Copied!
28
0
0

Loading.... (view fulltext now)

Full text

(1)

The University of Texas

at Austin

Office of Internal Audits

Annual Audit Report

For the Fiscal Year Ended

August 31, 2014

(2)

Table of Contents

Page

I. Compliance with House Bill 16: A Brief Description

3

II. Planned Work Related to the Proportionality of Higher Education Benefits

4

III. Internal Audit Plan for Fiscal Year 2014

5

This schedule shows:

Project Status

Recommendations

Management Action Plans

Implementation Status

Explanation for Changes in the Audit Plan

IV Consulting Engagements and Non-audit Services Completed

1

5

V. External Quality Assurance Review (Peer Review)

17

VI. Internal Audit Plan for Fiscal Year 2015

1

9

a. The Audit Plan

b. Risks Ranked as High and Are Not on the FY 2015 Audit Plan

c. Description of Risk Assessment or Methodology

VII. External Audit Services Procured in Fiscal Year 2014

2

7

VIII. Reporting Suspected Fraud and Abuse

2

8

This report will be posted on the website:

http://www.utexas.edu/admin/audit/reports.html

Annual Report Distribution:

Governor's Office of Budget, Planning, and Policy

State Auditor's Office

Legislative Budget Board

Sunset Advisory Commission

(3)

House Bill 16 requires The University of Texas at Austin to post the Internal Audit Plan, Internal Audit

Annual Report, and Other Audit Information on the Internet Web site.

Office of Internal Audits’ Description of Plans to Comply:

We plan to continue posting the Internal Audit Annual Report on the Office of Internal Audits’ internet

Web site,

http://www.utexas.edu/admin/audit/reports.html

. We plan to include all required

(4)

At the request of the Governor, an internal audit of the proportionality of higher education benefits

process is underway during the first quarter of fiscal year 2015. A consistent audit methodology has

been deployed across the UT System that will assess the reporting process and accuracy of benefits

funding information provided to the State Comptroller as applicable under the General Appropriations

Act, Article IX, Sec. 6.08: Benefits Paid Proportional by Fund. The audit will be complete by November

30, 2014.

(5)

O

O

F

F

F

F

I

I

C

C

E

E

O

O

F

F

I

I

N

N

T

T

E

E

R

R

N

N

A

A

L

L

A

A

U

U

D

D

I

I

T

T

S

S

(6)

Financial Audits

UT System Requested/Externally Required Audits

FY 2013 Financial Statement Audit -

Assistance to External Auditor completed for FY 14 no report

not applicable

(N/A) to provide assistance N/A N/A N/A

FY 2014 Financial Statement Audit - Assistance to External Auditor (interim financial work and IT work)

completed for FY 14 no report N/A to provide assistance N/A N/A N/A

Operational Audits

UT System Requested/Externally Required Audits

Presidential Travel, Entertainment, and Housing Expenses - Assistance to UT System

completed for FY 14 no report N/A to assist UT System N/A N/A N/A

Executives' Travel, and Entertainment

Expenses FY14 Postponed***

Risk-Based Tier Two Audits

Change in Management Audits, FY14 Near Completion Camps - Departmental Cancelled*** Human Resources - General Controls Postponed***

UT Market Near Completion

Payroll - Overtime Hours Postponed*** Tuition and Fees Postponed*** Building Security Postponed*** Longhorn Foundation/Business Office In Progress***

Carryforward - Risk-Based Tier Two Audits Change in Management Audits, FY13:

Office of the Vice President for Student

Affairs completed 805.13 3/28/2014

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems

security.

Management agreed and plans to implement recommendations.

fully implemented This schedule presents the FY 2014 Audit Plan, displays changes to the audit plan, and provides explanations for the changes (an explanation for changes is at the end of this schedule). This schedule also shows the status of each project. To comply with Texas House Bill 16, high level objectives, recommendations, management action plans, and status of implementing those action plans are provided.

(7)

Nuclear Engineering Teaching Laboratory completed 805.13 11/18/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems security, inventory, and

entertainment.

Management agreed and plans to implement recommendations.

substantially implemented

Special Education completed 805.13 9/17/2013, 4/1/14

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems

security, travel, entertainment, employee

time reporting, cash and cash equivalent handling, and procurement cards.

