Recommendation from SACSCOC January 15, 2013 Probation Sanction Letter [1]:

Transcription

1 Principle 1.1 Principle of Integrity The institution operates with integrity in all matters. Recommendation from SACSCOC January 15, 2013 Probation Sanction Letter [1]: Principle 1.1 (Integrity) The institution has failed to operate with integrity in relation to providing accurate information on internal audits. For example, the Sniffen & Spellman investigation uncovered 15 executive summaries of internal audits or review reports submitted to the university Board of Trustees where the underlying audits or summaries had not been written. It was also claimed that the reports were in adherence to standards of the Institute of Internal Auditors (IIA) when they actually were not. The institution should provide the 2012 and 2013 fiscal year financial audits and management letter, as well as any operational audits conducted during this period. The institution should also provide an update on the status of the past fabricated internal audits and review reports, as well as internal audits carried out since the discovery of the problems. The institution should provide evidence that the internal auditing function is now operating within the standards of the Institute of Internal Auditors. The report should provide an organizational chart of how the internal audit function fits into the broader institutional structure, as well as details on the qualifications of the personnel now working in that office. FAMU s Response Florida A&M University (FAMU) operates with integrity in all matters and is in compliance with Principle 1.1. The University has taken definitive steps over the past several months to reaffirm its commitment to the principle of integrity and to adequately address the issues and concerns related to its internal audit function. These actions include hiring a new Vice President for Audit and Compliance (VPAC) in 2012; and making several subsequent hires in the Division of Audit 1

2 and Compliance (DAC) to ensure that it is fully staffed, and is able to effectively carry out its function. Measures have been implemented to enhance the Board of Trustees (BOT) oversight of DAC, and to ensure that DAC consistently operates in accordance with the standards of the Institute of Internal Auditors [2]. Additionally, the Interim President has reiterated the requirement for all University employees to operate with integrity in all matters through weekly meetings with his Leadership Team, the recently instituted multi-divisional Corrective Action Workshop Series for campus administrators [3], and during the campus-wide 2013 Faculty Planning Conference [4]. The following narrative and supporting documentation provide evidence of the University s demonstrated practice of operating with integrity in relation to its internal audit function. More specifically, the narrative and supporting documentation are presented to: (a) describe how the University s internal audit function fits into the broader structure of the University; (b) demonstrate that the University s internal audit function is appropriately staffed with qualified personnel; (c) demonstrate that the University s internal audit function consistently operates with integrity and in accordance with the standards of the Institute of Internal Auditors (IIA); (d) provide a status update on the past fabricated internal audits and review reports; and (e) provide a status update on the internal audits conducted since the identification of the fabricated audits in Lastly, the 2012 fiscal year financial audit is provided, as well as the 2012 fiscal year operational audit and corresponding corrective actions. The University participated in an on-campus entrance conference with the Auditor General on August 21, 2013, to discuss the schedule by which FAMU s 2013 fiscal year audits would be completed. The University requested the Auditor General to complete the financial audit as quickly as possible. The Auditor General informed the University during the meeting that the 2013 Financial Statement is scheduled to be issued in December

3 The narrative for Principle 1.1 is organized as follows: I. Internal Audit Function (Division of Audit and Compliance) A. Overview B. Mission of DAC C. Authority of DAC D. DAC Organizational Structure and Staff Qualifications II. Evidence that DAC Operates in Accordance with Professional Standards III. Oversight of the Internal Audit Function A. Oversight Role of the FAMU BOT B. Oversight Role of the University President C. Oversight Role of the Board of Governors IV. Status of the Past Fabricated Audits V. Internal Audits Carried out Since Discovery of the Problems VI. Financial Audit A Fiscal Year B Fiscal Year VII. Operational Audit VIII. Conclusion I. Internal Audit Function (Division of Audit and Compliance) A. Overview In 2005, the FAMU Board of Trustees (BOT) approved Resolution adopting a universitywide compliance program as the foundation of the internal control and compliance environment [5]. In support of the compliance program, the FAMU BOT maintains an internal audit and compliance function, the Division of Audit and Compliance (DAC), that is an integral component of the University governance structure and internal control environment. The DAC purpose and mission are outlined in the DAC Charter (most recently revised by the FAMU BOT in April 2012) [6]. The DAC Charter requires that DAC activities are performed in accordance with appropriate professional standards, including but not limited to, generally accepted auditing standards as advocated by the Institute of Internal Auditors (IIA) [2] and the Government Accountability Office [7]. DAC provides insight on the mitigation of business risk to assist the FAMU BOT and University management in the effective discharge of their responsibilities as they relate to the 3

