principle 1.1 principle of integrity recommendation …sjgc.famu.edu/m/assets/file/principle 1 1...
TRANSCRIPT
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
Principle 1.1 – Principle of Integrity
The institution operates with integrity in all matters.
Recommendation from SACSCOC January 15, 2013 Probation Sanction Letter [1]:
Principle 1.1 (Integrity)
The institution has failed to operate with integrity in relation to providing accurate information on
internal audits. For example, the Sniffen & Spellman investigation uncovered 15 “executive
summaries” of internal audits or review reports submitted to the university Board of Trustees
where the underlying audits or summaries had not been written. It was also claimed that the
reports were in adherence to standards of the Institute of Internal Auditors (IIA) when they
actually were not. The institution should provide the 2012 and 2013 fiscal year financial audits
and management letter, as well as any operational audits conducted during this period. The
institution should also provide an update on the status of the past fabricated internal audits and
review reports, as well as internal audits carried out since the discovery of the problems. The
institution should provide evidence that the internal auditing function is now operating within the
standards of the Institute of Internal Auditors. The report should provide an organizational chart
of how the internal audit function fits into the broader institutional structure, as well as details on
the qualifications of the personnel now working in that office.
FAMU’s Response
Florida A&M University (FAMU) operates with integrity in all matters and is in compliance with
Principle 1.1. The University has taken definitive steps over the past several months to reaffirm
its commitment to the principle of integrity and to adequately address the issues and concerns
related to its internal audit function. These actions include hiring a new Vice President for Audit
and Compliance (VPAC) in 2012; and making several subsequent hires in the Division of Audit
1
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
and Compliance (DAC) to ensure that it is fully staffed, and is able to effectively carry out its
function. Measures have been implemented to enhance the Board of Trustees’ (BOT) oversight
of DAC, and to ensure that DAC consistently operates in accordance with the standards of the
Institute of Internal Auditors [2]. Additionally, the Interim President has reiterated the
requirement for all University employees to operate with integrity in all matters through weekly
meetings with his Leadership Team, the recently instituted multi-divisional Corrective Action
Workshop Series for campus administrators [3], and during the campus-wide 2013 Faculty
Planning Conference [4].
The following narrative and supporting documentation provide evidence of the University’s
demonstrated practice of operating with integrity in relation to its internal audit function. More
specifically, the narrative and supporting documentation are presented to: (a) describe how the
University’s internal audit function fits into the broader structure of the University; (b)
demonstrate that the University’s internal audit function is appropriately staffed with qualified
personnel; (c) demonstrate that the University’s internal audit function consistently operates with
integrity and in accordance with the standards of the Institute of Internal Auditors (IIA); (d)
provide a status update on the past “fabricated” internal audits and review reports; and (e)
provide a status update on the internal audits conducted since the identification of the
“fabricated” audits in 2011. Lastly, the 2012 fiscal year financial audit is provided, as well as the
2012 fiscal year operational audit and corresponding corrective actions. The University
participated in an on-campus entrance conference with the Auditor General on August 21, 2013,
to discuss the schedule by which FAMU’s 2013 fiscal year audits would be completed. The
University requested the Auditor General to complete the financial audit as quickly as possible.
The Auditor General informed the University during the meeting that the 2013 Financial
Statement is scheduled to be issued in December 2013.
2
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
The narrative for Principle 1.1 is organized as follows: I. Internal Audit Function (Division of Audit and Compliance)
A. Overview B. Mission of DAC C. Authority of DAC D. DAC Organizational Structure and Staff Qualifications
II. Evidence that DAC Operates in Accordance with Professional Standards III. Oversight of the Internal Audit Function
A. Oversight Role of the FAMU BOT B. Oversight Role of the University President C. Oversight Role of the Board of Governors
IV. Status of the Past “Fabricated” Audits V. Internal Audits Carried out Since Discovery of the Problems VI. Financial Audit
A. 2012 Fiscal Year B. 2013 Fiscal Year
VII. Operational Audit VIII. Conclusion
I. Internal Audit Function (Division of Audit and Compliance)
A. Overview
In 2005, the FAMU Board of Trustees (BOT) approved Resolution 14-05 adopting a university-
wide compliance program as the foundation of the internal control and compliance environment
[5]. In support of the compliance program, the FAMU BOT maintains an internal audit and
compliance function, the Division of Audit and Compliance (DAC), that is an integral component
of the University governance structure and internal control environment. The DAC purpose and
mission are outlined in the DAC Charter (most recently revised by the FAMU BOT in April 2012)
[6]. The DAC Charter requires that DAC activities are performed in accordance with appropriate
professional standards, including but not limited to, generally accepted auditing standards as
advocated by the Institute of Internal Auditors (IIA) [2] and the Government Accountability Office
[7]. DAC provides insight on the mitigation of business risk to assist the FAMU BOT and
University management in the effective discharge of their responsibilities as they relate to the
3
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
University’s policies, processes, programs, information systems, internal controls, and
management reporting.
