Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Fiscal Year
2013
FROM:
SUBJECT:
The University of Texas at El Paso Internal Audit Annual Report for fiscal
year 2013
Attached please find the 2013 Internal Audit Annual Report for the University of Texas at
El Paso as required by the Texas Internal Auditing Act. Should you have questions or
need additional information, please contact me at (915) 747-8921 or e-mail
wpeters@utep.edu.
Administration Bldg.
Fourth Floor
El Paso, Texas 79968-0586
(915) 747-5191
Fax (915) 747-8913
TABLE OF CONTENTS
I.
II.
III.
33
IV.
40
V.
71
VI.
71
Final
Approved by Internal Audit Committee
September 05, 2012
OVERVIEW ....................................................................................................................................................1
IDENTIFICATION OF THE AUDIT UNIVERSE AND RISK ASSESSMENT...........................................2
SCOPE OF AUDITS .......................................................................................................................................5
BUDGET AND STAFFING ...........................................................................................................................6
CALCULATION OF FY 2013 AUDIT HOURS ............................................................................................6
COMMENTARY ON VALUE ADDED ..7
INSTITUTIONAL PROCESSES AND RELATED SUB-PROCESSES .......................................................8
OVERVIEW
In accordance with the Texas Internal Auditing Act (Article 62525d, Vernons Texas Civil
Statutes),TheUniversityofTexasSystemAdministrationPolicyUTS129InternalAuditActivities,
and The Institute of Internal Auditors International Professional Practices Framework (IPPF)
PerformanceStandard2010Planningand2210PlanningConsiderations,wehavepreparedan
auditplanforfiscalyear2013.The2013AuditPlanisadescriptionoftheinternalauditactivities
thatwillbeperformedbytheOfficeofAuditingandConsultingServicesinfiscalyear2013.
Theprocessofpreparingthe2013AuditPlanincludedidentifyingthoseareasthatareconsidered
themostimportantandensuringthatactivitieswiththegreatestriskareaudited.TheInternal
AuditCommitteereviewedandapprovedthe2013AuditPlan.MembersoftheInternalAudit
Committeeprovidedinput,asdidDeansandDepartmentDirectors/Chairs,whereappropriate.
TheInternalAuditCommitteeiscomprisedofthefollowingmembers:
Dr.DianaNatalicio,PresidentandChairoftheInternalAuditCommittee
Dr.JuniusGonzales,Provost,VicePresidentforAcademicAffairs
Ms.CynthiaVilla,VicePresidentforBusinessAffairs
Dr.StephenRiter,VicePresidentforInformationResourcesandPlanning
Dr.GaryEdens,InterimVicePresidentforStudentAffairs
Dr.RobertoOsegueda,VicePresidentforResearch
Mr.RichardAdautoIII,ExecutiveVicePresident
Mr.EdwardEscudero,ExternalMember
Inputwasalsoreceivedfrom:
Ms.SusanAvena,Manager,ResearchandSponsoredProjects
Mr.CoreyBailey,Director,StudentDevelopmentCenter
Mr.GerardD.CochraneJr.,ChiefInformationSecurityOfficer,InformationTechnology
Dr.KathleenCurtis,Dean,CollegeofHealthSciences
Ms.DianeDeHoyos,Director,PurchasingandGeneralServices
Ms.ManuelaDokie,AssistantVicePresident,ResearchandSponsoredProjects
Ms.GuadalupeGomez,Manager,ContractsandGrantsAccounting
Mr.HenryW.Humphreys,AssociateDirector,IntercollegiateAthletics
Ms.CatherineMcCorryAndalis,AssociateVicePresident/DeanofStudents,Associate
VicePresidentofStudentLife
Mr.RobertMoss,AssistantVicePresident,EnvironmentalHealthandSafety
Mr.AndrewPena,Director,HumanResourceServices
Ms.AdrianaPrice,AssistantVicePresident,InstitutionalAdvancement
Dr.EliasProvencioVasquez,DeanSchoolofNursing
Ms.TessyRappe,DirectorAssociateComptroller,BusinessServices
Mr.BobStull,AthleticsDirector,IntercollegiateAthletics
Mr.AnthonyTurrietta,AssociateVicePresidentforBusinessAffairs/ComptrollerVPBA
UTEP 2013 Annual Internal Audit Report Page 3
Dr.JorgeVillalobos,Director,FacilitiesServices
Dr.CraigWestman,AssociateVicePresident,EnrollmentServicesManagement
Mr.JamesR.Williams,AssociateDirectorofStudentFinancialAid
TheInternalAuditCommitteemembers,theseindividuals,andselectedmembersoftheirstaffs,
providedinformationrelativetotheirspecificareasofresponsibility,plusinsightintootherareas
inwhichtheyinteracted,orhadknowledgeand/oropinions.
IDENTIFICATIONOFTHEAUDITUNIVERSEANDRISKASSESSMENT
TheInstituteofInternalAuditorsInternationalProfessionalPracticesFramework(IPPF)requires
thatinternalauditorsdevelopanauditplanbasedontheassignmentofrisktotheaudituniverse.
TheaudituniverseisasubjectiveassessmentofauditableareasattheUniversityofTexasatEl
Paso(UTEP).Toidentifytheaudituniverse,wereviewedpriorauditplans,theannualfinancial
report (AFR), the budget; various risk assessments, and a fiveyear history of audit activity
(Appendix G). The audit plan was broken down into six major categories and sub categories
(AppendixA):
1. Financial
2. Operational
3. Compliance
4. InformationTechnology
Withineachoftheabove,subcategoriesof:
UTSystemorExternallyRequired
RiskBasedTierOne:InstitutionalProcesses
RiskBasedTierTwo:AuditableAreas
5. FollowupAudits
6. Projects
Considerationofthefollowingwasgivenindevelopingthe2013AuditPlan:
Managementinput
Variousriskassessments
Economicalandefficientuseofinternalauditresources
Required activities (i.e., KTEP FM Radio audit, Annual Financial Reporting, NCAA
Compliance,etc.)
Requirementsofthefollowingactionplans:
o 1994ActionPlantoEnhanceInternalControlsthroughAwareness,Accountability,
andAuditCommittees
o 1996ActionPlantoEnhanceInternalControls
o 1998and2003ActionPlanstoEnhanceInstitutionalCompliance
In the development of the 2013 Annual Audit Plan, the Assurance Continuum Enterprise Risk
Management Model (ERM) was used as the risk assessment methodology. The ERM risk
assessmentmethodologywasusedinplanningforauditsintheRiskBasedTierOne:Institutional
ProcessesandRiskBasedTierTwo:AuditableAreascategories.
Thefollowingdescribesourplanningprocesstopreparethe2013AuditPlan.
RISKASSESSMENTMETHODOLOGY
A Tier One (Institutionwide Risk Assessment) was performed using the following Processes
(AuditableUnits)applicabletoacademicinstitutions.Thesubprocessesincludedineachprocess
areidentifiedinAttachmentA.
ACADEMICINSTITUTIONPROCESSES
1. GovernanceandLeadership
2. InstructionandAcademicSupport
3. ResearchandDevelopment
4. StudentServices
5. HumanResourceManagement
6. FinancialManagement
7. AssetandRiskManagement
8. PurchasingandWarehousing
9. InformationTechnology
10. UniversityRelationsandAlumniAffairs
11. PlantOperationandMaintenance
12. AuxiliaryandServiceDepartments
13. EnvironmentalHealthandSafety
14. IntercollegiateAthletics
15. InformationResourcesUseandSecurity
16. UniversitySecurityandPoliceDepartment
17. InstitutionalComplianceProgram
ATierTworiskassessmentisrequiredforResearchandInformationTechnology.Thevertical
axisofeachTierTworiskassessmentincludesthesubprocesseslistedinAttachmentA.
TheTierOneandTierTworiskassessmentswereperformedusingtheERMmodel,andforeach
a Risk Footprint was developed. The vertical axis of the Tier One footprint is the applicable
businessprocessesfromthelistabove.Thehorizontalaxisisthebusinessriskidentifiedand
ranked for each process. All identified business risks for a process included consideration of
financial,complianceandoperationalelements.
VALUATIONOFIMPACTANDPROBABILITY
IMPACTTheimpactofariskistheeffectasingleoccurrenceofthatriskwillhaveuponthe
achievementoftheinstitutionsgoalsandobjectives.Therearethreevalues:
HIGHTheeffectwillcausethecomponentnottoachieveitsgoalsandobjectives.Itisa
showstopper.
MEDIUM The effect will cause the institution to operate inefficiently and/or expend
unplannedresourcestomeetgoalsandobjectives.
LOWTherewillbenomeasurableeffectupontheachievementofinstitutionalgoals
andobjectives.
PROBABILITYTheprobabilitythatariskwillbecomerealityalsohasthreevalues:
HIGHAneventisinevitable,orthereisagreatlikelihoodthataneventwilloccur.
MEDIUMTheriskisneitherextremelylikelynorhighlyunlikely.Theprobabilityofan
eventissimilartooccurrenceswithinthenormalcourseofoperations.
LOWTheriskofaneventishighlyunlikelyorwouldrequireacombinationofmultiple
failures.
Past experience within the institution and within higher education was used in determining
probability. Probability is assessed as if only Level 1 Controls (those in place or exercised at
execution)exist.
ANNUALAUDITPLAN
Theriskfootprintswereconvertedtothefinalproductinthefollowingmanner:
TheTierOneRiskFootprintprocessesthatdidnothaveaTierTwoRiskFootprintwere
includedintheAnnualAuditPlanbaseduponthenumberofcriticalriskseachcontained.
Thesubprocesseswithineachprocesswhichcontainedtheidentifiedcriticalrisksare
includedintheauditplan.
TheTierTwoRiskFootprintsareincludedinthisarearegardlessoftheirpositiononthe
TierOne(Institutionwide)riskfootprint.Thesubprocessestobeauditedarethosefrom
eachTierTworiskfootprintthathavethehighestrankedriskorthelargestnumberof
criticalrisks.
FollowupAudits
InaccordancewiththeInstituteofInternalAuditorsPerformanceStandard2500Monitoring
Progress,afollowupprocessisinplacetomonitorandensurethatmanagementactionshave
beeneffectivelyimplemented,orthatseniormanagementhasacceptedtheriskofnottaking
action.Implementationdatesofauditreportrecommendationsaremonitoredandfollowing
thosedates,thestatusofauditrecommendationsaredeterminedandreportedtomanagement.
ChangeinManagementAudits
Theauditableuniversewasdevelopedthroughinquirieswithcollegedeans,directorsandvice
presidents. The goal of performing changeinmanagement audits is to provide a consulting
servicetonewmanagersbyreviewingexistinginternalcontrolsandprovidingtheinformation
necessary for the development of an adequate internal control system, which will provide
reasonable assurance of sound management. Selected colleges/departments with new
Deans/Directorswillbeaudited.Sincemostoftheworkisdoneonanasrequestedbasis,arisk
assessment was not performed and audits are determined as management changes occur
throughoutthefiscalyear.
Projects
The goal of performing special projects is to provide management with analyses, appraisals,
recommendations,counsel,andinformationconcerningtheactivitiesreviewed.Includedinthis
categoryofauditsare,internalandexternalqualityassurancereviews,UTSystemrequestsand
specialrequestsandinvestigations.Muchoftheworkiseitherdoneasmandatedoronanas
requestedbasis;therefore,ariskassessmentwasnotperformed.
CarryforwardAudits
Carryforwardauditsarethose20112012AnnualAuditPlanauditsthatareinprogressat
August31,2012.
2013RiskAssessments
ProcessRiskassessmentsarelocatedinAppendicesBthroughD.
SCOPEOFAUDITS
The International Professional Practices Framework (IFFP) addresses the scope of work as
follows:
"Thescopeoftheengagementshouldincludeconsiderationofrelevantsystems,
records, personnel, and physical properties, including those under control of
thirdparties.
Inperformingconsultingengagements,internalauditorsshouldensurethatthe
scopeoftheengagementissufficienttoaddresstheagreeduponobjectives.
Internalauditorsshould:
Review the reliability and integrity of financial and operating
information and the means used to identify, measure, classify, and
reportsuchinformation.
Reviewthemeansofsafeguardingassetsand,asappropriate,verify
theexistenceofsuchassets.
Theplannedscopeofeachoftheauditsinthe2013AnnualAuditPlanisdescribedinAppendixA.
BUDGETANDSTAFFING
ThebudgetfortheOfficeofAuditingandConsultingServiceswaspreparedinaccordancewith
U.T.SystemAdministrationandUTEPguidelinesandwasapprovedbyUTEPAdministrationand
theBoardofRegents.
Career development for the staff is a strategic goal of the Office of Auditing and Consulting
Services. It is the Directors practice to create a working environment that facilitates career
opportunities for the audit staff within and outside the office. The Office of Auditing and
Consulting Services will continue its efforts toward developing staff to their highest potential
through the performance of operational audits, exposure to high levels of management, and
trainingtargetedatnontraditionalauditareasandachievementofprofessionalcredentialing.
UTEP 2013 Annual Internal Audit Report Page 8
CALCULATIONOFFY2013AUDITHOURS
TheCalculationofAvailableHoursisincludedinAppendixF.Totaldirecthoursassignedto
auditsandprojectsarereflectedinAppendixA.
COMMENTARYONVALUEADDEDOFAUDITPLANUPDATE
General:
Thedefinitionof"VALUEADDED"canvaryconsiderablyfromoneauditdepartmenttothenext
butforOACSitdescribesauditworkthatwillhelpmanagementmeettheUniversitysgoalsand
objectivesinadditiontoverifyingcompliancewithpoliciesandprocedures.Organizationsare
lookingtointernalauditingdepartmentstoaddvalue,improvecostcontrols,andsolveproblems.