4 University s policies, processes, programs, information systems, internal controls, and management reporting. B. Mission of DAC As outlined in the Division of Audit and Compliance Charter [6], DAC provides independent objective assurance and consulting services designed to add value and improve the University s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. DAC serves as a proactive business partner with the University s management by evaluating business processes, controls, compliance mechanisms and technologies to ensure: Business risks are appropriately identified and managed; Assets and resources are properly controlled; Operational, financial, and managerial information is accurate and reliable; University actions are in compliance with policies, procedures, standards, and state and federal laws and regulations; Effective coordination and cooperation is provided to external auditors to avoid duplication of effort; Allegations of fraud, waste, and abuse, and complaints received from the Chief Inspector General and Board of Governors are appropriately investigated; and Quality and continuous improvement are fostered in the University s control process. 4

5 C. Authority of DAC DAC provides audit and investigative services to all sectors of the University, including colleges, schools, administrative units, and support organizations. DAC is specifically authorized by the FAMU BOT to do the following [6]: Have unlimited and unrestricted access to all data, books, records, files, property, information systems, and personnel of the University as necessary to carry out its duties and responsibilities; Allocate resources, establish schedules, select subjects, determine scopes of work, and apply the techniques required to accomplish its objectives; Obtain the essential assistance and cooperation of personnel in areas of the University where audits and investigations are performed, as well as other specialized services from within or outside the University; and Have free and unrestricted access to the FAMU BOT. D. DAC Organizational Structure and Staff Qualifications Staffing in DAC has undergone a major overhaul since the audit issues occurred in DAC currently has six (6) full-time auditors/investigators, a Vice President for Audit and Compliance (VPAC), and one administrative staff member, as outlined in the organizational chart shown on the following page. As described below and in the supporting documentation, the VPAC and each of the DAC auditors possess several years of audit experience and have the requisite set of credentials and expertise to effectively carry out their job functions and to ensure that DAC consistently operates according to Institute of Internal Auditors (IIA) standards. 5

6 The VPAC reports functionally to both the Chair of the FAMU BOT and the Chair of the FAMU BOT Audit and Compliance Committee, and therefore, communicates and interacts directly with the FAMU BOT. The FAMU BOT approves all decisions regarding the performance evaluation, appointment, removal, and annual compensation and salary adjustment of the VPAC. The VPAC is appointed by, and reports administratively and operationally to, the University President [6]. The VPAC s dual reporting relationship with the President and BOT promotes independence and objectivity in all work performed by DAC. 6

7 The VPAC, in the discharge of his/her duties, is accountable to the University s management and the FAMU BOT Audit and Compliance Committee (ACC) to do the following: Submit an annual audit plan for review and approval; Issue a report upon conclusion of each audit engagement and communicate the results of each to the FAMU BOT, including management s response and timeframe for corrective action; Periodically report on the DAC s purpose, authority, and responsibility, as well as performance relative to its audit plan, identifying any significant deviations from the approved audit plan; Confirm to the FAMU BOT, at least annually, the organizational independence of the internal audit activity; Report allegations of significant wrongdoing, including that for personal financial gain, that if substantiated, could cause significant harm or damage to the reputation of the University; Communicate the DAC s quality assurance and improvement program, including results of ongoing internal assessments and external assessments conducted at least every three years; and Provide an annual report on the activities and accomplishments of DAC. Staff Qualifications 1. Vice President for Audit and Compliance (Position #19330): In June 2012, Richard Givens was hired as Vice President for Audit and Compliance [8]. Mr. Givens has more than 25 years of experience in developing audit plans, writing risk-based audit programs, developing budgeted hours for the audits, assigning staff to audits, reviewing work papers for conformity with auditing standards, writing audit reports, and preparing semi-annual resource management plans. He is a Certified Public 7

