principle 1.1 principle of integrity recommendation …sjgc.famu.edu/m/assets/file/principle 1 1...

FAMU – August 26, 2013 First Monitoring Report on December 2012 SACSCOC Probation Sanction (P 1.1)

Principle 1.1 – Principle of Integrity

The institution operates with integrity in all matters.

Recommendation from SACSCOC January 15, 2013 Probation Sanction Letter [1]:

Principle 1.1 (Integrity)

The institution has failed to operate with integrity in relation to providing accurate information on

internal audits. For example, the Sniffen & Spellman investigation uncovered 15 “executive

summaries” of internal audits or review reports submitted to the university Board of Trustees

where the underlying audits or summaries had not been written. It was also claimed that the

reports were in adherence to standards of the Institute of Internal Auditors (IIA) when they

actually were not. The institution should provide the 2012 and 2013 fiscal year financial audits

and management letter, as well as any operational audits conducted during this period. The

institution should also provide an update on the status of the past fabricated internal audits and

review reports, as well as internal audits carried out since the discovery of the problems. The

institution should provide evidence that the internal auditing function is now operating within the

standards of the Institute of Internal Auditors. The report should provide an organizational chart

of how the internal audit function fits into the broader institutional structure, as well as details on

the qualifications of the personnel now working in that office.

FAMU’s Response

Florida A&M University (FAMU) operates with integrity in all matters and is in compliance with

Principle 1.1. The University has taken definitive steps over the past several months to reaffirm

its commitment to the principle of integrity and to adequately address the issues and concerns

related to its internal audit function. These actions include hiring a new Vice President for Audit

and Compliance (VPAC) in 2012; and making several subsequent hires in the Division of Audit

1


and Compliance (DAC) to ensure that it is fully staffed, and is able to effectively carry out its

function. Measures have been implemented to enhance the Board of Trustees’ (BOT) oversight

of DAC, and to ensure that DAC consistently operates in accordance with the standards of the

Institute of Internal Auditors [2]. Additionally, the Interim President has reiterated the

requirement for all University employees to operate with integrity in all matters through weekly

meetings with his Leadership Team, the recently instituted multi-divisional Corrective Action

Workshop Series for campus administrators [3], and during the campus-wide 2013 Faculty

Planning Conference [4].

The following narrative and supporting documentation provide evidence of the University’s

demonstrated practice of operating with integrity in relation to its internal audit function. More

specifically, the narrative and supporting documentation are presented to: (a) describe how the

University’s internal audit function fits into the broader structure of the University; (b)

demonstrate that the University’s internal audit function is appropriately staffed with qualified

personnel; (c) demonstrate that the University’s internal audit function consistently operates with

integrity and in accordance with the standards of the Institute of Internal Auditors (IIA); (d)

provide a status update on the past “fabricated” internal audits and review reports; and (e)

provide a status update on the internal audits conducted since the identification of the

“fabricated” audits in 2011. Lastly, the 2012 fiscal year financial audit is provided, as well as the

2012 fiscal year operational audit and corresponding corrective actions. The University

participated in an on-campus entrance conference with the Auditor General on August 21, 2013,

to discuss the schedule by which FAMU’s 2013 fiscal year audits would be completed. The

University requested the Auditor General to complete the financial audit as quickly as possible.

The Auditor General informed the University during the meeting that the 2013 Financial

Statement is scheduled to be issued in December 2013.

2


The narrative for Principle 1.1 is organized as follows: I. Internal Audit Function (Division of Audit and Compliance)

A. Overview B. Mission of DAC C. Authority of DAC D. DAC Organizational Structure and Staff Qualifications

II. Evidence that DAC Operates in Accordance with Professional Standards III. Oversight of the Internal Audit Function

A. Oversight Role of the FAMU BOT B. Oversight Role of the University President C. Oversight Role of the Board of Governors

IV. Status of the Past “Fabricated” Audits V. Internal Audits Carried out Since Discovery of the Problems VI. Financial Audit

A. 2012 Fiscal Year B. 2013 Fiscal Year

VII. Operational Audit VIII. Conclusion

I. Internal Audit Function (Division of Audit and Compliance)

A. Overview

In 2005, the FAMU Board of Trustees (BOT) approved Resolution 14-05 adopting a university-

wide compliance program as the foundation of the internal control and compliance environment

