integral audit annual report - university of texas at dallas€¦ · management, and control...
TRANSCRIPT
Internal Audit Annual Report Fiscal Year 2015
Office of Internal Audit 800 West Campbell Rd., SPN 32
Richardson, TX 75080 972-883-4876
www.utdallas.edu/audit/
2
Integral Audit Annual Report 2015
October 22, 2015 Dr. Hobson Wildenthal, President ad interim Ms. Lisa Choate, Chair of the Institutional Audit Committee: We are pleased to submit the annual report of the Office of Internal Audit for the fiscal year ended August 31, 2015. This report is required by the Texas Internal Auditing Act and provides information on the assurance services, consulting services, and other activities of the internal audit function. During fiscal year 2015, we issued 35 reports related to audits, consulting reviews, and investigations. We believe the work of our office has enhanced university operations and provided value to management with recommendations relating to governance, risk management, and control processes at the University of Texas at Dallas. If you have any questions about the contents of this report, please do not hesitate to contact me. Respectfully submitted, Toni Stephens, CPA, CIA, CRMA Institutional Chief Audit Executive, UT System at UT Dallas Report Distribution:
• State Auditor’s Office • Governor’s Office of Budget, Planning, and Policy • Legislative Budget Board • Sunset Advisory Commission • Members of the UT Dallas Audit Committee • UT System Office of the Executive Vice Chancellor for Academic Affairs • UT System Staff Attorney • UT System Audit Office
3
Integral Audit Annual Report 2015
TABLE OF CONTENTS
Purpose of the Internal Audit Annual Report ................................................................................. 4
I. Compliance with House Bill 16 (Texas Government Code, Section 2102.015): Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit Information on Internet Web Site ................................................................................................................ 5
II. Compliance with the Benefits Proportionality Audit Requirements for Higher Education Institutions .......................................................................................................................... 5
III. Internal Audit Plan for Fiscal Year 2015 .............................................................................. 6 IV. Consulting Services and Nonaudit Services Completed ................................................... 10 V. External Quality Assurance Review .................................................................................. 11
VI. Internal Audit Plan for Fiscal Year 2016 ............................................................................ 15 VII. External Audit Services Procured in Fiscal Year 2015 ....................................................... 21
VIII. Reporting Suspected Fraud and Abuse ............................................................................. 22 IX. Office of Internal Audit ..................................................................................................... 23
• Internal Audit Staff ...................................................................................................... 24 • Organization Chart ...................................................................................................... 25
4
Integral Audit Annual Report 2015
PURPOSE OF THE INTERNAL AUDIT ANNUAL REPORT
The purpose of this annual report is to provide information on the assurance services, consulting services, and other activities of the internal audit function. In addition, the annual internal audit report assists oversight agencies in their planning and coordination efforts. The Texas Internal Auditing Act, Texas Government Code, Chapter 2102, requires that an annual report on internal audit activity be filed by November 1st of each year and submitted to the Governor, the Legislative Budget Board, the Sunset Advisory Commission, the State Auditor’s Office (SAO), and the entities’ governing boards and chief executives. The SAO prescribes the form and content of the report. The annual report was prepared using the guidelines provided by the Texas State Auditor’s Office. In addition to the minimum requirements, we also included other information we felt was important to the internal audit operations during fiscal year (FY) 2015. Additional information regarding the UT Dallas Office of Internal Audit can be found at the following website: www.utdallas.edu/audit/.
5
Integral Audit Annual Report 2015
I. COMPLIANCE WITH HOUSE BILL 16: POSTING THE INTERNAL AUDIT PLAN, INTERNAL AUDIT ANNUAL REPORT, AND OTHER AUDIT INFORMATION ON INTERNET WEB SITE
In accordance with House Bill 16, the UT Dallas Office of Internal Audit has posted its Fiscal Year 2015 Internal Audit Annual Report and the approved Fiscal Year 2016 Audit Plan at the following web site: www.utdallas.edu/audit/audit-reports-and-plans/.
