Office of Audits and Analysis - Sam Houston State University
Home
Office of Audits and Analysis Charter
Audit Policy
Audit Plans
Links
Office Staff

AUDIT POLICY

All financial records, ledgers, and accounts shall be maintained in conformity with rules and regulations of the State Comptroller, State Auditor, and other entities who have responsibility for setting financial management and reporting standards for State Colleges and Universities, such as the Governmental Accounting Standards Board (GASB) and National Association of College and University Business Officers (NACUBO). These records are to be made available to external auditors and the University's Office of Audits and Analysisor upon request.

Since the University is funded from several sources, it is subject to audit from several different types of auditors. Below is a discussion of the University's policies regarding these different audit groups.

INTRODUCTION

The policies and procedures contained in this document will be followed by the Office of Audits and Analysis staff. When these policies and procedures are found to be deficient, the Director of Office of Audits and Analysis will discuss the deficiency with the University President. Changes to these policies and procedures can be made only with approval of the University President and the Board of Regents of the Texas State University System. Each proposed change will be in writing and will be signed by the Director of Office of Audits and Analysis and the University President.

INDEPENDENCE

Office of Audits and Analysisors will be independent of the activities they audit. Office of Audits and Analysisors at Sam Houston State University will be independent and will carry out their work freely and objectively. Independence permits Office of Audits and Analysisors to render the impartial and unbiased judgments essential to the proper conduct of audits. It is achieved through organizational status and objectivity.

Organization.
The organizational status of the Office of Audits and Analysis will be sufficient to permit the accomplishment of its audit responsibilities. The Board of Regents of the Texas State University System (the Board) shall approve the appointment and removal of the Director of Office of Audits and Analysis. The Director of Office of Audits and Analysis at Sam Houston State University shall report directly to the Board of Regents through the Director of Audits and Analysis of the Texas State University System. The Director shall also have direct communication with the Board of Regents. Continued, regular communication with the Board helps assure independence and provides a means for the Board and the Director to keep each other informed on matters of mutual interest.

The Director of Office of Audits and Analysiss has a straight line of communication to the Board of Regents through the Director of Audits and Analysis of the Texas State University System. The Finance Committee of the Board of Regents oversees communication between the University Office of Audits and Analysis and The Director of Audits and Analysis of the Texas State University System. Reports and communication with these authoritative bodies may be as frequent as needed. The Director of Office of Audits and Analysis will submit both annual reports and reports at regularly scheduled meetings to the Board.

While the Office of Audits and Analysisors are independent of the management of the University, communication and coordination between the Office of Audits and Analysis, the President of Sam Houston State University and other members of senior management is an integral part of the Office of Audits and Analysis function. Generally, all items and documents submitted to the Board will also be reviewed and approved by senior management. Daily operations of the Office of Audits and Analysis will be closely coordinated between the President of the University and the Director of Office of Audits and Analysis.

Annual Reports.
On an annual basis, the Director of Office of Audits and Analysis shall prepare the following reports and documents:

  • Annual audit report
  • Annual audit plan and risk assessment
  • Budget

These reports and documents will be approved by both senior management of the University and the Board. Approval by the Board of Regents of the annual report and audit plan will be documented in the minutes of the appropriate meetings. Any deviations from the approved risk assessment, audit plan or budget will be approved by the President of the University and the Chairman of the Finance Committee of the Board of Regents.

In addition to the above reports, the Director of Office of Audits and Analysis will be responsible for reviewing the Charter for the Office of Audits and Analysis and communicating the assessment with senior management and the Board.

Reports for Regularly Scheduled Board Meetings.
Activity reports will be submitted to the Board at their regular meetings. These reports will be presented to the Board in a summary report of all audit reports released since the last Board meeting. The Director of Office of Audits and Analysis at Sam Houston State University will prepare a summary report of the University’s Office of Audits and Analysis. These reports will include:

  1. A brief description of the significant findings and recommendations from each audit and management’s response.
  2. A list of audits for which management responses were not received within the required time frame, including management’s explanatory comments regarding extenuating circumstances and justification for an extension of time.
  3. Evaluation progress made on audit recommendations issued in the current fiscal year.