B. Mission of DAC
As outlined in the Division of Audit and Compliance Charter [6], DAC provides independent
objective assurance and consulting services designed to add value and improve the University’s
operations. It helps the University accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and
governance processes. DAC serves as a proactive business partner with the University’s
management by evaluating business processes, controls, compliance mechanisms and
technologies to ensure:
• Business risks are appropriately identified and managed;
• Assets and resources are properly controlled;
• Operational, financial, and managerial information is accurate and reliable;
• University actions are in compliance with policies, procedures, standards, and state
and federal laws and regulations;
• Effective coordination and cooperation is provided to external auditors to avoid
duplication of effort;
• Allegations of fraud, waste, and abuse, and complaints received from the Chief
Inspector General and Board of Governors are appropriately investigated; and
• Quality and continuous improvement are fostered in the University’s control process.
4
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
C. Authority of DAC
DAC provides audit and investigative services to all sectors of the University, including colleges,
schools, administrative units, and support organizations. DAC is specifically authorized by the
FAMU BOT to do the following [6]:
• Have unlimited and unrestricted access to all data, books, records, files, property,
information systems, and personnel of the University as necessary to carry out its duties
and responsibilities;
• Allocate resources, establish schedules, select subjects, determine scopes of work, and
apply the techniques required to accomplish its objectives;
• Obtain the essential assistance and cooperation of personnel in areas of the University
where audits and investigations are performed, as well as other specialized services
from within or outside the University; and
• Have free and unrestricted access to the FAMU BOT.
D. DAC Organizational Structure and Staff Qualifications
Staffing in DAC has undergone a major overhaul since the audit issues occurred in 2011. DAC
currently has six (6) full-time auditors/investigators, a Vice President for Audit and Compliance
(VPAC), and one administrative staff member, as outlined in the organizational chart shown on
the following page. As described below and in the supporting documentation, the VPAC and
each of the DAC auditors possess several years of audit experience and have the requisite set
of credentials and expertise to effectively carry out their job functions and to ensure that DAC
consistently operates according to Institute of Internal Auditors (IIA) standards.
5
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
The VPAC reports functionally to both the Chair of the FAMU BOT and the Chair of the FAMU
BOT Audit and Compliance Committee, and therefore, communicates and interacts directly with
the FAMU BOT. The FAMU BOT approves all decisions regarding the performance evaluation,
appointment, removal, and annual compensation and salary adjustment of the VPAC. The
VPAC is appointed by, and reports administratively and operationally to, the University
President [6]. The VPAC’s dual reporting relationship with the President and BOT promotes
independence and objectivity in all work performed by DAC.
6
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
The VPAC, in the discharge of his/her duties, is accountable to the University’s management
and the FAMU BOT Audit and Compliance Committee (ACC) to do the following:
• Submit an annual audit plan for review and approval;
• Issue a report upon conclusion of each audit engagement and communicate the
results of each to the FAMU BOT, including management’s response and timeframe
for corrective action;
• Periodically report on the DAC’s purpose, authority, and responsibility, as well as
performance relative to its audit plan, identifying any significant deviations from the
approved audit plan;
• Confirm to the FAMU BOT, at least annually, the organizational independence of the
internal audit activity;
• Report allegations of significant wrongdoing, including that for personal financial
gain, that if substantiated, could cause significant harm or damage to the reputation
of the University;
• Communicate the DAC’s quality assurance and improvement program, including
results of ongoing internal assessments and external assessments conducted at
least every three years; and
• Provide an annual report on the activities and accomplishments of DAC.
Staff Qualifications
1. Vice President for Audit and Compliance (Position #19330): In June 2012, Richard
Givens was hired as Vice President for Audit and Compliance [8]. Mr. Givens has
more than 25 years of experience in developing audit plans, writing risk-based audit
programs, developing budgeted hours for the audits, assigning staff to audits,
reviewing work papers for conformity with auditing standards, writing audit reports,
and preparing semi-annual resource management plans. He is a Certified Public
7
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
Accountant and Certified Governmental Financial Manager.