Management agreed and plans to implement recommendations.

substantially implemented

Kinesiology and Health Education completed 805.13 11/18/2013, 4/1/14

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems security

(policy changes), inventory, account reconciliations, cash and cash equivalent

handling, procurement cards, entertainment, and

travel.

Management agreed and plans to implement recommendations.

substantially implemented

University Health Services completed 805.13 9/17/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems security, procurement cards,

and entertainment.

Management agreed and plans to implement recommendations.

fully implemented

Art & Art History completed 805.13 6/13/2014

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems

security, inventory, purchasing, petty cash, procurement cards, travel, entertainment, and handling

of cash and cash equivalents.

Management agreed and plans to implement recommendations.

fully implemented

(8)

Marine Science Institute Completed 817.13 8/19/2014

to evaluate the internal control environment to determine compliance with

University policies

19 recommendations were made to improve internal controls and compliance in

the areas of information systems security, cash

handling, inventory, procurement cards, and

travel.

Management agreed and plans to implement recommendations.

substantially implemented

Change in Management Audits, FY12

Anthropology completed 779.12 9/6/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information security, entertainment, handling of cash and cash equivalents,

and purchasing.

Management agreed. substantially implemented

Department of Finance completed 779.12 9/6/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems security

and cashier training.

Management agreed. substantially implemented

Department of Accounting (academic) completed 779.12 9/6/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems

security.

Management agreed. substantially implemented

Department of Electrical & Computer

Engineering completed 779.12 9/6/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems security

and cash/cash equivalents.

Management moved their IT operations to UT Austin's

centralized IT services.

substantially implemented

Department of Middle Eastern Studies completed 779.12 9/6/2013

to determine compliance with certain UT policies and

procedures

Enhance compliance with policies regarding information systems

security, inventory, entertainment, purchasing,

and handling of cash and cash equivalents.

Management agreed. substantially implemented

Carryforward - Management Requests

(9)

Executive Travel and Entertainment Audit

FY13 completed 812.13 11/12/2013

to determine compliance with University travel and

entertainment rules

Two campus-wide issues need to be addressed through revisions to the University policy: serving

alcohol at off-campus university sponsored events and revising the process for approval of executive level

entertainment expenses. Several recommendations were made at the individual

executive level to improve compliance with University

policy.

Administration agrees that the policy needs to be

revised. Individual executives agreed with the recommendations and plan

to implement them.

substantially implemented

Compliance Audits

UT System Requested/Externally Required Audits

Cancer Prevention Research Institute of

Texas (CPRIT) Grant Cancelled*** Education Research Center FY 14 Postponed***

NCAA Football Attendance completed 14.013 2/10/2014

to determine whether football attendance averaged 15,000 or more

for all home games, as required by NCAA to qualify

for Division I status

in compliance none none

Management Requests

UT System Policy 175 Conflicts of Interest in

Research cancelled***

Risk-Based Tier Two Audits

Research - Export Controls Postponed***

University Health Services (UHS) and Forty

Acres Pharmacy Postponed***

NCAA Bylaw 13 - Camps and Clinics Near Completion NCAA Bylaw 15 - Financial Aid In Progress

(10)

Texas Relays Completed

14.017 8/26/2014

to evaluate controls related to the receiving, processing, and reconciling

of participant entry fee proceeds and spectator

ticket sales

recommend enhancements to controls over participant

entry fees

management agrees and plans to implement recommendations incomplete - to be implemented for the 2015 Texas Relays

NCAA Bylaw 10/14 - Academic

Integrity/Eligibility Postponed***

Carryforward - Risk-Based Tier Two Audits Research - Technology Commercialization/

Intellectual Property Near Completion

Clery Act Completed 822.13 7/3/2014

to determine compliance with the Clery Act regarding

gathering and reporting crime and fire safety statistics and policies

Recommendations were made in the following areas:

geography, daily crime log, emergency response and evaluation procedures, the Annual Security Report, missing student notification

procedures and fire safety log.

More training will be offered, policies will be revised, more information will be included on the Fire Safety

Log; communication to students and employees as

to the location of the Daily Crime Log will be increased

incomplete/ ongoing

Research Compliance Completed 815.13 8/21/2014

to evaluate whether UT Austin's research compliance program effectively manages high

risks

UT Austin's research compliance program effectively manages high

risks

N/A N/A

Education Research Center, FY 13

Completed 816.13 3/27/2014

to determine compliance with a contract with Tx Education Agency and Tx

Higher Education Coordinating Board

in compliance, no

(11)

Norman Hackerman Advanced Research

Program (ARP) Grants Completed 811.13 3/19/2014

to determine compliance with grant conditions specified by the Texas

Higher Education Coordinating Board

Recommendations were made in the following areas:

travel, reports, and published project material.

