Compliance Audits for High Risk Areas

1
Compliance Auditsfor High RiskAreas
Presented By Toni Messer, Director of Internal
Audits The University of Texas at
Dallas tmesser_at_utdallas.edu

2
Compliance Audits Issued to Date

• Medical Billing Callier Center
• NCAA Compliance
• Segregation of Duties

3
Compliance Audits in Process

• Account Reconciliations
• Appropriate Use of Financial Resources
• Federal Contract and Grant Post Award

4
Objectives

• To provide assurance that an effectively
  designed compliance program for the high
  risk area has been implemented and is
  operating effectively.
• To provide assurance that the institution is in
  compliance with policies, plans, procedures,
  laws, and regulations that could have a
  significant impact on operations and reports.

5
First Step Inspections

• The Compliance Office is responsible for
  conducting inspections of all the high risk
  areas, except for the ones for which they are
  responsible.

6
Inspections

• If the inspection indicates that the area is
  ready to be audited, Internal Audits schedules
  the audit.
• If the area is not ready to be audited, the
  Compliance Office works with the responsible
  person and informs Internal Audits when the
  area is ready.
• Internal Audits performs the inspections on
  areas where the Assistant Compliance Officer
  is the responsible person.

7
Audit Procedures

• See if any other components have performed
  similar audits!
• Gain an understanding of the high risk area.
• Test the high risk area.
• Monitoring.
• Training.
• Reporting.
• Audit report to management.

8
Gaining an Understanding

• Review the inspection report and any working
  papers prepared by the Compliance Office.
• Follow up on any recommendations made in
  the inspection report.
• Interview the responsible person, others as
  considered necessary.

9
Gaining an Understanding

• Review the Institutional Compliance Program
  manual for information relating to the
  high risk area, such as
• Risk Assessment.
• Assess for reasonableness, any changes, etc.
• Compliance Program Operations Guide.
• Assess for reasonableness, completeness.
• Method of Monitoring.

10
Gaining an Understanding

• Review policies and procedures relevant to the
  high risk area.
• Review prior audits.

11
Method of Monitoring

• Determine if the responsible person is
  monitoring compliance as stated in the
  monitoring plan.
• Review documentation maintained by the
  responsible person to ensure that monitoring
  is being documented.
• Determine if monitoring plan appears
  reasonable. Is it measurable, sufficient to
  ensure compliance, etc., based on auditors
  understanding of the area?

12
Examples of Audit Tests of Monitoring

• Method of Monitoring
• Supervisory review of journal entries by
  Manager of Financial Reporting.
• Audit procedure
• Select a sample of journal entries to determine
  if Manager is reviewing and approving journal
  entries.

13
Training

• Determine if training is being performed in
  accordance with the training plan.
• Review documentation, such as sign-in sheets,
  etc., to ensure that training is being
  performed.
• Determine if training plan appears reasonable,
  based on auditors understanding of the
  area. Is the population of employees
  specified? Do responsible persons receive
  training?

14
Reporting

• Determine if reporting is being performed in
  accordance with the reporting plan.
• Review documentation, such as quarterly reports
  to U. T. System and compliance committee
  meeting minutes, to ensure that reporting is
  being performed.

15
Audit Reporting Process
16
Exit Conference

• First, an exit conference is held with the
  responsible person and any others deemed
  necessary to discuss potential findings and
  recommendations.
• Certain recommendations considered minor will not
  be included in the audit report.

17
Audit Report

• A report is drafted. When the responsible person
  is satisfied and the report has gone through
  appropriate levels of review, it is addressed to
  the President and given to the following
• Responsible person
• Responsible persons supervisor (Dean, VP, etc.)
• Members of the Audit and Compliance Committee
• Compliance Officer
• Assistant Compliance Officer
• U. T. System

18
Audit Report

• Background Describes the compliance program,
  applicable policies and procedures, risks of
  noncompliance.
• Audit Objectives purpose of the audit.
• Scope and Methodology Details of what we
  did to achieve the audit objectives.

19
Audit Report

• Summary of Significant Findings if any.
• Audit Results Managements Responses positive
  features of the compliance program, and any
  recommendations for improvement.
• Conclusion As to the effectiveness of the
  compliance program.

20
Audit Report

• Usually any high risk area audit recommendations
  are classified as significant to UTD operations.
• If the recommendation does not significantly
  affect the monitoring, training, or reporting
  functions, then it is classified as significant
  to the high risk areas compliance operations.

21
Audit Report

• Why do we put compliance recommendations in
  the audit report?

22
Audit Report

• So
• they
• will
• be
• implemented!

23
Questions?