II. COMPLIANCE WITH THE BENEFITS PROPORTIONALITY AUDIT REQUIREMENTS FOR HIGHER EDUCATION INSTITUTIONS
Rider 8, page III-39, the General Appropriations Act (84th Legislature, Conference Committee Report), requires that higher education institutions conduct an internal audit during fiscal year 2016 of benefits proportional by fund, using a methodology prescribed by the State Auditor’s Office. The rider requires that the audit examine appropriation years (AY) 2012 through 2014, and be completed no later than August 31, 2016. To comply with Rider 8, a benefits proportionality audit is included in the UT Dallas FY 2016 annual audit plan. An internal audit of the proportionality of higher education benefits process was conducted during FY 2015 at the request of the Governor. The scope of the audit included benefits funding proportionality for appropriation year (AY) 2013. Audit procedures were consistent with the methodology prescribed by the State Auditor’s Office to comply with Rider 8, and included review of source information obtained from the internal accounting system and the State’s Uniform Statewide Accounting System (USAS), review of the benefits proportionality reporting process, validation of the accuracy of information and proportional funding calculations reported to the State Comptroller on the Benefits Proportionality by Fund Report (APS 011), and testing to verify eligibility of employee benefits paid with appropriated funds. Because AY 2013 was included in the prior year audit, the benefits proportionality audit conducted during FY 2016 will include only AY 2012 and AY 2014. The results of the AY 2013 audit will be included in the resulting audit report, with a statement certifying that the procedures followed were consistent with the methodology prescribed by the State Auditor’s Office.
6
Integral Audit Annual Report 2015
III. INTERNAL AUDIT PLAN FOR FISCAL YEAR 2015
The University of Texas at Dallas (UTD) fiscal year 2015 Audit Plan is a description of the internal audit activities that were planned to be completed by the UTD Office of Internal Audit during fiscal year 2015. Our overall objective was to develop a standardized audit plan which addressed the highest risks within UTD, consistent with the Internal Audit Charter and UTD’s Strategic Plan. The Plan complied with the Texas Internal Auditing Act (Texas Government Code 2102), The University of Texas (UT) System Policy UTS129, Internal Audit Activities, The Institute of Internal Auditors' (IIA) International Standards for the Professional Practice of Internal Auditing, Government Auditing Standards, and specific instructions from The UT System Audit Office.
The information on the following pages contains the Internal Audit Plan for FY 2015, including the status of the plan at October 30, 2015.
Report TitleReport
Date CommentsFinancialFY 2014 Financial Statement Audit Annual Financial Report R1506 11/25/2014 CompletedFY 2014 Financial Statement Audit Assistance to Deloitte CompletedFY 2015 Interim Financial Statement Audit Work Completed
Institutional Data Reporting Deleted
Audit Committee approval to delete due to external audit of Formula Funding (3rd
Quarter FY15 )Journal Entry and Interdepartmental Transfer Process
Journal Entry and Interdepartmental Transfer Process R1603 10/20/2015 Completed
Receivables Receivables R1601 9/8/2015 Completed
Status at 10/30/15
FY 2015 Audit Plan Engagement
Report No.
7
Integral Audit Annual Report 2015
Report TitleReport
Date CommentsOperational
Career Center Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015
Enrollment Management Deleted
Audit Committee approval to delete due to external audit of Formula Funding (3rd
Quarter FY15)
GiftsCarried Forward
to FY 16
Hiring and Compensation
Carried Forward to FY 16 - In
Process
Client requested delay due to new systems - Audit Committee approved at 3rd Quarter FY 16 meeting. Carried forward to FY 16
Intercollegiate Athletics Athletics and NCAA Compliance R1520 8/31/2015 Completed Combined with NCAA audit
International Study Abroad Programs Education Abroad Investigation Memo 7/13/2015 Completed Investigation
Naveen Jindal School of Management
Carried Forward to FY 16 - In
Process Audit Committee approval to delay 3rd
Quarter FY15 - carried forward to FY 16
Policy and Procedures Governance In ProcessIn process and plan to issue report
November 2015
President's Travel and Entertainment (assistance to UT System) Completed
UT System requested only minimal assistance - no hours charged
Scholarships Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015School of Engineering and Computer Science In Process
In process and plan to issue report November 2015
Student Housing In ProcessIn process and plan to issue report
November 2015
Technology CommercializationCarried Forward
to FY 16Audit Committee approval to delay 3rd
Quarter FY15 - carried forward to FY 16
Tuition & Fees Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015Callier Center for Communication Disorders
Caller Center for Communication Disorders R1503 10/10/2014 Completed
Cash Handling/Treasury Management Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015Center for Brain Health Center for Brain Health R1517 7/20/2015 CompletedExecutive Education Executive Education R1518 7/30/2015 CompletedExecutive Travel & Entertainment Executive Travel and Entertainment R1510 3/4/2015 Completed
Meals & Catering Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015Construction Management Review - Work Order System Work Order System R1515 5/1/2015 Completed
Bioengineering Change in Leadership Bioengineering R1508 12/18/2014 CompletedISSO Change in Leadership Audit International Programs R1505 11/14/2014 CompletedVP Diversity & Community Engagement Change in Leadership Audit
VP for Diversity and Community Engagement R1513 4/21/2015 Completed
Status at 10/30/15
FY 2015 Audit Plan Engagement
Report No.