The minimum qualifications for this position require a person hold a master’s degree
in accounting, business administration, economics, educational leadership,
engineering or computer information systems and six years of internal auditor,
investigator or independent post auditor, electronic data processing auditor, or any
combination thereof; or a bachelor’s degree in accounting, business administration,
economics, educational leadership, engineering, or computer information systems
and eight years of experience as an internal auditor, or any combination thereof.
The experience shall at a minimum consist of 5 years of supervisory experience and
include audits and investigations of departments or units of a university, government,
or private business enterprises. Qualified individuals must possess a Certified Public
Accountant or a Certified Internal Auditor certificate [9].
2. Audit Services/Investigation Administrator (Position #19430): Alan Sands has been
employed in DAC since April 2013 and has over 35 years of experience in auditing,
accounting, and consulting with colleges, universities, and state agencies in Florida,
including developing audit plans, writing risk-based audit programs, developing
budgeted hours for the audits, assigning staff to audits, reviewing work papers for
conformity with auditing standards, writing audit reports, and preparing semi-annual
resource management plans [10]. He has supervised and performed financial,
operational, and federal audits of State universities. He is responsible for planning
and performing internal audits and following up on the University’s corrective action
plans. He is a Certified Public Accountant.
The minimum qualifications require a person hold a master’s degree in appropriate
8
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
area, with four years of experience conducting evaluations of internal controls, tests
and financial transactions; or a bachelor’s degree with six years of experience
conducting evaluations of internal controls, tests and financial transactions. Qualified
individuals must have Certified Internal Auditor or Certified Public Accountant
certificates [11].
3. Audit Services/Investigation Administrator (Position #19397): Jim Hakemoller has
been employed in DAC since October 2012 and has over 35 years of experience in
auditing, accounting and fraud detection experience [12]. (Mr. Hakemoller was
previously employed in DAC from October 2007 through August 2009.) Mr.
Hakemoller is responsible for performing internal audits and investigations. He is a
certified internal auditor, certified government auditing professional, and certified
fraud specialist.
The minimum qualifications require a person hold a master’s degree in accounting,
business administration or appropriate area of specialization, with four years of
experience conducting internal audit engagements including financial and
operational audits; or a bachelor’s degree in accounting, business administration or
appropriate area of specialization, with six years of experience conducting internal
audit engagements including financial and operational audits. Qualified individuals
must have Certified Internal Auditor or Certified Public Accountant certificates [13].
4. Audit Services/Investigation Administrator (Position #18982): Zulfiqar Gehlanvi has
been employed in DAC since August 2012 and has over 15 years of experience in
Information Technology, serving as a security consultant, reviewer of security
policies and procedures, business continuity and disaster recovery systems [14].
9
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
(Mr. Gehlanvi was previously employed in DAC from March 2009 thru June
2010). He has a strong background dealing with ERP systems and database
security. He is a certified Information Systems Auditor. He is responsible for
performing IT audits and providing IT support for the Division’s internal audit activity.
(Mr. Gehlanvi recently resigned from the University, effective September 4, 2013; his
position will be advertised and filled as soon as possible).
The minimum qualifications require a person hold a master’s degree in accounting,
business administration or related field; or a bachelor’s degree in computer science,
information technology or business administration, with two years of relative
experience [15].
5. Audit Services/Investigation Administrator (Position #16882): Ruoxu Li has been
employed in DAC since May 2013 and has over seven years of experience
performing financial and operational audits, and investigations [16]. Ms. Li is
responsible for leading audits and performing investigations. She is a certified
internal auditor.
The minimum qualifications require a person hold a master’s degree with four years
of experience conducting evaluations of internal controls, tests and financial
transactions; or a bachelor’s degree with six years of experience conducting
evaluations of internal controls, tests and financial transactions. Qualified individuals
must have Certified Internal Auditor or Certified Public Accountant certificates [17].
6. Audit Services/Investigation Administrator (Position #20249): Jessica Hughes has
been employed in DAC since August 2013 and has more than six years of
10
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
experience in the areas of finance and accounting. She served as a senior
accountant at a large university and has extensive knowledge with administrative
activities associated with monitoring and reporting federal, state, local and private
contracts and grants. Ms. Hughes is responsible for performing internal audits,
investigations, and consulting on various financial related matters [18].