8 Accountant and Certified Governmental Financial Manager. The minimum qualifications for this position require a person hold a master s degree in accounting, business administration, economics, educational leadership, engineering or computer information systems and six years of internal auditor, investigator or independent post auditor, electronic data processing auditor, or any combination thereof; or a bachelor s degree in accounting, business administration, economics, educational leadership, engineering, or computer information systems and eight years of experience as an internal auditor, or any combination thereof. The experience shall at a minimum consist of 5 years of supervisory experience and include audits and investigations of departments or units of a university, government, or private business enterprises. Qualified individuals must possess a Certified Public Accountant or a Certified Internal Auditor certificate [9]. 2. Audit Services/Investigation Administrator (Position #19430): Alan Sands has been employed in DAC since April 2013 and has over 35 years of experience in auditing, accounting, and consulting with colleges, universities, and state agencies in Florida, including developing audit plans, writing risk-based audit programs, developing budgeted hours for the audits, assigning staff to audits, reviewing work papers for conformity with auditing standards, writing audit reports, and preparing semi-annual resource management plans [10]. He has supervised and performed financial, operational, and federal audits of State universities. He is responsible for planning and performing internal audits and following up on the University s corrective action plans. He is a Certified Public Accountant. The minimum qualifications require a person hold a master s degree in appropriate 8

9 area, with four years of experience conducting evaluations of internal controls, tests and financial transactions; or a bachelor s degree with six years of experience conducting evaluations of internal controls, tests and financial transactions. Qualified individuals must have Certified Internal Auditor or Certified Public Accountant certificates [11]. 3. Audit Services/Investigation Administrator (Position #19397): Jim Hakemoller has been employed in DAC since October 2012 and has over 35 years of experience in auditing, accounting and fraud detection experience [12]. (Mr. Hakemoller was previously employed in DAC from October 2007 through August 2009.) Mr. Hakemoller is responsible for performing internal audits and investigations. He is a certified internal auditor, certified government auditing professional, and certified fraud specialist. The minimum qualifications require a person hold a master s degree in accounting, business administration or appropriate area of specialization, with four years of experience conducting internal audit engagements including financial and operational audits; or a bachelor s degree in accounting, business administration or appropriate area of specialization, with six years of experience conducting internal audit engagements including financial and operational audits. Qualified individuals must have Certified Internal Auditor or Certified Public Accountant certificates [13]. 4. Audit Services/Investigation Administrator (Position #18982): Zulfiqar Gehlanvi has been employed in DAC since August 2012 and has over 15 years of experience in Information Technology, serving as a security consultant, reviewer of security policies and procedures, business continuity and disaster recovery systems [14]. 9

10 (Mr. Gehlanvi was previously employed in DAC from March 2009 thru June 2010). He has a strong background dealing with ERP systems and database security. He is a certified Information Systems Auditor. He is responsible for performing IT audits and providing IT support for the Division s internal audit activity. (Mr. Gehlanvi recently resigned from the University, effective September 4, 2013; his position will be advertised and filled as soon as possible). The minimum qualifications require a person hold a master s degree in accounting, business administration or related field; or a bachelor s degree in computer science, information technology or business administration, with two years of relative experience [15]. 5. Audit Services/Investigation Administrator (Position #16882): Ruoxu Li has been employed in DAC since May 2013 and has over seven years of experience performing financial and operational audits, and investigations [16]. Ms. Li is responsible for leading audits and performing investigations. She is a certified internal auditor. The minimum qualifications require a person hold a master s degree with four years of experience conducting evaluations of internal controls, tests and financial transactions; or a bachelor s degree with six years of experience conducting evaluations of internal controls, tests and financial transactions. Qualified individuals must have Certified Internal Auditor or Certified Public Accountant certificates [17]. 6. Audit Services/Investigation Administrator (Position #20249): Jessica Hughes has been employed in DAC since August 2013 and has more than six years of 10