8
Integral Audit Annual Report 2015
Report TitleReport
Date CommentsComplianceBenefits Funding Proportionality Benefits Proportionality by Fund R1507 11/26/2015 Completed
Contract and Grants Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015Executive Travel and Entertainment Executive Travel and Entertainment R1510 3/4/2015 Completed Combined with R1510Export Controls Export Controls R1602 9/9/2015 Completed
Financial Aid Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015
Lena Callier Trust Lena Callier Trust for the Hard of Hearing and the Deaf R1511 4/6/2015 Completed
Implementation) One Card Implementation Memo 8/28/2015 Completed Consulting Review
Records RetentionCombined with audit of Business Continuity
Planning (IT audits)Endowments & Gifts Endowment Compliance R1512 4/21/2015 CompletedHuman Subjects (Greenphire Implementation) Greenphire ClinCard Implementation Memo 8/26/2015 Completed Consulting ReviewLab Safety Lab Safety R1516 5/28/2015 CompletedNCAA Compliance/Athletics Athletics and NCAA Compliance R1520 8/31/2015 Completed
Time & Effort Follow-up Follow-up of Prior Audit Recommendations R1519 8/6/2015 Completed
Information Technology
TAC 202 CompletedCompleted and plan to issue report
November 2015 Emergency Management & Records Retention Completed
Completed and plan to issue report November 2015
VPN (Virtual Private Network) Deleted
Audit Committee approval 3rd Quarter to delete due to new CIO initiatives and future purchase of VPN. To be reconsidered at
later date.
IT Roadmap, Strategic Planning, and Funding Deleted
Audit Committee approval 3rd Quarter to delete due to new CIO initiatives and
reorganization. To be reconsidered at later date.
Wireless Networking Deleted
Audit Committee approval 3rd Quarter to delete due to new CIO initiatives and
reorganization. To be reconsidered at later date.
Physical Access Controls Management Completed
Awaiting management's responses to report recommendations. Audit report to be
issued November 2015
Databases
Carried Forward to FY 16
Audit Committee approval 3rd Quarter to carry forward to FY 16 due to new CIO
initiatives. pp y Review Comet Card Application Security R1514 4/22/2015 Completed
UT Dallas Marketplace In ProcessIn process and plan to issue report
November 2015 Monitoring N/A - not an auditTeamMate, IDEA, and Website N/A - not an auditIT Meetings and Consulting N/A - not an audit
Confidential Data Confidential Data Management and Data Loss Prevention Memo 9/15/2015 Completed Consulting Review
Data Centers Data Centers R1509 1/29/2015 CompletedeLearning eLearning R1502 10/6/2015 CompletedPeopleSoft Roles PeopleSoft Access Controls Memo 8/27/2015 Completed Consulting Review
Unix In ProcessIn process and plan to issue report
November 2015Vulnerability Scanning Vulnerability Scanning Process R1504 11/3/2014 CompletedOnBase OnBase R1501 9/12/2014 Completed
Status at 10/30/15
FY 2015 Audit Plan Engagement
Report No.