The Office of Accounting reminded department staff about the travel rules; grant

management will enhance monitoring the timeliness of

issuing progress and technical reports; researchers will be reminded with each new grant that the Coordinating

Board needs to be acknowledged on all publications from the grant

research

fully implemented

Research - Scientific Misconduct

Complete

818.13 3/26/2014

to determine compliance with University policies and

federal regulations on investigating and reporting

scientific misconduct

enhance investigation procedures by interviewing complainants and providing them an opportunity to

review their interview transcripts and providing respondents an opportunity

to review draft inquiry and investigation reports Management agrees to implement recommendations. incomplete/ ongoing

(12)

Information Technology Audits

UT System Requested/Externally Required Audits

Institute for Public School Initiatives (IPSI),

TEA Grant Near Completion

National Automated Clearinghouse

Association (NACHA) FY14 In Progress

Risk-Based Tier Two Audits

IT General Controls FY14 In Progress Change in Management Audits, FY14 - IT

portion In Progress

Sensitive Data Control Plans In Progress Payment Card Industry (PCI) Data Security

Standards (DSS) Postponed***

Commodity IT Services Postponed*** Health Insurance Portability and

Accountability Act (HIPAA) In Progress

Centralized Authentication System Postponed***

Carryforward Audits

IT General Controls FY13 In Progress Change in Management Audits, FY13 - IT

portion Near Completion

Laptop Encryption and IT Inventory Completed 820.13 7/1/2014

to determine whether laptop inventory was properly controlled and all

laptops were either encrypted or exempt from the exemption requirement

recommend improvements to controls over recording and tracking IT inventory and properly encrypting all

laptops

Management agreed and is taking correction actions.

substantially implemented

Texas Administrative Code 202 Completed 801.12 11/25/2013

to determine whether the UT Austin information security program comply with Texas Administrative

Code 202

generally complies; 5 recommendations to improve controls related to

information resources security safeguards, Security Standards Policy,

and Business Continuity Planning.

Management agreed and is taking correction actions.

substantially implemented

(13)

National Automated Clearinghouse

Association (NCAA), FY13 Completed 824.13 1/31/2014

to determine compliance with NACHA 2013 Operating Rules for

Internet-Initiated/Mobile Entries

in compliance, no

recommendations N/A N/A

Reserves

Reserve for Investigations completed for FY 14 no report Reserve for Management Requested Projects completed for FY 14 no report Reserve for Consulting Projects completed for FY 14 no report

Follow-up Audits completed for FY 14 no report

Projects

Quality Assurance Review, internal completed for FY 14 no report Quality Assurance Review, external completed for FY 14 no report Internal Audit Committee completed for FY 14 no report Technical Support for Internal Audit Office and

Staff completed for FY 14 no report

TeamMate Support and Maintenance completed for FY 14 no report Annual Audit Plan and Risk Assessment

Process completed for FY 14 no report

Annual Internal Audit Report completed for FY 14 no report Office Manual/Website Updates completed for FY 14 no report UT System Issues and Assistance completed for FY 14 no report SAO Issues and Assistance completed for FY 14 no report Professional Organizations and University

Committees completed for FY 14 no report Annual Financial Report - Monitoring Plan completed for FY 14 no report Data Mining completed for FY 14 no report Project Update/ Status Meetings completed for FY 14 no report

*Project Status Definitions:

Near Completion means reporting stage.

In Progress means field work stage.

**Status of Implementing Action Plans N/A - not applicable because there is no report or there are no recommendations

fully implemented - all action plans have been implemented

substantially implemented - most of the recommendations have been implemented

(14)

*** Explanation for Differences in the Audit Plan

UT Austin's closure for weather

three consulting projects that addressed new high risks the Laptop Encryption project requested by UT System

audits on the Audit Plan that required more time than planned

All changes to the Audit Plan were approved by the Internal Audit Committee at UT Austin.

Cancer Prevention Research Institute of Texas (CPRIT) Grant, cancelled: UT System Audit Office engaged Deloitte LLP to conduct this audit for the period through FY13.