11 experience in the areas of finance and accounting. She served as a senior accountant at a large university and has extensive knowledge with administrative activities associated with monitoring and reporting federal, state, local and private contracts and grants. Ms. Hughes is responsible for performing internal audits, investigations, and consulting on various financial related matters [18]. The minimum qualifications require a person hold a master s degree in related field, with four years of experience conducting evaluations of internal controls, tests and financial transactions; or a bachelor s degree with six years of experience conducting evaluations of internal controls, tests and financial transactions. Qualified individuals must have Certified Internal Auditor or Certified Public Accountant certificates [19]. 7. Audit Services/Investigation Administrator (Position #17378): Carl Threatt has been employed in DAC since August 2013 and has over 19 years of auditing experience, inclusive of experience at universities and state agencies performing both operational and financial audits. He has experience in developing audit plans, as well as conducting risk assessments and investigations. He is a certified internal auditor and holds certification in risk management assurance. He is responsible for performing audits and performing investigations [20]. The minimum qualifications require a person hold a master s degree in related field with four years of experience conducting evaluations of internal controls, tests and financial transactions; or a bachelor s degree with six years of experience conducting evaluations of internal controls, tests and financial transactions. Qualified individuals must have Certified Internal Auditor or Certified Public Accountant certificates [21]. 11

12 II. Evidence that DAC Operates in Accordance with Professional Standards After the issues with FAMU s internal audit function came to light in 2011, the University hired an external consultant (Accretive Solutions) to provide recommendations to enhance DAC s efforts to successfully complete a quality assurance review (QAR) [22]. The recommendations included in the final report from Accretive Solutions were used to facilitate the implementation of enhancements in DAC, which included revisions to the Charters for the DAC in April 2012 [23] and FAMU BOT Audit and Compliance Committee (ACC) in June 2012 [24]. The revised Division of Audit and Compliance Charter requires that DAC activities are performed in accordance with appropriate professional standards, including but not limited to, generally accepted auditing standards as advocated by the Institute of Internal Auditors (IIA) [2] and the Government Accountability Office [7]. The enhancements implemented in DAC (summarized below) have strengthened the University s internal audit function and helped to ensure that DAC is operating in accordance with IIA Standards and that it meets the expectations of the FAMU BOT. In 2012, the University revised the charters for the FAMU BOT Audit Committee and the DAC so that they now conform to IIA Standards. An external audit firm (Ernst & Young) was hired to provide training for the FAMU BOT Audit Committee at its February 2013 meeting. The training covered the duties and responsibilities of the FAMU BOT for overseeing the University s internal audit function [25]. In February 2013, DAC revised its operating procedures manual to provide guidance for the day-to-day supervision, review, and measurement of the internal audit activity and is incorporated into the routine policies and practices used to manage the internal audit activity [26]. 12

13 In January 2013, DAC established a Quality Assurance and Improvement Program (QAIP), as required by IIA Standards. A QAIP enables an evaluation of the internal audit activity s conformance with IIA Standards and also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement [27]. In July 2013, DAC conducted an internal assessment of its operations to evaluate the extent to which DAC is in compliance with IIA Standards and to identify areas for improvement. A status update on the review was provided to the FAMU BOT at the August 2013 meeting as required by IIA Standards [28]. In July 2013, DAC hired an external auditing firm (Ernst & Young) to conduct a quality assurance review (QAR), as required by IIA Standards [27]. The final report will be available in September 2013 and will be provided to the SACSCOC Special Committee during the September visit [29]. DAC staff received training on the following topics: audit evidence, governmental accounting and auditing updates, and implementation of a quality assurance improvement program [30]. III. Oversight of the Internal Audit Function A. Oversight Role of the FAMU BOT The FAMU BOT has primary responsibility for providing oversight of the University s internal audit function, which includes ensuring that the unit consistently provides accurate information on its internal auditing practices. To facilitate this function, the FAMU BOT established the Audit and Compliance Committee (ACC) pursuant to Section of the FAMU BOT Operating Procedures [31]. The primary function of the ACC is to assist the FAMU BOT in discharging its oversight responsibilities for the financial reporting process, the system of internal control, the 13