The minimum qualifications require a person hold a master’s degree in related field,
with four years of experience conducting evaluations of internal controls, tests and
financial transactions; or a bachelor’s degree with six years of experience conducting
evaluations of internal controls, tests and financial transactions. Qualified individuals
must have Certified Internal Auditor or Certified Public Accountant certificates [19].
7. Audit Services/Investigation Administrator (Position #17378): Carl Threatt has been
employed in DAC since August 2013 and has over 19 years of auditing experience,
inclusive of experience at universities and state agencies performing both
operational and financial audits. He has experience in developing audit plans, as
well as conducting risk assessments and investigations. He is a certified internal
auditor and holds certification in risk management assurance. He is responsible for
performing audits and performing investigations [20].
The minimum qualifications require a person hold a master’s degree in related field
with four years of experience conducting evaluations of internal controls, tests and
financial transactions; or a bachelor’s degree with six years of experience conducting
evaluations of internal controls, tests and financial transactions. Qualified individuals
must have Certified Internal Auditor or Certified Public Accountant certificates [21].
11
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
II. Evidence that DAC Operates in Accordance with Professional Standards
After the issues with FAMU’s internal audit function came to light in 2011, the University hired
an external consultant (Accretive Solutions) to provide recommendations to enhance DAC’s
efforts to successfully complete a quality assurance review (QAR) [22]. The recommendations
included in the final report from Accretive Solutions were used to facilitate the implementation of
enhancements in DAC, which included revisions to the Charters for the DAC in April 2012 [23]
and FAMU BOT Audit and Compliance Committee (ACC) in June 2012 [24]. The revised
Division of Audit and Compliance Charter requires that DAC activities are performed in
accordance with appropriate professional standards, including but not limited to, generally
accepted auditing standards as advocated by the Institute of Internal Auditors (IIA) [2] and the
Government Accountability Office [7]. The enhancements implemented in DAC (summarized
below) have strengthened the University’s internal audit function and helped to ensure that DAC
is operating in accordance with IIA Standards and that it meets the expectations of the FAMU
BOT.
• In 2012, the University revised the charters for the FAMU BOT Audit Committee and
the DAC so that they now conform to IIA Standards.
• An external audit firm (Ernst & Young) was hired to provide training for the FAMU
BOT Audit Committee at its February 2013 meeting. The training covered the duties
and responsibilities of the FAMU BOT for overseeing the University’s internal audit
function [25].
• In February 2013, DAC revised its operating procedures manual to provide guidance
for the day-to-day supervision, review, and measurement of the internal audit activity
and is incorporated into the routine policies and practices used to manage the
internal audit activity [26].
12
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
• In January 2013, DAC established a Quality Assurance and Improvement Program
(QAIP), as required by IIA Standards. A QAIP enables an evaluation of the internal
audit activity’s conformance with IIA Standards and also assesses the efficiency and
effectiveness of the internal audit activity and identifies opportunities for improvement
[27].
• In July 2013, DAC conducted an internal assessment of its operations to evaluate
the extent to which DAC is in compliance with IIA Standards and to identify areas for
improvement. A status update on the review was provided to the FAMU BOT at the
August 2013 meeting as required by IIA Standards [28].
• In July 2013, DAC hired an external auditing firm (Ernst & Young) to conduct a
quality assurance review (QAR), as required by IIA Standards [27]. The final report
will be available in September 2013 and will be provided to the SACSCOC Special
Committee during the September visit [29].
• DAC staff received training on the following topics: audit evidence, governmental
accounting and auditing updates, and implementation of a quality assurance
improvement program [30].
III. Oversight of the Internal Audit Function
A. Oversight Role of the FAMU BOT
The FAMU BOT has primary responsibility for providing oversight of the University’s internal
audit function, which includes ensuring that the unit consistently provides accurate information
on its internal auditing practices. To facilitate this function, the FAMU BOT established the Audit
and Compliance Committee (ACC) pursuant to Section 4.2.2 of the FAMU BOT Operating
Procedures [31]. The primary function of the ACC is to assist the FAMU BOT in discharging its
oversight responsibilities for the financial reporting process, the system of internal control, the
13
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
audit process, and FAMU’s process for monitoring compliance with laws and regulations.