Objectivity.
Office of Audits and Analysisors will be objective in performing audits. Objectivity is an independent mental attitude which Office of Audits and Analysisors will maintain in performing audits. Office of Audits and Analysisors are not to subordinate their judgment on audit matters to that of others. All work will be performed in such a manner that the auditor has an honest belief in his/her work product and that no significant quality compromises are made.

The Director will obtain from all audit staff, on an annual basis, documentation of any potential or actual conflicts of interest. The Director will then make all staff assignments so that potential and actual conflicts of interest and bias are avoided. Office of Audits and Analysis staff will be required to report to the Director any situations in which a conflict of interest or bias is present or may reasonably be inferred. Office of Audits and Analysisors will not be considered independent of a department if the department has employed any person who is related to the auditor or his/her spouse within the first or second degree by marriage (affinity) or within the first, second or third decree by blood (consanguinity). The degrees of relationship used by the Office of Audits and Analysis are the same as noted in the University’s Human Resource Policy on Nepotism.

In no instances shall Office of Audits and Analysisors assume operating responsibilities. If senior management directs Office of Audits and Analysisors to perform non-audit work, it should be understood that they are not functioning as Office of Audits and Analysisors. The Board of Regents should approve any such deviations of the auditor’s responsibility.

Staff transferred to or temporarily engaged by the Office of Audits and Analysis should not be assigned to audit those activities which they previously performed until a period of six months has elapsed. Such assignments will be presumed to impair objectivity and will be considered when supervising the audit work and reporting the audit results.

All results of Office of Audits and Analysis work will be reviewed by the Director of Office of Audits and Analysis, the Director of Audits and Analysis and appropriate University management prior to the release of the work.

PROFESSIONAL PROFICIENCY

Professional proficiency is the responsibility of the Office of Audits and Analysis and each Office of Audits and Analysisor. The Director will assign to each audit a person who collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly.

Staff and Supervision.
The Director of Office of Audits and Analysis will be required to hold a Certified Public Accountant certificate, and have at least five years of audit experience. An MBA and/or CIA certification are preferred.

Qualified assistant Office of Audits and Analysisors will be required to have a degree in accounting. An MBA or equivalent experience is preferred. A CPA certification or “in the process of” is also preferred.

The Director of Office of Audits and Analysis is responsible for providing appropriate audit supervision. Supervision is a continuing process, beginning with planning and ending with the conclusion of the audit assignment. Supervision includes:

  1. Providing suitable instructions to subordinates at the outset of the audit and proving the audit program.
  2. Seeing that the approved audit program is carried out unless deviations are both justified and authorized.
  3. Determining that audit work papers adequately support the audit findings, conclusions, and reports.
  4. Making sure that audit reports are accurate, objective, clear, constructive, and timely.
  5. Determining that audit objectives are being met.

The Director of Office of Audits and Analysis will document evidence of supervision and review on all audits. This may be accomplished by signing off on all work papers and audit documents.

Compliance with the Standards of Conduct.
The Office of Audits and Analysis has adopted the Code of Ethics of the Institute of Office of Audits and Analysisors. The Code sets forth high standards of honesty, objectivity, diligence, and loyalty to which Office of Audits and Analysisors shall conform. See Exhibit A for a copy of the Code.

Continuing Education.
Office of Audits and Analysisors shall enroll in continuing education in order to maintain their proficiency. Adequate continuing education to maintain CPA and CIA status (if applicable) is required. Continuing education hours shall be directly related to Office of Audits and Analysis to be considered valid by the department and the University.