Intercollegiate Athletics projects: Internal Audit (IA) management agreed to provide audit services to Intercollegiate Athletics; Athletics management decided which areas they wanted audited after the FY14 Audit Plan had become final. These projects were added after the Audit Plan was approved: NCAA Bylaws, Texas Relays, Longhorn Foundation.

two investigations

Projects were postponed or cancelled to provide more time for: one departmental management request of high IT risk

(15)

Central Business Office to provide advice regarding procedures, policies, and processes - this is a new

office not applicable not applicable Advice was provided throughout the year Chemistry/Biochemistry to determine whether a professor received appropriate approval of his work

outside UT and whether he was misusing university funds not applicable not applicable The professor had not received appropriate approval for outside employment. No evidence was found to support the allegation of misuse of funds. Office of Student Financial Services to determine whether procedures for securing social security numbers are

adequate and in compliance with relevant policies not applicable not applicable Department management is in the process of enhancing security over social security numbers.

Semester in Los Angeles The Director of the Semester in Los Angeles Program is alleged to be engaged in (a) financial mismanagement regarding the use/control of University resources and noncompliance with University policies & procedures, (b) misrepresentations of former students as current students for purposes of eligibility for internships in Los Angeles, and (c) a tolerance for alcohol at off-campus student events.

not applicable not applicable Rules were not followed.

Texas Box Office, Frank Erwin Center An hourly employee purchased athletics tickets and event tickets and then allocated them using his code in the Paciolan Ticketing System. Some of these tickets were allocated to prime seats for disabled patrons. Most were resold for profit.

not applicable not applicable Rules were not followed. Tuition Exemption Investigation A graduate student misused her former spouse's military status to gain a

tuition exemption for in-state tuition over six semesters. not applicable not applicable Rules were not followed. UT Austin User Accounts User accounts of former employees were noted to have access to University

computing resources, e.g. email and file storage. not applicable not applicable This was included in TAC 202 audit. UT Power Plant Store An assistant plant maintenance supervisor has a store where he sells

perishables such as candy, drinks, and chips, to subordinates for cash. The business is located in a storeroom in the UT Power Plant. In addition, UT vehicles are used to purchase goods needed to restock the store.

not applicable not applicable Department management has

discontinued the operation of the Power Plant Store.

Vice President for Research An anonymous caller made an allegation through the University Compliance Services hotline stating that the Vice President for Research (VPR) routinely overrides university policies in a way that has the potential to cause financial harm, create a substantial audit risk, and undermine the ability of staff who is supposed to ensure compliance; the VPR overrides in direct violation of university policy and federal regulations.

not applicable not applicable Based on information provided, the VPR has authority to approve a rate other than the negotiated rate. Internal Audits concludes that the VPR is not violating policies regarding reduced indirect costs; therefore the allegation does not appear to be valid.

(16)

Workday Implementation, Consulting Internal Audits is providing consulting assistance to the team implementing Workday, the new enterprise resource planning (ERP) solution for UT Austin. A work plan and deliverables will be finalized soon.

not applicable not applicable Advice was provided throughout the year.

(17)

External Quality Assessment

Executive Summary

Performed by PricewaterhouseCoopers, LLP

June 30, 2014

(18)

Mr. Mike Vandervort

Director of Internal Audit

The University of Texas at Austin

1616 Guadalupe Street, UTA Suite 2.302

Austin, TX 78701

We have completed an External Quality Assessment (“EQA”) of The University of Texas at Austin (“UT Austin”) Office of Internal Audit (“IA”). The EQA

included an assessment of the level of conformance with the Institute of Internal Auditors’ International Standards for the Professional Practice of

Internal Auditing (“the IIA Standards”), the Generally Accepted Government Auditing Standards (“GAGAS”) as well as the relevant requirements of the

Texas Internal Auditing Act (“TIAA”). Listed below is our overall assessment of IA’s adherence with these Standards and requirements:

IIA Standards - Based on our work, IA generally conforms. However, we did identify process enhancement opportunities.

GAGAS - No conformance observations were identified.

TIAA requirements – Other than the observations related to IIA Standards, no other observations were identified during our work.