Moreover, the ACC is responsible for reviewing and recommending to the FAMU BOT policies
affecting internal controls, accountability and audit [31]. The ACC’s role is one of oversight, not
preparation or operation. Its principal activities include the following:
• Oversight of the University’s business risk assessment, by reviewing procedures in place
to assess and minimize significant risks;
• Oversight of the University’s internal control structure, to review the effectiveness and
reliability of its business, financial and information system controls;
• Oversight of the quality and integrity of the University’s financial reporting processes to
ensure the balance, transparency, and integrity of published financial information;
• Review of the internal audit function and overall audit process;
• Review and approval of the annual audit plan; and
• Review of the University’s process for monitoring compliance with laws, regulations and
policies.
To assist the ACC and the FAMU BOT in its oversight, the FAMU BOT has adopted an Audit
and Compliance Committee Charter [32], as stated earlier. As outlined in the Charter, the ACC
is responsible for reviewing and recommending to the FAMU BOT policies affecting internal
controls, accountability and audit. The ACC has access to internal and external auditors to
assess their performance, the scope of audit activities, and the adequacy of the system of
internal accounting controls to ensure compliance with state and federal laws, regulations and
requirements. The ACC makes reports to the FAMU BOT. The ACC’s specific responsibilities
and duties with respect to oversight of the internal audit function include the following:
• Reviewing and approving the annual internal audit plan, ensuring that it addresses key
areas of risk [33];
14
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
• Approving and periodically reviewing the charter, staffing, and activities of the internal
audit function to ensure they comply with professional standards and address emerging
audit issues [24];
• Reviewing a summary of significant findings and recommendations of completed internal
audits, including management’s response and time frame for corrective action, to ensure
appropriateness of actions taken [28];
• Obtaining a periodic progress report on the status of executing the internal audit plan
and approve changes or deviations from the approved audit plan [28];
• Determining the degree of implementation of past audit recommendations and the
sufficiency of corrective actions taken in addressing those recommendations [28];
• Ensuring there are no unjustified restrictions or limitations, and concurring in the
appointment, replacement, or dismissal of the Vice President of Audit and Compliance
[24];
• Discussing with the VPAC any difficulties encountered in the course of audits and
investigations, including restrictions on the scope of work or access to required
information, and any lack of cooperation [34];
• Reviewing the results of the quality assurance program [28];
• Identifying areas warranting improvements, if any, and make policy recommendations to
the FAMU BOT [35];
• Meeting with the VPAC regularly to discuss confidential matters; and
• Proposing adequate controls and guidelines for receiving complaints regarding
accounting controls and reports of financial fraud [36].
The VPAC provides reports to the ACC during regularly scheduled FAMU BOT meetings [37].
The meeting agenda are determined in consultation with the ACC chair. Significant findings for
audits are presented as well as updates on DAC activities and audits issued by external
15
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
auditors. The VPAC also interacts with the ACC chair on a regular basis (typically via emails
and telephone conversations) to provide updates and information on ongoing DAC activities.
Following updates, the ACC Chair provides guidance on items introduced during ACC meetings
and reports information to the full BOT as needed to determine what course of action should be
taken.
The FAMU BOT has taken definitive steps to correct the issues that arose regarding the
University’s internal audit function. As described in this narrative, the FAMU BOT has received
training on its roles and responsibilities, which will enhance its oversight of DAC. Additionally,
the VPAC and ACC chair have developed a new format for how information is presented by
DAC during ACC meetings [28]. This format, initiated during the August 2013 FAMU BOT
meeting, requires the VPAC to provide detailed information on the status of ongoing audits and
follow-up actions. These actions, along with the other enhancements implemented within DAC,
have increased the level of accountability for DAC and the VPAC, and help to ensure that DAC
conducts audits in accordance with professional standards, and that it consistently presents
information that is accurate and complete.
B. Oversight Role of the University President
The President is charged with overseeing the University’s operations, management,
performance, fiscal accountability, and its compliance with the federal and state laws, as well as
regulations of the Board of Governors. The VPAC is appointed by, and reports administratively
and operationally to, the University President [6].
C. Oversight Role of the Board of Governors
In November 2002, Florida voters approved an amendment to Article IX, Section 7, of the
Florida Constitution, creating a Board of Governors (BOG) to oversee the State University
16
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
System (SUS) [38], of which FAMU is a member. The BOG has established several standing
committees to assist in the management and oversight of each university in the SUS. As
outlined in the BOG Operating Procedures [39], the BOG Audit and Compliance Committee
provides oversight and direction in relation to the internal audit functions for each SUS
University. For example, FAMU and other SUS Universities routinely provide copies of finalized
internal audit reports to the BOG.