Due Professional Care.
Due professional care calls for the application of the care and skill expected of a reasonably prudent and competent Office of Audits and Analysisor in the same or similar circumstances. Professional care will, therefore, be appropriate to the complexities of the audit being performed. In exercising due professional care, Office of Audits and Analysisors will be alert to the possibility of intentional wrong doing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest. They will also be alert to those conditions and activities where irregularities are most likely to occur. In addition, they will identify inadequate controls and recommend improvements to promote compliance with applicable statutes and acceptable procedures and practices.

Fraud.
Deterrence of fraud consists of those actions taken to discourage the perpetration of fraud and limits the exposure if fraud does occur. The principal mechanism for deterring fraud is control. The primary responsibility for establishing and maintaining controls rests with management. Office of Audits and Analysisors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of internal control, commensurate with the extent of the potential exposure/risk in the various segments of the University’s operations.

When an Office of Audits and Analysisor suspects fraud, the Director of Office of Audits and Analysis will be immediately notified. Upon review of the circumstances and documentation, if the Director suspects wrong doing, the appropriate authorities within the University will be informed. The Director may recommend whatever investigation is considered necessary in the circumstances. Thereafter, the auditor should follow up to see that the Office of Audits and Analysis’s responsibilities have been met.

The Office of Audits and Analysis’s follow-up will include determination that all applicable reports have been filed with the appropriate local and state agencies. Any time that the President of the University has reasonable cause to believe that University resources may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the University, he shall promptly report the reason or basis for the belief to the Chair of the Finance Committee, to the system Director of Audits and Analysis, and if required by Government Code Section 321.022, to the State Auditor. The System’s Director of Audits and Analysis is responsible for the final release of report copies to the proper oversight agencies.

Government Code Section 321.022 requires that any time the University President has “reasonable cause to believe” that losses due to fraudulent or unlawful conduct have been incurred by the University, the State Auditor’s Office will be notified that such a loss may have occurred. Any time a set of facts exist which would result in a reasonable and prudent person to believe that an offense may have been committed, there is considered to be “reasonable cause to believe.” To determine whether a reasonable and prudent person would believe that an offense may have been committed, the auditor will consider the following criterion as set forth in the legislature:

  • The basis of the belief should be more than mere suspicion.
  • The department should be able to point to particular facts which support the belief that a loss may have occurred as a result of fraud or unlawful conduct.
  • It is not necessary that probable cause be established or a suspect identified.

The University’s compliance with reporting procedures will be documented by the Office of Audits and Analysis.

SCOPE OF WORK

The scope of Office of Audits and Analysising should encompass the examination and evaluation of the adequacy and effectiveness of the University’s system of internal control and the quality of performance in carrying out assigned responsibilities. Office of Audits and Analysis will examine and evaluate the planning, organizing, and directing processes to determine whether reasonable assurance exists that objectives and goals will be achieved. Such evaluations, in the aggregate, provide information to appraise the overall system of internal control.

All systems, processes, operations, functions, and activities within the University are subject to the Office of Audits and Analysisors’ evaluations. Such evaluations will encompass whether reasonable assurance exists that:

  1. Objectives and goals have been established.
  2. Authorizing, monitoring, and periodic comparison activities have been planned, performed, and documented as necessary to attain objectives and goals.
  3. Planned results have been achieved.

Office of Audits and Analysisors perform evaluations at specific points in time but will be alert to actual or potential changes in conditions which affect the ability to provide assurance from a forward-looking-perspective. In those cases, Office of Audits and Analysisors will address the risk that performance may deteriorate.

Office of Audits and Analysis will review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information. Information systems provide data for decision making, control, and compliance with external requirements. Therefore, Office of Audits and Analysisors should examine information systems and, as appropriate, ascertain whether financial and operating records and reports contain accurate, reliable, timely, complete, and useful information, and, whether controls over record keeping and reporting are adequate and effective.

Office of Audits and Analysis will review the systems established to ensure compliance with policies, planning, procedures, laws, and regulations which could have a significant impact on operations and reports, and will determine whether the University is in compliance.

Office of Audits and Analysisors will review the means used to safeguard assets from various types of losses such as those resulting from theft, fire, improper or illegal activities, and exposure to elements.