Our Services were performed and this report was developed in accordance with our contract dated February 18, 2014 and are subject to the terms and

conditions included therein. Our Services were performed in accordance with the Standards for Consulting Services established by the American

Institute of Certified Public Accountants ("AICPA"). Accordingly, we are providing no opinion, attestation or other form of assurance with respect to our

work and we did not verify or audit any information provided to us. Our work was limited to the specific procedures and analysis described herein and

was based only on the information made available through April 11, 2014, when field work was substantially completed. Accordingly, changes in

circumstances after this date could affect the findings outlined in this report. This information has been prepared solely for the use and benefit of, and

pursuant to a client relationship exclusively with The University of Texas System Administration. PwC disclaims any contractual or other responsibility to

others based on its use and, accordingly, this information may not be relied upon by anyone other than The University of Texas System Administration

and UT Austin.

We would like to offer a sincere thank you to you and your staff, and the Internal Audit Committee and management of UT Austin, for the time and

attention they provided during this assessment. We appreciate the opportunity to serve The University of Texas System Administration on this important

engagement.

Very truly yours,

PricewaterhouseCoopers, LLP

PricewaterhouseCoopers LLP, 1201 Louisiana, Suite 2900, Houston, TX 77002-5678

T: (713) 356 4000, F: (713) 356 4717, www.pwc.com/us

(19)

O

O

F

F

F

F

I

I

C

C

E

E

O

O

F

F

I

I

N

N

T

T

E

E

R

R

N

N

A

A

L

L

A

A

U

U

D

D

I

I

T

T

S

S

(20)

External Auditor (interim financial work and IT work)

Statements; to include IT audit work prior to year-end

Financial Subtotal

20

Operational

UT System Requested/Externally Required Audits

Presidential Travel, Entertainment, and Housing

Expenses - Assistance to UT System

20

Required by Regents Rule 20205 - Assist UT System Audit with review of travel, entertainment,

and housing expenses for the president and spouse

Executives' Travel and Entertainment Expenses

FY2014/2015

400

Required by UT System Annually.

Appropriations Act, may be selected for review.*

All sources of funds, including funds from the General

Risk-Based Audits

Departmental Change in Management Audits, FY15

1,000

Review and evaluate departmental internal controls and compliance with UT rules.

All sources

of funds, including funds from the General Appropriations Act, may be selected for review.*

Human Resources - General Controls

600

Review general controls associated with the Human Resources Department, according to high

level of risk within the area (including overtime hours).

All sources of funds, including funds

from the General Appropriations Act, may be affected by this project.*

Bursar - Cash Management

300

Conduct cash counts using a sample of departments who receive and maintain funds in their area

Donor Scholarships

500

Determine whether donor scholarships are used for intended purpose

University Health Services - Billing

and Operations

500

Review and evaluate student health center for compliance with applicable federal, state, and

University rules regarding billing and operations

40 Acres Pharmacy

500

Review and evaluate the 40 Acres Pharmacy for compliance with applicable federal, state, and

University rules regarding billing and operations

Carryforward - Risk-Based Audits

Departmental Change in Management Audits, FY14

150

Review and evaluate departmental internal controls and compliance with UT rules.

All sources

of funds, including funds from the General Appropriations Act, may be selected for review.*

Longhorn Foundation/Business Office

425

Business Office (Transactional and Financial), Contracts (TBD), Longhorn Foundation Ticket

(21)

funds, including funds from the General Appropriations Act, may be affected by this

project.*

Operational Subtotal

4,895

Compliance

UT System Requested/Externally Required Audits

Proportionality Funding of Benefits

200

Per request from the Governor;

addresses the proportionality of benefits and related risks.

All

sources of funds, including funds from the General Appropriations Act, may be affected by

this project.*

Education Research Center FY2014/2015

400

Required by contract - Certify that the research center is in full compliance with all terms of the

contract and all applicable state and federal laws

NCAA Football Attendance

50

Required by NCAA - Review to verify football game attendance

Risk-Based Audits

NCAA Bylaw 10/14 - Academic Integrity/Eligibility

800

Academic Integrity - Tutors/ Mentor Program; Class auditing; Eligibility Certification

NCAA Bylaw 12 - Amateurism

600

Review amateurism (NCAA Bylaw 12) related to Intercollegiate Athletics

NCAA Bylaw 16 - Awards and Benefits

600

Review awards and benefits (NCAA Bylaw 16) related to Intercollegiate Athletics

NCAA Bylaws 18/20 - Post Season Events/Division

Membership

400

Review post season events/division membership (NCAA Bylaws 18 & 20) related to

Intercollegiate Athletics

Research - Export Controls

500

Review and evaluate export controls and compliance with federal, state, and University rules