9
Integral Audit Annual Report 2015
Report TitleReport
Date CommentsFollow Up
Quarter 1 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Completed
Quarter 2 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Completed
Quarter 3 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Completed
Quarter 4 Follow-up of Prior Audit Recommendations R1519 8/6/2015 Completed
FY 14 Follow-up Follow-up of Prior Audit Recommendations R1519 8/6/2015 Completed
Projects
Annual Internal Audit Report FY 2014 Internal Audit Annual Report N/A 10/31/2014 Completed
Auditors Completed N/A - not an auditAudit Committee Completed N/A - not an auditExecutive Management and Leadership of the IA Department Completed N/A - not an audit and Awareness Completed N/A - not an auditFY 2016 Audit Plan Fiscal Year 2016 Audit Plan N/A 8/21/2015 CompletedHotline Team Participation Completed N/A - not an auditInternal Audit Staff Meetings Completed N/A - not an auditIT and Audit Manager Leadership Completed N/A - not an auditInstitutional Committee Participation Completed N/A - not an audit Participations Completed N/A - not an auditParticipation on Quality Assurance Reviews for Other Audit Departments Completed
Participated on peer review at University of Virginia
Program Completed N/A - not an auditTraining and Assistance to UT Dallas Completed N/A - not an audit y g Projects Completed N/A - not an auditUT System Reporting Completed N/A - not an auditReserves
Change in Management Audits CompletedInternal Audit completed three change in
management audits during FY 2015.
Investigations CompletedInternal Audit completed 10 investigations during FY 2015. Two remain in process.
Reserve for Requests and Consulting Services Completed
Internal Audit completed five consulting reviews during FY 2015.
Status at 10/30/15
FY 2015 Audit Plan Engagement
Report No.
10
Integral Audit Annual Report 2015
IV. CONSULTING SERVICES AND NON-AUDIT SERVICES COMPLETED
Report Date*
Title of Report
Objectives
Observations, Results and
Recommendations 8/11/15 Risks of Procurement
Fraud Consulting Review
Review requested by executive management to address risks of fraud in procurement.
Internal Audit provided information regarding potential fraud schemes that could occur if adequate internal controls were not in place, a list of audits that had been performed in procurement areas of high risk, and ways for management to mitigate the various fraud risks in procurement.
8/26/15 UT Dallas Retiree Association
Review of the UT Dallas Retiree Association, required every five years based on their operating guidelines.
Association revenues and expenses appeared to be materially accurate and supported by appropriate documentation.
8/26/15 Greenphire ClinCard Implementation
Review the current status of implementation of the ClinCard system.
Recommendations included updating procedures, designating a responsible party for administering the program, developing a close-out process, defining user access, ensuring tax compliance, ensuring separation of duties and reconciliation process. Will follow up on recommendations during a complete audit of Research Subject Payments, proposed for 1st Quarter FY 17.
8/27/15 PeopleSoft Access Controls
Review over PeopleSoft access controls.
Recommendations included ways to enhance access and developing a role privilege catalog. Recommendations will be followed up during FY 2016 as CIO implements organizational and process changes.
8/28/15 One Card Implementation
Review of the status of implementation of One Card (purchasing card) and PeopleSoft Travel and Expense Module.
Recommendations included updating the risk management plan, enhancing monitoring procedures, and adapting the project plan due to delays. Will conduct full audit and follow up on recommendations from this review during planned audit in 4th Quarter of FY 2016.
*Consulting and non-audit services were not issued report numbers
11
Integral Audit Annual Report 2015
V. EXTERNAL QUALITY ASSURANCE REVIEW
An external quality assessment was performed during fiscal year 2014. Such reviews are required every three years by the Texas Internal Auditing Act and every five years by the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing (Standards). The results of the assessment are indicated below. An action plan to address the recommendations included in the report has been prepared and is in process.
12
Integral Audit Annual Report 2015
13
Integral Audit Annual Report 2015
14
Integral Audit Annual Report 2015
15
Integral Audit Annual Report 2015
VI. INTERNAL AUDIT PLAN FOR FISCAL YEAR 2016
The FY 2016 approved audit plan is shown on pages 16 - 18. As required per the State Auditor’s Office guidelines:
• The audit entitled “Purchasing” addresses the contract management and other requirements of Senate Bill 20 (84th Legislature).
• The audit entitled “Budget Process” may address expenditure transfers, capital budget controls, or any other limitations or restrictions in the General Appropriations Act.
• A list of risks ranked as high that were identified but had another form of assurance work as well as a description of the risk assessment methodology is included after the plan.