Office of Audits and Analysis is responsible for the appraisal of the economy and efficiency with which resources are employed. This appraisal includes determining whether:

  1. Operating standards have been established for measuring economy and efficiency.
  2. Established operating standards are understood and are being met.
  3. Deviations from operating standards are identified, analyzed, and communicated to those responsible for corrective action.
  4. Corrective action has been taken.

These audits related to the economical and efficient use of resources should identify such conditions as underutilized facilities, nonproductive work, procedures which are not cost justified, and over staffing or under staffing.

Office of Audits and Analysisors will review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried as planned. Office of Audits and Analysis can provide assistance to managers who are developing objectives, goals, and systems by determining whether the underlying assumptions are appropriate; whether accurate, current, and relevant information is being used; and whether suitable controls have been incorporated into the operations or programs.

PERFORMANCE OF AUDIT WORK

Planning.
The Director of Office of Audits and Analysis is responsible for planning and conducting the audit assignment, subject to supervisory review and approval.

Planning will be documented and will include:

  1. Establishing audit objectives and scope of work.
  2. Obtaining background information about the activities to be audited.
  3. Determining the resources necessary to perform the audit.
  4. Communicating with all who need to know about the audit.
  5. Performing, as appropriate, a survey to become familiar with the activities, risks, and controls to identify areas for audit emphasis, and to invite auditee comments and suggestions.
  6. Writing the audit program. The audit program will include:
    1. Documentation of the Office of Audits and Analysisor’s procedures for collecting, analyzing, interpreting, and documenting information during the audit.
    2. Objectives of the audit.
    3. Scope and degree of testing required to achieve the audit objectives in each phase of the audit.
    4. Identification of technical aspects, risks, processes, and transactions which should be examined.
    5. Statement of the nature and extent of testing required.
    6. Procedures for preparation will be prepared prior to the commencement of audit work and modified, as appropriate, during the course of the audit.
  7. Determining how, when, and to whom audit results will be communicated.

Work Papers.
Working papers that document the audit will be prepared by the auditor and reviewed by the Director of Office of Audits and Analysis. These papers record the information obtained and the analyses made, and support the bases for the findings and recommendations to be reported. Audit work papers document the following aspects of the audit process:

  • Planning.
  • The examination and evaluation of the adequacy and effectiveness of the system of internal control.
  • The auditing procedure performed, the information obtained, and the conclusions reached.
  • Review.
  • Reporting.
  • Follow-up.

Each work paper will contain a heading which will include the auditable unit being examined, the division of the unit (if applicable) and the date of the period covered by the audit. Each work paper will be signed and dated by the Office of Audits and Analysisor creating the work paper and signed and dated as reviewed by the Director of Office of Audits and Analysis. Procedures and conclusions will be documented on each work paper. All audit tick marks will be explained. Each work paper will be numbered in the bottom right hand corner of the paper.

Audit work papers are the property of the University. They are to remain under the control of the Office of Audits and Analysis and will be accessible only to authorized personnel. In circumstances where requests for access to audit work papers and reports are made by parties outside the University, approval will be obtained from the President of the University and/or legal counsel, as appropriate. Section 552.116 of the Texas Government Code exempts auditor work papers from the public information requirement of Section 552.021.

All work papers will be retained for a period of no less than ten years. Work papers related to the fraud, misappropriation of funds or other unlawful acts may be retained indefinitely.

Reports.
A signed, written report will be issued upon completion of each examination. Each report will be discussed with appropriate management prior to the final issuance of the report. Management will respond in writing to findings and recommendations noted in the report. The final report, complete with management’s comments will be reviewed and approved by the Director of Audits and Analysis of the Texas State University System prior to final release of the report.

Each report shall contain a description of the purpose, scope and results of the audit; and, where appropriate, an expression of the auditor’s opinion. Reports will include a brief summary, which highlights the significant findings and recommendations for potential improvements and a summary of management’s responses to those findings and recommendations. The audit category for each audit will be stated in the report. In addition, a detailed discussion will follow of the findings, recommendations along with a complete copy of management’s written responses.