UT System Policy 175 Conflicts of Interest in Research

600

Disclosure of significant financial interests and management and reporting of financial conflicts of

interest in research - Requested by Dr. Juan Sanchez

Environmental Health & Safety

500

Evaluate compliance with UT Austin/UT System policies, state/federal rules regarding

environmental health and safety procedures

Data Analytics

250

Data analysis to locate inappropriate transactions in various areas

Minors on Campus

500

Evaluate compliance with UT Austin/UT System policies, state/federal rules regarding minors on

campus

Carryforward - Risk-Based Audits

NCAA Bylaw 13 - Camps and Clinics

250

Camps/ Operational/ Financial MBB/ WBB/ BA - Fall 2013 - FB/VB - Spring 2014

NCAA Bylaw 15 - Financial Aid

425

Equivalency Calculations & Outside Scholarships

(22)

Institute for Public School Initiatives (IPSI), TEA Grant

150

Required annually by TEA - Assess security of electronically stored data. Annual audit

requirement specified in grant conditions

National Automated Clearinghouse Association

(NACHA) FY2015

125

Required annually by NACHA - Review controls over web-based check transactions

Texas Administrative Code (TAC) 202

600

Required every two years by TAC 202 - Review compliance with TAC 202 (Information Security

Standards)

Risk-Based Audits

Departmantal Change in Management Audits, FY15 - IT

portion

400

Review and test IT controls as part of Departmental Change in Management Audits

UT Facilities Network (FACnet)

800

Review sufficiency of controls in the university's network of facilites controllers and systems

Incident Handling

400

Review processes in place for monitoring, investigating, and responding to system breaches

Health Insurance Portability and Accountability Act

(HIPAA)

400

Review HIPAA covered entities for compliance with HIPAA and the Health Information

Technology for Economic and Clinical Health (HITECH) Act

Sensitive Data Control Plans

400

Assess security procedures utilized to protect confidential data used in research or other projects.

IT Audit Assistance for Non-IT Projects

400

Centralized Authentication System

400

Review related IT controls in the university's authentication system

Payment Card Industry (PCI) Data Security Standards

(DSS)

400

Review controls to ensure compliance with credit card industry standards (PCI DSS)

Carryforward - Risk-Based Audits

Departmental Change in Management Audits, FY14 - IT

Portion

100

Review and test IT controls as part of Departmental Change in Management Audits

Information Technology Subtotal

4,575

Follow-up

General Follow-up

150

Follow-up on Level-1 IT Recommendations

150

Follow-up Subtotal

300

(23)

Technical Support for Internal Audit Office and Staff

400

Internal support for office technology and software

TeamMate Support and Maintenance

125

Maintenance and support of electronic audit management system

Annual Audit Plan and Risk Assessment Process

500

Preparation of annual audit plan and risk assessment

Annual Internal Audit Report

40

Preparation of annual report required by the Texas Government Code, Chapter 2102 (The Internal

Auditing Act)

Office Manual/Website Updates

130

Updates to IA's office manual, standard forms/reports, processes, and website

UT System Issues and Assistance

100

Miscellaneous assistance provided to UT System Audit Office

SAO Issues and Assistance

35

Miscellaneous assistance provided to the State Auditor

Professional Organizations and University Committees

200

Support and participation in profession audit organizations

Annual Financial Report - Monitoring Plan

100

Required by UT System; UTS142.1 requires annual testing of the monitoring plan for the

segregation of duties and reconciliation of accounts.

Project Update/Status Meetings

300

Staff meetings regarding updates and status of audits and projects

Training for Dell Medical School

300

Projects Subtotal

2,730

Reserve

All sources of funds, including funds from the General Appropriations Act, may be affected

by projects using hours reserved for unplanned projects.*

Reserve for Management Requests

500

Reserve for Investigations

1,238

Reserve for Consulting

500

Reserve Subtotal

2,238

Total Hours

20,833

*Instructions for this schedule require identifying projects in these categories:

Projects with blue font address the proportionality of benefits or related risks.

(24)

Risk

Explanation/Mitigation

Compliance - Capturing All

Investigations - Incl Hotline Calls This area is currently in transition and controls are being reviewed for future best practices. Internal Audits will consider this area for the FY 2016 audit plan. Lack of effort reporting &/or

non-compliance with OMB Circular A-21 Internal Audits is planning to conduct two audits in the area of research for the FY2015 audit plan. This risk will be considered for the FY2016 audit plan. Non-compliance with federal purchasing

requirements Self Assessment Review Lack of license compliance monitoring &

enforcement Audited FY2014

Consent process with human subjects Human Subjects Research is externally accredited. Internal Audits reviewed this accreditation as an audit step in FY2014.