The BOG has collaborated with FAMU over the past several months to develop a Corrective
Action Plan for addressing the issues that came to light in 2011 that involved the University’s
internal audit function, anti-hazing program, and control of finances [40]. With respect to the
University’s internal audit function, the Corrective Action Plan outlines specific actions for (a)
enhancing DAC’s compliance with IIA Standards; (b) providing reports to the FAMU BOT ACC
and University President; and (c) conducting investigations. The VPAC provides monthly
updates to the BOG Inspector General on the progress of implementing the corrective actions
during monthly teleconference meetings.
IV. Status of the Past "Fabricated" Audits
As a result of a whistle-blower allegation, which indicated that DAC did not follow professional
standards governing performance of internal auditing services, the University contracted with
the firm of Sniffen & Spellman, PA, to conduct a review of its internal audit processes. Sniffen &
Spellman conducted an investigation and issued a final report in November 2011 [41]. With
respect to the aforementioned “fabricated” audits, the report concluded the following:
• DAC knowingly presented 15 audit or review reports to the FAMU BOT Audit and
Compliance Committee in the form of “executive summaries,” when, at the time the
reports were submitted, no final report had been prepared, thus leading recipients to
believe that all work had been conducted and completed when, in fact, it had not.
17
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
The University conducted a thorough review of each of the 15 audit issues described in the
Sniffen and Spelman report and took appropriate action as summarized in the narrative and
table below. As noted below, all 15 “fabricated” audits have been addressed. In some cases
the audit issue was addressed by the audits that were re-performed by Ernst & Young
(E&Y). In other cases the audit issue was included in the Operational Audit conducted by
the State of Florida Auditor General. For those audit issues that were substantiated by
Sniffen and Spellman, the University determined that follow-up audits were not required
because there were no audit findings.
• The Sniffen and Spellman report concluded that 10 of the 15 “fabricated” audits were
unsubstantiated.
Eight of the 15 “fabricated” audits were deemed to be insufficient; therefore, the
University hired E&Y to re-perform the audits. E&Y issued a final report in
October 2012 [42].
Two of the 15 “fabricated” audits were not re-performed because they were
included in the Auditor General’s 2009-10 or 2011-12 Operational Audit.
• The Sniffen and Spellman report concluded that 5 of the 15 “fabricated” audits were
substantiated.
Each of the 5 audits had no findings. Therefore, DAC determined that no follow-
up work was required.
18
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
Audit Topic Outcome of Original Review of
15 “Fabricated” Audits
Audit Status Update Status Update on Follow-Up Work
1. Technology Fee Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
2. Fingerprinting and Background Check
Sniffen & Spellman substantiated original audit, which had no findings.
Reviewed by Auditor General in prior operational audit released November 2010 with no findings.
Not required.
3. Purchasing Card Program (P-Card)
Issue included in Florida Department of Law Enforcement review. Hired E&Y to perform review. Also included in Auditor General’s FY 2012 Operational Audit. Audit.
E&Y completed the review and issued a draft report in May 2013 Operational Audit findings issued in February 2013. The University implemented corrective actions and DAC subsequently conducted follow-up validation work.
Accretive Solutions has been hired to provide external validation as described below in Section VII of this narrative.
4. Revenue Collections – Home Football Games
Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
5. Revenue Collections – Parking Services
Sniffen & Spellman substantiated original audit, which had no findings.
Work has been completed. Not required.
19
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
Audit Topic Outcome of Original Review of
15 “Fabricated” Audits
Audit Status Update Status Update on Follow-Up Work
6. Textbook Adoption and Affordability
Hired E&Y to re-perform audit. Issue also included in Auditor General’s FY 2012 Operational Audit.
E&Y completed the audit and issued a final report in October 2012. Operational Audit findings issued in February 2013. The University implemented corrective actions and DAC subsequently conducted follow-up validation work.
Accretive Solutions has been hired to provide external validation as described below in Section VII of this narrative.
7. Bank Reconciliations Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
8. Controls for Grade Changes
Sniffen & Spellman substantiated original audit, which had no findings. DAC included this issue in the 2012-13 Audit Plan.
DAC is in the process of conducting an audit.
TBD upon completion of audit
9. Revenues from Classics and Guarantee Contracts
Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
10. Tuition Differential Fee Issue included in Auditor General’s FY 2010 and 2012
Operational Audit findings for 2012 issued in February 2013. The University implemented
Accretive Solutions has been hired to provide external validation as described below
20
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
Audit Topic Outcome of Original Review of
15 “Fabricated” Audits
Audit Status Update Status Update on Follow-Up Work
Operational Audit. corrective actions and DAC subsequently conducted follow-up validation work.
in Section VII of this narrative.