[5]. In support of the compliance program, the FAMU BOT maintains an internal audit and

compliance function, the Division of Audit and Compliance (DAC), that is an integral component

of the University governance structure and internal control environment. The DAC purpose and

mission are outlined in the DAC Charter (most recently revised by the FAMU BOT in April 2012)

[6]. The DAC Charter requires that DAC activities are performed in accordance with appropriate

professional standards, including but not limited to, generally accepted auditing standards as

advocated by the Institute of Internal Auditors (IIA) [2] and the Government Accountability Office

[7]. DAC provides insight on the mitigation of business risk to assist the FAMU BOT and

University management in the effective discharge of their responsibilities as they relate to the

3


University’s policies, processes, programs, information systems, internal controls, and

management reporting.

B. Mission of DAC

As outlined in the Division of Audit and Compliance Charter [6], DAC provides independent

objective assurance and consulting services designed to add value and improve the University’s

operations. It helps the University accomplish its objectives by bringing a systematic, disciplined

approach to evaluate and improve the effectiveness of risk management, control, and

governance processes. DAC serves as a proactive business partner with the University’s

management by evaluating business processes, controls, compliance mechanisms and

technologies to ensure:

• Business risks are appropriately identified and managed;

• Assets and resources are properly controlled;

• Operational, financial, and managerial information is accurate and reliable;

• University actions are in compliance with policies, procedures, standards, and state

and federal laws and regulations;

• Effective coordination and cooperation is provided to external auditors to avoid

duplication of effort;

• Allegations of fraud, waste, and abuse, and complaints received from the Chief

Inspector General and Board of Governors are appropriately investigated; and

• Quality and continuous improvement are fostered in the University’s control process.

4


C. Authority of DAC

DAC provides audit and investigative services to all sectors of the University, including colleges,

schools, administrative units, and support organizations. DAC is specifically authorized by the

FAMU BOT to do the following [6]:

• Have unlimited and unrestricted access to all data, books, records, files, property,

information systems, and personnel of the University as necessary to carry out its duties

and responsibilities;

• Allocate resources, establish schedules, select subjects, determine scopes of work, and

apply the techniques required to accomplish its objectives;

• Obtain the essential assistance and cooperation of personnel in areas of the University

where audits and investigations are performed, as well as other specialized services

from within or outside the University; and

• Have free and unrestricted access to the FAMU BOT.

D. DAC Organizational Structure and Staff Qualifications

Staffing in DAC has undergone a major overhaul since the audit issues occurred in 2011. DAC

currently has six (6) full-time auditors/investigators, a Vice President for Audit and Compliance

(VPAC), and one administrative staff member, as outlined in the organizational chart shown on

the following page. As described below and in the supporting documentation, the VPAC and

each of the DAC auditors possess several years of audit experience and have the requisite set

of credentials and expertise to effectively carry out their job functions and to ensure that DAC

consistently operates according to Institute of Internal Auditors (IIA) standards.

5


The VPAC reports functionally to both the Chair of the FAMU BOT and the Chair of the FAMU

BOT Audit and Compliance Committee, and therefore, communicates and interacts directly with

the FAMU BOT. The FAMU BOT approves all decisions regarding the performance evaluation,

appointment, removal, and annual compensation and salary adjustment of the VPAC. The

VPAC is appointed by, and reports administratively and operationally to, the University

President [6]. The VPAC’s dual reporting relationship with the President and BOT promotes

independence and objectivity in all work performed by DAC.

6


The VPAC, in the discharge of his/her duties, is accountable to the University’s management

and the FAMU BOT Audit and Compliance Committee (ACC) to do the following:

• Submit an annual audit plan for review and approval;

• Issue a report upon conclusion of each audit engagement and communicate the

results of each to the FAMU BOT, including management’s response and timeframe

for corrective action;

• Periodically report on the DAC’s purpose, authority, and responsibility, as well as

performance relative to its audit plan, identifying any significant deviations from the

approved audit plan;

• Confirm to the FAMU BOT, at least annually, the organizational independence of the

internal audit activity;

• Report allegations of significant wrongdoing, including that for personal financial

gain, that if substantiated, could cause significant harm or damage to the reputation

of the University;

• Communicate the DAC’s quality assurance and improvement program, including

results of ongoing internal assessments and external assessments conducted at

least every three years; and

• Provide an annual report on the activities and accomplishments of DAC.