Lack of or inadeqate reporting of

Scientific Misconduct Audited FY2014

Inaccurate reporting on lobbying Internal Audits is planning to conduct two audits in the area of research for the FY2015 audit plan. This risk will be considered for the FY2016 audit plan. Facilities, Athletics Audited FY2014

IT Services, Athletics This area was reviewed in the FY2014 audit of Texas Box Office (Paciolan system). Internal Audits will consider a more thorough review of this risk for the FY2016 audit plan.

Servers/ Virtual Machines Services are currently being expanded in this area; IA will consider auditing this risk in future years.

Building Access Control System The UT Information Security Office recently performed a security review of BACS, and BACS is currently being reviewed by a 3rd party; IA will consider auditing this risk in future years.

Information Mgmt. - Development An audit of information management in the Development Office was performed by IA in FY09. Time constraints do not allow for this risk to be audited this year; IA will consider auditing this risk in future years.

Phishing Attacks - Financial Services Two-factor authentication is currently being implemented for payroll and additional areas are being implemented in future phases; IA will consider auditing this risk in future years.

Failure to manage contracts, ITS

(25)

The Process for Developing Risk Assessments for the Audit Plan

As part of preparing the annual audit plan, Internal Audit (IA) management and staff met with the President’s

Office, each vice president, the Director of University Compliance Services, and the Director of Information

Technology Services/Chief Information Officer to review his/her risk assessments. Discussions included IA’s

prior year’s risk assessment, changes in the executive’s portfolio, changes and expected changes in the

environment and/or industry, and changes in how risks may be evaluated. Then the updated risk assessments are

used for the annual audit plan.

The University of Texas System Audit Office (UTS) provides a spreadsheet identifying the audit universe in

different levels (Tier One, Two, and Three). IA matches the universe to the prepared risk assessments to be sure

all risks are evaluated. UTS requires the following selected risk assessments to be exhibited with the Audit Plan:

Overall Risk Assessment (Tier One Level)

Institutional Risk Assessment

The risk rankings are a weighted average of the detailed risk assessments.

Detailed Risk Assessments (Tier Two Level) - selected

Research Risk Assessment

Information Technology Risk Assessment,

all IT risk assessments considered Texas Administrative

Code 202

Institutional Tier 2 Risk Assessment

Evaluating Risks (Guidelines from UTS)

Risk Assessments

The vertical axis of the risk assessment represents the applicable business processes. The horizontal axis of the

risk assessment represents business risks identified for each process or sub-process. All types of business risks

were included: strategic, financial, operational, and compliance. Each individual risk identified was ranked for

impact

and

probability

.

Determination of Impact

Impact of a risk is the effect a single occurrence of that risk will have upon the achievement of UT Austin’s goals

and objectives. There are three values:

High – The effect will cause the institution not to achieve its goals and objectives: “show stopper”

Medium – The effect will cause the institution to operate inefficiently and/or expend unplanned resources to

meet goals and objectives

Low – There will be no measurable effect upon the achievement of institutional goals and objectives

Methodology to determine the Impact Value:

Identify consequences to the organization if a risk were to become a reality

Value the effect on the organization for each consequence (high, medium, or low)

(26)

Determination of Probability

Probability of a risk is the likelihood the risk will become reality. There are three values:

High – The risk will become a reality frequently

Medium – The risk will become a reality infrequently

Low – The risk will rarely become a reality

(27)

Scope

Type

Frequency

External Auditors

Audit Required By:

UT Austin Department of Intercollegiate Athletics

Statement of Revenues and Expenses For The Year Ended

August 31, 2013 and Independent Accountants'' Report on

Applying Agreed-upon Procedures

Agreed-Upon

Procedures

Annual

Maxwell Locke &

Ritter, LLP

NCAA Bylaw 6.2.3.1

KUT Radio of The University of Texas at Austin Financial

Statements and Independent Auditor's Report Years Ended

August 31, 2013 and 2012

Financial

Annual

Gindler, Chappell,

Morrison, and Co.

P.C.

