Download

View Options:

Show Everything
Hide Everything

March 19, 2020 at 1:30 PM - Audit Committee

Agenda
Call to Order
Roll Call/Declaration of Quorum
Action Items
A. Consideration of the Fiscal Year 2020 Revised Audit Plan
Background Information:  The Office of Internal Audit prepares an annual Audit Plan at the beginning of each fiscal year. The plan is based on the staffing and time resources available to perform audits and is prepared in conjunction with an annual risk analysis of the university’s auditable areas. 

The Audit Committee approved the fiscal year 2020 Internal Audit Plan on September 19, 2019. During the year, changes in audit priorities may result in alterations to the plan. The International Standards for the Professional Practice of Internal Auditing, issued by the Institute of Internal Auditors (IIA) requires the audit plan, and any significant changes to the plan, be approved by the Audit Committee.
Attachments:
Description:  The revised fiscal year 2020 Internal Audit plan is attached.  When creating the audit plan at the beginning of the fiscal year, time budgets were estimated.  Depending on the complexity of the review or severity of the issues discovered during the review, time budgets may be revised.  As time budgets are increased, less time resources are available for other planned audits.
B. Consideration of the Revision to University Policy 1:016, Preventing and Reporting Fraud, Waste, and/or Abuse
Background Information:  The Reporting Fraud, Waste, and/or Abuse Policy describes
the roles of all employees in helping prevent fraud, waste, and/or abuse of university resources;
  • the importance of maintaining an ethical work environment and effective internal controls;
  • the different methods for reporting issues;
  • the confidentiality of the information reported; and
  • how the issues reported will be handled. 
The policy also describes how and to whom a loss should be reported, even if the loss is unrelated to fraud, waste and/or abuse.  This portion of the policy contained some outdated language from when the university was in the Tennessee Board of Regents system,  Internal Audit worked with management to update this portion of the policy to reflect how losses are reported in a post-FOCUS environment.

The original policy was approved by the Audit Committee on March 8, 2018.  The revised policy was approved by the University Policy Committee on February 11, 2020 and signed by the President.  Once approved by the Audit Committee and Board of Trustees, any subsequent changes to the policy will also need to be approved by the University Policy Committee, the President, the Audit Committee and Board of Trustees.
 
Description:  Proposed Implementation Date:  Immediately
Information Items
A. Review of Internal Audit Related Charters and Policies
Background Information:  Audit Committee Charter - The Audit Committee Charter requires the Audit Committee to review and assess the adequacy of the charter annually.  The current charter is attached and was approved by the Board of Trustees on March 9, 2018, and by the Comptroller of the Treasury on March 13, 2018.  The Chief Audit Officer reviewed the Audit Committee Charter and determined no revisions were necessary. 

Internal Audit Charter - The International Standards for the Professional Practice of Internal Auditing, issued by the Institute of Internal Auditors (IIA), Standard 1000 - Purpose, Authority and Responsibility, requires the Chief Audit Officer to "periodically review the internal audit charter and present it to senior management and the board for approval."  The current charter is attached. It was signed by the Chief Audit Officer and the President on December 14, 2017, and last presented to the Audit Committee on March 14, 2019.  The Chief Audit Officer has reviewed the internal audit charter and determined no revisions were necessary.

Employee Code of Conduct (Policy 5:043)  - The Audit Committee Charter requires the Audit Committee to review the University’s Code of Conduct policy to ensure it is readily available to all employees, easy to understand and implement, enforced, and provides for a confidential means of reporting violations.  Additionally, the Code of Conduct should remind management and staff of the need to:
  1. Maintain the highest level of integrity in regards to financial operations.
  2. Avoid preparing or issuing fraudulent or misleading information.
  3. Protect University assets from fraud, waste or abuse.
  4. Comply with all relevant laws, rules, policies and procedures.
  5. Avoid engaging in activities, which would otherwise bring dishonor to the University.
The Vice President for Finance and Administration is the responsible official for this policy.  Human Resources is the responsible office for this policy.  The policy was approved by the University Policy Committee and signed by the President on March 25, 2017.  The current Employee Code of Conduct, policy 5:043, is attached.  The policy has not been revised since it was last brought to the Audit Committee on March 14, 2019.  The Chief Audit Officer has reviewed the policy and determined it complies with the requirements of the Audit Committee Charter.