Motivated by the universal mandate to curtail expenses and boost efficiencies, the auditing
departmentwillseekwaystoaddvalue.
Generalplanobjectives:
Planauditsaccordingtotheresultsoftherisksensitiveenvironmentreview.
Executeauditsemphasizingacostconsciousculture.
Focusonissueidentificationandseekimprovementresolutionandhighlightattention
tofutureperformancebybringinginsight,knowledge,judgment,andanalyticalskillsto
allauditandconsultingengagements.
Becomeawareofandarticulatechangeswhenperceptionsofriskchangethroughout
theyear.
Aggressivelyandconstructivelyconsideremergingtechnologyrisksand
improvementopportunities.
Evaluateopportunitiestoleveragecomputeraidedaudittechnologytoincreaseaudit
effectivenessandefficiency.
Objectivesoftheinternalauditprofessionalstaff:
Havetheexpertisetoaskinsightfulquestions.
Establishavaluebasedculturethroughwordandaction.
Keepconstituentsinformedthroughouttheauditprocess.
Differentiateandbalancediscussion,guidance,anddirectives.
Continuallyassessmanagementsplanstoensurefuturesuccess.
Measureperformanceagainstforwardlookingmeasuressuchasbenchmarkingandbest
practices.
Buildandmaintainrelationshipsofmutualtrustandrespect,andengageinopendialogue
andregularinteraction.
Maintain a core of experienced audit staff with indepth knowledge of audit skills
supportedwithcontinuoustraining.
I. Governance&Leadership
A.
B.
C.
D.
E.
F.
Governance
OrganizationalStructure
OfficeofthePresident
InternalCommunications
LegalServices
InternalandExternalAuditing
1. SingleAuditAct
2. TexasInternalAuditingAct,Article62525d
3. InstituteofInternalAuditorsStandards
4. GenerallyAcceptedGovernmentalAuditingStandards
II. Instruction&AcademicSupport
A. ManagementofDepartments&ProgramsofStudy
1. EducatorCertification
B. Accreditation/InstitutionalEffectiveness
1. 170HourRule
2. 120HourRule
3. IntegratedPostsecondaryEducatorDataSystems
4. LegislativeBudgetBoardPerformanceMeasures
5. ReportstotheTexasHigherEducationCoordinatingBoard
6. ReportstoUTSystem
C. ProgramDevelopment&ProgramEvaluationProcess
1. OfficialInventoryofPrograms
D. Faculty
1. Recruitment&TenurePolicies
2. Development
3. Turnover
4. Workloads&Productivity
5. DegreeProductivity(numbergrantedvs.numberoffulltimefaculty)
6. VerificationofFacultyQualifications
7. RightsandResponsibilitiesofFaculty
E. Instructional&AcademicTechnology
F. SpecialPrograms
1. DevelopmentalEducation
2. StudentswithDisabilities
3. StudyAbroad
G. CourseScheduling&Availability
1. Undergraduate
2. Graduate
3. DistanceEducation
4. ProfessionalandPublicPrograms
H. DeploymentofResourcesamongAcademicPrograms
I. Library
J. CoreCurriculum
1. FieldsofStudy
K. TexasSuccessInitiative
L. HealthAffairs
1. StudentBackgroundChecks
2. LicensingandCertification
3. ProgramAccreditation
4. ClinicalLaboratories
M. SchoolofNursing
1. StudentBackgroundChecks
2. Licensing
3. Certification
4. HospitalBasedTeaching
5. AttractingandMaintainingFaculty
III. Research&Development
A. FinancialIssuesGrants&ContractsManagement
1. CostTransfersEffortReporting
2. CostSharing
3. Facilities&AdministrativeCostAccounting
4. FinancialReportingtoGrantingAgencies
5. CashManagement
6. RecordsArchivingC&G
7. SubrecipientMonitoringExpenditure
8. ARRA
B. AnimalResearch
1. VeterinarianServices
2. InstitutionalAnimalCareandUseCommittee
3. Preparationofcertificationsandassurances
C. HumanSubjectResearch
1. InstitutionalReviewBoard(ProtectionofSubjects/participants)
2. ProtectionofResearcher
3. ProtectionofResearch
4. Preparationofcertificationsandassurances
D. SponsoredPrograms
1. EffortReporting
2. NegotiationofAgreements
3. Preparationofcertifications&assurances
4. CoordinationofgiftsandgrantswithDevelopmentoffice
5. OGCGuidelinesforcontractsandsubcontracts
UTEP 2013 Annual Internal Audit Report Page 11
6. Backdoorawards
7. ExportControllicensing/lawsInternationalTrafficinArmsRegulations(ITAR)
8. AdministrationofContracts,Grants&CooperativeAgreements
9. ResearchandSponsoredProjectsMetrics
10. SubrecipientmonitoringProgrammatic
11. DigitalResearchData
E. ProposalReview
1. CostEstimates
2. ProposalCompliance
3. Eligibilityforsubmittingproposals
F. ResearchEthicsandIntegrity
G. TechnologyTransfer
1. InventionDisclosure
2. IntellectualPropertyPolicy
3. Equitypositionsinstartupcompanies
4. RoyaltyAudit
5. Licensingandmaterialtransferagreements
6. NondisclosureAgreements
H. Training
I. OtherAgreements
1. ProcessingAffiliationAgreementswithOutsideAgencies
2. MemorandumsofUnderstanding
3. InternationalAgreements
J. ProposalDevelopment
1. ProposalDevelopmentServices
2. IdentificationandNotificationofFundingOpportunities
3. ResearchCommunication
K. ConflictofInterestinSponsoredResearch
IV. StudentServices(AcademicInstitutions)
A. AdministrationAcademicServices
B. RecruitmentProcessing
C. AdmissionsProcessing
D. EnrollmentManagement
1. Title19
E. RegistrationProcessing
F. StudentRecords
G. FinancialAid
1. Reporting
2. DrawingDown
3. ReturnofFunds
4. Institutional/ProgramEligibility
5. CashManagementRules
H.
I.
J.
K.
L.
M.
N.
O.
6. StateRegulationsandReporting
7. Recertification
8. CompletiononDOEQuarterlyReportDisbursements
9. StudentEligibility
10. Verification
StudentHealthServices
CounselingandGuidanceServices
1. ReleaseofMentalHealthRecords
2. CareerCounselingServices
StudentOrganizations&OtherActivities
StudentGrievances
1. Undergraduate
2. Graduate
StudentGovernmentAssociation
OfficeofInternationalPrograms
1. TrackingofInternationalStudents(SEVIS)
2. PASEProgram
3. PassportServices
4. J1Visas
FamilyEducationRightsandPrivacyAct(FERPA)
Outreach
1. RenewalandPublicRelations
2. Programmatic
3. InteractionofAdultsandMinorChildren
AdministrationStudentServices
StudentConductandDiscipline
CareerCenter
RecreationalSports
StudentPublications
ChildcareServices
P.
Q.
R.
S.
T.
U.
V. HumanResourceManagement
A. Organizational&StaffingofHumanResourcesFunction
1. PersonnelRecordsAdministration
B. ClassificationandSalaryAdministration
1. FairLaborStandardsAct
C. AppointmentofRelatives
D. LeaveAdministration
E. PerformanceAppraisalSystem
F. Recruitment&SelectionProcess(nonfaculty)
G. HiringPractices(nonfaculty)
1. VeteransPreferences
H. StaffDevelopment&ContinuingEducation
I. EmployeeRelations&GrievanceProcess
1. DisciplineandDismissalofEmployees
J. StaffTurnover
K. ContractingforHumanResourcesrelatedFunctions
L. CriminalBackgroundChecks
M. EqualOpportunityandAffirmativeAction
1. DiscriminationagainstProtectedClasses
2. NondiscriminationnotificationContractclause
3. AffirmativeActionPlan
4. EmploymentDiscriminationPreventionTraining
N. ReductionsinForce
O. FamilyMedicalLeaveAct(FMLA)of1993
P. ImmigrationReformandControlActof1986
Q. UTFlex,IRC125
R. DeferredContributionPlan
S. AnnualORPParticipationReport
T. Chapter821,etseq.,TexasGovernmentCode
U. TaxShelterAnnuityPrograms(TSAP)
V. Repositoryforfacultycredentialfolders
W. FacultyVisas
VI. FinancialManagement
A.
B.
C.
D.
Organization&Management
Budgeting&Planning
BudgetMonitoring&Review
AccountsPayable
1. Issuanceof1099and1042FormsforVendorPayments
2. PromptPayment
3. VendorPayments
E. PayrollManagement
1. MandatoryGarnishmentsforTaxLevies,Bankruptcies,ChildSupport&Student
Loans
2. ChildSupportEnforcementRequirements
3. VoluntarySalaryDeductions(i.e.SavingsBonds,Annuities,UTFlex)
4. Withholdingoftaxesfromemployeewagesandtimelydeposits
5. NonresidentAlienTaxation
6. FederalTaxReporting
7. IRSCode117,amendedbyTaxReformAct&TMRAof1988
8. RetirementContributions
9. TRSReportingandTransmittaloffunds
10. ORPcollectionoffunds,transmittaloffundsandreporting
F. AccountingProcedures&InternalFinancialControls
G. Reporting(regulatory&management)
H.
I.
J.
K.
L.
M.
N.
O.
P.
Q.
VII.
A.
B.
C.
D.
E.
F.
G.
H.
VIII.
1. ReportingRequirements
2. PreparationofQuarterlyStateAuditorFullTimeEmployeeReport
3. AnnualFinancialReport
4. SPAtoAFRReconciliation
5. UnclaimedPropertyManagementandReporting
6. CodingofAccounts
7. ControlofNonStandardorNonRecurringJournalEntries
SegregationofDutiesandReconciliationofAccounts
ApprovalofImproper/ErroneousDisbursementsbyProcessingUnits
ConflictofInterestandFinancialDisclosure
LiquorLicense
TravelManagementServices
EmergencyLoanProgrammanagement,fundingandcollection
TravelManagementServices
InterestAllocation
StudentGeneralPropertyDeposit
RedFlagRules
Asset&RiskManagement
Organization&Management
CashManagement/InvestmentManagementStrategies
Endowments&Gifts
InvestmentManagement,InvestmentStrategies,andPublicFundsInvestmentAct
FixedAssetManagement,TrackingandCounting,Reporting&SurplusProperty
InsuranceCoverage,RiskManagement,Safety,andWorkersComp
BondedIndebtednessandIssuance
TuitionandFeesManagement
1. MgmtofCollectiononOverdueStudentReceivables&NSFChecks
2. AccountsReceivableTuitionandFeesCollectionProcess
3. FeesAllocation&Justification
Purchasing&Warehousing
A.
B.
C.
D.
E.
F.
G.
H.
I.
Organization&Staffing
Policies&Procedures
BidandContractingProcesses
SpecialProceduresContracts
Leases
BestValueYellowPagesTest
ProcurementCard
HistoricallyUnderutilizedBusinessProgram
PurchasingEthicsandConflictofInterest
1. VendorSelection
J. ProcurementofConsultingServices/ProfessionalServices
UTEP 2013 Annual Internal Audit Report Page 15
K. ProcurementPlanReport
L. UniversityRecordsRetentionandDestruction
M. ContractPerformanceMonitoringContractsover$100,000
IX. InformationTechnology(doesnotincludeenduserapplications)
A. PlanningandOrganization
1. StrategicPlanningandTechnologicalDirection/Planning
2. Organization(Communication,Relationships,HumanResources)
3. FinancialManagement
4. CompliancewithExternalRequirements
5. ProjectManagement
6. QualityManagement
B. AcquisitionandImplementation
1. AcquireandMaintainApplicationSoftware
2. AcquireandMaintainTechnologyInfrastructure
C. DeliveryandSupport
1. DefineandManageServiceLevels
2. ManagePerformanceandCapacity
3. ManageFacilities
4. ManageProblemsandIncidents
5. ManageData
D. Monitoring
1. ProcessMonitoring
E. SecurityforITDepartment
1 SystemandInfrastructureSecurity(SecurityofSensitiveData)
2 AdequacyofControls(ApplicationSecurity)
F. OffsiteBackupRestoration
X. UniversityRelations&AlumniAffairs
A. Community&AlumniInvolvement
1. Partnerships
2. DevelopmentOffice
3. AlumniRelationsOffice
4. Printed&ElectronicCommunications
B. Public&MediaRelations
C. PublicService
1. Relevance&ImpactofProgramstoState&LocalCommunity
2. ArtGalleries
3. CentennialMuseum
D. GovernmentalRelations
XI. PlantOperation&Maintenance
A. FacilityPlanning(long&shortrange)
B. RenovationsandRepairs
C. SpaceUsageEfficiency
D. MaintenanceOperations
E. CustodialServices
F. TransportationMotorPool
G. ConstructionProgramManagement
H. LandscapingandGrounds
I. Utilities/EnergyManagement
J. WarehouseOperations
K. FacilitiesManagement(DonHaskins&SunBowl)
L. ContractedOutsideServices
XII.