The Corporation for Public

Broadcasting

University of Texas University Charter School Annual

Financial Report For The Year Ended August 31, 2013

Financial

Annual

West, Davis &

Company, LLP

Texas Education Code,

Section 12.111

University of Texas Elementary School Annual Financial

Report For the Year Ended August 31, 2013

Financial

Annual

Belt Harris

Pechacek, LLLP

Texas Education Code,

Section 12.111

State of Texas Compliance with Federal Portion of the

Statewide Single Audit Report For The Fiscal Year Ended

August 31, 2013, Report # 14-325

Financial

Annual

John Keel, CPA

State Auditor and

KPMG, LLP

Single Audit Act

Amendments of 1996 and

OMB Circular A-133,

Audits of States, Local

Governments, and

Non-Profit Organizations

State of Texas Financial Portion of the Statewide Single

Audit Report For The Year Ended August 31, 2013, Report

# 14-555

Financial

Annual

John Keel, CPA

State Auditor

Single Audit Act

Amendments of 1996

University Interscholastic League Annual Financial Report

(28)

General Appropriations Act

Sec. 7.10. Fraud Reporting. A state agency or institution of higher education appropriated funds by

this Act, shall use appropriated funds to assist with the detection and reporting of fraud involving state

funds, including funds received pursuant to the American Recovery and Reinvestment Act, as follows:

(a) By providing information on the home page of the entity's website on how to report

suspected fraud, waste, and abuse involving state resources directly to the State Auditor's

Office. This shall include, at a minimum, the State Auditor's fraud hotline information and a

link to the State Auditor's website for fraud reporting; and

(b) By including in the agency or institution's policies information on how to report

suspected fraud involving state funds to the state auditor.

Description of How The University of Texas at Austin complies:

The University has a link for reporting fraud on the home page of its website. Please see

http://www.utexas.edu/

. This link includes information on how and where to report

fraud, including the following statement: You may also report suspected fraud, waste,

and abuse to the

State Auditor’s Office Hotline

at 1-800-TX-AUDIT

(1-800-892-8348). The State Auditor’s Office provides additional information at its website,

http://sao.fraud.state.tx.us

.

The University of Texas at Austin’s Suspected Dishonest or Fraudulent Activities policy

is now on-line:

http://www.policies.utexas.edu/policies/suspected-dishonest-or-fraudulent-activities

.

Requirement #2

:

Texas Government Code, Section 321.022. Coordination of Investigations

(a) If the administrative head of a department or entity that is subject to audit by the state

auditor has reasonable cause to believe that money received from the state by the department or

entity or by a client or contractor of the department or entity may have been lost,

misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in

relation to the operation of the department or entity, the administrative head shall report the

reason and basis for the belief to the state auditor. The state auditor may investigate the report or

may monitor any investigation conducted by the department or entity.

(b) The state auditor, in consultation with state agencies and institutions, shall prescribe

the form, content, and timing of a report required by this section.

(c) All records of a communication by or to the state auditor relating to a report to the

state auditor under Subsection (a) are audit working papers of the state auditor.

Description of How The University of Texas at Austin complies:

The Office of Internal Audits at The University of Texas at Austin reports all suspected

fraud and abuse to the State Auditor’s Office through their Website:

References

Related documents

Apabila menggunakan topeng anda dengan peranti ResMed CPAP atau dwi tahap yang mempunyai pilihan tetapan topeng, rujuk kepada bahagian spesifikasi Teknikal dalam panduan pengguna

Over a period of time, the data relative to container stock and flow can be mined to provide precious ‘what if’ analysis, which can help in better predicting (and controlling)

and phone number: Mailing address: Website: SIC Code & Description of Operations (including how company generates revenue): Federal Tax ID: Annual revenue: Year

Main objective of this paper is to analyse a category of special events: the wedding market sector in Kaohsiung, Taiwan by examining how they attract consumers regarding

A calendar spread is created by buying an option with one maturity and selling an option with another maturity when the strike prices are the same and the option types (calls or

(5) El valor intrínseco de la explotación sin fle- xibilidad estratégica se estimó con la ecuación (5), siendo su expresión el valor actual de los flujos de fondos derivados de

En este trabajo se generan los PP para diferen- tes umbrales de lluvia a partir de los pron´ osticos de precipitaci´ on acumulada a 12 horas genera- dos por el modelo BRAMS..

a) Improved quality of food: The burgers are made fresh for the customer and thus provide maximum satisfaction. There is no chance of offering stale food to