Staff Qualifications

1. Vice President for Audit and Compliance (Position #19330): In June 2012, Richard

Givens was hired as Vice President for Audit and Compliance [8]. Mr. Givens has

more than 25 years of experience in developing audit plans, writing risk-based audit

programs, developing budgeted hours for the audits, assigning staff to audits,

reviewing work papers for conformity with auditing standards, writing audit reports,

and preparing semi-annual resource management plans. He is a Certified Public

7


Accountant and Certified Governmental Financial Manager.

The minimum qualifications for this position require a person hold a master’s degree

in accounting, business administration, economics, educational leadership,

engineering or computer information systems and six years of internal auditor,

investigator or independent post auditor, electronic data processing auditor, or any

combination thereof; or a bachelor’s degree in accounting, business administration,

economics, educational leadership, engineering, or computer information systems

and eight years of experience as an internal auditor, or any combination thereof.

The experience shall at a minimum consist of 5 years of supervisory experience and

include audits and investigations of departments or units of a university, government,

or private business enterprises. Qualified individuals must possess a Certified Public

Accountant or a Certified Internal Auditor certificate [9].

2. Audit Services/Investigation Administrator (Position #19430): Alan Sands has been

employed in DAC since April 2013 and has over 35 years of experience in auditing,

accounting, and consulting with colleges, universities, and state agencies in Florida,

including developing audit plans, writing risk-based audit programs, developing

budgeted hours for the audits, assigning staff to audits, reviewing work papers for

conformity with auditing standards, writing audit reports, and preparing semi-annual

resource management plans [10]. He has supervised and performed financial,

operational, and federal audits of State universities. He is responsible for planning

and performing internal audits and following up on the University’s corrective action

plans. He is a Certified Public Accountant.

The minimum qualifications require a person hold a master’s degree in appropriate

8


area, with four years of experience conducting evaluations of internal controls, tests

and financial transactions; or a bachelor’s degree with six years of experience

conducting evaluations of internal controls, tests and financial transactions. Qualified

individuals must have Certified Internal Auditor or Certified Public Accountant

certificates [11].

3. Audit Services/Investigation Administrator (Position #19397): Jim Hakemoller has

been employed in DAC since October 2012 and has over 35 years of experience in

auditing, accounting and fraud detection experience [12]. (Mr. Hakemoller was

previously employed in DAC from October 2007 through August 2009.) Mr.

Hakemoller is responsible for performing internal audits and investigations. He is a

certified internal auditor, certified government auditing professional, and certified

fraud specialist.

The minimum qualifications require a person hold a master’s degree in accounting,

business administration or appropriate area of specialization, with four years of

experience conducting internal audit engagements including financial and

operational audits; or a bachelor’s degree in accounting, business administration or

appropriate area of specialization, with six years of experience conducting internal

audit engagements including financial and operational audits. Qualified individuals

must have Certified Internal Auditor or Certified Public Accountant certificates [13].

4. Audit Services/Investigation Administrator (Position #18982): Zulfiqar Gehlanvi has

been employed in DAC since August 2012 and has over 15 years of experience in

Information Technology, serving as a security consultant, reviewer of security

policies and procedures, business continuity and disaster recovery systems [14].

9


(Mr. Gehlanvi was previously employed in DAC from March 2009 thru June

2010). He has a strong background dealing with ERP systems and database

security. He is a certified Information Systems Auditor. He is responsible for

performing IT audits and providing IT support for the Division’s internal audit activity.

(Mr. Gehlanvi recently resigned from the University, effective September 4, 2013; his

position will be advertised and filled as soon as possible).

The minimum qualifications require a person hold a master’s degree in accounting,

business administration or related field; or a bachelor’s degree in computer science,

information technology or business administration, with two years of relative

experience [15].

5. Audit Services/Investigation Administrator (Position #16882): Ruoxu Li has been

employed in DAC since May 2013 and has over seven years of experience

performing financial and operational audits, and investigations [16]. Ms. Li is

responsible for leading audits and performing investigations. She is a certified

internal auditor.

The minimum qualifications require a person hold a master’s degree with four years

of experience conducting evaluations of internal controls, tests and financial

transactions; or a bachelor’s degree with six years of experience conducting

evaluations of internal controls, tests and financial transactions. Qualified individuals


6. Audit Services/Investigation Administrator (Position #20249): Jessica Hughes has

been employed in DAC since August 2013 and has more than six years of

10


experience in the areas of finance and accounting. She served as a senior

accountant at a large university and has extensive knowledge with administrative

activities associated with monitoring and reporting federal, state, local and private

contracts and grants. Ms. Hughes is responsible for performing internal audits,

investigations, and consulting on various financial related matters [18].

