University Audit

Audit Plan 2011-2012

State University of New York
Office of the University Auditor
2011-2012 Audit Plan

Overview

The 2011-2012 Audit Plan was developed in alignment with the Core Values and the Six Big Ideas as stipulated in SUNY’s Strategic Plan 2010 and Beyond. The following highlights the plan’s objectives:

• Complete risk based audits in key areas including Financial Management, Information Security, Contract Procurement, Campus Construction Lets, Financial Aid and Health Centers.
• Continue to share best practice and audit guidance across SUNY.
• Address System Administration and campus requests for advisory and consultative services, special projects, liaison roles with external agencies, and procurement testing.
• Maintain the SUNY Hotline and coordinate the work of the Fraud Investigation Committee in reviewing matters related to fraud, misconduct, and irregularities.
• Collaborate with University Counsel to pursue an effective Compliance Program model.
• Coordinate with campus-based internal audit offices to help ensure high risk areas are reviewed.
• Continue dialogue with the Research Foundation of the State University of New York to clarify roles and responsibilities relating to research activities and to seek opportunities for collaborative projects.
• Manage and refine SUNY policies and procedures under the OUA’s purview and responsibility, including Procedures for Suspected Fraud and Irregularities, and Corrective Action for OSC Audits; and recommend updates, as needed, to other policies or procedures, as identified in the conduct of audits.

I.      Introduction

The objective of the internal audit function is to assist the State University of New York (SUNY) Board of Trustees and management in fulfilling their governance responsibilities. The internal audit function is responsible for auditing campus and System Administration financial, operational, and internal control activities and for providing the Trustees and management with reports on the results of the audits. The audits of the Office of the University Auditor (OUA) are aligned with SUNY’s strategic plan and recognize the importance of accountability.   Audits focus primarily on assessing whether processes and controls are adequate to provide reasonable assurance that resources are safeguarded against waste, loss, and misuse; that operations are efficient and effective; that specific management objectives are achieved; that financial and performance reports are reliable; and that there is compliance with applicable laws and regulations. The audit reports issued by the OUA are designed to add value and improve operations. Audit resources are devoted to addressing areas perceived with the highest relative risk and areas that cover SUNY’s core business activities. The results of the audits are communicated to the members of the Audit Committee of the Board of Trustees, the Chancellor, campus Presidents, Senior Vice Chancellor and Chief Operating Officer, Vice Chancellors, campus officials, and others, as appropriate.  

The internal audit function of SUNY consists of the OUA, and eight internal audit offices located at six campuses (Albany, Binghamton, Buffalo, Stony Brook, Brooklyn, and Syracuse). Periodically, the OUA reports to the Audit Committee on audit activity for all internal audit offices (University-wide).

The 2011-2012 Audit Plan addresses the audit priorities of SUNY and serves as the work plan for the OUA. Although located at System Administration, the OUA has been given the authority, under its charter, to audit and examine all areas within SUNY. In doing so, the OUA strives to coordinate assignments and collaborate with the campus based internal audit departments, as well as with SUNY’s independent auditors and the Office of the State Comptroller to maximize the effective use of resources.

 II.    Development of the Audit Plan

The 2011-12 Audit Plan was developed through a formal risk assessment process and taking into account SUNY’s Strategic Plan. The risk assessment was performed by identifying operational and programmatic areas, obtaining input from both System Administration and campus management, considering preliminary research, and analyzing data. A valuation grid was used to identify our audit priorities by taking into account various factors such as: safety, financial impact, public image, complexity, size, internal controls, prior audit coverage, available staffing, the significance of risk, and the likelihood of adverse outcome. It is expected that a level of audit coverage will be accomplished for all State operated campuses in the course of the 2011-2012 audit year.

 III.   Audit Standards

Audits are conducted in compliance with the International Standards for the Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors. The audit standards provide a framework for performing our work and also establish a basis for evaluation of the work.

IV.   Staffing

The OUA, in addition to the University Auditor, includes seven professional auditors, and an administrative staff assistant. The OUA has vacant professional auditor positions and will seek to fill these positions as resources become available. The OUA will utilize the services of one or more SUNY student interns throughout the year if resources permit. Internships provide students with practical experience in the auditing field and also allow us to provide additional audit coverage. Our audit staff holds professional certifications such as Certified Public Accountant, Certified Government Financial Manager, and Certified Information Systems Auditor, and some have earned advanced educational degrees. Staff members regularly attend continuing professional education sessions to maintain their professional proficiency and staff members also actively pursue professional certification opportunities.