11. Sub-Recipient Monitoring of Contracts and Grants
Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
12. Federal Financial Aid Awards: Direct Loan Reconciliations
Sniffen & Spellman substantiated original audit, which had no findings.
Did not surface as a finding in the FY 2011 or 2012 A-133 audit.
Not required.
13. Contracts and Grants Expenditures: Terms and Conditions
Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
14. Cash Collections: Rattler Card Program
Sniffen & Spellman substantiated original audit, which had no findings.
No follow up work conducted by DAC.
Not required.
15. Insurance Coverage on Buildings and Contents
Hired E&Y to re-perform audit.
E&Y completed the audit and issued a final report in October 2012.
The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.
21
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
V. Internal Audits Carried out Since Discovery of the Problems
Since the discovery of the audit problems in 2011, FAMU has taken the necessary steps to
ensure that DAC is operating in accordance with IIA Standards. Risk assessments were
conducted for the past two years to determine the areas of focus for the upcoming audit year.
Based on the risk assessments, DAC developed Audit Plans for 2012-13 [22] [43] and 2013-
2014 [44] that were approved by the FAMU BOT [34]. Status updates for the audits that were
conducted per the 2012-2013 Audit Plan are included below. The DAC has provided updates to
the FAMU BOT on the status of each audit and the resultant corrective actions [28]. All of the
internal audits and risk assessments that DAC has conducted since these issues came to light
have been conducted in conformance with IIA Standards [29].
Audits Conducted in 2012-13 Audit Campus Unit Audit Status/
Follow-Up Action Dormitory Construction (Added to Audit Plan after FAMU BOT approval in August 2012)
DAFS (Construction & Facilities Management)
DAC audit report issued October 2012 [45]. DAC follow-up work to begin September 2013.
Cash Collections Points DAFS/Controller, Academic Affairs (Auxiliary Services, Journalism, Library)
DAC audit report issued March 2013 [46]. DAC follow-up work in progress.
Voyager Card Program (Added to Audit Plan after FAMU BOT approval in April 2012)
DAFS (Facilities and Construction and Administrative Services)
DAC audit report issued June 2013 [47]. DAC follow-up work in progress.
Life Gets Better Scholarship Program (Added to Audit Plan after FAMU BOT approval in April 2012)
Student Affairs, University Advancement
DAC audit report issued July 2013 [48]. DAC follow-up work in progress.
Grade Change Process Academic Affairs (Registrar) Work in progress. Estimated completion in September 2013
22
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
Audits Scheduled for 2013-14 Audit Campus Unit
Accounts Payable Review DAFS (Controller)
Cash Forecasting and Budgeting Review DAFS (Budget/Controller)
Administrative Services Assistance Program (ASAP) - (Added to Audit Plan after FAMU BOT approval in August 2013)
DAFS (ASAP)
Assessment of Compliance with 2012 Florida Statute 1009.24
Academic Affairs/DAFS
ACE Academic Support Services Review Athletics
Financial Aid Process Review Student Affairs (Financial Aid)
Contracts and Grants Review Division of Sponsored Research (Office of Contracts & Grants Management)
Research Compliance Assessment Division of Sponsored Research (Division of Research)
Information Technology General Controls Assessment
Information Technology
Information Technology Automated Controls Assessment
Information Technology
Department of Public Safety Review Student Affairs (Office of Vice President)
SACS Follow-up Projects Various
Policies and Procedures Review Various
VI. Financial Audit
The State of Florida’s Office of the Auditor General annually conducts a financial audit of
FAMU's accounts and records for the fiscal year ending June 30. The Office of the State of
Florida Auditor General conducts the audits pursuant to Section 11.45, Florida Statutes [49] and
applicable standards contained in Government Auditing Standards issued by the Comptroller
General of the United States.
23
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
A. 2012 Fiscal Year
The 2012 fiscal year financial audit for FAMU was issued in March 2013 [50]. The University
received an unqualified opinion from the Auditor General’s office [50]. The University has
received unqualified financial audits for the previous four fiscal years (FY 2008-2011). The audit
objectives and scope were to determine if FAMU and its officers with administrative and
stewardship responsibilities for FAMU's operations had done the following:
• Presented the University’s basic financial statements in accordance with generally
accepted accounting principles;
• Established and implemented internal control over financial reporting and compliance
with requirements that could have a direct and material effect on the financial
statements; and
• Complied with the various provisions of laws, rules, regulations, contracts, and grant
agreements that are material to the financial statements.