The minimum qualifications require a person hold a master’s degree in related field,

with four years of experience conducting evaluations of internal controls, tests and

financial transactions; or a bachelor’s degree with six years of experience conducting



7. Audit Services/Investigation Administrator (Position #17378): Carl Threatt has been

employed in DAC since August 2013 and has over 19 years of auditing experience,

inclusive of experience at universities and state agencies performing both

operational and financial audits. He has experience in developing audit plans, as

well as conducting risk assessments and investigations. He is a certified internal

auditor and holds certification in risk management assurance. He is responsible for

performing audits and performing investigations [20].

The minimum qualifications require a person hold a master’s degree in related field

with four years of experience conducting evaluations of internal controls, tests and

financial transactions; or a bachelor’s degree with six years of experience conducting



11


II. Evidence that DAC Operates in Accordance with Professional Standards

After the issues with FAMU’s internal audit function came to light in 2011, the University hired

an external consultant (Accretive Solutions) to provide recommendations to enhance DAC’s

efforts to successfully complete a quality assurance review (QAR) [22]. The recommendations

included in the final report from Accretive Solutions were used to facilitate the implementation of

enhancements in DAC, which included revisions to the Charters for the DAC in April 2012 [23]

and FAMU BOT Audit and Compliance Committee (ACC) in June 2012 [24]. The revised

Division of Audit and Compliance Charter requires that DAC activities are performed in

accordance with appropriate professional standards, including but not limited to, generally

accepted auditing standards as advocated by the Institute of Internal Auditors (IIA) [2] and the

Government Accountability Office [7]. The enhancements implemented in DAC (summarized

below) have strengthened the University’s internal audit function and helped to ensure that DAC

is operating in accordance with IIA Standards and that it meets the expectations of the FAMU

BOT.

• In 2012, the University revised the charters for the FAMU BOT Audit Committee and

the DAC so that they now conform to IIA Standards.

• An external audit firm (Ernst & Young) was hired to provide training for the FAMU

BOT Audit Committee at its February 2013 meeting. The training covered the duties

and responsibilities of the FAMU BOT for overseeing the University’s internal audit

function [25].

• In February 2013, DAC revised its operating procedures manual to provide guidance

for the day-to-day supervision, review, and measurement of the internal audit activity

and is incorporated into the routine policies and practices used to manage the

internal audit activity [26].

12


• In January 2013, DAC established a Quality Assurance and Improvement Program

(QAIP), as required by IIA Standards. A QAIP enables an evaluation of the internal

audit activity’s conformance with IIA Standards and also assesses the efficiency and

effectiveness of the internal audit activity and identifies opportunities for improvement

[27].

• In July 2013, DAC conducted an internal assessment of its operations to evaluate

the extent to which DAC is in compliance with IIA Standards and to identify areas for

improvement. A status update on the review was provided to the FAMU BOT at the

August 2013 meeting as required by IIA Standards [28].

• In July 2013, DAC hired an external auditing firm (Ernst & Young) to conduct a

quality assurance review (QAR), as required by IIA Standards [27]. The final report

will be available in September 2013 and will be provided to the SACSCOC Special

Committee during the September visit [29].

• DAC staff received training on the following topics: audit evidence, governmental

accounting and auditing updates, and implementation of a quality assurance

improvement program [30].

III. Oversight of the Internal Audit Function

A. Oversight Role of the FAMU BOT

The FAMU BOT has primary responsibility for providing oversight of the University’s internal

audit function, which includes ensuring that the unit consistently provides accurate information

on its internal auditing practices. To facilitate this function, the FAMU BOT established the Audit

and Compliance Committee (ACC) pursuant to Section 4.2.2 of the FAMU BOT Operating

Procedures [31]. The primary function of the ACC is to assist the FAMU BOT in discharging its

oversight responsibilities for the financial reporting process, the system of internal control, the

13


audit process, and FAMU’s process for monitoring compliance with laws and regulations.