Audits will be categorized according to the Rules and Regulations of the Texas State University System. Those rules and regulations require that each audit be classified as follows:

Category I - System’s Director of Audits and Analysis is required to immediately send these reports to the Finance Committee Chairman of the Board of Regents and the University President. Criterion for Category I reports include:

  1. Reports reflecting employee/management fraud or theft.
  2. Reports that reflect a financial impact of more than $20,000 savings or cost (lesser amounts if deemed material in the Office of Audits and Analysisor’s judgment).
  3. Any significant area of noncompliance with state or federal regulations or laws.
  4. Reports of situations presented to the University President in which the auditor has experienced undue pressure or delaying behavior.
  5. Significant violations of generally accepted internal controls.

Category I audits require special reporting procedures. These procedures include:

  1. The Director of Office of Audits and Analysis will report to the Board of Regents, in the standard prescribed format, at the first Board meeting following the issuance of a Category I audit.
  2. The Director of Office of Audits and Analysis will perform a follow up audit every six months until all recommendations/findings have been satisfactorily resolved.
  3. The President of the University shall include in his quarterly Board report the status of the recommendations/findings until they have been satisfactorily resolved.

Category II – All other audits will be classified as Category II audits. These reports will be sent to The Texas State University System’s Director of Audits and Analysis. The Director of Audits and Analysis will then send the reports to the Finance Committee Chairman.

The category rating of the report will be published in each draft and final report. Category I reports will be reported directly to the Chairman of the Finance Committee (with file copy to the Texas State University System Director of Finance).

Management Response.
University procedures require that management respond to an Office of Audits and Analysis report within three weeks of the date of the report. Management responses to each audit will include:

  1. Indication of agreement or disagreement with each recommendation. In those cases where management agrees to implement a recommendation, a timetable for implementation will be given.
  2. In those cases where management disagrees with implementation, a justification will be provided.

Once management has responded to the report, Office of Audits and Analysis will evaluate the response and forward the response and audit report to The Director of Audits and Analysis of the Texas State University System. Follow-up procedures should commence approximately 90 days after management has responded and the report is finalized.

Audit Follow-Up.
Office of Audits and Analysis will determine that corrective action was taken and is achieving the desired results, or that senior management or the Board has assumed the risk of not taking corrective action on reported findings. Certain reported findings may be so significant as to require immediate action by management. These conditions should be monitored by Office of Audits and Analysis until corrected due to the effect they may have on the University. There may also be instances where the Director of Office of Audits and Analysis judges that management’s oral or written response shows that action already taken is sufficient, when weighed against the relative importance of the audit finding. On such occasions, follow-up may be performed as part of the next audit.

MANAGEMENT OF THE Office of Audits and Analysis

The Director of Office of Audits and Analysis is responsible for properly managing the department so that:

  1. Audit work fulfills the general purposes and responsibilities approved by senior management and accepted by the Board.
  2. Resources of the Office of Audits and Analysis are efficiently and effectively employed.
  3. Audit work conforms to the Standards for the Professional Practice of Office of Audits and Analysising.

The Director of Office of Audits and Analysis is responsible for seeking the approval of senior management and the acceptance by the Board of a formal written charter, audit plan and risk analysis for the Office of Audits and Analysis.

Planning.
The Director of Office of Audits and Analysis will establish plans to carry out responsibilities of the Office of Audits and Analysis. These plans will be consistent with the Office of Audits and Analysis’s charter and with the goals of the University. The planning process will establish:

  1. Goals.
  2. Audit work schedules.
  3. Staffing plans and financial budgets.
  4. Activity reports.

The Director of Office of Audits and Analysis is responsible for the final risk assessment used in the audit plan. The risk assessment process will include identification of auditable activities, identification of relevant risk factors, and an assessment of their relative significance.

