Office of Internal AuditPartnering With Management Todd Stewart, MBA, CPA, CIA, CGFM Debra Johnston, CIA, CISA January 12, 2011
Definition of Internal Audit • Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Continued…. • Internal/External – We are not the state auditors or KPMG and we do not perform the kind of financial audits the external auditors perform unless we have a specific request to do so.
Internal Audit Mission • We will partner with management to identify areas of risk and work collaboratively with our clients to improve processes, efficiencies, compliance and the control environment of the University.
Governance • International Standards for the Professional Practice of Internal Auditing (Standards) • Authority granted by BOR policy • Accountable to President Mason and the Board of Regents through the Audit Committee.
Goals • Assess all types of risk • Evaluate compliance with laws, regulations and University policies • Review processes and controls • Improve accountability • Safeguard assets/resources • Recommend improvements to internal controls to assure efficient operations
Internal Controls • An integrated system to protect an entity’s resources. • A system of checks and balances • An established way to prevent and detect intentional and unintentional errors • Examples include segregation of duties, reconciliations, and proper authorizations • Controls can be preventive or detective • Internal Audit is part of the internal control system
Additional Roles of Internal Audit • Deterrent • Educate • Investigate • Provide assurance (positive and negative) • Advise and consult
Audit Types • Operational • Information Technology • Compliance • Financial • Fraud Investigations (Ethicspoint)
Why me? • Annual Risk Assessment Process • Over 50 interviews are conducted • Input from the BOR • Management specific requests • Risk based methodology • Special investigations
Client Involvement • Cooperation and open communication • Share your concerns • Understand the audit objectives and scope • Respond promptly to requests for feedback or information. • Implement the corrective actions agreed to in the report.
Four Phase Audit Process • Planning • Fieldwork • Reporting • Follow-Up
Controls /Efficiency Assessment (Risk Level) • Identified by Stoplight Colors that reside in the Board’s docket materials next to a short executive summary of the audit. • Red – high findings/risks identified • Yellow – moderate findings/risk identified • Green – low findings/risk identified • www.uiowa.edu/~audit
Follow-up timelines • Also Resides in the Docket materials. • Blue – Follow-Up is not due yet. • Green – Follow-Up is due and is within 3 months. • Yellow – Follow-Up is 3 months past due. • Red – Follow-up is 6 months past due. • UI Health Care Administrators track progress
Benefits of an Internal Audit • Presents a catalyst for positive change • Identifies and communicates risk exposure • Offers solutions to improve processes or efficiency • Provides cost-effective management advisory service.
Partnering • Support for the Internal Audit function • Tone at the top • Clear and consistent message • Communications • Active follow-up of audit recommendations • High expectations • Ethics
What’s New? • Procured an automated Work Paper solution called AutoAudit. • Provides a web interface for communicating and tracking audit findings and corrective actions. • Reports will be available to management to track the progress of audit findings. • Asking for an additional .6 FTE so that UI Health Care has a dedicated IT auditor. .
Requesting an Audit • Deb Johnston …..6-3785 • Todd Stewart …..5-0677
Additional Resources • Website www.uiowa.edu/~audit • Brochure available for distribution • Audit staff is always available for questions.