University Audit

Audit Plan 2013-2014

State University of New York
Office of the University Auditor
2013-14 Audit Plan

Overview

The 2013-2014 Audit Plan was developed in alignment with the Core Values and the Six Big Ideas as stipulated in SUNY’s Strategic Plan. The Plan was prepared based on current staffing levels. If additional resources are provided, we expect to use them to audit additional high risk areas such as clinical practice plans, environmental health and safety, and athletics. The following highlights the plan’s objectives: 

• Complete risk based audits in key areas including Financial Management, Information Security, Campus Construction Lets, and Campus-related Entities (Auxiliary Services Corporations and Student Government Associations).
• Continue to share best practice and audit guidance across SUNY.
• Address System Administration and campus requests for advisory and consultative services, special projects, liaison roles with external agencies, and procurement testing.
• Maintain the SUNY Hotline and coordinate the work of the Fraud Investigation Committee in reviewing matters related to fraud, misconduct, and irregularities.
• Collaborate with the SUNY Compliance Committee to pursue an effective and comprehensive Compliance Program.
• Collaborate with Counsels Office, Controllers Office, and others to develop and implement a risk management program.
• Coordinate with campus-based internal audit offices to help ensure high risk areas are reviewed.
• Continue dialogue with the Research Foundation of the State University of New York to clarify roles and responsibilities relating to research activities and to seek opportunities for collaborative projects.

I.      Introduction

The objective of the internal audit function is to assist the State University of New York (SUNY) Board of Trustees and management in fulfilling their governance responsibilities. The internal audit function is responsible for auditing campus and System Administration financial, operational, and internal control activities and for providing the Trustees and management with reports on the results of the audits. The audits of the Office of the University Auditor (OUA) are aligned with SUNY's strategic plan and recognize the importance of accountability.  Audits focus primarily on assessing whether processes and controls are adequate to provide reasonable assurance that resources are safeguarded against waste, loss, and misuse; that operations are efficient and effective; that specific management objectives are achieved; that financial and performance reports are reliable; and that there is compliance with applicable laws and regulations. The audit reports issued by the OUA are designed to add value and improve operations. Audit resources are devoted to addressing areas perceived with the highest relative risk and areas that cover SUNY's core business activities. The results of the audits are communicated to the members of the Audit Committee of the Board of Trustees, the Chancellor, campus Presidents, Senior Vice Chancellor and Chief Operating Officer, Vice Chancellors, campus officials, and others, as appropriate.

The internal audit function of SUNY consists of the OUA, and eight internal audit offices located at six campuses (Albany, Binghamton, Buffalo, Stony Brook, Brooklyn, and Syracuse). Periodically, the OUA reports to the Audit Committee on audit activity for all internal audit offices (University-wide).

The 2013-2014 Audit Plan addresses the audit priorities of SUNY and serves as the work plan for the OUA. Although located at System Administration, the OUA has been given the authority, under its charter, to audit and examine all areas within SUNY. In doing so, the OUA strives to coordinate assignments and collaborate with the campus based internal audit departments, as well as with SUNY's independent auditors and the Office of the State Comptroller to maximize the effective use of resources.

  II.    Development of the Audit Plan

The 2013-14 Audit Plan was developed through a formal risk assessment process and taking into account SUNY’s Strategic Plan. The risk assessment was performed by identifying operational and programmatic areas, obtaining input from System Administration and campus management, considering preliminary research, and analyzing data. A valuation grid was used to identify our audit priorities by taking into account various factors such as: safety, financial impact, public image, complexity, size, internal controls, prior audit coverage, available staffing, the significance of risk, and the likelihood of adverse outcome. It is expected that some level of audit coverage will be accomplished for all State operated campuses in the course of the 2013-2014 audit year.

 III.   Audit Standards

Audits are conducted in compliance with the International Standards for the Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors. The audit standards provide a framework for performing our work and also establish a basis for evaluation of the work.

IV.   Staffing

The OUA, in addition to the University Auditor, includes six professional auditors, and an administrative staff assistant. OUA is in the process of filling one professional auditor vacancy and has requested funding for two additional audit positions. In addition to its professional audit staff, the OUA will utilize the services of one or more SUNY student interns throughout the year if resources permit. Internships provide students with practical experience in the auditing field and
also allow us to provide additional audit coverage. Our audit staff holds professional certifications such as Certified Public Accountant, Certified Government Financial Manager, and Certified Information Systems Auditor, and some have earned advanced educational degrees. Staff members regularly attend continuing
professional education sessions to maintain their professional proficiency and staff members also actively pursue professional certification opportunities.

