Facebook
LinkedIn
Twitter
Digg
Google
RSS Feeds
Audit Plan 2009-2010
State University of New York
System Administration
Office of the University Auditor
Albany, NY 12246
Approved by the Audit Committee on June 2, 2009
I. Introduction
The objective of the internal audit function is to assist the State University of New York (University) Board of Trustees and management in the effective discharge of their governance responsibilities. The internal audit function is responsible for auditing Campus and System Administration financial, operational, and internal control activities and for providing the Trustees and management with reports on the results of the audits. The audits of the Office of the University Auditor primarily focus on assessing whether processes and controls are adequate to provide reasonable assurance that resources are safeguarded against waste, loss, and misuse; that operations are efficient and effective; that specific management objectives are achieved; that financial and performance reports are reliable; and that there is compliance with applicable laws and regulations. The audit reports issued by the Office of the University Auditor are designed to add value and improve operations. Audit resources are devoted to addressing areas perceived with the highest relative risk and areas that cover the University's core business activities. The results of the audits are communicated to the members of the Audit Committee of the Board of Trustees, Campus officials, the Chancellor, Vice Chancellors, and others, as appropriate.
The internal audit function of the University consists of the Office of the University Auditor (OUA), and eight internal audit offices located at six campuses (Albany, Binghamton, Buffalo, Stony Brook, Brooklyn, and Syracuse). Periodically, the OUA reports to the Audit Committee on audit activity for all internal audit offices (University-wide).
The 2009-2010 Audit Plan addresses the audit priorities of the University and serves as the workplan for the Office of the University Auditor. Although located at System Administration, the Office of the University Auditor has been given the authority, under its charter, to audit and examine all areas within the University. In doing so, the Office of the University Auditor strives to coordinate assignments and collaborate with the campus based internal audit departments, as well as with the University's independent auditors and the Office of the State Comptroller to maximize the effective use of our resources.
II. Development of the Audit Plan
Our 2009-10 Audit Plan was developed taking into account the University's Strategic Plan, including its commitment to "excellence, integrity, and accountability in all that it does" and a formal risk assessment process. The risk assessment was performed by identifying operational and programmatic areas, obtaining input from both System Administration and campus management, considering preliminary research, and analyzing data. A valuation grid was used to identify our audit priorities by taking into account various factors such as: safety, financial impact, public image, complexity, size, internal controls, prior audit coverage, available staffing, the significance of risk, and the likelihood of adverse outcome.
III. Audit Standards
Audits are conducted in compliance with the International Standards for the Professional Practice of Internal Auditing promulgated by the Institute of Internal Auditors. The audit standards provide a framework for performing our work and also establish a basis for evaluation of the work.
IV. Staffing
The Office of the University Auditor, in addition to the University Auditor, includes eight professional auditors, and an administrative staff assistant. The Office of the University Auditor has several vacant professional auditor positions and will seek to fill these positions as resources become available. The Office also utilizes the services of one or more student interns throughout the year. This provides students with practical experience in the auditing field and also allows us to provide additional audit coverage. Our audit staff holds professional certifications such as Certified Public Accountant and Certified Government Financial Manager, and some have earned advanced educational degrees. Staff members regularly attend continuing professional education sessions to maintain their professional proficiency and many also actively pursue professional certification opportunities.
V. Audit Areas
1. Campus Audits
The Office of the University Auditor (OUA) proposes to conduct the following audits at a sample of campuses or System Administration. Some of these projects were rolled from the prior year due to unanticipated special projects and staffing shortfalls. Audits of campuses will include a review of System Administration's oversight activities, where applicable. The campuses selected for these audits will be based on a focused risk assessment for the area under audit and will take into account comments from University management. The audits will include a review of the campus-based internal control programs. OUA anticipates selecting two or more campuses per audit area.
Campus Financial Management Practices
Campuses are responsible for billing and collecting tuition and other payments, purchasing needed goods and services, and hiring faculty and staff. The audits will assess internal controls in five critical financial management areas: cash receipts, cash disbursements, procurement, payroll, and equipment inventory.