Moreover, the ACC is responsible for reviewing and recommending to the FAMU BOT policies

affecting internal controls, accountability and audit [31]. The ACC’s role is one of oversight, not

preparation or operation. Its principal activities include the following:

• Oversight of the University’s business risk assessment, by reviewing procedures in place

to assess and minimize significant risks;

• Oversight of the University’s internal control structure, to review the effectiveness and

reliability of its business, financial and information system controls;

• Oversight of the quality and integrity of the University’s financial reporting processes to

ensure the balance, transparency, and integrity of published financial information;

• Review of the internal audit function and overall audit process;

• Review and approval of the annual audit plan; and

• Review of the University’s process for monitoring compliance with laws, regulations and

policies.

To assist the ACC and the FAMU BOT in its oversight, the FAMU BOT has adopted an Audit

and Compliance Committee Charter [32], as stated earlier. As outlined in the Charter, the ACC

is responsible for reviewing and recommending to the FAMU BOT policies affecting internal

controls, accountability and audit. The ACC has access to internal and external auditors to

assess their performance, the scope of audit activities, and the adequacy of the system of

internal accounting controls to ensure compliance with state and federal laws, regulations and

requirements. The ACC makes reports to the FAMU BOT. The ACC’s specific responsibilities

and duties with respect to oversight of the internal audit function include the following:

• Reviewing and approving the annual internal audit plan, ensuring that it addresses key

areas of risk [33];

14


• Approving and periodically reviewing the charter, staffing, and activities of the internal

audit function to ensure they comply with professional standards and address emerging

audit issues [24];

• Reviewing a summary of significant findings and recommendations of completed internal

audits, including management’s response and time frame for corrective action, to ensure

appropriateness of actions taken [28];

• Obtaining a periodic progress report on the status of executing the internal audit plan

and approve changes or deviations from the approved audit plan [28];

• Determining the degree of implementation of past audit recommendations and the

sufficiency of corrective actions taken in addressing those recommendations [28];

• Ensuring there are no unjustified restrictions or limitations, and concurring in the

appointment, replacement, or dismissal of the Vice President of Audit and Compliance

[24];

• Discussing with the VPAC any difficulties encountered in the course of audits and

investigations, including restrictions on the scope of work or access to required

information, and any lack of cooperation [34];

• Reviewing the results of the quality assurance program [28];

• Identifying areas warranting improvements, if any, and make policy recommendations to

the FAMU BOT [35];

• Meeting with the VPAC regularly to discuss confidential matters; and

• Proposing adequate controls and guidelines for receiving complaints regarding

accounting controls and reports of financial fraud [36].

The VPAC provides reports to the ACC during regularly scheduled FAMU BOT meetings [37].

The meeting agenda are determined in consultation with the ACC chair. Significant findings for

audits are presented as well as updates on DAC activities and audits issued by external

15


auditors. The VPAC also interacts with the ACC chair on a regular basis (typically via emails

and telephone conversations) to provide updates and information on ongoing DAC activities.

Following updates, the ACC Chair provides guidance on items introduced during ACC meetings

and reports information to the full BOT as needed to determine what course of action should be

taken.

The FAMU BOT has taken definitive steps to correct the issues that arose regarding the

University’s internal audit function. As described in this narrative, the FAMU BOT has received

training on its roles and responsibilities, which will enhance its oversight of DAC. Additionally,

the VPAC and ACC chair have developed a new format for how information is presented by

DAC during ACC meetings [28]. This format, initiated during the August 2013 FAMU BOT

meeting, requires the VPAC to provide detailed information on the status of ongoing audits and

follow-up actions. These actions, along with the other enhancements implemented within DAC,

have increased the level of accountability for DAC and the VPAC, and help to ensure that DAC

conducts audits in accordance with professional standards, and that it consistently presents

information that is accurate and complete.

B. Oversight Role of the University President

The President is charged with overseeing the University’s operations, management,

performance, fiscal accountability, and its compliance with the federal and state laws, as well as

regulations of the Board of Governors. The VPAC is appointed by, and reports administratively

and operationally to, the University President [6].

C. Oversight Role of the Board of Governors

In November 2002, Florida voters approved an amendment to Article IX, Section 7, of the

Florida Constitution, creating a Board of Governors (BOG) to oversee the State University

16


System (SUS) [38], of which FAMU is a member. The BOG has established several standing

committees to assist in the management and oversight of each university in the SUS. As

outlined in the BOG Operating Procedures [39], the BOG Audit and Compliance Committee

provides oversight and direction in relation to the internal audit functions for each SUS

University. For example, FAMU and other SUS Universities routinely provide copies of finalized

internal audit reports to the BOG.

