• No results found

The R ole of Internal Audit in the Control E nvironment

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The R ole of Internal Audit in the Control E nvironment"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

The R ole of Internal Audit

in the C ontrol

E nvironment

Wanda Lynn Riley

Chief Audit Executive

Audit and Advisory Services

University of California, Berkeley

(2)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

Internal

Auditing

Control

Environment

The control environment sets the tone of an

organization, influencing the control

consciousness of its people. It is the foundation

for all other components of internal control,

providing discipline and structure. Control

environment factors include the integrity, ethical

values and competence of the entity's people;

management's philosophy and operating style; the

way management assigns authority and

responsibility, and organizes and develops its

people; and the attention and direction provided

by the board of directors.

The mission of the University of California (UC) internal audit program

(IA) is to provide the regents, president, and campus chancellors

independent and objective assurance and consulting services designed

to add value and to improve operations. It does this by assessing and

monitoring the campus community in the discharge of their oversight,

management, and operating responsibilities. Internal audit brings a

systematic and disciplined approach to evaluating and improving the

effectiveness of risk management, control and governance processes.

Internal auditing is an independent, objective

assurance and consulting activity designed to add

value and improve an organization's operations. It

helps an organization accomplish its objectives by

bringing a systematic, disciplined approach to

evaluate and improve the effectiveness of risk

management, control, and governance processes.

(3)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

•Audits are assurance services defined as examinations of evidence for

the purpose of providing an independent assessment on governance,

risk management, and control processes for the organization. Examples

include financial, performance, compliance, systems security and due

diligence engagements.

Audits

•Advisory services, the nature and scope of which are agreed with the

client, are intended to add value and improve an organization’s

governance, risk management, and control processes without the

internal auditor assuming management responsibility. Examples include

reviews, recommendations (advice), facilitation, and training.

Advisory

Services

•Investigations are independent evaluations of allegations generally

focused on improper governmental activities including misuse of

university resources, fraud, financial irregularities, significant control

weaknesses and unethical behavior or actions.

Investigations

•External audit coordination involves assisting the campus to fulfill audit

requirements that arise from its role as a recipient of public and other

extramural funds, as well as obligations from business contracts, and to

cooperate fully with external auditors.

External Audit

Coordination

(4)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

The scope of IA work is to determine whether UC’s

network of risk management, control, and governance

processes, as designed and represented by

management at all levels, is adequate and functioning in

a manner to ensure:

• Risk management processes are effective and

significant risks are appropriately identified and

managed.

• Ethics and values are promoted within the

organization.

• Financial and operational information is accurate,

reliable, and timely.

(5)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

• Employee’s actions are in compliance with policies,

standards, procedures, and applicable laws and

regulations.

• Resources are acquired economically, used efficiently,

and adequately protected.

• Programs, plans, and objectives are achieved.

• Quality and continuous improvement are fostered in

the organization’s risk management and control

processes.

• Significant legislative or regulatory compliance issues

impacting the organization are recognized and

addressed properly.

• Effective organizational performance management

and accountability is fostered.

(6)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

• Coordination of activities and communication of

information among the various governance groups

occur as needed.

• The potential occurrence of fraud is evaluated and

fraud risk is managed.

• Information technology governance supports UC

strategies, objectives, and the organization’s privacy

framework.

• Information technology security practices adequately

protect information assets and are in compliance with

applicable policies, rules and regulations.

(7)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

How are audit topics selected?

Risk Assessment Audit Plan Development Audit Plan Execution Audit Plan Review Report Results

Gather Information Risk Review Amend Audit Plan

Discussions with Management External Reports Investigation Activities Enterprise Risk Management Activities Committee Participation

Quarterly Audit Plan

Refinement

Annual Audit

Process

Advisory Activities Assurance Activities

(8)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

What can I expect during the

cours e of an internal audit?

Audit

Notification

• Notification of Intent to Audit • Preliminary scheduling discussions and document requests • Establishing key client contacts

Preliminary

Audit

Survey

• Conducting a risk assessment • Developing an Audit Program

Fieldwork

Entrance

Conference

• Sharing the Audit Program with the Client • Establish protocols and coordination for execution of fieldwork

Fieldwork

Detailed

Appraisal

• Analytical Reviews • Interviews • Detailed Testing • Status Updates on Findings

Ending

Fieldwork

• Sharing Preliminary Results with Client

Reporting

• Drafting Report • Obtaining Management Action Plans • Finalizing Report • Exit Meeting

Follow-Up

• Client Satisfaction Survey • Monitoring Completion of Action Plans • Reporting to Campus Audit Committee and UCOP

(9)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

E xamples of R ecent UC C ontrol

E nvironment P rojects

• Globalization and

International Engagement -

UCB

• Human Resources Service

Center, General Services –

UCLA

• Non-Voluntary Separation

Practices – UCB

• Fraud Risk Management – All

• Control Environment Survey –

UCSD

• Performance Management

• Annual Report on Executive

Compensation

• Conflict of Interest and

Conflict of Commitment – All

• IT Planning and Organization

– UCB

• Office of the Chancellor –

University Communication -

UCI

(10)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

How we can help you…

• We will make an objective assessment of

your operations, and share ideas for best

practices.