Information Technology – Information Security and Disaster Recovery
OUA will assess compliance with University security procedures to ensure access to confidential data is restricted, and the data is safeguarded. OUA will also assess the adequacy and completeness of plans to address a temporary loss of information technology (IT) systems.
Income Fund Reimbursable Program
Income Fund Reimbursable (IFR) accounts are used by campuses to operate and administer self-supporting educationally related activities. OUA will review campus controls over IFR account activity as well as review System Administration oversight and guidance.
International Programs
Several University campuses have established international education programs. The audit will assess selected administrative and operational controls, as well as a review of System Administration oversight of international education programs.
Campus-related Foundations
Campus-related Foundations are separate 501(c)(3) organizations established to support the fundraising efforts of the campuses. The audits will assess compliance with University Guidelines pertaining to required policies and procedures a well as a review of expenditure documentation.
Firearm Safety
Campuses may permit University Police to carry firearms while on duty. The audits will assess compliance with State and University policies over firearms possession on campus.
Clery Act
Campuses are required to comply with the Clery Act. Compliance includes reporting certain crime statistics as well as other information to the campus community in an annual security report. The audits will assess the accuracy and completeness of the campuses' annual security reports.
2. University-wide Program Audits
Nylink
Nylink, a self-supporting program of the University, provides access to high-quality, cost-effective resources that enable member libraries to enhance the services they provide. The audit will review selected administrative and operational controls.
3. Health Care Audits
Clinical Practice Plans
OUA will select one clinical practice plan to determine compliance with the SUNY Board of Trustees Policies. Areas may include: Clinical Practice Plan management, review of financial statements and other audit activities, compensation of members, and disbursement of income.
Pharmaceuticals
University hospitals maintain pharmaceuticals for the purpose of patient care. OUA will conduct an audit of procedures, practices, and controls related to pharmaceutical inventories, and drug administration and usage. The audit will also review related audit and accreditation reports, including campus responses.
4. Follow-up Audits
OUA will conduct audits to confirm that the recommendations from a sample of previous audits have been implemented. These serve to keep attention on the recommendations and to help ensure corrective action is taken.
5. State University Construction Fund
Under a Memorandum of Understanding, OUA has been engaged to audit the following areas: Fleet Vehicles, Payroll, and Procurement of Other Contracts.
6. Other Activities
Audit Oversight, Special Requests, Advisory Services, and Investigations
OUA has allocated audit resources to account for supervisory oversight of audits and related work, and to address any special requests for audits, advisory services, and investigations. OUA is a member of the Fraud Investigation Committee and will provide guidance and assistance to address alleged fraud concerns. This typically involves coordination with campus personnel and, in many cases, on-site work by OUA.
Procurement Testing
OSC requires all State agencies to perform testing of procurement controls. The University accomplishes this requirement in several different ways, including but not limited to the following audit activities:
- Procurement processes and controls are reviewed and tested as part of the Financial Management Practices Audit (current audit plan includes such an audit at two campuses).
- Testing and exception reporting utilizing data mining software program that enables us to analyze all procurement transactions processed through the State Voucher System (including Quickpay) for campuses, as well as System Administration. If the process identifies any potentially significant exceptions such as duplicate payments, they will be investigated, as appropriate.
Coordination with Campus Internal Auditors
OUA will work closely with campus internal auditors to maximize our audit resources, eliminate any duplication of effort, share best practices, and focus on our highest risk areas.
Communication with Campus and System Administration
OUA will strive to ensure timely communication with our constituents. OUA representatives participate in the meetings of the State University and Community College Business Officers' Associations and also provide senior management with information on audit issues, trends, and emerging issues. The sharing of this information will be expanded to include Presidents of the campuses, as appropriate.
Miscellaneous Campus Evaluation Information
OUA receives and compiles information related to campuses that is received from other entities. OUA will work with System Administration offices to develop standard reports and distribute the information to campuses, as appropriate.
Continuing Professional Education (CPE)
OUA will endeavor to fulfill the professional auditing standards requirement that auditors obtain continuing professional education in order to maintain and enhance their skills and proficiencies.