V.    Audit Areas

 1.   Campus Audits

The OUA proposes to conduct the following audits at a sample of campuses or System Administration. Some of these projects were rescheduled from the prior year due to unanticipated special projects and staffing shortfalls. Audits of campuses will include a review of System Administration’s oversight activities, where applicable. The campuses selected for these audits will be based on a focused risk assessment for the area under audit and will take into account comments from SUNY management. The audits will include a review of the campus-based internal control programs. For certain areas, OUA anticipates conducting audits at two or more campuses.

Campus Financial Management Practices
Campuses are responsible for billing and collecting tuition and other payments, purchasing needed goods and services, and hiring faculty and staff. The audits will assess internal controls in one or more of the five critical financial management areas: cash receipts, cash disbursements, procurement, payroll, and equipment inventory.

Information Security and Disaster Recovery
The OUA will assess campuses performance related to information security, data privacy, and disaster recovery. Focused reviews will be conducted at a number of campuses, in order to provide broader feedback to assist campuses in achieving optimal security and operational objectives.

Campus Construction Lets
With approval of the State University Construction Fund, specific capital projects are managed by individual campus facilities offices. The audit will assess controls over these activities, including authorizations, budgets, and expenditures.

Campus Health Centers
OUA will conduct audits of selected campus health centers to ensure there are adequate controls over cash and pharmaceuticals, and that appropriate consideration has been given to privacy concerns.

Auxiliary Service Corporations and Student Government Associations
OUA will conduct audits of selected financial management practices and compliance with SUNY policy at two Auxiliary Service Corporations and two Student Government Associations.

2.   Other Audit Activities

Investigations and Reviews
OUA is a member of the Fraud Investigation Committee and will provide guidance and assistance to address alleged fraud, misconduct, and irregularities. This typically involves coordination with campus personnel and, in many cases, on-site work by OUA.

Special Requests
OUA has allocated audit resources to accommodate special requests from campuses and System Administration for audits and reviews.

Advisory Services
OUA will assist in the implementation of the SUNY strategic plan by partnering with the various SUNY work groups. OUA will strive to ensure timely communication with our constituents. OUA representatives participate in the meetings and conferences of the State University and Community College Business Officers’ Associations; Purchasing Association; Accounting, Budget, and Bursars Group; Human Resource Group; and Financial Aid Professionals. OUA also provides senior management and presidents of campuses with information on audit issues, trends, and emerging issues, as appropriate.

Procurement Testing
OSC requires all State agencies to certify the adequacy of controls over the procurement process and perform testing of procurement controls. SUNY accomplishes this requirement in several different ways, including but not limited to the following audit activities:

• Procurement processes and controls are reviewed and tested as part of the Financial Management Practices Audit (current audit plan includes such an audit at one campus).
  
• Testing and exception reporting utilizing a data mining software program that enables us to analyze certain procurement transactions processed through the State Financial System for campsues, as well as System Administration. If the process identifies any potentially significant exceptions such as duplicate payments, they will be investigated, as appropriate.

Peer Review
The OUA is required to obtain a peer review of its operations once every five years. The objective of the Peer Review is to determine whether the OUA is in compliance with the International Standards for the Professional Practice of Internal Auditing (IIA Standards) and to identify improvement opportunities. Peer reviews are typically contracted out to a third party such as a certified public accountant. As a cost saving measure, the OUA anticipates participating in a State-wide peer review process in which OUA staff will conduct a peer review for another participating State agency, and the OUA will have its peer review conducted by staff from another participating State agency.

3. Administrative

Coordination with External Auditors and Campus Internal Auditors
OUA coordinates external audit activity including the Single Audit, the financial statements audits, and audits conducted by the Office of the State Comptroller and the Federal government. OUA will also work closely with campus internal auditors to maximize our audit resources, eliminate duplication of effort, share best practices, and focus on our highest risk areas.

Manage Fraud Hotline
OUA manages the fraud hotline and the related database of complaints received.

Quality Assurance Review
As required by the International Standards for the Professional Practice of Internal Auditing, the OUA will continue to assess its operations for quality improvement opportunities.

4. Continuing Professional Education (CPE)

OUA will continue to fulfill the professional auditing standards requirement that auditors obtain continuing professional education in order to maintain and enhance their skills and proficiencies.

5. Audit Staffing

OUA currently has a staff of eight including the director and administrative assistant. Due to limited staff, the audit plan focuses on high risk areas and core business processes.  OUA's budget for 2013-14 included a request for resources to hire three additional auditors. If the funding is provided, OUA will use the positions to provide additional audit coverage in other high risk areas such as clinical practice plans, environmental health and safety, and athletics.

State University of New York
Office of the University Auditor
2013-2014 Audit Plan

 Reconciliation of Audit Plan to Available Work Days

State University of New York
Office of the University Auditor
2013-2014 Audit Plan