AuxiliaryandServiceDepartments
A. Housing
1. Availability
2. Quality
3. Cost&Services
4. Facilities
5. Health&Safety
6. Administration/Fiscal
B. Printing&Copying
C. MailServices
D. UnionServices
E. SpecialEvents
F. TicketCenter
XIII. EnvironmentalHealthandSafety
A. LaboratorySafety
B. NFPALifeSafetyCode(FireSafety)
C. EPAResourceConservationRecoveryAct(TNRCCHazardousWasteRules)
D. ControlledSubstances
E. PrecursorChemicalsControlledGlassware
F. BureauofRadiationControlRadioactivematerials
G. TDH/PCBAsbestosRulesToxicSubstanceControlAct
H. BureauofRadiationControlLaserRegulations
I. BureauofRadiationControlRadiationMachines
J. CleanAirAct(AirEmissions)
K. TNRCC(StormWaterRunoff)CleanWaterAct
L. SelectAgentRule
M. TexasWorkersCompensationAct
N. HazardousMaterialsShippingrequirements(IATA,DOT,FAA)
UTEP 2013 Annual Internal Audit Report Page 17
O. BSL3Oversight
P. DHSAntiterrorismStandards
XIV. IntercollegiateAthletics
A. InstitutionalControlAthletics
1. ExtraBenefits
2. FinancialAidandFederalFinancialAidRegulations
3. PlayingandPracticeSeasons
4. Recruiting
5. Education
6. Infractions
7. SummerCamps
8. Amateurism
9. EligibilityofAthletes
10. StudentWelfare
11. GenderEquity
B. AdministrationAthletics
1. LicensingandTrademarkLaws/Ethicsandsystemviolation
2. AthleticDepartmentCertification
3. AnnualConferenceComplianceAudit
4. EmploymentContractsandConductofEmployees
5. DepartmentP&PManualAthletics
6. AnnualFinancialAudit
7. NCAAHomeFootballAttendance
XV. InformationResourcesUseandSecurity
A. AdministrativeManagementControls
1. AssignmentofResponsibilities
2. PeriodicReviewofSecurityControls
3. IncidentResponseCapability
4. SecurityandTechnicalTraining
5. SystemAuthorizationandReauthorizationProcedures
6. AccessAuthorization,PersonalClearance&TerminationProcedures
7. SystemorApplicationSecurityPlan(DataCriticality,Backup&DisasterRecovery)
B. OperationalControls
1. PhysicalSecurity(AccessControls&ContingencyOperations)
2. EnvironmentalControls
3. DesktopUseandSecurity
4. Documentation
C. TechnicalControls
1. Identification
2. DataIntegrity
D. TAC202
1. RiskManagement
2. PasswordManagement
3. SeparationofDuties
4. DeviceandDataMediaAccessandDisposal
5. LogicalAccessControls
6. Audittrails
7. Intrusiondetection
E. UTS165
1. TransmissionSecurity
2. Solicitation,UseandMaintenanceofSocialSecurityNumbers
3. DecentralizedServers
F. PCICompliance
G. CloudComputing
H. DigitalResearchData
XVI. UniversitySecurityandPoliceDepartment
A. TheCleryAct
B. EmergencyResponsePlans
XVII. InstitutionalComplianceProgram
A. ComplianceProgramComponents/Activities
B. SpecificComplianceHighRiskAreas
Budgeted
Hours
% of
Total
Description
Financial
UT System or Externally Required Audits
Annual Financial Report:
AFR 2012 Year-end
AFR 2013 Interim
PeopleSoft Implementation
President's Travel and Entertainment Audit
KTEP FM Radio Station
Joint Admission Medical Program (JAMP)
Year-end/Periodic Cash Counts
Risk Based Tier One: Institutional Processes
PeopleSoft Readiness - Segregation of Duties and
Reconciliation of Accounts
350
To ensure readiness for PeopleSoft implementation, sample and test to determine level
of diligence and readiness
200
150
Carry-forwards:
Contracts & Grants Accounting
Procurement Card
40
25
Financial Subtotal
2335
21%
Operational
UT System or Externally Required Audits
Management Travel/Entertainment
250
250
100
150
200
300
300
200
300
250
300
Effort Reporting
300
350
Management Requests-Operational
100
Carry-forwards:
Health Sciences
Utilities. Energy Management
Bio Safety Level 3 Lab Oversight
270
50
60
Operational Subtotal
3730
34%
Budgeted
Hours
% of
Total
Description
Compliance
UT System or Externally Required Audits
Fed Portion of Statewide Single Audit (assistance to
SAO)
NCAA Football Attendance Audit
Emergency Management (UTS 172)
20
50
300
350
200
400
200
150
200
Management Requests-Compliance
150
Carry-forwards
THECB Facilities Audit
Research Compliance
Faculty-authored Textbooks
50
200
50
Compliance Subtotal
2320
21%
Information Technology
UT System or Externally Required Audits
Laptop Encryption
TAC 202 Information Security
IT Inventory
250
400
200
300
160
Management Requests-IT
100
25
Carry-forward
Administration and Management Controls
Information Technology Subtotal
Follow-up
Carry-forward Accounts Payable
1435
500
13%
Normally occurring follow-up reviews as determined by prior recommendation
implementation dates
Follow-up audit carry-forward from FY 2012
25
Follow-up Subtotal
525
5%
Projects
Annual Internal Audit Report
Annual Reviews/Evaluations
Annual Risk Assessment/Audit Plan
Institutional Compliance Committee
Internal Audit Committee
Quality Assurance Review - Follow-up
Quality Assurance Review- Other Audit Departments
Training Provided by IA
UT System Strategic Initiatives (three projects)
Projects Subtotal
Total Hours
30
40
150
10
80
40
50
40
150
590
10935
5%
100%
RISKS
1
HM Maintenance
Operations
2
HM Utilities/Energy
Management
3
MMConstruction
Program
Management
4
MMContracted Outside
Services
5
MMCustodial Services
6
7
8
MMTransportation-Motor ML Facilities
ML Facility Planning
Pool
Management (Don
(long & short range)
Haskins & Sun Bowl)
9
ML Renovations and
Repairs
10
ML Space Usage
Efficiency
2 Instruction &
Academic Support
HL Health Sciences
LL Faculty
LL Instructional &
Academic
Technology
LL Library
4 Student Services
HH Student Health
Services
HL Financial Aid
HL Family Educational
Rights and Privacy
Act (FERPA)
HL Student Records
MMCounseling Center
ML Outreach
ML Registration
Processing
ML SB1414-Student
Camps
5 Human Resource
Management
HM Faculty Visas
MH Performance
Appraisal System
MMClassification and
MMCriminal Background MMEmployee Relations MMEqual Opportunity
Salary Administration
Verifications
& Grievance Process
14 Intercollegiate
Athletics
HM AdministrationAthletics
HM Institutional ControlAthletics
n/a
n/a
n/a
15 Information
Resources Use and
Security
HM PCI Compliance
MMTAC 202
MMAdministrative/Manag
ement Controls
Cloud Computing
MMDigital Research
Data
MMUTS 165
n/a
n/a
HL Laboratory Safety
ML Bureau of Radiation
control-Radioactive
materials
ML DHS Antiterrorism
Standards
HL Contract
Performance
Monitoring over
$100,000
MMPurchasing Ethics
and Conflict of
Interest
ML Leases
LM EPA Resource
Conservation
Recovery Act
(TNRCC Hazardous
Waste Rules)
LL Miner Mall
n/a
8 Purchasing
HM Procurement Card
6 Financial
Management
9 Information
Technology
HM Offsite back-up
restoration
MMSecurity for IT
Department
3 Research &
Development
HL Animal Research
M Financial Issues
M
M Other Agreements
M
1 Governance &
Leadership
7 Asset & Risk
Management
HL Office of the
HL Legal Services
M Governance
President
M
ML Insurance Coverage,
HL Endowments & Gifts M Organization &
Risk Management
M Management-Asset
and Safety
& Risk Management
16 University Security
HL Emergency
ML The Clery Act
and Police
Response Plans
Department
10 University Relations ML Community & Alumni ML Public Service
& Alumni Affairs
Involvement
12 Auxiliary and Service ML Union Services
LM Mail Services
Departments
ML Historically
Underutilized
Business Program
HL Enrollment
Management
n/a
MMAccounting
MMBudget Monitoring & MMOrganization &
Procedures & Internal
Review
ManagementFinancial Controls
Financial
Management
n/a
LL Governmental
Relations
LM Printing & Copying
n/a
M Human Subject
M Research
n/a
LL Food Services
n/a
LL Information
LL Monitoring
Technology Planning
and Organization
MMStudent Grievances
n/a
n/a
n/a
LM Hazardous Materials
Shipping
requirements (IATA,
DOT, FAA)
LL Organization &
Staffing
n/a
n/a
n/a
M Proposal
M Development
n/a
n/a
n/a
n/a
LL Fixed Asset
Management &
Surplus Property
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
LL Special Events
LL Ticket Center
Legend:
HH, HM
HL, MH
MM, ML, LH
LM, LL
Planned
Carry forward
=
=
=
=
=
=
Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
Manage and Monitor (all Levels of Control but no traditional audit)
Monitor (only Execution Controls & Supervisory Controls)
Accept (accept the risk and have no controls)
Included in Fiscal 2013 Audit Plan
Carried forward from Fiscal 2012
RISKS
1
HH Sub-recipient
monitoringExpenditures
2
3
HM Financial Reporting HM Grants-Accounts
to Granting Agencies
Receivable Billing
4 Sponsored Projects
HM Effort Reporting
MH Sub-recipient
MonitoringProgrammatic
3 Human Subject
Research
HL Institutional Review
Board (Protection of
participants)
2 Animal Research
4
MMARRA Reporting
5
MMCost Sharing
6
7
MMCost Transfers-Effort MMRecords
Reporting
Management C&G
8
LL Cash Management
9
LL Facilities &
Administrative Cost
Accounting
MMCoordination of gifts
and grants with
Development Office
MMDigital Research
Data
MMPreparation of
certifications &
assurances
ML Negotiation of
Agreements
LM Research and
Sponsored Projects
Metrics
HL Preparation of
certifications &
assurances-IRB
HL Protection of
Research
LL Protection of
Researcher
n/a
n/a
n/a
n/a
n/a
HL Preparation of
certifications &
assurances-IACUC
MMBSL3 Usage
n/a
n/a
n/a
n/a
n/a
9 Other Agreements
MH International
AgreementsResearch Related
MMMemorandums of
UnderstandingResearch Related
n/a
n/a
n/a
n/a
n/a
n/a
5 Proposal Review
MH Cost Estimates
ML Eligibility for
LL Proposal Compliance submitting proposals
n/a
n/a
n/a
n/a
n/a
n/a
ML Identification and
Notification of
Funding
Opportunities
ML Proposal
Development
Services
10 Proposal
Development
ML Research
Communication
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
7 Technology Transfer
LM Equity positions in
startup companies
LL Intellectual Property
Policy
LL Invention Discloser
LL Licensing and
material transfer
agreements
LL Non-Disclosure
Agreements
LL Royalty Auditing
n/a
n/a
n/a
8 Training
LL Training
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Legend:
HH, HM
HL, MH
MM, ML, LH
LM, LL
Planned
Carry forward
=
=
=
=
=
=
Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
Manage and Monitor (all Levels of Control but no traditional audit)
Monitor (only Execution Controls & Supervisory Controls)
Accept (accept the risk and have no controls)
Included in Fiscal 2013 Audit Plan
Carried forward from Fiscal 2012
6 IX Offsite back-up
restoration
12 XV PCI Compliance
RISKS
1
2
HM Transmission
MMDecentralized
Servers
Security (Encryption
and Data Integrity)
3
MMSolicitation, Use and Maintenance of
Social Security
Numbers
HM Offsite back-up
restoration
n/a
n/a
HM PCI Compliance
n/a
n/a
MMAssignment of
7 XV
MMAccess
Authorization,
Responsibilities
Administrative/Manag
Personnel Clearance
ement Controls
& Termination
Procedures
MMIntrusion Detection
10 XV TAC 202
MMAudit Trails
8 XV Operational
Controls
MMDocumentation
3 IX Delivery and
Support
1 IX Information
MMProject Management ML Compliance with
External
Technology Planning
Requirements
and Organization
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
MMPeriodic Review of
Security Controls
MMSecurity and
Technical Training
MMLogical Access
Controls
MMPassword
Management
MMPhysical Security
(Access Controls &
Contingency
Operations)
ML Environmental
Controls
ML Manage Problems
and Incidents
ML Financial
Management
n/a
n/a
n/a
LL Manage Facilities
n/a
n/a
LL Organization
(Communication,
Relationships,
Human Resources
LL Strategic Planning
and Technological
Direction/Planning
n/a
n/a
9 XV Technical
Controls
MMData Integrity
n/a
n/a
n/a
n/a
n/a
5 IX Security for IT
Department
MMSystem and
ML Adequacy of Controls Infrastructure
(Application Security)
Security (Security of
Sensitive Data
n/a
n/a
n/a
n/a
n/a
2 IX Acquisition and
Implementation
n/a
n/a
n/a
n/a
n/a
13 XV Cloud Computing M
M
14 XV Digital Research M
Data
M
4 IX Monitoring
LL
MMIdentification
4
n/a
Cloud Computing
n/a
n/a
n/a
n/a
n/a
n/a
Digital Research
Data
Process Monitoring
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Legend:
HH, HM
HL, MH
MM, ML, LH
LM, LL
Planned
Carry forward
=
=
=
=
=
=
Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
Manage and Monitor (all Levels of Control but no traditional audit)
Monitor (only Execution Controls & Supervisory Controls)
Accept (accept the risk and have no controls)
Included in Fiscal 2013 Audit Plan
Carried forward from Fiscal 2012
Risk
Explanation/Mitigation
HM
Utilities/Energy Management
Complete audit
HM
BSL3 Oversight
Complete audit
HM
Procurement Card
Complete audit
HM
PCI Compliance
Weaknesses identifed and being addressed by subject matter experts Reassess in 2013
HM
Reassess in 2013
HM
Administration - Athletics
Director
Audit & Project
General Administration
Training/CPE
Holidays
Vacation & Sick Leave
Total Hours
Managers &
Supervisors
Staff
Total
1,100
2,921
6,914
10,935
70%
592
96
104
188
473
192
208
366
825
578
473
674
1,890
866
785
1,228
12%
6%
5%
8%
2,080
4,160
9,464
15,704
100%
Note: The total hours are based on 7.55 budgeted positions net of 1.25
estimated vacancies at the staff level.