Quality Assurance Review
As required by the International Standards for the Professional Practice of Internal Auditing, the Office of the University Auditor will continue to assess its operations for quality improvement opportunities.
Miscellaneous Administrative Requirements
OUA will complete administrative responsibilities including budgeting and scheduling, OSC and external audit assistance, and other related duties.
State University of New York
Office of the University Auditor
2009-2010 Audit Plan
Reconciliation of Audit Plan to Available Work Days
| Audit Plan Requirement | Allocated Work Days |
|---|---|
| Campus Financial Management Practices | 200 |
| Information Security and Disaster Recovery | 200 |
| Income Fund Reimbursable Program | 120 |
| International Programs | 120 |
| Campus-related Foundations | 90 |
| Firearms Safety | 90 |
| Clery Act Compliance | 60 |
| Nylink | 120 |
| Healthcare: Clinical Practice Plan | 120 |
| Healthcare: Pharmaceuticals | 90 |
| Follow-up Audits | 60 |
| Construction Fund (MOU) | 90 |
| Audit Oversight, Special Requests, Advisory Services, and Investigations | 200 |
| Total Audit Plan Requirement | 1,560 |
| Reconciliation to Available Work Days | Work Days |
| Annual Number of Work Days | 260 |
| Less Non-Audit Time Allocations: | |
| Leave Time | 22 |
| Holidays | 13 |
| Continuing Professional Education (IIA Standards) | 5 |
| Work Days Available per Staff | 220 |
| Number of Staff Available | 8 |
| Total Annual Work Days Available for Audit Plan | 1,760 |
| Less Work Days for Carryover from 2007-08 | 200 |
| Adjusted for Available Work Days | 1,560 |
State University of New York
Office of the University Auditor
2009-2010 Audit Plan
| Audit Plan Requirement | Description | Campus Visits | Allocated Work Days | % of Time |
|---|---|---|---|---|
| Campus Financial Management | Audit controls over cash receipts & disbursements, procurement (including P-card and travel card activity), payroll, and inventory. | 2 | 200 | 12% |
| Information Security and Disaster Recovery | Audit of policies, procedures, and practices related to information security and information systems, including review of compliance with SUNY policy and statutory requirements. | 2 | 200 | 12% |
| Income Fund Reimbursable Program | Audit of compliance with University Guidelines and review of System Administration oversight of IFR activities and account balances. | 3 | 120 | 8% |
| International Programs | Audit of international program operations, controls, and compliance with applicable guidelines. The audit will include a review of System Administration oversight. | 3 | 120 | 8% |
| Campus-related Foundations | Audit of compliance with University Guidelines pertaining to required policies and procedures a well as a review of expenditure documentation. | 3 | 90 | 6% |
| Firearms Safety | Audit of compliance with applicable guidelines. | 3 | 90 | 6% |
| Clery Act Compliance | Desk audit of required statistical reporting in the campuses' annual security reports. | 4 | 60 | 4% |
| Nylink | Audit of administrative and operational controls as well as a review of System Administration oversight. | N/A | 120 | 8% |
| Healthcare: Clinical Practice Plans | Audit of clinical practice plans to ensure compliance with the policies of the Board of Trustees. | 1 | 120 | 8% |
| Healthcare: Pharmaceuticals | Audit of procedures, practices, and controls related to pharmaceutical inventories and drug use; review of audit and accreditation reports, including campus responses. | 1 | 90 | 4% |
| Follow-up Audits | Confirm that recommendations have been implemented by the Campuses. | 6 | 60 | 6% |
| State University Construction Fund (MOU) |
Audits of Fund procurement processes and procedures over other contract services, payroll, and fleet vehicles. | N/A | 90 | 6% |
| Audit Oversight, Special Requests, Advisory Services, and Investigations | Provide audit oversight, review areas and campuses as requested, and assist in investigations. | N/A | 200 | 12% |
|
Total Audit Plan Requirement |
1,560 | 100.0% | ||
Note – If additional resources become available, the audit plan will be expanded to address the following audit area(s): Emergency Management Response System, Environmental Health and Safety, Healthcare Supplies Inventory, Student Healthcare Services, and Red Flag Rules for Identity Theft Prevention.
