Session 4: Internal Audit engagement protocols

1
Session 4 Internal Audit engagement protocols

• Presented by
• Lee Ward Monash University

2
Internal Audit Engagement Protocols

• Presenter
• Lee Ward
• Director Audit and Risk Management

3
Internal Audit process

• Scope
• Effective systems
• Compliance
• Probity in procurement
• Grant acquittals
• Investigations

• Approach
• Collaborative
• Agreed actions
• Risk based
• Constructive

• Reporting
• Heads of Dept
• Audit committee

• Outcomes
• Identify and resolve weaknesses
• Awareness and accountability
• Holistic overview

4
Innovation in Internal Audit

• Compliance audits
• Systems
• Departmental

Scoping fieldwork
Recommendations Agreed Actions
Reporting
Follow-up
5
Scoping fieldwork

• Discuss scope with Dean
• Review financial position of Depts cf budget
• Reliance on controls in systems
• Risk assessment - Conclusions and documentation
• Sample sizes
• Electronic work papers
• Sign-off

6
Recommendations
Agreed Actions

• Validation of findings
• Strategies to address risk
• Agreeing actions

7
Reporting

• Preliminary report - recommendations
• Final report agreed actions
• Risk ratings
• Negative or positive assurance
• Scoring
• Benchmarking
• Better practice comparison
• Audit Committee

8
Risk Finding Risk Implication Risk Rating Agreed Action
1. Splitting of Purchase Orders Purchase orders from the same vendor were split to form multiple orders for like goods on the same day to circumvent SAP authorisation limit of 20k for the Managers. Unauthorised expenditure High Responsible Officer Faculty Manager The ZZ Officer had previously been warned about order splitting. Target Date Complete
2. Inappropriate use of corporate card Use of corporate card contrary to policy The 80 business calls for Professor Felix Cats mobile phone were charged to corporate card rather than reimbursed as per the Conduct and Compliance policy and A computer license of 741 was charged to a Research Fellows Corporate Card in May 2009. FBT liabilities and penalties Medium Responsible Officer Head of Department Hold the Professor accountable to ensure appropriate use of corporate card. Target Date 30 September 2010
Purchase Order No. Date Amount Description/ Vendor PO Preparer Approved by
45648981 27.08.09 19,560 Acme Building Co. ZZ Officer XX Operations Manager
45648983 27.08.09 3,782 Acme Building Co. ZZ Officer XX Operations Manager
Total 23,342      
9
Follow-up

• Register of outstanding actions
• Evidence of actions completed
• Reporting of overdue actions
• Audit committee response

10
Status Key Overdue Not Due
Complete
Report No Report Title Ref Risk Finding Risk Rating Agreed Actions Target Date Resp.
201003 School of Song and Dance 1.1 Splitting of Purchase Order High Refer Deputy HoS to HR to consider disciplinary action Complete Dean
201003 School of Song and Dance 1.2 High Establish a protocol to manage delegations and financial authorities in the absence of the Dean 01/08/2010 Dean
201003 School of Song and Dance 2 Corporate Card statements not properly approved Medium Hold Deputy HoS accountable to submit corporate cards statements to his SAP nominated approver Complete Dean
201003 School of Song and Dance 3 License agreements Medium Review level of understanding of Faculty Executive to ensure compliance with Financial Authorities and Delegations Policies 30/10/2010 Dean
201003 School of Song and Dance 4 Failure to obtain tax invoices Medium Review training and experience of SAP processors to ensure compliance with Policy and Procedures and to report exceptions to Deputy HoS 30/10/2010 Deputy Head of School
201003 School of Song and Dance 5 Performance reviews not conducted for professional staff Medium Hold Deputy HoS accountable to complete performance reviews for the professional staff 15/09/2010 Dean
201003 School of Song and Dance 6 Inappropriate purchases by Corporate Card Low Review induction processes and staff training to ensure that corporate card holders comply with Corporate Card Policy Complete Deputy Head of School
Status Key Overdue Not Due
Complete