Audits
President
Intercollegiate Athletics
FY 2008
FY 2009
FY 2010
FY 2011
FY 2012
A/S
A/S
A/S
A/S
A/S
F-Follow Up Audit
-Athletics Receivables
-Athletics Summer Camps
-Athletics Business Plan
President's Office
Provost
Academic Affairs
College of Business Administration
-Accounting
-Economics and Finance
-Information and Decision Sciences
-Marketing and Management
-Dean's Office
College of Education
-Teacher Education
-Educational Leadership
-Educational Psychology
-Dean's Office
College of Engineering
-Civil Engineering
-Computer Science
-Electrical and Computer Engineering
-Engineering Programs
-Mechanical and Industrial Engineering
-Metallurgical and Materials Engineering
-Dean's Office
College of Health Sciences
-Continuing Education in Nursing
-Institute for Border Health
-School of Allied Health
-Kinesiology Department
-School of Nursing
- Occupational Therapy
- Physical Therapy
-Student Health Center
-Dean's Office
College of Liberal Arts
-African-American Studies
-Art
-Asian Studies
-Chicano Studies
-Communication
-Criminal Justice
-English
-History
-KTEP-FM Radio Station
-Languages and Linguistics
-Military Science
-Music
-Oral History
-Philosophy
-Political Science
-Psychology
-Religious Studies
-Social Work
-Sociology and Anthropology
-Theatre Arts
- Western Cultural Heritage
-Women's Studies
-Dean's Office
College of Science
-Biological Sciences
-Chemistry
-Geological Sciences
-Mathematical Sciences
-Physics
-Dean's Office
University College
Graduate School
Technology Planning and Distance Learning
Center for Law and Border Studies
VPAA's Office
Enrollment Services
-Financial Aid
-Registrar's Office
-Undergraduate Admissions and Recruitment
-Texas Success Initiative
JAMP
A
F
S
A
S
E
S
F
E
F
Audits
VPRSP
FY 2008
FY 2009
FY 2010
FY 2011
FY 2012
F
F
F
A/F
A
A
A
A
A
A
F
A
E
E
A
S
VPBA
Annual Financial Report
-Accounts Receivable
-Auxiliary Enterprise Fund
-Gifts
-Investments
-Tuition and Fees
-Year End Inventory and Cash Counts
Auxiliary Services and Continuing Education
-Food Services
-Various Cash Counts
-Inventory Count
-Professional and Continuing Education
-Special Events and Union Programs
-University Bookstore
-University Ticket Center
Facilities Services
-Accounts Payable
-Budgeting Office
-Contracts and Grants Accounting
-General Accounting
-Payroll
-Conflict of Interest
-Student Business Services
ARRA
Purchasing and Materials Management
-Mail Services
-Procurement Card
-Print Shop
Miner Mall
-Contract and Bid Processes
VPBA's Office
S
S
F/A
S/I
S
S
S
A
F
A
A
A
EVP
Institutional Advancement
-Alumni Relations
-Scholarships
-University Development
-University Communications
-University Relations
-Conference Services
Human Resource Services
-Faculty Visas
Dependent Eligibility
Institutional Compliance
-Contracts and Grants
-Financial Aid
S
A
A
A
F
A
A
-Intercollegiate Athletics
-WAC Review/CUSA Review
-Segregation of Duties and Reconciliation of Accounts
-Student FICA
-Institutional Compliance Office
-Fixed Assets
Auditing and Consulting Services
Environmental Health and Safety
University Police
Emergency Management Plan
VPIA's Office
Equal Opportunity/Affirmative Action Office (EO/AA)
A
A/E
A/E
A
A/S
A
F
F
FY 2008
Outreach Programs
FY 2009
FY 2010
FY 2011
FY 2012
Legend: I-Inventory Audit
P-Hourly Payroll Audit
Student Development
-Counseling Services
-Dean of Students Office
-Student Publications
-Housing System
-International Programs
-PASE Program
-Study Abroad Program
-Recreational Sports
-Student Government Association
-Student Development
Union Services
F
A
F
S
VPSA's Office
VPIRP
-Digital Media Center
Library
-Library Copy Center
Information Technology
-CIO
-Information Technology Services
TheUniversityofTexasatElPaso
OfficeofAuditingandConsultingServices
ModificationstoFiscal2013AuditPlan
ProjectsNotStartedasofMay31,2013
AnnualFinancialReport(AFR)Audit
PeopleSoftImplementationandControls
Allotheraudits
OriginalAuditPlan
I9Forms*
FinancialAid(Stipends)*
PartofTerm*
SpecialRequests*
OtherAdditions
ConflictsofInterestBusiness/ORSP**
FacultyauthoredTextbooks**
FacilitiesMaintenanceOperations(Safety)**
StudentHealthServices**
EffortReporting**
OffsiteBackupRestoration**
PayrollManagementSupplementalPayments**
KeyChangesMuseum***
StudentRecords***
SubrecipientMonitoringExpenditures***
TechTransfers,Licensing&Equity***
PurchasingContractsover$100K***
Endowments&Gifts***
ExportControls***
InternationalAgreements***
Followups***
OtherAdjustments
Project
Hours
350
800
9,785
10,935
250
150
250
250
900
350
50
200
300
300
300
200
350
300
300
250
200
200
150
200
100
5,550
ModificationstoPlan(additions)
ModificationstoPlan(deferredorcarriedforward)
Carried
In
Additions Deferred Forward Progress
530
740
830
2,100
250
150
250
250
900
(350)
(50)
(200)
(300)
(300)
(300)
(200)
(250) 100
(200) 100
(200) 100
(150) 100
(150) 50
(150) 50
(50) 100
(50) 50
(100)
(1,700) (1,300) 650
3,000
(1,700) (1,300)
Comments
Increasedfrom350to880
Increasedfrom800to1541
8.48%netoverruns
Identifiedhighriskarea
Identifiedhighriskarea
Identifiedhighriskarea
Perleadershiprequests
Newprocessunderdevelopment
Newprocessunderdevelopment
Deprioritizedduetolowerrisk
Deprioritizedduetolowerrisk
Includedin2014Plan
Includedin2014Plan
Includedin2014Plan
Partiallycompleteinprogress
Partiallycompleteinprogress
Partiallycompleteinprogress
Partiallycompleteinprogress
Partiallycompleteinprogress
Partiallycompleteinprogress
Partiallycompleteinprogress
Partiallycompleteinprogress
Nonearetimesensitive
*ApprovedbyInternalAuditCommitteeApril9,2013
**ApprovedbyInternalAuditCommitteeJuly9,2013
***NormalcarryforwardactivityatthediscretionofCAE.InternalAuditCommitteeadvisedJuly9,2013
II.
FY20122013ConsultingServicesandNonAuditServicesCompleted
Report No.
&
Date
12-11
05/02/2013
Report name
and
High-Level Audit Objective(s)
Observations/Findings and
Recommendations
Current Status
(Fully
Implemented,
Substantially
Implemented
Fiscal Impact/ Other
Incomplete/Ongoin
Impact
g, or Not
Implemented)
with brief
description if not
yet implemented
Fully Implemented Enhances continuous
compliance with
rules, regulations,
policies and
procedures.
12-23
09/18/2012
Incomplete /
Ongoing
Discrepancies in
cash counts are to
be reviewed by
management and
resolved promptly
13-14
07/09/2013
Incomplete /
Ongoing
There currently is a
University Training
proposal being
finalized.
Personnel at each
department need to
complete the
assigned training.
Enhances compliance
with the proposed
EMP.
Special
Request
02/14/2013
Special
Request
04/2013
to
08/2013
Fully implemented
Institution is in
compliance with
rules, regulations,
policies and
procedures.
Fully implemented
Institution and
departments are in
compliance with
rules, regulations,
policies and
procedures.
Incomplete /
Ongoing
Management
started to
implement controls
to mitigate risks in
preparation for the
full implementation
of PeopleSoft.
Enhances operational
and fiscal
effectiveness, reduces
inefficiencies and
mitigates risks.
III.
ExternalQualityAssuranceReview
EXECUTIVESUMMARY
InaccordancewithTheIIAInternationalStandardsfortheProfessionalPracticeof
Internal
Auditing(Standards),theUniversityInternalAuditingCharterandasdirectedbythe
Directorof
AuditingandConsultingServices,weconductedaqualityselfassessmentoftheinternal
auditactivityoftheUniversityofTexasatElPaso(UTEP)OfficeofAuditingand
Consulting
Services(OACS)inpreparationforvalidationbyanindependentassessor.Our
conclusionisthattheOACSInternalAuditfunctiongenerallyconformswithTheIIA
Standardsforthe
ProfessionalPracticeofInternalAuditing(Standards),theU.S.Government
Accountability
OfficesGovernmentAuditingStandards,theIIACodeofEthics,andtheTexasInternal
AuditingAct.Ourconclusionisbasedoncompletionofaselfassessmentusingthe
MasterPeer
ReviewProgramdevelopedbytheTexasStateAgencyInternalAuditForum(SAIAF),
guidancesetforthintheIIAQualityAssessmentManualfortheInternalAuditActivity,
6thedition,andthereviewoffoursetsofworkingpapersusingtheSAIAFWorking
PaperReviewTool.The
IndependentValidatorsconcurwithourconclusion,asnotedintheattached
Independent
ValidatorsStatement.TheperiodreviewedfortheselfassessmentwasSeptember1,
2010throughMarch31,2011.Aspartofourcommitmenttocontinuousimprovement,
duringtheselfassessmentweidentifiedopportunitiestoenhanceourprocessesand
documentation,andhaveidentifiedtheminthefinalsectionofthisreportentitled
OpportunitiesforImprovement.
TheIIAQualityAssessmentManualsuggestsascaleofthreeratings,generally
conforms,partiallyconforms,anddoesnotconform.GenerallyConformsisthe
topratingandmeansthatanIAactivityhasacharter,policies,andprocessesthatare
judgedtobeinconformancewiththeStandards.PartiallyConformsmeans
deficienciesinpracticearenotedthatarejudgedtodeviatefromtheStandards,but
thesedeficienciesdidnotprecludetheIAactivityfromperformingitsresponsibilitiesin
anacceptablemanner.DoesNotConformmeansdeficienciesinpracticearejudgedto
besosignificantastoseriouslyimpairorprecludetheIAactivityfromperforming
adequatelyinallorinsignificantareasofitsresponsibilities.
OPPORTUNITIESFORIMPROVEMENT
Ourselfassessmenthelpedidentifythefollowingareaswherepracticesand/or
documentationcouldbeenhanced:
TimelinessofDirectorWorkpaperFinalApprovals:
Duringthecourseoftheselfassessment,itwasnotedthataftertheprojectleadhad
completedthedetailedreviewofaproject,thedirectorfinalapprovalsoftheprojects
werenotcompletedonatimelybasis.Forthefourspecificprojectsreviewed,the
planning,fieldwork,andreportingsectionswerenotformallyapprovedinTeamMate
untilafterthereportwasissued.
ManagementResponse:
Staffandmanagementaremakingconcertedeffortstotimelycommunicatedatesand
availabilityofsectionsreadyformanagementreviews.Inthefuture,qualityassurance
andfinalreviewsbytheDirectorwillbeperformedonamoretimelybasisandpriorto
reportissuance.
AuditCycleTime:
Fourprojectswerereviewedduringtheselfassessment.Basedontheworkperformed,
itwasnotedthatthelengthoftimebetweenwhentheengagementnotificationwas
sentandthereportpublishedaveragedfourmonthsormore.
ManagementResponse:
AnewinternalpolicywasadoptedonJune30,2010whichprovidesrecommended
timelinestocompletevarioussectionsofanauditproject.Theoverallobjectiveisto
completeauditprojectsfromplanningthroughtheissuanceoftheauditreportwithina
tenweekperiod.Exceptionstothetimelinewouldbeincaseswheretheclienthas
requestedtheauditbedeferred/suspendedtoaccommodateuniquecircumstances
suchaselectronicsystemimplementationorenhancement,changesinpersonnelor
otherpriorityactivitiesrequiredoftheclientbyseniormanagementinwhichtheaudit
processwouldinterferewithotherclientactivities.Managementwillincrease
monitoringeffortstomorecloselymeettimelycompletiongoals.
CommunicatingResults:
Basedontheprojectsreviewed,threeofthefourfinalreportswerenotdistributedto
theappropriateexternalpartiesonatimelybasis.Thefourthreportreviewedwasa
followupreport,whichisnotdistributedoutsidetheuniversity.Werecommendthata
procedurebeaddedtoTeamMateintheReportingsectionrequiringtheleadauditorto
obtainandattachdocumentationverifyingtheactualdistributionofthereportto
externalparties.