B. 2013 Fiscal Year
As mentioned previously in this narrative, the University participated in an on-campus entrance
conference with the Auditor General on August 21, 2013, to discuss the schedule by which
FAMU’s 2013 fiscal year audits would be completed. The University requested the Auditor
General to complete the financial audit as quickly as possible. The Auditor General informed
the University during the meeting that the 2013 Financial Statement is scheduled to be issued in
December 2013.
VII. Operational Audit
The State of Florida’s Office of the Auditor General is required to conduct an operational audit of
each university in the SUS at least every three years [49]. FAMU’s most recent operational audit
was conducted for the fiscal year ending June 30, 2012 and was issued in February 2013 [51].
24
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
The audit contained 24 findings and recommendations. The University has developed and
implemented corrective actions for each audit finding. A table summarizing the audit findings,
recommendations, and the corrective actions that have been implemented by the University is
included as supporting documentation [52]. Additionally, the University has hired an external
professional services firm (Accretive Solutions) to provide a review (independent, third party) of
the design and effectiveness of the corrective actions to address adequately each finding
described in the table. Accretive Solutions will provide the University with a final report in mid-
September 2013 and a copy of the report will be provided to the members of the SACSCOC
Special Committee during the campus visit in September 2013.
VIII. Conclusion
As described in this narrative and supporting documentation, the University is in compliance
with Principle 1.1. The University has taken definitive steps to enhance its internal audit function
and to reiterate its commitment to operating with integrity in all matters.
25
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
DOCUMENTATION
1 Probation Sanction Letter
2 International Standards for the Professional Practice of Internal Audits IIA Standards
3 President’s Corrective Action Workshop Agendas
4 Faculty Planning Conference Agenda – 2013
5 BOT Resolution 14-05
6 Division of Audit and Compliance (DAC) Charter
7 Government Auditing Standards
8 Resume for Richard Givens
9 Position Vacancy Announcement – Richard Givens
10 Resume for Alan Sands
11 Position Vacancy Announcement – Alan Sands
12 Resume for Jim Hakemoller
13 Position Vacancy Announcement – Jim Hakemoller
14 Resume for Zulfiqar Gehlanvi
15 Position Vacancy Announcement – Zulfiqar Gehlanvi
16 Resume for Ruoxu Li
17 Position Vacancy Announcement – Ruoxu Li
18 Resume for Jessica Hughes
19 Position Vacancy Announcement – Jessica Hughes
20 Resume for Carl Threatt
21 Position Vacancy Announcement – Carl Threatt
22 Accretive Solutions Quality and Risk Assessment Report
23 BOT Meeting Minutes – April 2012
24 BOT Meeting Minutes – June 2012
25 BOT Meeting Agenda and Minutes - February 2013
26 Division of Audit and Compliance (DAC) Operational Manual
27 Division of Audit and Compliance Quality Assurance and Improvement Program (QAIP)
28 BOT Audit and Compliance Committee (ACC) Report – August 2013
29 Quality Assurance Report (QAR) (Report will be provided to the Special Committee while on the site visit)
30 Training for DAC Staff
26
FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)
31 BOT Operating Procedures
32 Audit and Compliance Committee (ACC) Charter
33 BOT Meeting Minutes – April 2013
34 BOT Meeting Minutes – June and August 2013
35 BOT Meeting Minutes – June 27, 2012; August 15, 2012
36 BOT Meeting Minutes – October 31, 2012; April 11, 2013
37 BOT Meeting Minutes – February 6, 2013; June 7, 2012
38 Florida Constitution (Article IX, Section 7)
39 BOG Operating Procedures
40 Corrective Action Plan- BOG March 2013 Meeting
41 Sniffen & Spellman Report – 2011
42 Ernst & Young Final Report Internal Audit – May - June 2012
43 Audit Work Plan 2012-13
44 Ernst & Young Risk Assessment and Internal Audit Plan 2013-14
45 Dormitory Construction Report
46 Audit of Cash Collections Points
47 Audit of the Voyager Card Program
48 Audit of the Life Gets Better Scholarship Program
49 Florida Statute Section 11.45
50 Financial Statement – FY 2012
51 FAMU FY 2012 Operational Audit
52 FAMU FY 2012 Operational Audit Corrective Actions
27