14 audit process, and FAMU s process for monitoring compliance with laws and regulations. Moreover, the ACC is responsible for reviewing and recommending to the FAMU BOT policies affecting internal controls, accountability and audit [31]. The ACC s role is one of oversight, not preparation or operation. Its principal activities include the following: Oversight of the University s business risk assessment, by reviewing procedures in place to assess and minimize significant risks; Oversight of the University s internal control structure, to review the effectiveness and reliability of its business, financial and information system controls; Oversight of the quality and integrity of the University s financial reporting processes to ensure the balance, transparency, and integrity of published financial information; Review of the internal audit function and overall audit process; Review and approval of the annual audit plan; and Review of the University s process for monitoring compliance with laws, regulations and policies. To assist the ACC and the FAMU BOT in its oversight, the FAMU BOT has adopted an Audit and Compliance Committee Charter [32], as stated earlier. As outlined in the Charter, the ACC is responsible for reviewing and recommending to the FAMU BOT policies affecting internal controls, accountability and audit. The ACC has access to internal and external auditors to assess their performance, the scope of audit activities, and the adequacy of the system of internal accounting controls to ensure compliance with state and federal laws, regulations and requirements. The ACC makes reports to the FAMU BOT. The ACC s specific responsibilities and duties with respect to oversight of the internal audit function include the following: Reviewing and approving the annual internal audit plan, ensuring that it addresses key areas of risk [33]; 14

15 Approving and periodically reviewing the charter, staffing, and activities of the internal audit function to ensure they comply with professional standards and address emerging audit issues [24]; Reviewing a summary of significant findings and recommendations of completed internal audits, including management s response and time frame for corrective action, to ensure appropriateness of actions taken [28]; Obtaining a periodic progress report on the status of executing the internal audit plan and approve changes or deviations from the approved audit plan [28]; Determining the degree of implementation of past audit recommendations and the sufficiency of corrective actions taken in addressing those recommendations [28]; Ensuring there are no unjustified restrictions or limitations, and concurring in the appointment, replacement, or dismissal of the Vice President of Audit and Compliance [24]; Discussing with the VPAC any difficulties encountered in the course of audits and investigations, including restrictions on the scope of work or access to required information, and any lack of cooperation [34]; Reviewing the results of the quality assurance program [28]; Identifying areas warranting improvements, if any, and make policy recommendations to the FAMU BOT [35]; Meeting with the VPAC regularly to discuss confidential matters; and Proposing adequate controls and guidelines for receiving complaints regarding accounting controls and reports of financial fraud [36]. The VPAC provides reports to the ACC during regularly scheduled FAMU BOT meetings [37]. The meeting agenda are determined in consultation with the ACC chair. Significant findings for audits are presented as well as updates on DAC activities and audits issued by external 15

16 auditors. The VPAC also interacts with the ACC chair on a regular basis (typically via s and telephone conversations) to provide updates and information on ongoing DAC activities. Following updates, the ACC Chair provides guidance on items introduced during ACC meetings and reports information to the full BOT as needed to determine what course of action should be taken. The FAMU BOT has taken definitive steps to correct the issues that arose regarding the University s internal audit function. As described in this narrative, the FAMU BOT has received training on its roles and responsibilities, which will enhance its oversight of DAC. Additionally, the VPAC and ACC chair have developed a new format for how information is presented by DAC during ACC meetings [28]. This format, initiated during the August 2013 FAMU BOT meeting, requires the VPAC to provide detailed information on the status of ongoing audits and follow-up actions. These actions, along with the other enhancements implemented within DAC, have increased the level of accountability for DAC and the VPAC, and help to ensure that DAC conducts audits in accordance with professional standards, and that it consistently presents information that is accurate and complete. B. Oversight Role of the University President The President is charged with overseeing the University s operations, management, performance, fiscal accountability, and its compliance with the federal and state laws, as well as regulations of the Board of Governors. The VPAC is appointed by, and reports administratively and operationally to, the University President [6]. C. Oversight Role of the Board of Governors In November 2002, Florida voters approved an amendment to Article IX, Section 7, of the Florida Constitution, creating a Board of Governors (BOG) to oversee the State University 16