ManagementResponse:
WeagreeandanewproceduralstepisbeingcreatedinTeamMatetoensurereports
aredisseminatedtoallappropriateexternalpartiesuponreleaseofthereportto
management.Theprocedurewillrequiresignoffbytheassignedseniorauditor
confirmingcopieshavebeendistributed.
DocumentationofConsultingandSpecialInvestigations:
Wedonothaveformalproceduresfordocumentingconsulting/specialrequestprojects.
Duringthefollowupreviewofthe2008selfassessment,aprojecttemplatewas
suggestedasadocumentationtool.Thecurrentreviewindicatedthetemplatehadnot
beenimplemented.Werecommendthatastandardizedprocessforconsulting/special
requestprojectsbemadeapriority.
ManagementResponse:
Weagreethatastandardizedprocessforconsultingandspecialprojectsshouldbe
developedandimplemented.WewilldevelopatemplateforuseinTeamMatewhich
willformalizetheprocess.
However,wewillcontinuetoperforminvestigationsoutsideofthenormalauditand
specialprojectenvironment,andspecificallyexcludethemfromTeamMate.
OrganizationalIndependenceandObjectivity:
BasedonthepreviousQARandsubsequentfollowupreview,thecurrentpracticeisfor
the
AuditDirectortoreportfunctionallytothePresidentandadministrativelytothe
ExecutiveVice
President.Inreviewingthecurrentorganizationalcharts,itwasnotedthattheDirector
hasafunctionalreportingline(solidline)totheExecutiveVicePresident.Thisshouldbe
changedtoadottedlinetoindicateadministrativereporting.Additionally,theHuman
Resources
ManagementSystem(HRMS)showstheDirectorasaprimaryreporttotheExecutive
Vice
President,withnosecondaryreport.ThisshouldberevisedtoshowthePresidentasthe
primary
reportandtheExecutiveVicePresidentasthesecondaryreport.
ManagementResponse:
EffortstomaketheorganizationchartandHRMScorrectionswillbeimmediately
initiated.
AssessmentofFraudRiskinthePlanningStage:
GovernmentAccountingStandard(GAS)7.30statesthatInplanningtheaudit,auditors
shouldassessrisksoffraudoccurringthatissignificantwithinthecontextoftheaudit
objectives.
Sincewedontcurrentlydocumentthisintheplanningstage,itisrecommendedthat
specificquestionsregardingfraudbeaddedtoourcurrentICQformtoindicateour
considerationoffraudriskforeachproject.
ManagementResponse:
WeagreeandwillincorporateintotheICQspecificreferencesandquestionsrelatingto
clientspecificknowledgeoffraudulentactivityanddeterminingtheextentofclient
recognitionoftheredflagsoffraud.
DefinitionofInternalAuditing:
Standard1010requiresthedefinitionofInternalAuditingtoberecognizedinthe
charteranditsuggeststhatthechiefauditexecutiveshoulddiscussthedefinitionof
Internal
Auditingwithseniormanagement.Thecurrentcharterdoesnotcontainthedefinition
of
InternalAuditing.Werecommendthatthecharterbemodifiedtoincludethedefinition
ofinternalauditingandthattheDirectordiscussthedefinitionwiththeAudit
Committeeatleastannually.
ManagementResponse:
ThecharterwillbemodifiedtoincludethedefinitionofInternalAudit.
CodeofEthics:
Thereiscurrentlynotaprocessinplacetorequiretheauditstafftoaffirmtheir
responsibilitiestoconformtotheIIACodeofEthics.Werecommendthattheaudit
projectobjectivitystatementbemodifiedtoincludethisaffirmationorthatanannual
acknowledgementstatementberequiredofallIAprofessionalstafftoacknowledge
theirresponsibilitiestoconformtotheIIACodeofEthics.
ManagementResponse:
Anacknowledgementstatementaffirmingeachstaffmembersresponsibilitytoconfirm
tothe
IIACodeofEthicswillbeaddedtotheprocessandincludedwiththeannualConflictof
Interest
Statementacknowledgedbyeachstaffmember.
FollowupActivity:
Implementamechanismtoensurefollowupproceduresareperformedinatimelier
manner.
Thiscanbeaccomplishedbyissuingquarterlyfollowupstatusreportscoveringmultiple
engagements.
ManagementResponse:
Changeshavebeenmadetotheexceptionstrackingdatabasetoensurethatfollowups
are
entered and responsibility has been assigned to more timely identify audits ready for
followup.
OVERALLCONCLUSION
TheUTEPOfficeofAuditingandConsultingServicesiscommittedtocontinuous
improvement.Theselfassessmentallowedustheopportunitytorevisitandimprove
ourpracticesandrelateddocumentation.
OVERVIEW ....................................................................................................................................................1
IDENTIFICATION OF THE AUDIT UNIVERSE AND RISK ASSESSMENT...........................................1
SCOPE OF AUDITS .......................................................................................................................................6
BUDGET AND STAFFING ...........................................................................................................................6
CALCULATION OF FY 2013 AUDIT HOURS ............................................................................................7
COMMENTARY ON VALUE ADDED...........7
INSTITUTIONAL PROCESSES AND RELATED SUB-PROCESSES .......................................................8
In accordance with the Texas Internal Auditing Act (Article 62525d, Vernons Texas Civil
Statutes),TheUniversityofTexasSystemAdministrationPolicyUTS129InternalAuditActivities,
and The Institute of Internal Auditors International Professional Practices Framework (IPPF)
PerformanceStandard2010Planningand2210PlanningConsiderations,wehavepreparedan
auditplanforfiscalyear2014The2014AuditPlanisadescriptionoftheinternalauditactivities
thatwillbeperformedbytheOfficeofAuditingandConsultingServicesinfiscalyear2014
Theprocessofpreparingthe2014AuditPlanincludedidentifyingthoseareasthatareconsidered
themostimportantandensuringthatactivitieswiththegreatestriskareaudited.TheInternal
AuditCommitteereviewedandapprovedthe2014AuditPlan.MembersoftheInternalAudit
Committeeprovidedinput,asdidDeansandDepartmentDirectors/Chairs,whereappropriate.
TheInternalAuditCommitteeiscomprisedofthefollowingmembers:
Dr.DianaNatalicio,PresidentandChairoftheInternalAuditCommittee
Dr.JuniusGonzales,Provost,VicePresidentforAcademicAffairs
Ms.CynthiaVilla,VicePresidentforBusinessAffairs
Dr.StephenRiter,VicePresidentforInformationResourcesandPlanning
Dr.GaryEdens,VicePresidentforStudentAffairs
Dr.HowardDaudistel,SeniorExecutiveVicePresident
Dr.RobertoOsegueda,VicePresidentforResearch
Mr.RichardAdautoIII,ExecutiveVicePresident
Ms.CarolynMora,ExternalMember
Inputwasalsoreceivedfrom;Mr.JerryCochrane,ChiefInformationSecurityOfficer;Mr.Jesse
Manciaz,InterimDirectorHumanResourceServices;Ms.SandraVasquez,DirectorInstitutional
Compliance;Mr.BobStull,AthleticDirector;Dr.CatieMcCorryAndalis,AssociateVicePresident
OfficeofStudentLife;Dr.JorgeVillalobos,DirectorFacilitiesServices;Mr.JuanGonzales,Director
StudentBusinessServices;Mr.SteveShults,DirectorIntercollegiateAthletics;andMs.Teresa
Almengor, Senior Research Administrator. The Internal Audit Committee members, these
individuals,andselectedmembersoftheirstaffs,providedinformationrelativetotheirspecific
areas of responsibility, plus insight into other areas in which they interacted, had knowledge
and/oropinions.
IDENTIFICATIONOFTHEAUDITUNIVERSEANDRISKASSESSMENT
TheInstituteofInternalAuditorsInternationalProfessionalPracticesFramework(IPPF)requires
thatinternalauditorsdevelopanauditplanbasedontheassignmentofrisktotheaudituniverse.
TheaudituniverseisasubjectiveassessmentofauditableareasattheUniversityofTexasatEl
Paso(UTEP).Toidentifytheaudituniverse,wereviewedpriorauditplans,theannualfinancial
report (AFR), the budget; various risk assessments, and a fiveyear history of audit activity
(AppendixH).Theauditplanwasbrokendownintosevenmajorcategoriesandsubcategories
(AppendixA):
Financial
Operational
Compliance
InformationTechnology
Withineachoftheabove,subcategoriesof:
UTSystemorExternallyRequired
RiskBasedTierOne:InstitutionalProcesses
RiskBasedTierTwo:AuditableAreas
5. FollowupAudits
6. Projects
7. Reserve
Considerationofthefollowingwasgivenindevelopingthe2014AuditPlan:
Managementinput
Variousriskassessments
Economicalandefficientuseofinternalauditresources
Required activities (i.e., KTEP FM Radio audit, Annual Financial Reporting, NCAA
Compliance,etc.)
Requirementsofthefollowingactionplans:
o 1994ActionPlantoEnhanceInternalControlsthroughAwareness,Accountability,
andAuditCommittees
o 1996ActionPlantoEnhanceInternalControls
o 1998and2003ActionPlanstoEnhanceInstitutionalCompliance
In the development of the 2014 Annual Audit Plan, the Assurance Continuum Enterprise Risk
Management Model (ERM) was used as the risk assessment methodology. The ERM risk
assessmentmethodologywasusedinplanningforauditsintheRiskBased:TierOne:Institutional
ProcessesandRiskBased:TierTwo:AuditableAreascategories.
Thefollowingdescribesourplanningprocesstopreparethe2014AuditPlan.
RISKASSESSMENTMETHODOLOGY
A Tier One (Institutionwide Risk Assessment) was performed using the following Processes
(AuditableUnits)applicabletoacademicinstitutions:Thesubprocessesincludedineachprocess
areidentifiedinAppendixA.
ACADEMICINSTITUTIONPROCESSES
1. GovernanceandLeadership
UTEP 2013 Annual Internal Audit Report Page 43
ATierTworiskassessmentisrequiredforResearch,InformationTechnology,andAthletics.The
verticalaxisofeachTierTworiskassessmentincludesthesubprocesseslistedinAppendixA:
TheTierOneandTierTworiskassessmentswereperformedusingtheERMmodel,andforeach
a Risk Footprint was developed. The vertical axis of the Tier One footprint is the applicable
businessprocessesfromthelistabove.Thehorizontalaxisisthebusinessriskidentifiedand
rankedforeachprocess.Allidentifiedbusinessriskforaprocessincludedfinancial,compliance
andoperational.
VALUATIONOFIMPACTANDPROBABILITY
IMPACTTheimpactofariskistheeffectasingleoccurrenceofthatriskwillhaveuponthe
achievementoftheinstitutionsgoalsandobjectives.Therearethreevalues:
HIGHTheeffectwillcausethecomponentnottoachieveitsgoalsandobjectives:itisa
showstopper
MEDIUM The effect will cause the institution to operate inefficiently and/or expend
unplannedresourcestomeetgoalsandobjectives
LOWTherewillbenomeasurableeffectupontheachievementofinstitutionalgoals
andobjectives
The following factors were presented for consideration during the assessment of IMPACT for
eachelementintheriskpopulation:
HumanHealthandSafety
Societal/Environmental
Monetary(financial,economicorcasualty)
Business/Operations
InformationTechnology(andsecurity)
PublicRelations
UTEP 2013 Annual Internal Audit Report Page 44
ReportingandDisclosure
Strategic
Compliance
PROBABILITYTheprobabilitythatariskwillbecomerealityalsohasthreevalues:
HIGHAneventisinevitable,orthereisagreatlikelihoodthataneventwilloccur.
MEDIUMTheriskisneitherextremelylikelynorhighlyunlikely.Theprobabilityofan
eventissimilartooccurrenceswithinthenormalcourseofoperations.
LOWTheriskofaneventishighlyunlikelyorwouldrequireacombinationofmultiple
failures.
Past experience within the institution and within higher education was used in deciding
probability. Probability is assessed as if only Level 1 Controls (those in place or exercised at
execution)exist.
ThefollowingfactorswerepresentedforconsiderationduringtheassessmentofPROBABILITY
foreachelementintheriskpopulation:
History
ConflictsofInterest
SusceptibilitytoFraudofTheft
ChangesinKeyLeadershiporPersonnel
KnownWeaknessinControlActivities
PoliciesandProceduresinNeedofUpdate
ComplexityofUnitorProcess
Theriskfootprintswereconvertedtothefinalproductinthefollowingmanner:
TheTierOneRiskFootprintprocessesthatdidnothaveaTierTwoRiskFootprintwere
includedintheAnnualAuditPlanbaseduponthenumberofcriticalriskseachcontained.
Thesubprocesseswithineachprocesswhichcontainedtheidentifiedcriticalrisksare
includedintheauditplan.
TheTierTwoRiskFootprintsareincludedinthisarearegardlessoftheirpositiononthe
TierOne(Institutionwide)riskfootprint.Thesubprocessestobeauditedarethosefrom
eachTierTworiskfootprintthathavethehighestrankedriskorthelargestnumberof
criticalrisks.
FollowupAudits
InaccordancewiththeInstituteofInternalAuditorsPerformanceStandard2500Monitoring
Progress,afollowupprocessisinplacetomonitorandensurethatmanagementactionshave
beeneffectivelyimplemented,orthatseniormanagementhasacceptedtheriskofnottaking
action.Implementationdatesofauditreportrecommendationsaremonitoredandfollowing
thosedates,thestatusofauditrecommendationsaredeterminedandreportedtomanagement.