• A brief description of the risk assessment methodology used to develop the plan, including consideration of risks applicable to information technology, is included after the plan on page 19.
16
Integral Audit Annual Report 2015
FY 2016 Audit PlanEngagements
Financial Audits and ProjectsAssistance to Deloitte - FY 15 Fieldwork 130.00 Assistance to Deloitte - FY 16 Interim 40.00 Financial Statement Certifications (UTS 142) 100.00 Consulting Review: Data Warehouse Reporting 180.00 Reserve for FY 15 carryforward audits: 70.00 Journal Entries/IDT Process Receivables
Financial Subtotal 520.00 Operational Audits and ProjectsSchool of ATEC (School of Arts, Technology, & Emerging Communication) 40.00 Honors College 40.00 Executive Travel and Entertainment 180.00
Assistance to UT System for President's Travel & Entertainment Audit 23.00 Naveen Jindal School of Management 320.00 Academic Advising 340.00 Health Center 200.00 Technology Commercialization 240.00 One Card 300.00 Outside Contractors 300.00 Gifts, including Raiser's Edge 450.00 Purchasing 400.00 Research 350.00 Hiring & Compensation 400.00 Faculty Start-ups 300.00 Budget Process 400.00 Reserve for FY 15 carryforward audits: 120.00 Cash Management Career Center Policy and Procedures Governance Scholarships School of Engineering and Computer Science Student Housing Meal Plans Tuition & Fees
Operational Subtotal 4,403.00
Original Budget
17
Integral Audit Annual Report 2015
FY 2016 Audit PlanEngagements
Compliance Audits and ProjectsConfucius Institute 160.00 Lena Callier Trust 100.00 OMB Uniform Guidance 200.00 Benefits Proportionality Funding 160.00 External Audit Assistance 40.00 Minors on Campus 340.00 International Travel 220.00 Reserve for FY 15 carryforward audits 20.00 Contracts and Grants Export Controls Financial Aid - Pell Grants
Compliance Subtotal 1,240.00 Information Technology Audits and ProjectsNetworking 400.00 Consulting: Financial Aid Data Analysis - Eligibility 360.00 PCI (Payment Card Industry) Compliance 360.00 HIPAA Security 360.00 Consulting: Staffing Data Analysis 360.00 Databases 360.00 IT Consulting and Participation 320.00 Reserve for FY 15 carryforward audits 120.00 Unix TAC 202 Business Continuity Planning & Emergency Management Physical Access Controls Management UT Dallas Marketplace
Information Technology Subtotal 2,640.00 Follow Up Quarter 1 40.00 Quarter 2 40.00 Quarter 3 40.00 Quarter 4 40.00
Follow Up Subtotal 160.00
Original Budget
18
Integral Audit Annual Report 2015
Note: At the September 15, 2015 Institutional Audit Committee meeting, the Audit Committee approved the addition of the Texas Higher Education Coordinating Board (THECB) Facilities Audit to the FY 2016 Audit Plan.
