Transcript Session 4: Internal Audit engagement protocols

Session 4: Internal Audit engagement
protocols
Presented by:
• Lee Ward
Monash University
www.monash.edu
Internal Audit Engagement Protocols
Presenter:
Lee Ward
Director – Audit and Risk Management
www.monash.edu
Internal Audit process
Scope:
• Effective
systems
• Compliance
• Probity in
procurement
• Grant
acquittals
• Investigations
Approach:
• Collaborative
• Agreed
actions
• Risk based
• Constructive
Reporting:
• Heads of Dept
• Audit
committee
Outcomes:
• Identify and
resolve
weaknesses
• Awareness
and
accountability
• Holistic
overview
www.monash.edu
Innovation in Internal Audit
• Compliance audits
• Systems
• Departmental
Scoping &
fieldwork
Recommendations
& Agreed Actions
Reporting
Follow-up
www.monash.edu
Scoping &
fieldwork
• Discuss scope with Dean
• Review financial position of Depts cf
budget
• Reliance on controls in systems
• Risk assessment - Conclusions and
documentation
• Sample sizes
• Electronic work papers
• Sign-off
www.monash.edu
Recommendations
& Agreed Actions
• Validation of findings
• Strategies to address risk
• Agreeing actions
www.monash.edu
Reporting
•
•
•
•
•
•
•
•
Preliminary report - recommendations
Final report – agreed actions
Risk ratings
Negative or positive assurance
Scoring
Benchmarking
Better practice comparison
Audit Committee
www.monash.edu
Risk Finding
Risk
Implication
1.
Splitting of Purchase Orders
Purchase orders from the same vendor were split to form multiple orders for like goods on
the same day to circumvent SAP authorisation limit of $20k for the Managers.
Purchase
Order No.
Date
45648981
27.08.09
$19,560
45648983
27.08.09
$3,782
Total
2.
Amount
Descrip
tion/
Vendor
Acme
Building
Co.
Acme
Building
Co.
PO
Preparer
ZZ Officer
ZZ Officer
Unauthorised
expenditure
Risk
Rating
High
Approved by
Agreed Action
Responsible Officer: Faculty Manager
The ZZ Officer had previously been
warned about order splitting.
Target Date: Complete
XX Operations
Manager
XX Operations
Manager
$23,342
Inappropriate use of corporate card
Use of corporate card contrary to policy:
1.
The 80% business calls for Professor Felix Cat’s mobile phone were
charged to corporate card rather than reimbursed as per the Conduct and
Compliance policy; and
2.
A computer license of $741 was charged to a Research Fellow’s Corporate
Card in May 2009.
FBT liabilities and
penalties
Medium
Responsible Officer: Head of
Department
Hold the Professor accountable to ensure
appropriate use of corporate card.
Target Date: 30 September 2010
www.monash.edu
Follow-up
•
•
•
•
Register of outstanding actions
Evidence of actions completed
Reporting of overdue actions
Audit committee response
Status Key
Overdue
Not Due
Complete
www.monash.edu
Report
No
201003
Report
Title
School of
Song and
Dance
School of
Song and
Dance
Ref #
School of
Song and
Dance
School of
Song and
Dance
2
201003
School of
Song and
Dance
201003
School of
Song and
Dance
School of
Song and
Dance
201003
201003
201003
201003
1.1
Risk Finding
Splitting of Purchase
Order
1.2
Risk
Rating
High
Agreed
Actions
Refer Deputy HoS to HR to consider
disciplinary action
Target
Date
Complete
Resp.
High
Establish a protocol to manage
delegations and financial
authorities in the absence of the
Dean
Hold Deputy HoS accountable to
submit corporate cards statements
to his SAP nominated approver
Review level of understanding of
Faculty Executive to ensure
compliance with Financial
Authorities and Delegations
Policies
Review training and experience of
SAP processors to ensure
compliance with Policy and
Procedures and to report
exceptions to Deputy HoS
Hold Deputy HoS accountable to
complete performance reviews for
the professional staff
Review induction processes and
staff training to ensure that
corporate card holders comply with
Corporate Card Policy
01/08/2010
Dean
Complete
Dean
30/10/2010
Dean
30/10/2010
Deputy Head of
School
15/09/2010
Dean
Complete
Deputy Head of
School
Corporate Card
statements not
properly approved
License agreements
Medium
4
Failure to obtain tax
invoices
Medium
5
Performance reviews
not conducted for
professional staff
Inappropriate
purchases by
Corporate Card
Medium
3
6
Status Key
Overdue
Medium
Low
Not Due
Complete
Dean