ChangeinManagementAudits
Theauditableuniversewasdevelopedthroughinquirieswithcollegedeans,directorsandvice
presidents. The goal of performing changeinmanagement audits is to provide a consulting
servicetonewmanagersbyreviewingexistinginternalcontrolsandprovidingtheinformation
necessary for the development of an adequate internal control system, which will provide
reasonable assurance of sound management. Selected colleges/departments with new
Deans/Directorswillbeaudited.Sincemostoftheworkisdoneonanasrequestedbasis,arisk
assessment was not performed and audits are determined as management changes occur
throughoutthefiscalyear.
Projects
The goal of performing special projects is to provide management with analyses, appraisals,
recommendations,counsel,andinformationconcerningtheactivitiesreviewed.Includedinthis
categoryofauditsare,internalandexternalqualityassurancereviews,UTSystemrequestsand
specialrequestsandinvestigations.Muchoftheworkiseitherdoneasmandatedoronanas
requestedbasis;therefore,ariskassessmentwasnotperformed.
Reserves
Hoursarereservedforengagements(specialrequests,investigationsandconsulting)thatare
notidentifiedorknownatthetimetheplanisestablished,butfrompastexperiencewillbe
requiredandassignedduringtheyear.Asthefiscalyearprogressesandengagementsbecome
known,thesehourswillbereallocatedtotheappropriatecategoriesdesignatedintheplan.
UTEP 2013 Annual Internal Audit Report Page 46
CarryforwardAudits
Carryforwardauditsarethose20122013AnnualAuditPlanauditsthatareinprogressat
August31,2013.
2014RiskAssessments
ProcessRiskassessmentsarelocatedinAppendicesBthroughE.
SCOPEOFAUDITS
The International Professional Practices Framework (IFFP) addresses the scope of work as
follows:
"Thescopeoftheengagementshouldincludeconsiderationofrelevantsystems,
records, personnel, and physical properties, including those under control of
thirdparties.
Inperformingconsultingengagements,internalauditorsshouldensurethatthe
scopeoftheengagementissufficienttoaddresstheagreeduponobjectives.
Internalauditorsshould:
Theplannedscopeofeachoftheauditsinthe2014AnnualAuditPlanisdescribedin
AppendixA.
BUDGETANDSTAFFING
ThebudgetfortheOfficeofAuditingandConsultingServiceswaspreparedinaccordancewith
U.T.SystemAdministrationandUTEPguidelinesandwasapprovedbyUTEPAdministrationand
theBoardofRegents.
Career development for the staff is a strategic goal of the Office of Auditing and Consulting
Services. It is the Directors practice to create a working environment that facilitates career
opportunities for the audit staff within and outside the office. The Office of Auditing and
Consulting Services will continue its efforts toward developing staff to their highest potential
through the performance of operational audits, exposure to high levels of management, and
trainingtargetedatnontraditionalauditareasandachievementofprofessionalcredentialing.
CALCULATIONOFFY2014AUDITHOURS
TheCalculationofAvailableHoursisincludedinAppendixGandtotaldirecthoursassignedto
auditsandprojectsarereflectedinAppendixA.
COMMENTARYONVALUEADDEDOFAUDITPLANUPDATE
General:
Thedefinitionof"VALUEADDED"canvaryconsiderablyfromoneauditdepartmenttothenext
butforOACSitdescribesauditworkthatwillhelpmanagementmeettheUniversitysgoalsand
objectivesinadditiontoverifyingcompliancewithpoliciesandprocedures.Organizationsare
lookingtointernalauditingdepartmentstoaddvalue,improvecostcontrols,andsolveproblems.
Motivated by the universal mandate to curtail expenses and boost efficiencies, the auditing
departmentwillseekwaystoaddvalue.
Generalplanobjectives:
Planauditsaccordingtotheresultsoftherisksensitiveenvironmentreview.
Executeauditsemphasizingacostconsciousculture.
Focusonissueidentificationandseekimprovementresolutionandhighlightattention
tofutureperformancebybringinginsight,knowledge,judgment,andanalyticalskillsto
allauditandconsultingengagements.
Becomeawareandarticulatechangeswhenperceptionsofriskchangethroughoutthe
year.
Aggressivelyandconstructivelyconsideremergingtechnologyrisksand
improvementopportunities.
Objectivesoftheinternalauditprofessionalstaff:
Havetheexpertisetoaskinsightfulquestions.
Establishavaluebasedculturethroughwordandaction.
Keepconstituentsknowledgeablethroughouttheauditprocess.
Differentiateandbalancediscussion,guidance,anddirectives.
Continuallyassessmanagementsplanstoensurefuturesuccess.
Measureperformanceagainstforwardlookingmeasuressuchasbenchmarkingand
practices.
Build and maintain relationships of mutual trust and respect and engage in open
dialogueandregularinteraction.
Maintainacoreofexperiencedauditstaffwithindepthknowledgeofauditskills
supportedwithcontinuoustraining.
I. Governance&Leadership
A.
B.
C.
D.
E.
F.
Governance
OrganizationalStructure
OfficeofthePresident
InternalCommunications
LegalServices
InternalandExternalAuditing
1. SingleAuditAct
2. TexasInternalAuditingAct,Article62525d
3. InstituteofInternalAuditorsStandards
4. GenerallyAcceptedGovernmentalAuditingStandards
II. Instruction&AcademicSupport
A. ManagementofDepartments&ProgramsofStudy
1. EducatorCertification
B. Accreditation/InstitutionalEffectiveness
1. 170HourRule
2. 120HourRule
3. IntegratedPostsecondaryEducatorDataSystems
4. LegislativeBudgetBoardPerformanceMeasures
5. ReportstotheTexasHigherEducationCoordinatingBoard
6. ReportstoUTSystem
C. ProgramDevelopment&ProgramEvaluationProcess
1. OfficialInventoryofPrograms
D. Faculty
1. Recruitment&TenurePolicies
2. Development
3. Turnover
4. Workloads&Productivity
5. DegreeProductivity(numbergrantedvs.numberoffulltimefaculty)
6. VerificationofFacultyQualifications
7. RightsandResponsibilitiesofFaculty
E. Instructional&AcademicTechnology
F. SpecialPrograms
1. DevelopmentalEducation
2. StudentswithDisabilities
3. StudyAbroad
G. CourseScheduling&Availability
1. Undergraduate
2. Graduate
3. DistanceEducation
4. ProfessionalandPublicPrograms
H. DeploymentofResourcesamongAcademicPrograms
UTEP 2013 Annual Internal Audit Report Page 50
III. Research&Development
A. FinancialIssuesGrants&ContractsManagement
1. CostTransfersEffortReporting
2. CostSharing
3. Facilities&AdministrativeCostAccounting
4. FinancialReportingtoGrantingAgencies
5. CashManagement
6. RecordsArchivingC&G
7. SubrecipientMonitoringExpenditure
8. ARRA
B. AnimalResearch
1. VeterinarianServices
2. InstitutionalAnimalCareandUseCommittee
3. Preparationofcertificationsandassurances
C. HumanSubjectResearch
1. InstitutionalReviewBoard(ProtectionofSubjects/participants)
2. ProtectionofResearcher
3. ProtectionofResearch
4. Preparationofcertificationsandassurances
D. SponsoredPrograms
1. EffortReporting
2. NegotiationofAgreements
3. Preparationofcertifications&assurances
4. CoordinationofgiftsandgrantswithDevelopmentoffice
5. OGCGuidelinesforcontractsandsubcontracts
6. Backdoorawards
7. ExportControllicensing/lawsInternationalTrafficinArmsRegulations(ITAR)
8. AdministrationofContracts,Grants&CooperativeAgreements
UTEP 2013 Annual Internal Audit Report Page 51
IV. StudentServices(AcademicInstitutions)
A. AdministrationAcademicServices
B. RecruitmentProcessing
C. AdmissionsProcessing
D. EnrollmentManagement
1. Title19
E. RegistrationProcessing
F. StudentRecords
G. FinancialAid
1. Reporting
2. DrawingDown
3. ReturnofFunds
4. Institutional/ProgramEligibility
5. CashManagementRules
6. StateRegulationsandReporting
7. Recertification
8. CompletiononDOEQuarterlyReportDisbursements
9. StudentEligibility
10. Verification
UTEP 2013 Annual Internal Audit Report Page 52
V. HumanResourceManagement
A. Organizational&StaffingofHumanResourcesFunction
1. PersonnelRecordsAdministration
B. ClassificationandSalaryAdministration
1. FairLaborStandardsAct
C. AppointmentofRelatives
D. LeaveAdministration
E. PerformanceAppraisalSystem
F. Recruitment&SelectionProcess(nonfaculty)
G. HiringPractices(nonfaculty)
1. VeteransPreferences
H. StaffDevelopment&ContinuingEducation
I. EmployeeRelations&GrievanceProcess
1. DisciplineandDismissalofEmployees
J. StaffTurnover
K. ContractingforHumanResourcesrelatedFunctions
L. CriminalBackgroundChecks
M. EqualOpportunityandAffirmativeAction
UTEP 2013 Annual Internal Audit Report Page 53
VI. FinancialManagement
A.
B.
C.
D.
Organization&Management
Budgeting&Planning
BudgetMonitoring&Review
AccountsPayable
1. Issuanceof1099and1042FormsforVendorPayments
2. PromptPayment
3. VendorPayments
E. PayrollManagement
1. MandatoryGarnishmentsforTaxLevies,Bankruptcies,ChildSupport&Student
Loans
2. ChildSupportEnforcementRequirements
3. VoluntarySalaryDeductions(i.e.SavingsBonds,Annuities,UTFlex)
4. Withholdingoftaxesfromemployeewagesandtimelydeposits
5. NonresidentAlienTaxation
6. FederalTaxReporting
7. IRSCode117,amendedbyTaxReformAct&TMRAof1988
8. RetirementContributions
9. TRSReportingandTransmittaloffunds
10. ORPcollectionoffunds,transmittaloffundsandreporting
F. AccountingProcedures&InternalFinancialControls
G. Reporting(regulatory&management)
1. ReportingRequirements
2. PreparationofQuarterlyStateAuditorFullTimeEmployeeReport
3. AnnualFinancialReport
4. SPAtoAFRReconciliation
5. UnclaimedPropertyManagementandReporting
6. CodingofAccounts
UTEP 2013 Annual Internal Audit Report Page 54
VIII.
7. ControlofNonStandardorNonRecurringJournalEntries
SegregationofDutiesandReconciliationofAccounts
ApprovalofImproper/ErroneousDisbursementsbyProcessingUnits
ConflictofInterestandFinancialDisclosure
LiquorLicense
TravelManagementServices
EmergencyLoanProgrammanagement,fundingandcollection
TravelManagementServices
InterestAllocation
StudentGeneralPropertyDeposit
RedFlagRules
Asset&RiskManagement
Organization&Management
CashManagement/InvestmentManagementStrategies
Endowments&Gifts
InvestmentManagement,InvestmentStrategies,andPublicFundsInvestmentAct
FixedAssetManagement,TrackingandCounting,Reporting&SurplusProperty
InsuranceCoverage,RiskManagement,Safety,andWorkersComp
BondedIndebtednessandIssuance
TuitionandFeesManagement
1. MgmtofCollectiononOverdueStudentReceivables&NSFChecks
2. AccountsReceivableTuitionandFeesCollectionProcess
3. FeesAllocation&Justification
Purchasing&Warehousing
A.
B.
C.
D.
E.
F.
G.
H.
I.
Organization&Staffing
Policies&Procedures
BidandContractingProcesses
SpecialProceduresContracts
Leases
BestValueYellowPagesTest
ProcurementCard
HistoricallyUnderutilizedBusinessProgram
PurchasingEthicsandConflictofInterest
1. VendorSelection
J. ProcurementofConsultingServices/ProfessionalServices
K. ProcurementPlanReport
L. UniversityRecordsRetentionandDestruction
M. ContractPerformanceMonitoringContractsover$100,000
IX. InformationTechnology(doesnotincludeenduserapplications)
G. PlanningandOrganization
X. UniversityRelations&AlumniAffairs
A. Community&AlumniInvolvement
1. Partnerships
2. DevelopmentOffice
3. AlumniRelationsOffice
4. Printed&ElectronicCommunications
B. Public&MediaRelations
C. PublicService
1. Relevance&ImpactofProgramstoState&LocalCommunity
2. ArtGalleries
3. CentennialMuseum
D. GovernmentalRelations
XI. PlantOperation&Maintenance
A. FacilityPlanning(long&shortrange)
B. RenovationsandRepairs
C. SpaceUsageEfficiency
D. MaintenanceOperations
E. CustodialServices
F. TransportationMotorPool
G. ConstructionProgramManagement
UTEP 2013 Annual Internal Audit Report Page 56
LandscapingandGrounds
Utilities/EnergyManagement
WarehouseOperations
FacilitiesManagement(DonHaskins&SunBowl)
ContractedOutsideServices
XII.
AuxiliaryandServiceDepartments
A. Housing
1. Availability
2. Quality
3. Cost&Services
4. Facilities
5. Health&Safety
6. Administration/Fiscal
B. Printing&Copying
C. MailServices
D. UnionServices
E. SpecialEvents
F. TicketCenter
XIII. EnvironmentalHealthandSafety
A. LaboratorySafety
B. NFPALifeSafetyCode(FireSafety)
C. EPAResourceConservationRecoveryAct(TNRCCHazardousWasteRules)
D. ControlledSubstances
E. PrecursorChemicalsControlledGlassware
F. BureauofRadiationControlRadioactivematerials
G. TDH/PCBAsbestosRulesToxicSubstanceControlAct
H. BureauofRadiationControlLaserRegulations
I. BureauofRadiationControlRadiationMachines
J. CleanAirAct(AirEmissions)
K. TNRCC(StormWaterRunoff)CleanWaterAct
L. SelectAgentRule
M. TexasWorkersCompensationAct
N. HazardousMaterialsShippingrequirements(IATA,DOT,FAA)
O. BSL3Oversight
P. DHSAntiterrorismStandards
XIV. IntercollegiateAthletics
A. InstitutionalControlAthletics
1. ExtraBenefits
2. FinancialAidandFederalFinancialAidRegulations
3. PlayingandPracticeSeasons
4. Recruiting
UTEP 2013 Annual Internal Audit Report Page 57
B.