• We will provide counsel for improving

controls, processes and procedures,

performance, and risk management.

• We will suggest ways for reducing costs and

enhancing revenues.

• We will deliver competent consulting,

assurance, and facilitation services.

(11)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

Plus, we will…

• Ensure accuracy of records.

• Provide cost analysis of historical trends.

• Evaluate internal controls.

• Support the external auditors.

• Document and analyze processes and

costs.

• Analyze task performance in functional

areas.

(12)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

Plus, we will…

• Survey customers to determine

satisfaction.

• Evaluate costs and benefits.

• Benchmark performance and best

practices.

• Confirm compliance with laws, regulations,

policies, and procedures.

• Ensure compliance with contract terms

and conditions.

(13)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

Plus, we will…

• Compare records with physical assets.

• Reconcile independent and corporate

records.

• Review new system development projects.

• Evaluate computer and software

application controls.

• Investigate alleged improper governmental

activities.

(14)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

What does this means to you?

You have at your fingertips:

• A coach.

• An advocate.

• A risk manager.

• A controls expert.

• An efficiency specialist.

• A problem-solving partner.

14

(15)

B

U S I N E S S

O

F F I C E R

I

N S T I T U T E

UC Internal Audit Organization Chart

UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF LBNL Chancellor Birgeneau Chancellor Katehi Vice Chancellor Brase Vice Chancellor Olsen

Chancellor Leland Provost and Executive VC Rabenstein Associate Vice Chancellor Cortez Vice Chancellor Valentino Vice Chancellor Matthews Senior Vice Chancellor Plotts Laboratory Director Alivisatos

The Regents’ Committee on Compliance and Audit

UCM T. Kucker (1) UCD J. Maher (11) UCSD S. Burke (14.2) UCR M. Jenson (5) UCI B. Nielsen (8) Systemwide & UCOP M. Hicks (2.5) UCB W.L. Riley (6) UCLA E. Pierce (25.8) UCSC B. Long (4) UCSB R. Tarsia (4.8) UCSF R. Catalano (8)

Total Professional Staff, including the Director, is in parentheses. Total Authorized Professional Positions = 95.2 as of year end FY 2011-12

SVP, Chief Compliance and Audit Officer, S. Vacca UC President

M. G. Yudof

LBNL

T. Hamilton (5)

References

Download now ( PDF - 15 Page - 899.61 KB )

Related documents

Forage Production and Nutrient Composition of Different Sorghum Varieties Cultivated with Indigofera in Intercropping System

Sorghum variety CTY-33 planted in multiple cropping system had the highest (P<0.01) dry matter content, total dry weight production, and (P<0.05) total crude

TECHNICAL AND VOCATIONAL EDUCATION AND TRAINING (TVET) SYSTEM\ IN INDIA FOR SUSTAINABLE DEVELOPMENT

National Conference on Technical Vocational Education, Training and Skills Development: A Roadmap for Empowerment (Dec. 2008): Ministry of Human Resource Development, Department

PRIVATE FINANCING OF HEALTH CARE IN POLAND MICROSIMULATION MODEL 1 1. INTRODUCTION

The microsimulation model consists of (1) the microeconometric model – the core (the health econometric model of households has been described in the previous section) and (2)

A review on thyroid cancer during pregnancy: Multitasking is required

The timing of surgery, the impact of pregnancy on prognosis of thyroid cancer and monitoring of pregnant women with thyroid cancer are important points to be discussed while treating

Hull_OFOD9e_MultipleChoice_Questions_and_Answers_Ch12.doc

A calendar spread is created by buying an option with one maturity and selling an option with another maturity when the strike prices are the same and the option types (calls or

Langmans Medical Embryology test bank questions

The corona radiata consists of one or more layers of follicular cells that surround the zona pellucida, the polar body, and the secondary oocyte.. The corona radiata is dispersed

DISsing the social GGRRAAACCEEESSS

Mercer (eds) Implementing the Social Model of Disability: Theory and Research , Leeds: The Disability Press, pp. (Available from

Myopic shift from the predicted refraction after sulcus fixation of PMMA posterior chamber intraocular lenses

Postoperative refraction, predicted postoperative refraction for in-the-bag IOL with the same diopter, intraoperative posterior capsular complications and vitrectomy, axial eye