V.    Audit Areas

 1.   Campus Audits

The OUA proposes to conduct the following audits at a sample of campuses or System Administration. Some of these projects were rescheduled from the prior year due to unanticipated special projects and staffing shortfalls. Audits of campuses will include a review of System Administration’s oversight activities, where applicable. The campuses selected for these audits will be based on a focused risk assessment for the area under audit and will take into account comments from SUNY management. The audits will include a review of the campus-based internal control programs. For certain areas, OUA anticipates conducting audits at two or more campuses.

Campus Financial Management Practices
Campuses are responsible for billing and collecting tuition and other payments, purchasing needed goods and services, and hiring faculty and staff. The audits will assess internal controls in five critical financial management areas: cash receipts, cash disbursements, procurement, payroll, and equipment inventory.

Information Security and Disaster Recovery
The OUA will assess campuses performance related to information security, data privacy, and disaster recovery. Focused reviews will be conducted at a number of campuses, in order to provide broader feedback to assist campuses in achieving optimal security and operational objectives.

Contract Procurement
During 2011, legislation was enacted allowing SUNY to enter into certain types of contracts without pre-approval from the New York State Attorney General or the Office of the State Comptroller. While pre-approval for certain contracts is no longer required, campuses are still expected to adhere to applicable regulations for the establishment of such contracts. The audits will assess campuses’ controls related to the approval of contracts for goods and if the campuses are in compliance with applicable regulations.

Campus Construction Lets
With approval of the State University Construction Fund, specific capital projects are managed by individual campus facilities offices. The audit will assess controls over these activities, including authorizations, budgets, and expenditures.

Tuition Assistance Program
The New York State Tuition Assistance Program (TAP) awards grants up to $5,000 to eligible New York State residents to assist with tuition. The audit will review campuses procedures related to awarding and disbursing of TAP awards to determine whether the campuses are in compliance with applicable regulations and that effective controls are in place.

Campus Health Centers
OUA will conduct audits of selected campus health centers to ensure there are adequate controls over cash and pharmaceuticals, and that appropriate consideration has been given to HIPAA and other privacy concerns.

2.   Other Audit Activities

Investigations
OUA is a member of the Fraud Investigation Committee and will provide guidance and assistance to address alleged fraud concerns. This typically involves coordination with campus personnel and, in many cases, on-site work by OUA.

Special Requests
OUA has allocated audit resources to accommodate special requests for audits and reviews. OUA has received one such request for 2011-2012 which includes a review of System Administration’s Travel Policy and a determination of departmental compliance with the Travel Policy.

Advisory Services
OUA will assist in the implementation of the SUNY strategic plan by partnering with the various SUNY work groups. OUA will strive to ensure timely communication with our constituents. OUA representatives participate in the meetings of the State University and Community College Business Officers’ Associations and also provide senior management and presidents of campuses with information on audit issues, trends, and emerging issues, as appropriate.

Procurement Testing
OSC requires all State agencies to perform testing of procurement controls. SUNY accomplishes this requirement in several different ways, including but not limited to the following audit activities:

• Procurement processes and controls are reviewed and tested as part of the Financial Management Practices Audit (current audit plan includes such an audit at one campus).
  
• Testing and exception reporting utilizing a data mining software program that enables us to analyze certain procurement transactions processed through the State Voucher System (including Quickpay and procurement cards) for campuses, as well as System Administration. If the process identifies any potentially significant exceptions such as duplicate payments, they will be investigated, as appropriate.

Peer Review
The OUA is required to obtain a peer review of its operations once every five years. The objective of the Peer Review is to determine whether the OUA is in compliance with the International Standards for the Professional Practice of Internal Auditing (IIA Standards). Peer reviews are typically contracted out to a third party such as a certified public accountant. As a cost saving measure, the OUA anticipates participating in a State-wide peer review process in which staff will conduct a peer review for another participating State agency, and the OUA will have its peer review conducted by staff from another participating State agency.

3. Administrative

Coordination with External Auditors and Campus Internal Auditors
OUA coordinates external audit activity including the Single Audit, the financial statements audits, and audits conducted by the Office of the State Comptroller and the Federal government. OUA will also work closely with campus internal auditors to maximize our audit resources, eliminate duplication of effort, share best practices, and focus on our highest risk areas.

Manage Fraud Hotline
OUA manages the fraud hotline and the related database of complaints received.

Quality Assurance Review
As required by the International Standards for the Professional Practice of Internal Auditing, the OUA will continue to assess its operations for quality improvement opportunities.

4. Continuing Professional Education (CPE)

OUA will continue to fulfill the professional auditing standards requirement that auditors obtain continuing professional education in order to maintain and enhance their skills and proficiencies.

StateUniversity of New York
Office of the University Auditor
2011-2012 Audit Plan