XV.
A.
B.
C.
D.
E.
5. Education
6. Infractions
7. SummerCamps
8. Amateurism
9. EligibilityofAthletes
10. StudentWelfare
11. GenderEquity
AdministrationAthletics
1. LicensingandTrademarkLaws/Ethicsandsystemviolation
2. AthleticDepartmentCertification
3. AnnualConferenceComplianceAudit
4. EmploymentContractsandConductofEmployees
5. DepartmentP&PManualAthletics
6. AnnualFinancialAudit
7. NCAAHomeFootballAttendance
InformationResourcesUseandSecurity
AdministrativeManagementControls
1. AssignmentofResponsibilities
2. PeriodicReviewofSecurityControls
3. IncidentResponseCapability
4. SecurityandTechnicalTraining
5. SystemAuthorizationandReauthorizationProcedures
6. AccessAuthorization,PersonalClearance&TerminationProcedures
7. SystemorApplicationSecurityPlan(DataCriticality,Backup&DisasterRecovery)
OperationalControls
1. PhysicalSecurity(AccessControls&ContingencyOperations)
2. EnvironmentalControls
3. DesktopUseandSecurity
4. Documentation
TechnicalControls
1. Identification
2. DataIntegrity
TAC202
1. RiskManagement
2. PasswordManagement
3. SeparationofDuties
4. DeviceandDataMediaAccessandDisposal
5. LogicalAccessControls
6. Audittrails
7. Intrusiondetection
UTS165
1. TransmissionSecurity
2. Solicitation,UseandMaintenanceofSocialSecurityNumbers
3. DecentralizedServers
UTEP 2013 Annual Internal Audit Report Page 58
XVI. UniversitySecurityandPoliceDepartment
A. TheCleryAct
B. EmergencyResponsePlans
Appendix A
$418,233,135 FY 14 INSTITUTIONAL BUDGETED EXPENDITURES
FY14 8 BUDGETED AUDITORS GROSS OF VACANCIES
Fiscal Year 2014 Audit Plan
FY2014AuditPlan
Audit/Project
Budgeted
Hours
%of
Total
Description
Financial
Requiredannualauditsupportunder"Reporting(Regulatory
&Management)
UTSystemorExternallyRequiredAudits
FinancialStatementAudit(AFR)
AFR2013Yearend
AFR2014Interim
President'sTravel,EntertainmentandUniversity
ResidenceMaintenanceExpenseAudit
500
TBD
10
ProvidesupporttotheUTSystemauditorsperformingthe
audit.
SupporttothePeopleSoftimplementationteamlocallyand
systemwide
Supporttoexternalauditor
Recurringannualaudit.Mayconsiderinterimtestingfor
selectedaccounts.
1700
PeopleSoftImplementation
KTEPFMRadioStation
Yearend/PeriodicCashCounts
20
100
RiskBasedTierOne:InstitutionalProcesses
TuitionandFeesManagement
350
PayrollManagementSupplementalPayments
250
Emphasisontuition,course,majorfeesandcoursefee
surpluses.
LimitedtoSupplementalPaymentsperdiscoveriesonFY
2012Payrollaudit
RiskBasedTierTwo:AuditableAreas
CarryforwardAudits
FinancialSubtotal
2930
25%
Operational
UTSystemorExternallyRequiredAudits
Executives'TravelandEntertainmentExpenseAudit
RiskBasedTierOne:InstitutionalProcesses
StudentHealthServices
300
OngoingprogramtosampleExecutiveandManagement
travelreimbursements.
300
300
Emphasisonqualitycontrols,vaccines&refrigeration,etc.
Reviewofcompliancewithforeignworkeremployment
regulationswithafocusonstaffvisas.
Limitedreviewofpoliciesandproceduresandstatusof
continuousmonitoring.
CoordinatewithOICtoreviewproposednewprocesses.
AuditprocessinQ4orasimplementationallows.
Visacompliance(StaffVisas)
250
ProcurementCard
350
ConflictofInterest
RiskBasedTierTwo:AuditableAreas
300
RecordingofgiftsandgrantswithinDevelopmentOffice
AthleticsEmploymentContractsandConductof
Employees
Reviewprocessforreportingandrecordinggiftsreceivedby
InstitutionalAdvancement.
ReviewofcoachescontractsandcompliancewithNCAArules
250
300
Reviewoftheregistrationprocessforefficienciesandto
ensureinternalcontrolsareinplace.
400
AnnualChangeInManagementauditsmayalsoinclude
other"key"employees
CarryforwardAudits
EndowmentsandGifts
150
StudentRecords
200
MuseumGiftShopevaluationandrecommendations
forefficiencyandstaffing
150
Validationofcontrolsoverendowmentsandscholarship
accounts.Emphasisondiscretionaryfunds.
Validatecontrolssufficienttojustify"Low"probabilityand
reviewhistoricalareas(grades,etc.)
Limitedreviewofoperationsforchangeinmanagement
focusedprimarilyonproposedchangesinthegiftshop
CIMefficiencyrevewforRegistrationProcessing
ChangeinManagementAudits
OperationalSubtotal
3250
28%
Appendix A
$418,233,135 FY 14 INSTITUTIONAL BUDGETED EXPENDITURES
FY14 8 BUDGETED AUDITORS GROSS OF VACANCIES
Fiscal Year 2014 Audit Plan
FY2014AuditPlan
Audit/Project
Budgeted
Hours
Compliance
UTSystemorExternallyRequiredAudits
NCAAFootballAttendanceAudit
FedPortionofStatewideSingleAudit(assistanceto
SAO)
%of
Total
Description
60
60
NCAAFootballAttendanceaudit
RecurringannualsupporttoStateAuditor'sOffice
RiskBasedTierOne:InstitutionalProcesses
RiskBasedTierTwo:AuditableAreas
EffortReporting
StudentWelfareAthletics
300
200
LimitedtoeffortreportingbyPrimaryInvestigators
Reviewathleticsprogramstoinsuresafety,academicsuccess
andoverallwellbeingofathletes
CarryforwardAudits
TechTransfers,Licensing&Equity
150
PurchasingContractsover$100K
SubrecipientMonitoring
150
200
InternationalAgreements
ExportControls
100
100
Reviewofprocessesfortechnologytransferandrelated
licensesandagreements
Reviewofotherthanconstructioncontractsover$100K
Auditsubrecipientagreementsandreviewmonitoringof
thirdpartycompliance
Reviewofagreementsforclarityandcompleteness
Reviewofexportcontrolprocessesforcompliancewith
federalandstaterequirements
InformationTechnology
1320
11%
InformationTechnology
UTSystemorExternallyRequiredAudits
TAC202InformationSecurity
300
Auditcriteriagroupedtocoverpartseachyearona
continuousbasis.
RiskBasedTierTwo:AuditableAreas
TransmissionSecurity(EncryptionandDataIntegrity)
250
Reviewproceduresforensuringtransmissionencryptionfor
sensitiveandconfidentialinformation
Determineadequacyofproceduresforremovingaccessto
clearingorterminatedemployees
AccessAuthorization,PersonnelClearance&
TerminationProcedures
300
CarryforwardAudits
InformationTechnologySubtotal
Followup
FollowupSubtotal
Projects
ExternalQualityAssessment
850
500
7%
500
4%
120
InternalQualityAssuranceandImprovementProgram
(threeinitiatives)
AnnualAuditPlanDevelopment(includingrisk
assessment)
AnnualInternalAuditReport
AnnualReviews/Evaluations
UTSystem,SAOHotlinerequestedreviews
TeamMate,Idea,WebsiteDevelopmentand
Maintenance
InternalAuditCommitteePreparationandParticipation
150
ExecutiveComplianceCommitteeParticipation
InstitutionalCommitteeMeetings
ProfessionalOrganization/AssociationParticipation
TrainingProvidedbyInternalAudit
10
40
60
120
ProjectsSubtotal
Reserve
Consulting/ManagementRequests
Investigations
ReserveforAuditofEmergingRisks
ReserveSubtotal
TotalHours
Normallyoccurringfollowupreviewsasdeterminedbyprior
recommendationimplementationdates
Prepatoryselfassessmentandassistancefortheexternal
assessment
Workgroupinitiativesandimplementationofnew
procedures
150
30
40
50
30
80
880
8%
700
558
700
1958
11688
17%
100%
# ACTIVITIES
Student Services HH
Human Resource
Management
HH
StudentHealth
Services
HM CounselingCenter HL
ImmigrationReform
StaffingofHuman
andControlActof
Resources
MM
Function
HM 1986
Research &
Development
HM
AnimalResearch
HumanSubject
HM Research
Financial
Management
HM
Payroll
Management
HL
Purchasing
Instruction &
Academic
Support
Environmental
13 HealthandSafety
BudgetMonitoring&
Review
HL
FinancialAid
HL
EqualOpportunity
FacultyVisas
Leave
MM Administration
MM
FinancialIssues
Grants&Contracts
Management
MM
ProposalReview
Budgeting&
Planning
AccountsPayable
MH
PurchasingEthics
andConflictof
Interest
ExportCntrl
licensing/lawsIntl
TrafficinArms
Regs(ITAR)
ML
ML
ML
Leases
StudentRecords
ML
MM
StaffDevelopment&
ContinuingEducation ML
SB1414Student
Camps
ML
Classificationand
Salary
Administration
ML
StudentGrievances LL
Contractingfor
HumanResources
relatedFunctions ML
Administration
AcademicServices
Criminal
Background
Verifications
ResearchEthics
andIntegrity
Organization&
Management
Financial
Management
ConflictofInterest
inSponsored
Research
LL OtherAgreements
LL
Reporting
(regulatory&
management)&
MM CloseOutProcess ML RedFlagRules
ML
Procurementof
Consultingand
ProfessionalServices ML
Reviewand
EvaluationofBid
andContracting
Process
LL
BestValueYellow
PagesTest
LL
LM
CourseScheduling&
Availability
LM
HealthSciences
LL
CoreCurriculum
LL
ML
CustodialServices
ML
FacilityPlan(long
&shortrange)
ML
Landscapeand
Grounds
MM
TechnicalControls MM UTS165
n/a
FixedAsset
Management&
SurplusProperty
LL
Training
ML
ConflictofInterest
andFinancial
Disclosure
MM
10
LL
ML
Administration
StudentServices
Employee
Relations&
GrievanceProcess
LM
Proposal
Development
Segregationof
Dutiesand
Reconciliationof
Accounts
MinerMall
LL
Organization&
Staffing
Faculty
LL
Instructional&
Academic
Technology
Renovationsand
ML Repairs
ML
SpaceUsage
Efficiency
n/a
n/a
n/a
Insurance
Coverage,Risk
Managementand
Safety
n/a
n/a
LL
HM
TuitionandFees
Management
HL
SchoolofNursing
MM
Accreditation/Instit
utional
Effectiveness
MM
Maintenance
Operations
HL
Utilities/Energy
Management
MM
ContractedOutside
Services
MM
Transportation
MotorPool
MM
DigitalResearch
Data
MM
MM
Governance
ML
Operational
Controls
Internaland
ExternalAuditing
TAC202
Organizational
Structure
HazMatShipping
requirements(IATA,
DOT,FAA)
LM
n/a
TDH/PCBAsbestos
RulesToxic
SubstancesControl
NFPALifeSafety
LL
Code(FireSafety) LM Act
Bureauof
RadiationControl
LaserRegulations
HL
Administrative/Ma
nagementControls MM CloudComputing
Officeofthe
LegalServices
HL President
Endowments&
Gifts
MH
Organization&
ManagementAsset
&RiskManagement MH
TuitionandFees
Management
LL
ML
LM
LL
SelectAgentRule
Information
Technology
Planningand
Organization
ContractPerformance
Review&Monitoring
over$100K
LL
EPAResConserv
RecoveryAct(TNRCC
HazardousWaste
Rules)
LM
LL
Monitoring
n/a
n/a
n/a
n/a
BureauofRadiation
controlRadioactive
materials
ML
LaboratorySafety
ML
Offsitebackup
restoration
SecurityforIT
MM Department
ML
Acquisitionand
Implementation
LL
Deliveryand
Support
Emergency
ResponsePlans
ML
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Administration
MM Athletics
Community&
Alumni
ML Involvement
InstitutionalControl
MM Athletics
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
ML
LL
HotelGround
Lease
LL
MailServices
LL
Printing&Copying LL
SpecialEvents
LL
TicketCenter
n/a
Housing
TheCleryAct
Academic
Agreements
Construction
Program
Management
MM PCICompliance
MM
Internal
ML Communications
ML
Cash
Management/Invest
Bonded
mentManagement
Indebtednessand
Strategies
LL
Issuance
LL
PrecursorChemicals
Controlled
ML
MM Glassware
MM BSL3oversight
Information
Technology
HL
UniversitySecurity
andPolice
HL
16 Department
ML
Governmental
Relations
ML
PublicService
LL
Public&Media
Relations
ML
UnionServices
LL
Bookstore
LL
FoodServices
HH, HM
= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
HL, MH
MM, ML, LH
LM, LL
HL
MM SponsoredProjects MM
Accounting
Procedures&
InternalFinancial
MM
MM Controls
Contract
PerformanceReview
&Monitoringover
$100K
MM
Historically
Underutilized
BusinessProgram
Registration
Processing
ProcurementCard HL
Intercollegiate
14 Athletics
University
Relations &
10 Alumni Affairs
Auxiliaryand
Service
12 Departments
MM
HM
PlantOperations&
11 Maintenance
HL
Information
ResourcesUseand
MM
15 Security
Governance &
1 Leadership
HL
3
FamilyEducational
RightsandPrivacy
Act(FERPA)
HL
RISKS
#
4
ACTIVITIES
Sponsored Projects
Financial Issues-Grants
& Contracts
Management
Animal Research
Human Subject
Research
