Internal Audit Department Orientation

1
Internal Audit DepartmentOrientation

• Manu Patel, Internal Audit Director
• Purvi Mody, Executive Director, Compliance and
  Internal Audit, Health System
• June 5, 2015

2
Audit and Compliance Committee(RPM 1.2, 7.3)

• A standing committee of the Board of Regents
• One member should be financial expert
• Meets four or more times a year
• Follows Open Meetings Act

3
Audit and Compliance Committee(RPM 7.3)

• Oversight Responsibilities for Universitys
• Financial reporting
• Internal controls
• Risk management
• Performance of external financial and internal
  auditors
• Compliance with laws and regulations
• Compliance program
• Federal, state agencies audits and compliance
  reviews

4
Authority of Internal Audit Dept. (IA) (RPM 7.2)

• Was established to perform a comprehensive
  internal audit function
• Has unrestricted access to all functions,
  records, property, and personnel
• Obtains the necessary assistance of personnel
• Communicates with personnel of internal,
  external, law enforcement agencies, etc.

5
Independence

• IA reports functionally to the Audit and
  Compliance Committee
• Free from interference in determining the scope
  of internal auditing
• Empowered to obtain the information needed
• IA reports administratively to the University
  President

6
Independence (cont.)

• Health System Internal Audit reports
  administratively to the Chief Executive Officer
  and Administrator of Hospital Operations

7
UNM Internal Audit Reporting Lines
8

• Internal Audit

UNM Board of Regents
Audit Committee of Each Entity and COO of the
Health System (Steve McKernan)
HS Internal Audit (Purvi Mody)
UNM Internal Audit (Manu Patel)
UNM Main Campus
Health Sciences Center
Health System
School of Medicine, College of Nursing and
Pharmacy
Research (Cancer Center and HSC)
Branch Campuses, Affiliated entities
(Foundation and Lobo Development, etc)
UNM Hospitals and 57 Clinics
UNM Cancer Center Clinics
UNM Medical Group and 7 clinics
UNM SRMC

• UNM Internal Audit
• Health System Internal Audit

9
Report Functionally to the Committee

• The Committee reviews and approves UNM
  Internal Audits
• Risk based internal audit plan
• Budget and resource plan
• Work product audit, consulting reports, etc.
• Follow up report on managements responses to
  audit recommendations
• Health System IA reports functionally to Board of
  Trustees Audit and Compliance Committee

10
Purpose and Scope of Work

• Improve the University's operations
• Determine whether the University's systems of
  controls, risk management, and governance, are
  adequate, and functioning properly to ensure
• Risks are identified and managed
• Employees' actions are compliant with policies
  etc.
• Resources are acquired economically, used
  efficiently, and adequately protected, etc.

11
Investigation of Fraudulent Activity

• University policy requires Internal Audit to
  conduct investigations of fraud and employee
  misconduct if financial
• Will coordinate investigations of suspected
  fraudulent activities within the University

12
Relevant UNM Policies

• Policy 2200 Whistleblower Protection and
  Reporting Suspected Misconduct and Retaliation
• Policy 7205 Dishonest or Fraudulent Activities

13
Definition of Internal Auditing

• an independent, objective assurance and
  consulting activity designed to add value and
  improve an organization's operations.
• It helps an organization accomplish its
  objectives by bringing a systematic, disciplined
  approach to evaluate and improve the
  effectiveness of risk management, control, and
  governance processes.
• The Institute of Internal Auditors

14
Assurance Services

• We provide an independent assessment on
  governance, risk management, and control
  processes
• Examples of assurance engagements
• management and performance
• compliance
• information technology
• special requests
• fraud

15
Types of Assurance Engagements

• Special Request from senior management or the
  Board of Regents
• may result from concerns about a program,
  function or account
• Fraud examination
• initiated from irregularities identified during
  routine audit work, management who find fraud in
  their organizations, and complaints from various
  sources including the Hotline

16
Risk Based Auditing

• Focus on
• risk of occurrences that could prevent the
  University from achieving its goals
• areas with high risk where controls are not in
  place or are weak
• Risk based audit plan
• developed with input from across the University
• based on available man hours
• A university-wide 5-year plan is revisited
  annually

17
IA Process of Audit Report

• Management responds to the report with 3 required
  elements within 10 days
• Management obtains its EVPs approval
• President approves managements responses
• Committee reviews and approves
• Report is made public except exempted information

18
Standards and Ethics

• Adhere strictly to the Code of Ethics as
  established by the Institute of Internal Auditors
  (IIA)
• Abide by applicable standards made by IIA and the
  American Institute of Certified Public
  Accountants (AICPA)

19
Quality

• IA must have a peer review at least once every
  five years
• Last quality assessment was approved in March
  2013