FY 2016 Audit PlanEngagements
Development - Operations FY 2017 Audit Plan 100.00 Internal Audit Committee 150.00 Internal Audit Annual Report 15.00 Participation on Institutional Committees 80.00 Internal Quality Assurance and Improvement Program 50.00 Reporting Requests 80.00 Hotline Team Participation 25.00 Executive Management and Leadership of the Internal Audit Department 400.00 Manager Leadership 40.00 Software Development and Maintenance 200.00 Training Provided by Internal Audit to Other Departments 300.00 Internal Audit Staff Meetings 250.00
Development - Operations Subtotal 1,690.00 Development - Initiatives and EducationParticipation in System Initiatives 80.00 Institutional Strategic or Quality Initiatives 40.00 Participation in Professional Organizations/Associations 100.00 Participation in Quality Assurance Reviews for Other Organizations 80.00 Professional writing, publications, external presentations 40.00 CPE Training 720.00 CPE Travel 300.00
Development - Initiatives and Education Subtotal 1,360.00 Reserve Investigations 500.00 Special Requests 1,090.00
Reserve Subtotal 1,590.00 Total Budgeted Hours 13,603.00
Original Budget
19
Integral Audit Annual Report 2015
RISK ASSESSMENT METHODOLOGY
The UT Dallas 2016 Audit Plan outlines the internal audit activities that will be performed by Internal Audit during FY 2016 in accordance with responsibilities established by the UT System, the Texas Internal Auditing Act, the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing, and Generally Accepted Government Auditing Standards. The plan is prepared using a risk-based approach to ensure that areas and activities specific to UT Dallas with the greatest risk are identified for consideration to be audited. As part of the FY 2016 Audit Plan process, the UT System Audit Office executed a pilot risk assessment internally developed over the last year. The goals for this common risk assessment approach were to start at the top with an awareness of critical initiatives and objectives to ensure the risks assessed were the most relevant. The assessment process was standardized by creating common terms and criteria, enabling trending of risk and Systemwide comparisons. An emphasis was placed on collaboration with other functions that assess, handle, or manage risk. Information Technology risks represent a broad, high-risk category in our risk assessment and include specific information technology risks related to Title 1, Texas Administrative Code (TAC), Chapter 202, Information Security Standards. An audit of TAC 202 compliance was conducted in FY 2015, and the report will be issued in November 2015. The risk assessment approach was based on a top-down process that included conversations and requests for input with risk collaborators, executives, and managers from the various operating areas on campus. UT System will continue to develop and strengthen this process in the upcoming years. The graphic on page 20 depicts how broad areas of risk scored within UT Dallas. Risk factors evaluated are likelihood, vulnerability, and impact to the achievement of an objective. Larger circles represent more critical or high risks in an area. Dark red represents the highest risks, while green represents the lowest risks.
20
Integral Audit Annual Report 2015
21
Integral Audit Annual Report 2015
The following is a list of additional areas ranked as a high risk that we have identified but not included in the fiscal year 2016 audit plan with and explanation of risk mitigations.
Risk Area Risk Mitigation/Explanation Campus Growth Management Executive management monitoring; planned for
FY 2017 Updated Strategic Plan SACS/COCS Review planned for FY 2017; new
President to address Campus Safety and Security Compliance Office inspection of Emergency
Management planned for FY 2016. Business Continuity Planning / Disaster Recovery
FY 2015 Audits (Business Continuity Planning and TAC 202)
Student Housing FY 2015 Audit of Student Housing Enrollment Management Executive management monitoring; planned for
FY 2017 Financial Aid FY 2015 Audits of Pell Grants and Scholarships UT System Shared Services Reliance on UT System Audit; participation on the
UT Dallas Transition to Shared Services team Mobile Devices FY 2015 UT System Audit Lab Safety FY 2015 Internal Audit Export Controls FY 2015 Internal Audit Title IX & EEO New compliance program at UT Dallas – planning
audit FY 2017 as Compliance Office assists in developing their compliance program.
Campus Construction Reliance on UT System Audit since most large construction projects handled at that level; THECB Facilities Audit, covering construction projects, was added to FY 2016 Audit Plan
VII. EXTERNAL AUDIT SERVICES PROCURED IN FISCAL YEAR 2015
The following external audit services were procured or were ongoing in fiscal year 2015. These services include, but are not limited to, financial and performance audits and attestation engagements such as a review or an agreed-upon-procedures engagement.
• Deloitte - Cancer Prevention Research Institute of Texas (CPRIT) audit. The audit was performed to audit UT Dallas’ compliance with the types of compliance requirements specific to CPRIT grants.
22
Integral Audit Annual Report 2015
VIII. REPORTING SUSPECTED FRAUD AND ABUSE
The following actions were taken by The University of Texas at Dallas to implement the requirements of:
FRAUD REPORTING
Section 7.09, Fraud Reporting, General Appropriations Act (84th Legislature, Conference Committee Report), Article IX
A state agency or institution of higher education appropriated funds by this Act, shall use appropriated funds to assist with the detection and reporting of fraud involving state funds as follows:
(a) By providing information on the home page of the entity's website on how to report suspected fraud, waste, and abuse involving state resources directly to the State Auditor's Office. This shall include, at a minimum, the State Auditor's Office fraud hotline information and a link to the State Auditor's Office website for fraud reporting; and
(b) By including in the agency or institution's policies information on how to report suspected fraud involving state funds to the State Auditor's Office.