The BOG has collaborated with FAMU over the past several months to develop a Corrective

Action Plan for addressing the issues that came to light in 2011 that involved the University’s

internal audit function, anti-hazing program, and control of finances [40]. With respect to the

University’s internal audit function, the Corrective Action Plan outlines specific actions for (a)

enhancing DAC’s compliance with IIA Standards; (b) providing reports to the FAMU BOT ACC

and University President; and (c) conducting investigations. The VPAC provides monthly

updates to the BOG Inspector General on the progress of implementing the corrective actions

during monthly teleconference meetings.

IV. Status of the Past "Fabricated" Audits

As a result of a whistle-blower allegation, which indicated that DAC did not follow professional

standards governing performance of internal auditing services, the University contracted with

the firm of Sniffen & Spellman, PA, to conduct a review of its internal audit processes. Sniffen &

Spellman conducted an investigation and issued a final report in November 2011 [41]. With

respect to the aforementioned “fabricated” audits, the report concluded the following:

• DAC knowingly presented 15 audit or review reports to the FAMU BOT Audit and

Compliance Committee in the form of “executive summaries,” when, at the time the

reports were submitted, no final report had been prepared, thus leading recipients to

believe that all work had been conducted and completed when, in fact, it had not.

17


The University conducted a thorough review of each of the 15 audit issues described in the

Sniffen and Spelman report and took appropriate action as summarized in the narrative and

table below. As noted below, all 15 “fabricated” audits have been addressed. In some cases

the audit issue was addressed by the audits that were re-performed by Ernst & Young

(E&Y). In other cases the audit issue was included in the Operational Audit conducted by

the State of Florida Auditor General. For those audit issues that were substantiated by

Sniffen and Spellman, the University determined that follow-up audits were not required

because there were no audit findings.

• The Sniffen and Spellman report concluded that 10 of the 15 “fabricated” audits were

unsubstantiated.

Eight of the 15 “fabricated” audits were deemed to be insufficient; therefore, the

University hired E&Y to re-perform the audits. E&Y issued a final report in

October 2012 [42].

Two of the 15 “fabricated” audits were not re-performed because they were

included in the Auditor General’s 2009-10 or 2011-12 Operational Audit.

• The Sniffen and Spellman report concluded that 5 of the 15 “fabricated” audits were

substantiated.

Each of the 5 audits had no findings. Therefore, DAC determined that no follow-

up work was required.

18


Audit Topic Outcome of Original Review of

15 “Fabricated” Audits

Audit Status Update Status Update on Follow-Up Work

1. Technology Fee Hired E&Y to re-perform audit.

E&Y completed the audit and issued a final report in October 2012.

The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing.

2. Fingerprinting and Background Check

Sniffen & Spellman substantiated original audit, which had no findings.

Reviewed by Auditor General in prior operational audit released November 2010 with no findings.

Not required.

3. Purchasing Card Program (P-Card)

Issue included in Florida Department of Law Enforcement review. Hired E&Y to perform review. Also included in Auditor General’s FY 2012 Operational Audit. Audit.

E&Y completed the review and issued a draft report in May 2013 Operational Audit findings issued in February 2013. The University implemented corrective actions and DAC subsequently conducted follow-up validation work.

Accretive Solutions has been hired to provide external validation as described below in Section VII of this narrative.

4. Revenue Collections – Home Football Games

Hired E&Y to re-perform audit.



5. Revenue Collections – Parking Services


Work has been completed. Not required.

19





6. Textbook Adoption and Affordability

Hired E&Y to re-perform audit. Issue also included in Auditor General’s FY 2012 Operational Audit.

E&Y completed the audit and issued a final report in October 2012. Operational Audit findings issued in February 2013. The University implemented corrective actions and DAC subsequently conducted follow-up validation work.

Accretive Solutions has been hired to provide external validation as described below in Section VII of this narrative.

7. Bank Reconciliations Hired E&Y to re-perform audit.



8. Controls for Grade Changes

Sniffen & Spellman substantiated original audit, which had no findings. DAC included this issue in the 2012-13 Audit Plan.

DAC is in the process of conducting an audit.

TBD upon completion of audit

9. Revenues from Classics and Guarantee Contracts




10. Tuition Differential Fee Issue included in Auditor General’s FY 2010 and 2012

Operational Audit findings for 2012 issued in February 2013. The University implemented

Accretive Solutions has been hired to provide external validation as described below

20





Operational Audit. corrective actions and DAC subsequently conducted follow-up validation work.

in Section VII of this narrative.

