fy 2003 mnscu audits mnscu audit committee september 17, 2003
TRANSCRIPT
![Page 1: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/1.jpg)
FY 2003 MnSCU AuditsFY 2003 MnSCU AuditsFY 2003 MnSCU AuditsFY 2003 MnSCU Audits
MnSCU Audit Committee
September 17, 2003
![Page 2: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/2.jpg)
FY 2003 Audit ContractFY 2003 Audit ContractFY 2003 Audit ContractFY 2003 Audit Contract
• 10 College Audits– Internal Control
– Legal Compliance
• Statewide Assurances– SCUPPS IT Review
– SEMA4 IT Review
– Certifications
![Page 3: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/3.jpg)
Typical College Audit ScopeTypical College Audit ScopeTypical College Audit ScopeTypical College Audit Scope
• Financial Management
• Tuition and Fees
• Payroll
• Administrative Expenditures
• Auxiliary Enterprises
• Excludes Federal Financial Aid
![Page 4: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/4.jpg)
College Audits/FindingsCollege Audits/FindingsCollege Audits/FindingsCollege Audits/Findings
• Alexandria (9)
• Anoka (7)
• Anoka Ramsey (6)
• Dakota (5)
• Lake Superior (7)
• North Hennepin (4)
• Pine (14)
• Ridgewater (3)
• South Central (0)
• Saint Paul (12)
![Page 5: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/5.jpg)
College Audit FindingsCollege Audit FindingsCollege Audit FindingsCollege Audit Findings
• 67 Audit Findings– 25 % decrease from prior audit
• Internal Audit Classification– 9 Critical
– 35 Important
– 23 Management Discretion
![Page 6: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/6.jpg)
Critical FindingsCritical FindingsCritical FindingsCritical Findings
• Access to Computerized Business Systems (4 colleges)– Cashiering and accounts receivable
– Purchasing and accounts payable
– Sharing user Ids and passwords
– Access unrelated to job duties
• Reconciliations (1 college)– Resolution of old outstanding items
![Page 7: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/7.jpg)
Critical Findings (continued)Critical Findings (continued)Critical Findings (continued)Critical Findings (continued)
• Collateral (1 college)– Compliance with statutory requirements
• Revenue and Receivables (2 colleges)– Monitoring outstanding receivables
– Control over backdated registrations and tuition deferments
• Study Abroad Program (1 college)– Collection of travel fees
– Potential conflict of interest
![Page 8: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/8.jpg)
Personnel/PayrollPersonnel/PayrollPersonnel/PayrollPersonnel/Payroll
• SCUPPS– Salary and work assignments
– Biweekly transactions
– Feed transactions to SEMA4
• SEMA4– Fringe benefits
– Employee deductions
– Checks or bank transfer
– Feed transactions to SCUPPS/Accounting
![Page 9: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/9.jpg)
SCUPPS IT AuditSCUPPS IT AuditSCUPPS IT AuditSCUPPS IT Audit
• General Controls– Relate to all MnSCU business systems
– Focused on “Security”• Operating system• Application• Database
• Application Controls– SCUPPS processing logic
– Focused on data integrity controls
![Page 10: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/10.jpg)
General Controls – ConclusionsGeneral Controls – ConclusionsGeneral Controls – ConclusionsGeneral Controls – Conclusions
• Application security adequate
• Ongoing concerns with operating system and database security
• Substantial improvement needed
• Seven findings categorized as critical
![Page 11: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/11.jpg)
FindingsFindingsFindingsFindings
• No standards or procedures for access
• Unnecessary and excessive privileges
• Some programs not properly secured
• Several users can alter critical data from uncontrolled environments
• Ineffective password management
• Ineffective monitoring of security-related events
• Interface files not secured during transmission
![Page 12: FY 2003 MnSCU Audits MnSCU Audit Committee September 17, 2003](https://reader035.vdocuments.site/reader035/viewer/2022072010/56649dda5503460f94ad1239/html5/thumbnails/12.jpg)
Application Controls - ConclusionsApplication Controls - ConclusionsApplication Controls - ConclusionsApplication Controls - Conclusions
• SCUPPS accurately processed data
• Few preventive controls, emphasis on detective controls
• Three findings, one critical– Improved monitoring of human resource
transactions entered directly into SEMA4
– Computerized edits could improve data integrity
– Improved automation for faculty leave