17 System (SUS) [38], of which FAMU is a member. The BOG has established several standing committees to assist in the management and oversight of each university in the SUS. As outlined in the BOG Operating Procedures [39], the BOG Audit and Compliance Committee provides oversight and direction in relation to the internal audit functions for each SUS University. For example, FAMU and other SUS Universities routinely provide copies of finalized internal audit reports to the BOG. The BOG has collaborated with FAMU over the past several months to develop a Corrective Action Plan for addressing the issues that came to light in 2011 that involved the University s internal audit function, anti-hazing program, and control of finances [40]. With respect to the University s internal audit function, the Corrective Action Plan outlines specific actions for (a) enhancing DAC s compliance with IIA Standards; (b) providing reports to the FAMU BOT ACC and University President; and (c) conducting investigations. The VPAC provides monthly updates to the BOG Inspector General on the progress of implementing the corrective actions during monthly teleconference meetings. IV. Status of the Past "Fabricated" Audits As a result of a whistle-blower allegation, which indicated that DAC did not follow professional standards governing performance of internal auditing services, the University contracted with the firm of Sniffen & Spellman, PA, to conduct a review of its internal audit processes. Sniffen & Spellman conducted an investigation and issued a final report in November 2011 [41]. With respect to the aforementioned fabricated audits, the report concluded the following: DAC knowingly presented 15 audit or review reports to the FAMU BOT Audit and Compliance Committee in the form of executive summaries, when, at the time the reports were submitted, no final report had been prepared, thus leading recipients to believe that all work had been conducted and completed when, in fact, it had not. 17

18 The University conducted a thorough review of each of the 15 audit issues described in the Sniffen and Spelman report and took appropriate action as summarized in the narrative and table below. As noted below, all 15 fabricated audits have been addressed. In some cases the audit issue was addressed by the audits that were re-performed by Ernst & Young (E&Y). In other cases the audit issue was included in the Operational Audit conducted by the State of Florida Auditor General. For those audit issues that were substantiated by Sniffen and Spellman, the University determined that follow-up audits were not required because there were no audit findings. The Sniffen and Spellman report concluded that 10 of the 15 fabricated audits were unsubstantiated. Eight of the 15 fabricated audits were deemed to be insufficient; therefore, the University hired E&Y to re-perform the audits. E&Y issued a final report in October 2012 [42]. Two of the 15 fabricated audits were not re-performed because they were included in the Auditor General s or Operational Audit. The Sniffen and Spellman report concluded that 5 of the 15 fabricated audits were substantiated. Each of the 5 audits had no findings. Therefore, DAC determined that no followup work was required. 18

19 Audit Topic Outcome of Original Review of 15 Fabricated Audits 1. Technology Fee Hired E&Y to reperform audit. 2. Fingerprinting and Background Check 3. Purchasing Card Program (P-Card) 4. Revenue Collections Home Football Games 5. Revenue Collections Parking Services Sniffen & Spellman substantiated original audit, which had no findings. Issue included in Florida Department of Law Enforcement review. Hired E&Y to perform review. Also included in Auditor General s FY 2012 Operational Audit. Audit. Hired E&Y to reperform audit. Sniffen & Spellman substantiated original audit, which had no findings. Audit Status Update E&Y completed the audit and issued a final report in October Reviewed by Auditor General in prior operational audit released November 2010 with no findings. E&Y completed the review and issued a draft report in May 2013 Operational Audit findings issued in February The University implemented corrective actions and DAC subsequently conducted followup validation work. E&Y completed the audit and issued a final report in October Work has been completed. Status Update on Follow-Up Work The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. Not required. Accretive Solutions has been hired to provide external validation as described below in Section VII of this narrative. The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. Not required. 19