11. Sub-Recipient Monitoring of Contracts and Grants




12. Federal Financial Aid Awards: Direct Loan Reconciliations


Did not surface as a finding in the FY 2011 or 2012 A-133 audit.

Not required.

13. Contracts and Grants Expenditures: Terms and Conditions




14. Cash Collections: Rattler Card Program


No follow up work conducted by DAC.

Not required.

15. Insurance Coverage on Buildings and Contents




21


V. Internal Audits Carried out Since Discovery of the Problems

Since the discovery of the audit problems in 2011, FAMU has taken the necessary steps to

ensure that DAC is operating in accordance with IIA Standards. Risk assessments were

conducted for the past two years to determine the areas of focus for the upcoming audit year.

Based on the risk assessments, DAC developed Audit Plans for 2012-13 [22] [43] and 2013-

2014 [44] that were approved by the FAMU BOT [34]. Status updates for the audits that were

conducted per the 2012-2013 Audit Plan are included below. The DAC has provided updates to

the FAMU BOT on the status of each audit and the resultant corrective actions [28]. All of the

internal audits and risk assessments that DAC has conducted since these issues came to light

have been conducted in conformance with IIA Standards [29].

Audits Conducted in 2012-13 Audit Campus Unit Audit Status/

Follow-Up Action Dormitory Construction (Added to Audit Plan after FAMU BOT approval in August 2012)

DAFS (Construction & Facilities Management)

DAC audit report issued October 2012 [45]. DAC follow-up work to begin September 2013.

Cash Collections Points DAFS/Controller, Academic Affairs (Auxiliary Services, Journalism, Library)

DAC audit report issued March 2013 [46]. DAC follow-up work in progress.

Voyager Card Program (Added to Audit Plan after FAMU BOT approval in April 2012)

DAFS (Facilities and Construction and Administrative Services)

DAC audit report issued June 2013 [47]. DAC follow-up work in progress.

Life Gets Better Scholarship Program (Added to Audit Plan after FAMU BOT approval in April 2012)

Student Affairs, University Advancement

DAC audit report issued July 2013 [48]. DAC follow-up work in progress.

Grade Change Process Academic Affairs (Registrar) Work in progress. Estimated completion in September 2013

22


Audits Scheduled for 2013-14 Audit Campus Unit

Accounts Payable Review DAFS (Controller)

Cash Forecasting and Budgeting Review DAFS (Budget/Controller)

Administrative Services Assistance Program (ASAP) - (Added to Audit Plan after FAMU BOT approval in August 2013)

DAFS (ASAP)

Assessment of Compliance with 2012 Florida Statute 1009.24

Academic Affairs/DAFS

ACE Academic Support Services Review Athletics

Financial Aid Process Review Student Affairs (Financial Aid)

Contracts and Grants Review Division of Sponsored Research (Office of Contracts & Grants Management)

Research Compliance Assessment Division of Sponsored Research (Division of Research)

Information Technology General Controls Assessment

Information Technology

Information Technology Automated Controls Assessment

Information Technology

Department of Public Safety Review Student Affairs (Office of Vice President)

SACS Follow-up Projects Various

Policies and Procedures Review Various

VI. Financial Audit

The State of Florida’s Office of the Auditor General annually conducts a financial audit of

FAMU's accounts and records for the fiscal year ending June 30. The Office of the State of

Florida Auditor General conducts the audits pursuant to Section 11.45, Florida Statutes [49] and

applicable standards contained in Government Auditing Standards issued by the Comptroller

General of the United States.

23


A. 2012 Fiscal Year

The 2012 fiscal year financial audit for FAMU was issued in March 2013 [50]. The University

received an unqualified opinion from the Auditor General’s office [50]. The University has

received unqualified financial audits for the previous four fiscal years (FY 2008-2011). The audit

objectives and scope were to determine if FAMU and its officers with administrative and

stewardship responsibilities for FAMU's operations had done the following:

• Presented the University’s basic financial statements in accordance with generally

accepted accounting principles;

• Established and implemented internal control over financial reporting and compliance

with requirements that could have a direct and material effect on the financial

statements; and

• Complied with the various provisions of laws, rules, regulations, contracts, and grant

agreements that are material to the financial statements.

