Campus Audits: Chancellor

1
Campus Audits Chancellors Office Guide to
Survival

• Janice Mirza Senior Director, Office of the
  University Auditor
• Academic Resources Council - April 2, 2009

2
Presentation Overview

• The Office of the University Auditor (OUA)
• Types of Audits
• What We Look For
• How We Select and Schedule
• Tips for Audit Survival

3
OUA Organization Chart
4
Mission Statement The mission of the Office of
the University Auditor is to assist university
management and the Trustees in the effective
discharge of their fiduciary and administrative
responsibilities by bringing a systematic,
disciplined approach to evaluate and improve the
effectiveness of risk management, control, and
governance processes. This assistance is
provided through a series of independent and
objective operational and compliance audits,
internal control reviews, investigation services,
and consulting.
5
Purpose and Authority Education Code Section
89045, enacted by Chapter 1406 of the Statutes of
1969, provided for the establishment of an
internal auditing function reporting directly to
the Trustees of the California State University
(CSU). Subsection (b) of the Code states that
the duties of this function/internal audit staff
shall include, but not be limited to, auditing,
reviewing, cost and system analysis, analyzing
and recommending operating procedures for the
California State University. Subsection (c) of
the Code states that management audits shall be
made to determine the effectiveness and
efficiency of the organization, operation, and
procedures of each state university, each
auxiliary organization, and the Office of the
Chancellor.  
6
The Audit
Artist Jeff Leedy artthatmakesyoulaugh.com
7
General Types of Audits

• Operational Audits - Examine the use of unit
  resources to evaluate whether those resources are
  being used in the most effective and efficient
  manner to fulfill the University's mission and
  objectives. An operational audit may include
  elements of the other audit types listed below.
• Financial Audits - Focus on accounting and
  reporting of financial transactions, including
  commitments, authorizations, and receipt and
  disbursement of funds. The purpose of this type
  of audit is to verify that there are sufficient
  controls over cash and cash-like assets, and that
  there are adequate process controls over the
  acquisition and use of resources.
• Compliance Audits - Review adherence to laws,
  regulations, policies, and procedures. Examples
  include federal and state law, Trustee policies,
  and chancellor's office directives.
  Recommendations typically call for improvements
  in processes and controls intended to ensure
  compliance with regulations.

8
General Types of Audits (contd)

• Information Systems (IS) Audits - Examine the
  internal control environment of automated
  information processing systems and how people use
  those systems. IS audits typically evaluate
  system input, output, and processing controls
  backup and recovery plan system security and
  computer facility reviews.
• Internal Control Reviews - Focus on the
  components of the university and auxiliary
  organization major business activities. Areas
  such as payroll and benefits, cash handling,
  inventory and equipment and their physical
  security, grants and contracts, and financial
  reporting are usually subject to review.
• Investigations - Seek to establish evidence of
  impropriety imply a systematic track-down of
  information the auditor hopes to discover or
  needs to know. Investigations include alleged
  instances of fraud, waste and abuse, and improper
  governmental activities.
• Consulting Services - Add value and improves an
  organization's governance, risk management, and
  control processes without the auditor assuming
  management responsibilities. Consulting services
  may include counsel, advice, and facilitation.

9
Types of Audits Within the CSU

• Mandatory Audits
• FISMA Financial internal control reviews
  required as part of the Financial Integrity and
  State Manager's Accountability Act (FISMA) of
  1983. Performed on a two-year cyclical basis on
  all campuses.
• Auxiliary - Internal compliance/internal control
  reviews of each auxiliary organization, including
  segregation of duties, safeguarding of assets and
  reliability and integrity of information required
  by EO 698. Performed on a three-year cyclical
  basis on all campuses.
• Delegations of Authority Reviews of delegations
  of authority concerning purchasing and
  contracting activities, motor vehicle
  inspections, and real and personal property
  transactions to assure that CSU has acted
  responsibly under the Delegations of Authority
  established by SB 1828 (1986) and expanded by AB
  1191 (1993). Performed on a five-year cyclical
  basis on selected campuses.

10
Types of Audits Within the CSU

• Other Audits
• Subject Area Selected annually via a risk
  assessment process. Audits can be of anything on
  a college campus and include operational,
  financial, compliance, information systems and
  internal control elements.
• Construction Selected on the basis of project
  size.
• Investigations Performed as the need arises.
• Consulting Services Performed as requested.

11
Campus Selection and Audit Scheduling
12
Campus Selection

• FISMA audits 12 per year.
• Auxiliary audits 8 per year.
• Delegations of Authority audits selected as
  noted below but only performed every 5th year.
• 10 campuses for each of three subject areas
  coordinated with above cyclical audits and
  consideration of campus size, prior audits, and
  management judgment.
• Construction selected based on project size and
  status of completion.

13
Audit Scheduling

• FISMA and Auxiliary audits based on prior audit
  dates with two months avoided for yearend close.
• Subject area audits coordinated with cyclical
  audits to maintain adequate spread when multiple
  audits on one campus.
• Construction audits sort of thrown in.
• All audits scheduled to provide adequate mix of
  in-town and out-of-town assignments.
• Scheduling impacted throughout the year by
  staffing changes, vacation requests, specific
  campus issues.

14
Tips for Audit Survival

• Be Proactive
• Review your internal controls
• Review prior and similar audit reports
• Self Audit
• Use policies and procedures as criteria for
  self-assessment
• Create internal control/compliance checklists
• Ensure prompt correction of errors and deviations
  from policies and procedures
• Have all requested documents ready at start of
  audit

15
OUA Audit Reports
16
More Tips for Audit Survival

• Be positive, professional, and confident.
• Listen carefully to questions and understand
  question before answering.
• Keep answer simple and direct.
• Be honest.
• Understand that we are all working on the same
  team.

17
Even More Tips for Audit Survival

• Do not get offended by WHY questions.
• Recognize that the auditors may be experts (they
  may have worked in the specialty area prior to
  becoming an auditor).
• Realize that the auditors may not be subject
  experts (this may be their first audit so be
  patient).
• Understand that the auditors really are there to
  help.

18

• QUESTIONS

19
Contact Information

• Janice Mirza
• 562-951-4430
• jmirza_at_calstate.edu
• OUA Website
• www.calstate.edu/audit

20
THANK YOU