compliance audits for high risk areas n.
Skip this Video
Loading SlideShow in 5 Seconds..
Compliance Audits for High Risk Areas PowerPoint Presentation
Download Presentation
Compliance Audits for High Risk Areas

Compliance Audits for High Risk Areas

152 Vues Download Presentation
Télécharger la présentation

Compliance Audits for High Risk Areas

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Compliance Auditsfor High RiskAreas Presented By: Toni Messer, Director of Internal Audits The University of Texas at Dallas

  2. Compliance Audits Issued to Date • Medical Billing – Callier Center • NCAA Compliance • Segregation of Duties

  3. Compliance Audits in Process • Account Reconciliations • Appropriate Use of Financial Resources • Federal Contract and Grant Post Award

  4. Objectives To provide assurance that an effectively designed compliance program for the high risk area has been implemented and is operating effectively. To provide assurance that the institution is in compliance with policies, plans, procedures, laws, and regulations that could have a significant impact on operations and reports.

  5. First Step: Inspections The Compliance Office is responsible for conducting inspections of all the high risk areas, except for the ones for which they are responsible.

  6. Inspections • If the inspection indicates that the area is ready to be audited, Internal Audits schedules the audit. • If the area is not ready to be audited, the Compliance Office works with the responsible person and informs Internal Audits when the area is ready. • Internal Audits performs the inspections on areas where the Assistant Compliance Officer is the responsible person.

  7. Audit Procedures • See if any other components have performed similar audits! • Gain an understanding of the high risk area. • Test the high risk area. • Monitoring. • Training. • Reporting. • Audit report to management.

  8. Gaining an Understanding • Review the inspection report and any working papers prepared by the Compliance Office. • Follow up on any recommendations made in the inspection report. • Interview the responsible person, others as considered necessary.

  9. Gaining an Understanding • Review the Institutional Compliance Program manual for information relating to the high risk area, such as: • Risk Assessment. • Assess for reasonableness, any changes, etc. • Compliance Program Operations Guide. • Assess for reasonableness, completeness. • Method of Monitoring.

  10. Gaining an Understanding • Review policies and procedures relevant to the high risk area. • Review prior audits.

  11. Method of Monitoring • Determine if the responsible person is monitoring compliance as stated in the monitoring plan. • Review documentation maintained by the responsible person to ensure that monitoring is being documented. • Determine if monitoring plan appears reasonable. Is it measurable, sufficient to ensure compliance, etc., based on auditor’s understanding of the area?

  12. Examples of Audit Tests ofMonitoring Method of Monitoring: Supervisory review of journal entries by Manager of Financial Reporting. Audit procedure: Select a sample of journal entries to determine if Manager is reviewing and approving journal entries.

  13. Training • Determine if training is being performed in accordance with the training plan. • Review documentation, such as sign-in sheets, etc., to ensure that training is being performed. • Determine if training plan appears reasonable, based on auditor’s understanding of the area. Is the population of employees specified? Do responsible persons receive training?

  14. Reporting • Determine if reporting is being performed in accordance with the reporting plan. • Review documentation, such as quarterly reports to U. T. System and compliance committee meeting minutes, to ensure that reporting is being performed.

  15. Audit Reporting Process

  16. Exit Conference First, an exit conference is held with the responsible person and any others deemed necessary to discuss potential findings and recommendations. Certain recommendations considered minor will not be included in the audit report.

  17. Audit Report A report is drafted. When the responsible person is satisfied and the report has gone through appropriate levels of review, it is addressed to the President and given to the following: • Responsible person • Responsible person’s supervisor (Dean, VP, etc.) • Members of the Audit and Compliance Committee • Compliance Officer • Assistant Compliance Officer • U. T. System

  18. Audit Report • Background – Describes the compliance program, applicable policies and procedures, risks of noncompliance. • Audit Objectives – purpose of the audit. • Scope and Methodology – Details of what we did to achieve the audit objectives.

  19. Audit Report • Summary of Significant Findings – if any. • Audit Results & Management’s Responses–positive featuresof the compliance program, and any recommendations for improvement. • Conclusion – As to the effectiveness of the compliance program.

  20. Audit Report • Usually anyhigh riskarea audit recommendations are classified assignificantto UTD operations. • If the recommendation does not significantly affect the monitoring, training, or reporting functions, then it is classified as significant to the high risk area’s compliance operations.

  21. Audit Report Why do we put compliance recommendations in the audit report?

  22. Audit Report So they will be implemented!

  23. Questions?