Conflict of Interest (Policy 1:001) - The Audit Committee Charter requires the Audit Committee to review the University’s Conflict of Interest policy to ensure "conflict of interest is clearly defined, guidelines are comprehensive, annual sign-off is required for those in key positions and procedures are in place to ensure potential conflicts are adequately resolved and documented’.  The General Counsel is the responsible official for this policy.  The Office of Legal Affairs is the responsible office for this policy.  The policy was approved on March 30, 2017.  The current policy is attached and has not been revised since it was last presented to the Audit Committee on March 14, 2019.  The Chief Audit Officer has reviewed the policy and determined it complies with the requirements of the Audit Committee Charter.
 
Attachments:
Description:  The charters and polices are attached.
B. Internal Audit Reports and List of Outstanding Audit Recommendations
Background Information:  A list of internal audits completed between October 30, 2019 and February 17, 2020 are included below.
  1. Review of Implementation of Role-Based Access in the Banner ERP System, released December 5, 2019*
  2. Internal Controls Review - Office of Information Technology, released December 12, 2019
  3. Review of Alleged Personal Items Purchased on a University Procurement Card, released February 7, 2020
* Pursuant to the protection afforded by T.C.A. 10-7-504(i), this report contained sensitive information and was designated as "Limited Official Use Only" (LOU).  LOU reports are only made available to those who have a need to know the information in the performance of their official duties for the university.  Therefore, the report is not included in the meeting materials.
 
With all recommendations included in audit reports, management must identify what actions will be taken, who is responsible for that action and provide an expected date of completion.  After the expected completion date has passed, Internal Audit will perform a follow-up review to determine what action was taken and if that action adequately addresses the issue in the report. Internal Audit generally does not issue reports for follow-up reviews; however, we do maintain a list of outstanding audit recommendations, which is attached. 
C. Financial and Compliance Audit Report for Fiscal Year 2019
Speaker(s):  Aaron Jewell
Background Information:  The Comptroller of the Treasury, Division of State Audit, under T.C.A. 4-3-304, performs an annual financial and compliance audit of Austin Peay State University. Their report was for fiscal year 2019 was issued on January 23, 2020.

For fiscal year 2019, the Comptroller's audit report also contains the results of their audit of the university's information systems.  Pursuant to T.C.A. 10-7-504(i), the findings resulting from this audit have been designated as Limited Official Use only (LOU).  As such, the details of the findings have only been shared to university officials with a need to know the information in the performance of their official duties.

 
Description:  Attached are a description of the standards followed by the Comptroller's Office and a summary of the fiscal year 2019 Comptroller's audit results.
D. Overview of Upcoming Sunset Audit Performed by the Comptroller's Office 
Speaker(s):  Blayne Clements
Background Information:  On January 22, 2020, the Comptroller's Office announced a sunset audit had been scheduled.  A sunset audit is an evaluation of the need for the continued existence of a program or agency.  The sunset audit specifically allows for an assessment of the effectiveness and performance of the program or agency.

During a call on February 13, 2020, representatives of the Comptroller's Office stated the audit would focus, but may not be limited to, the following topics:
  • Board Duties
  • Campus Security
  • Strategic Planning
  • Mental Health 

The representatives also stated:
  • Fieldwork was expected to begin in March 2020 and be completed in June 2020.
  • Although all LGI's will be reviewed simultaneously, each will receive a separate audit report.  All the reports will be presented to a joint subcommittee of the legislature at a meeting, which will likely occur in November 2020.
  • Scope of the review would be from July 1, 2016 to present.
Adjourn
<< Back to the Public Page for Austin Peay State University