The following actions have been taken by UT Dallas to ensure compliance with the fraud reporting requirements:
• UT Dallas has a link for fraud reporting under “Required Links” at the University’s home page, www.utdallas.edu, which provides information about reporting fraud, waste and abuse to the State Auditor’s office.
• UT Dallas has a hotline for reporting suspected noncompliance, ethics violations, and fraud at www.utdallas.edu/hotline.
• The Office of Internal Audit has a website for fraud at www.utdallas.edu/audit/fraud/. • UT Dallas complies with this in conjunction with the UT System Policy UTS118, Statement
of Operating Policy Pertaining to Dishonest or Fraudulent Activities, located at http://www.utsystem.edu/bor/procedures/policy/policies/uts118.html.
23
Integral Audit Annual Report 2015
COORDINATION OF INVESTIGATIONS
Texas Government Code, Section 321.022, Coordination of Investigations
a) If the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the state auditor. The state auditor may investigate the report or may monitor any investigation conducted by the department or entity.
b) The state auditor, in consultation with state agencies and institutions, shall prescribe the form, content, and timing of a report required by this section.
c) All records of a communication by or to the state auditor relating to a report to the state auditor under Subsection (a) are audit working papers of the state auditor.
The following actions have been taken by UT Dallas to ensure compliance with the Coordination of Investigations requirements:
• UT Dallas reports such activities to the State Auditor’s Office via their website at: sao.fraud.state.tx.us/Hotline.aspx.
• The UT System Audit Office requires reporting of fraud • The UT Dallas Office of Internal Audit Policies and Procedures Manual, Chapter 5,
Investigations, also references this section to ensure compliance.
IX. OFFICE OF INTERNAL AUDIT In alignment with UTD’s overall mission, goals, and objectives, the mission of the Office of Internal Audit is:
For more information about the Office, please see Internal Audit’s website at www.utdallas.edu/audit/. This site gives links to audit information including our charter, services offered, audit reports and plans, fraud, the audit committee, and staff information.
To provide an independent, objective assurance and consulting activity designed to add value and improve the University’s operations. To help the University accomplish its mission in learning, research and public service by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
24
Integral Audit Annual Report 2015
INTERNAL AUDIT STAFF
• Staff Size: The organization chart, shown on page 25, consists of the organization structure as of October 2015.
• Staff Experiences and Certifications: The internal audit staff consists of highly qualified and skilled audit professionals with certifications including Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE) Certificate in Risk Management and Assurance (CRMA), and GIAC Systems and Network Auditor (GSNA). A complete list of internal audit qualifications can be found at http://www.utdallas.edu/audit/about-us/staff/.
• Training: Internal Audit staff received an average of over 60 hours of continuing
professional education during fiscal year 2015. Key areas of training included emerging audit issues, risk assessment, information systems auditing, fraud, compliance, and ethics. Most of the training was received by participating in conferences, seminars, and webinars offered by the Association of College and University Auditors (ACUA), the Dallas Chapter of the Institute of Internal Auditors (IIA), the Texas Association of College and University Auditors (TACUA), the Institute of Internal Auditors, the SANS Institute, and the Association of Certified Fraud Examiners (ACFE).
• Contributions to the Profession: Members of the staff contributed to the profession in numerous ways:
The Chief Audit Executive (CAE) participated on the Association of College and
University Auditors (ACUA) Faculty and served as the Chair of the Volunteer Appreciation Committee.
The CAE served as a member of the Internal Auditing Education Partnership Program advisory board at the UT Dallas Naveen Jindal School of Management.
The audit staff works with and mentors student interns in the Internal Auditing Education Partnership (IAEP) program as they participate in various audit projects as student auditors during the year. During fiscal year 2014, Internal Audit worked with 13 student interns.
The CAE spoke at various professional conferences on topics such as risk assessment, human subjects, and dealing with difficult people; and to students in the IAEP class on risk assessment and audit planning.
The CAE participated in a peer review of an institution of higher education. Staff members participated in various professional associations on committees such
as the technology committee for the Dallas Chapter of the IIA and volunteered for conferences such as the Dallas Chapter of the IIA’s Fraud Conference and the Super Conference.
25
Integral Audit Annual Report 2015
ORGANIZATION CHART