Proposal Review
9
8
Other Agreements
10
6
7
11
Coordinationofgifts
andgrantswith
DevelopmentOffice HH
OGCGuidelinesfor
contractsand
ML Backdoorawards
MM subcontract
DigitalResearch
MM Data
FinancialReporting
toGranting
GrantsAccounts
CostTransfers
Subrecipient
MM ReceivableBilling ML EffortReporting
HM monitoring
MM CostSharing
MM Agencies
Preparationof
InstitutionalAnimal
certifications&
CareandUse
Veterinarian
assurancesIACUC
n/a
ML Services
LL
ML BSL3Usage
ML Committee
Preparationof
InstitutionalReview
certifications&
Protectionof
Board(Protectionof
Protectionof
ML Researcher
ML assurancesIRB
LL
Research
n/a
ML participants)
Eligibilityfor
submitting
Proposal
LL
Compliance
n/a
n/a
MH CostEstimates
ML proposals
Processing
Affiliation
Memorandumsof
International
Agreementswith
Understanding
AgreementsResearch
OutisideAgencies
n/a
n/a
LM ResearchRelated LL
MM Related
HH
EffortReporting
8
Researchand
SponsoredProjects
LL Metrics
LL
LL
Negotiationof
Agreements
Facilities&
Administrative
CostAccounting
Preparationof
certifications&
assurances
LL
Records
ManagementC&G
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
LM
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Proposal Development
Research Ethics and
Integrity
MM Training
Identificationand
Notificationof
Funding
LM
ML Opportunities
ResearchEthicsand
ML Integrity
Proposal
Development
Services
LL
Research
Communication
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Technology Transfer
ConflictofInterestin
SponsoredResearch
Equitypositionsin
LM startupcompanies
LL
ConflictofInterestin
LL SponsoredResearch
IntellectualProperty
Policy
LL
InventionDiscloser LL
n/a
Licensingand
materialtransfer
agreements
LL
NonDisclosure
Agreements
LL
RoyaltyAuditing
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Training
HH, HM
= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
HL, MH
MM, ML, LH
LM, LL
RISKS
1
# ACTIVITIES
Transmission
Security(Encryption
Decentralized
HM andDataIntegrity) MM Servers
11 XVUTS165
Access
Authorization,
PersonnelClearance
XV
Administrative/Management
&Termination
Assignmentof
Controls
MM Procedrues
MM Responsibilities
10 XV TAC 202
MM AuditTrails
IncidentResponse
MM Capability
LogicalAccess
MM IntrusionDetection MM Controls
DesktopUseand
MM Security
XV Operational Controls
XV Technical Controls
Solicitation,Useand
Maintenanceof
SocialSecurity
MM Numbers
Environmental
MM Documentation
MM Controls
Systemand
Adequacyof
Infrastructure
Controls(Application
Security(Securityof
Security)
MM SensitiveData
n/a
Offsitebackup
restoration
n/a
n/a
n/a
n/a
PeriodicReviewof
Securityand
MM SecurityControls
MM TechnicalTraining
Password
MM Management
MM RiskManagement
PhysicalSecurity
(AccessControls&
Contigency
MM Operations)
n/a
n/a
n/a
n/a
n/a
Systemor
ApplicationSecurity
Plan(Data
Criticality,Backup,
SystemAuthorization
&Disaster
andReauthorization
MM Procedures
MM Recovery)
DeviceandData
MediaAccessand
MM SeparationofDuties ML Disposal
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
MM DataIntegrity
MM Identification
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
14 XVDigitalResearchData
MM CloudComputing
DigitalResearch
MM Data
n/a
n/a
n/a
n/a
n/a
n/a
12 XVPCICompliance
MM PCICompliance
n/a
n/a
n/a
n/a
n/a
IX Information Technology
Planning and Organization
Financial
ML Management
Compliancewith
External
LM Requirements
n/a
Organization
(Communication,
Relationships,
HumanResources
LL
Project
Management
LL
n/a
n/a
ManageProblems
ML andIncidents
LL
ManageData
LL
ManageFacilities
LL
n/a
n/a
IX Acquisition and
Implementation
Acquireand
MaintainTechnology
LL
ML Infrastructure
DefineandManage
ServiceLevels
LL
Acquireand
Maintain
Application
Software
IX Monitoring
LL
n/a
13 XVCloudComputing
ProcessMonitoring
LL
StrategicPlanning
andTechonological
Direction/Planning
Manage
Performanceand
Capacity
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
HH, HM
= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
HL, MH
MM, ML, LH
LM, LL
RISKS
1
# ACTIVITIES
Institutional
1 Control - Athletics HM
StudentWelfare
MH
Administration
2 Athletics
Employment
Contractand
Conductof
Employees
AnnualFinancial
MM Audit
HM
Infractions
MH
MM
Recruiting
Education
MM
MM
Amateurism
GenderEquity
MM ExtraBenefits
ML
NCAAHome
FootballAttendance LL
HH, HM
= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
HL, MH
MM, ML, LH
LM, LL
FinancialAid
Playingand
andFedFin
Practice
MM AidRegs
MM Seasons
AthleticDept
Certification LL
DeptP&P
Manual
Athletics
8
Summer
MM Camps
LL
NCAA
Reporting
Academic
Performance
and
Graduation
LL Rates
9
Eligibliltyof
Athletes
n/a
Tier One and Tier Two - Red Risks NOT Covered in Audit Plan for FY 2014
Ranking
Risk
Explanation/Mitigation
HM
Counseling Center
Reassess in 2014
HM
Reassess in 2014
HM
Follow-up 2014
Director
Audit & Project
General Administration
Training/CPE
Holidays
Vacation & Sick Leave
Total Hours
Managers &
Supervisors
Staff
Total
1,046
2,996
7,646
11,688
70%
592
96
104
242
441
192
208
323
839
506
520
889
1,872
794
832
1,454
11%
5%
5%
9%
2,080
4,160
10,400
16,640
100%
Note:
The total hours are based on 8 budgeted positions net of 1 estimated vacancy at
the staff level.
Audits
President
Intercollegiate Athletics
FY 2009
FY 2010
FY 2011
FY 2012
FY 2013
A/S
A/S
A/S
A/S
A/S
F-Follow Up Audit
-Athletics Receivables
-Athletics Summer Camps
-Athletics Business Plan
President's Office
Provost
Academic Affairs
College of Business Administration
-Accounting
-Economics and Finance
-Information and Decision Sciences
-Marketing and Management
-Dean's Office
College of Education
-Teacher Education
-Educational Leadership
-Educational Psychology
-Dean's Office
College of Engineering
-Civil Engineering
-Computer Science
-Electrical and Computer Engineering
-Engineering Programs
-Mechanical and Industrial Engineering
-Metallurgical and Materials Engineering
-Dean's Office
College of Health Sciences
-Continuing Education in Nursing
-Institute for Border Health
-School of Allied Health
-Kinesiology Department
-School of Nursing
- Occupational Therapy
- Physical Therapy
-Student Health Center
-Dean's Office
College of Liberal Arts
-African-American Studies
-Art
-Asian Studies
-Chicano Studies
-Communication
-Criminal Justice
-English
-History
-KTEP-FM Radio Station
-Languages and Linguistics
-Military Science
-Music
-Oral History
-Philosophy
-Political Science
-Psychology
-Religious Studies
-Social Work
-Sociology and Anthropology
-Theatre Arts
- Western Cultural Heritage
-Women's Studies
-Dean's Office
College of Science
-Biological Sciences
-Chemistry
-Geological Sciences
-Mathematical Sciences
-Physics
-Dean's Office
University College
Graduate School
Technology Planning and Distance Learning
Center for Law and Border Studies
VPAA's Office
Family Education and Privacy Act (FERPA)
Enrollment Services
-Financial Aid
-Registrar's Office
-Undergraduate Admissions and Recruitment
-Texas Success Initiative
JAMP
S
F
A
F
S
E
S
F
F
A
E
F
FY 2009
FY 2010
FY 2011
FY 2012
FY 2013
-MIE
F-Follow Up Audit
-NSF/USI
Norman Hackerman ATP
-TAME
-TMAC
-Americorps
-Socorro Mission Restoration
-Human Subject Research
-Animal Research
-Time & Effort Reporting
-Contracts & Grants Accounting
-Cost Sharing
Export Controls
-Research Compliance
- BSL3 Lab
-Sub-recipient Monitoring of Grants
Ctr for Defense Systems Research and Nat Ctr for Border Sec & Imm
VPRSP's Office
F
A/F
A
A
A
A
A
F
A
A
A
F
VPBA
Annual Financial Report
-Accounts Receivable
-Auxiliary Enterprise Fund
-Gifts
-Investments
-Tuition and Fees
-Year End Inventory and Cash Counts
Auxiliary Services and Continuing Education
-Food Services
-Various Cash Counts
-Inventory Count
-Professional and Continuing Education
-Special Events and Union Programs
-University Bookstore
-University Ticket Center
Facilities Services
-Accounts Payable
-Budgeting Office
-Contracts and Grants Accounting
-General Accounting
-Payroll
-Conflict of Interest
-Student Business Services
-Utilities, Energy Management
ARRA
Purchasing and Materials Management
-Mail Services
-Procurement Card
-Print Shop
Miner Mall
-Contract and Bid Processes
VPBA's Office
S
S
A
S
F/A
A
E
A
S
F
A
F
A
A
F
A
A
A
A
EVP
Institutional Advancement
-Alumni Relations
-Scholarships
-University Development
-University Communications
-University Relations
-Conference Services
Human Resource Services
-Faculty Visas
Dependent Eligibility
Institutional Compliance
-Contracts and Grants
-Financial Aid
-Intercollegiate Athletics
-WAC Review/CUSA Review
-Segregation of Duties and Reconciliation of Accounts
-Student FICA
-Institutional Compliance Office
-Fixed Assets
Auditing and Consulting Services
Environmental Health and Safety
University Police
Emergency Management Plan
VPIA's Office
Equal Opportunity/Affirmative Action Office (EO/AA)
S
A
A
A
F
A
A
A
A
A/E
A
A/S
A
F
F
A
A
FY 2009
FY 2010
FY 2011
FY 2012
FY 2013
-Counseling Services
F-Follow Up Audit
-Student Publications
-Housing System
-International Programs
-PASE Program
-Study Abroad Program
-Recreational Sports
-Student Government Association
-Student Development
Union Services
Student Support Services
VPSA's Office
F
A
VPIRP
-Digital Media Center
Library
-Library Copy Center
Information Technology
-CIO
-Information Technology Services
-Customer Technology Services
-Networking and Telecommunication Services
-General Controls
-Goldmine (Student Information System)
-IT Travel
-IT Furniture
-IT Change Management
-IT Security
Payment Card Industry
Digital Research Data
Laptop Encryption
IT Inventory
Server Inventory
Center for Institutional Evaluation Research and Planning
PeopleSoft Implementation
A
A
A
A
F
F
A
A
F
A
A
S
S
V.
ExternalAuditServices
ThefirmofStockton,Scurry&Smith,P.C.,wasengagedtoperformtheauditforfiscalyear2013
of the KTEP FM radio station located on the UTEP campus. The audit was required by The
CorporationforPublicBroadcastingtoenableUTEPtocontinuereceivinggrantfundingfromthat
organization.
VI.
ReportingSuspectedFraudandAbuse
The University of Texas at El Paso has independent organizations that implement the
requirements of Section 7.09, Fraud Reporting, General Appropriations Act (83rd. Legislature,
ConferenceCommitteeReport)ArticleIXandTexasGovernmentCode,Section321.022.Office
of Auditing and Consulting Services and the Office of Institutional Compliance jointly and
separatelyprovidevariousmonitoringandreportingactivitiestodetectandpreventfraudand
abuse.
Actionsweretakentoimplementtherequirementsofthefollowing:
Fraud Reporting. Section 7.09, Fraud Reporting, General Appropriations Act (83rd.
Legislature,ConferenceCommitteeReport)ArticleIX:TheUniversityhasaHotlinelinkon
thehomepagewebsiteasadirectlinktotheStateAuditorswebpageforreportingfraud,
wasteandabuseinTexas.InadditionthereisaHotlinewebsitecompliancemodulethat
maybeaccessedbyallfacultystaffandstudentemployeesthatoutlinetheprocessfor
reportingandprovidesinformationtoaccesstheSAOfraudreportingsite.
TexasGovernmentCode,Section321.022.Therehavebeennoinstancesinwhichthere
is cause to believe that money received from the state may have been lost,
misappropriatedormisused,orthatotherfraudulentorunlawfulconducthasoccurred.
Therefore,noreportingtotheStateAuditorsOfficewasrequired.