The first phase of the risk assessment process is to identify and catalog the auditable units. Risk factors are the criteria used to identify the relative significance of, and likelihood that, conditions and/or events may occur that could adversely affect the University. The number of risk factors utilized will be limited, but sufficient to provide the Director of Office of Audits and Analysis with confidence that the risk assessment is comprehensive.

Risk assessment then becomes a systematic process for assessing and integrating professional judgments about probable adverse conditions and/or events. Generally, higher audit priorities will be assigned to activities with higher risks.

The Director will incorporate information from a variety of sources into the risk assessment process. Such sources will include, but will not be limited to discussions with the Board and various members of management; discussions among management and staff of the Office of Audits and Analysis; discussion with external auditors; consideration of applicable laws and regulations; analysis of financial and operating data; review of prior audits; and industry or economic trends.

The risk assessment process will be conducted annually and approved by management and the Board. Activity reports will be submitted periodically to senior management and to the Board. These reports will compare performance with the department’s goals and audit work schedules and explain any reason for major variances and indicate any action taken or needed.

Policies and Procedures.
The Director of Office of Audits and Analysis will provide and review on an annual basis, written policies and procedures to guide the audit staff. These policies and procedures will include job descriptions for each level of the audit staff. Each employee of the Office of Audits and Analysis shall have an annual review. This review will include counsel to auditors concerning their performance and professional development.

External auditors.
The Director of Office of Audits and Analysis will coordinate work efforts with external auditors. In the instance of state, or regulatory auditors, Office of Audits and Analysis will coordinate all efforts and work closely with the auditors to insure the audit runs efficiently. The Office of Audits and Analysisor may assist the external auditor in the preparation of work papers and other data. In the case contracted audits, the Office of Audits and Analysisor should assist with the preparation of data in all ways possible to reduce audit costs and assess the effectiveness of the audit.

Quality Assurance.
External reviews of the Office of Audits and Analysis should be performed to appraise the quality of the department’s operations. These reviews should be performed by qualified persons who are independent of the University and who do not have either a real or apparent conflict of interest. Such reviews should be conducted at least once every three years. On completion of the review, a formal, written report should be issued. The report should express an opinion as to the department’s compliance with the Standards for the Professional Practice of Office of Audits and Analysising and, as appropriate, should include recommendations for improvement. The report should also address compliance with the department’s charter and other applicable standards. The report should be addressed to the person who requested the review. The Director of Office of Audits and Analysis should prepare a written action plan in response to the significant comments and recommendations contained in the report of external review. Appropriate follow-up is also the Director’s responsibility.

In addition to the external review, the Office of Audits and Analysis will conduct continual supervision and review. Upon the completion of each Office of Audits and Analysis report, the report along with the response from management shall be forwarded to the Director of Audits and Analysis of the Texas State University System. The Director shall review the report and responses prior to final release.

The Director of Office of Audits and Analysis will constantly supervise and review all programs and procedures used by the department. Office of Audits and Analysisors are required to review and sign off on all work performed. The Director of Office of Audits and Analysis will then review each work paper and report completed by auditors and sign off on the document. Adequate supervision is the most fundamental element of a quality assurance program. The word “continually” indicates that supervision should be performed throughout the planning, examination, evaluation, report, and follow-up phases for all assignments. Supervision should also extend to training, employee performance evaluation, time and expense control, and similar administrative areas.

Requests for Special Projects.
To request unscheduled audits or advisory services from Office of Audits and Analysis, the requesting party must complete an Audit/Advisory Service Request and submit the form to the Director of Office of Audits and Analysis. The Director will then evaluate the request and respond to the requestor within two weeks of the date of the request. An Audit/Advisory Service Request will be evaluated on the impact of the service to the University, time frame requested, number of hours to complete the request and position with current audit schedule.
Requests which have a major impact on Department or University operations will receive first priority. Any requests requiring adjustment to the approved audit plan will require approval of the University President and the Chairman of the Finance Committee of the Board of Regents.