B. 2013 Fiscal Year

As mentioned previously in this narrative, the University participated in an on-campus entrance

conference with the Auditor General on August 21, 2013, to discuss the schedule by which

FAMU’s 2013 fiscal year audits would be completed. The University requested the Auditor

General to complete the financial audit as quickly as possible. The Auditor General informed

the University during the meeting that the 2013 Financial Statement is scheduled to be issued in

December 2013.

VII. Operational Audit

The State of Florida’s Office of the Auditor General is required to conduct an operational audit of

each university in the SUS at least every three years [49]. FAMU’s most recent operational audit

was conducted for the fiscal year ending June 30, 2012 and was issued in February 2013 [51].

24


The audit contained 24 findings and recommendations. The University has developed and

implemented corrective actions for each audit finding. A table summarizing the audit findings,

recommendations, and the corrective actions that have been implemented by the University is

included as supporting documentation [52]. Additionally, the University has hired an external

professional services firm (Accretive Solutions) to provide a review (independent, third party) of

the design and effectiveness of the corrective actions to address adequately each finding

described in the table. Accretive Solutions will provide the University with a final report in mid-

September 2013 and a copy of the report will be provided to the members of the SACSCOC

Special Committee during the campus visit in September 2013.

VIII. Conclusion

As described in this narrative and supporting documentation, the University is in compliance

with Principle 1.1. The University has taken definitive steps to enhance its internal audit function

and to reiterate its commitment to operating with integrity in all matters.

25


DOCUMENTATION

1 Probation Sanction Letter

2 International Standards for the Professional Practice of Internal Audits IIA Standards

3 President’s Corrective Action Workshop Agendas

4 Faculty Planning Conference Agenda – 2013

5 BOT Resolution 14-05

6 Division of Audit and Compliance (DAC) Charter

7 Government Auditing Standards

8 Resume for Richard Givens

9 Position Vacancy Announcement – Richard Givens

10 Resume for Alan Sands

11 Position Vacancy Announcement – Alan Sands

12 Resume for Jim Hakemoller

13 Position Vacancy Announcement – Jim Hakemoller

14 Resume for Zulfiqar Gehlanvi

15 Position Vacancy Announcement – Zulfiqar Gehlanvi

16 Resume for Ruoxu Li

17 Position Vacancy Announcement – Ruoxu Li

18 Resume for Jessica Hughes

19 Position Vacancy Announcement – Jessica Hughes

20 Resume for Carl Threatt

21 Position Vacancy Announcement – Carl Threatt

22 Accretive Solutions Quality and Risk Assessment Report

23 BOT Meeting Minutes – April 2012

24 BOT Meeting Minutes – June 2012

25 BOT Meeting Agenda and Minutes - February 2013

26 Division of Audit and Compliance (DAC) Operational Manual

27 Division of Audit and Compliance Quality Assurance and Improvement Program (QAIP)

28 BOT Audit and Compliance Committee (ACC) Report – August 2013

29 Quality Assurance Report (QAR) (Report will be provided to the Special Committee while on the site visit)

30 Training for DAC Staff

26


31 BOT Operating Procedures

32 Audit and Compliance Committee (ACC) Charter

33 BOT Meeting Minutes – April 2013

34 BOT Meeting Minutes – June and August 2013

35 BOT Meeting Minutes – June 27, 2012; August 15, 2012

36 BOT Meeting Minutes – October 31, 2012; April 11, 2013

37 BOT Meeting Minutes – February 6, 2013; June 7, 2012

38 Florida Constitution (Article IX, Section 7)

39 BOG Operating Procedures

40 Corrective Action Plan- BOG March 2013 Meeting

41 Sniffen & Spellman Report – 2011

42 Ernst & Young Final Report Internal Audit – May - June 2012

43 Audit Work Plan 2012-13

44 Ernst & Young Risk Assessment and Internal Audit Plan 2013-14

45 Dormitory Construction Report

46 Audit of Cash Collections Points

47 Audit of the Voyager Card Program

48 Audit of the Life Gets Better Scholarship Program

49 Florida Statute Section 11.45

50 Financial Statement – FY 2012

51 FAMU FY 2012 Operational Audit

52 FAMU FY 2012 Operational Audit Corrective Actions

27

principle 1.1 principle of integrity recommendation …sjgc.famu.edu/m/assets/file/principle 1 1...

Documents