20 Audit Topic 6. Textbook Adoption and Affordability Outcome of Original Review of 15 Fabricated Audits Hired E&Y to reperform audit. Issue also included in Auditor General s FY 2012 Operational Audit. 7. Bank Reconciliations Hired E&Y to reperform audit. 8. Controls for Grade Changes 9. Revenues from Classics and Guarantee Contracts Sniffen & Spellman substantiated original audit, which had no findings. DAC included this issue in the Audit Plan. Hired E&Y to reperform audit. 10. Tuition Differential Fee Issue included in Auditor General s FY 2010 and 2012 Audit Status Update E&Y completed the audit and issued a final report in October Operational Audit findings issued in February The University implemented corrective actions and DAC subsequently conducted followup validation work. E&Y completed the audit and issued a final report in October DAC is in the process of conducting an audit. E&Y completed the audit and issued a final report in October Operational Audit findings for 2012 issued in February The University implemented Status Update on Follow-Up Work Accretive Solutions has been hired to provide external validation as described below in Section VII of this narrative. The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. TBD upon completion of audit The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. Accretive Solutions has been hired to provide external validation as described below 20

21 Audit Topic 11. Sub-Recipient Monitoring of Contracts and Grants 12. Federal Financial Aid Awards: Direct Loan Reconciliations Outcome of Original Review of 15 Fabricated Audits Operational Audit. Hired E&Y to reperform audit. Sniffen & Spellman substantiated original audit, which had no findings. Audit Status Update corrective actions and DAC subsequently conducted followup validation work. E&Y completed the audit and issued a final report in October Did not surface as a finding in the FY 2011 or 2012 A-133 audit. Status Update on Follow-Up Work in Section VII of this narrative. The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. Not required. 13. Contracts and Grants Expenditures: Terms and Conditions 14. Cash Collections: Rattler Card Program 15. Insurance Coverage on Buildings and Contents Hired E&Y to reperform audit. Sniffen & Spellman substantiated original audit, which had no findings. Hired E&Y to reperform audit. E&Y completed the audit and issued a final report in October No follow up work conducted by DAC. E&Y completed the audit and issued a final report in October The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. Not required. The University implemented corrective actions, and subsequently hired E&Y to validate their effectiveness. The E&Y validation work is ongoing. 21

22 V. Internal Audits Carried out Since Discovery of the Problems Since the discovery of the audit problems in 2011, FAMU has taken the necessary steps to ensure that DAC is operating in accordance with IIA Standards. Risk assessments were conducted for the past two years to determine the areas of focus for the upcoming audit year. Based on the risk assessments, DAC developed Audit Plans for [22] [43] and [44] that were approved by the FAMU BOT [34]. Status updates for the audits that were conducted per the Audit Plan are included below. The DAC has provided updates to the FAMU BOT on the status of each audit and the resultant corrective actions [28]. All of the internal audits and risk assessments that DAC has conducted since these issues came to light have been conducted in conformance with IIA Standards [29]. Audits Conducted in Audit Campus Unit Audit Status/ Follow-Up Action Dormitory Construction (Added to Audit Plan after FAMU BOT approval in August 2012) DAFS (Construction & Facilities Management) DAC audit report issued October 2012 [45]. DAC follow-up work to begin September Cash Collections Points Voyager Card Program (Added to Audit Plan after FAMU BOT approval in April 2012) Life Gets Better Scholarship Program (Added to Audit Plan after FAMU BOT approval in April 2012) Grade Change Process DAFS/Controller, Academic Affairs (Auxiliary Services, Journalism, Library) DAFS (Facilities and Construction and Administrative Services) Student Affairs, University Advancement DAC audit report issued March 2013 [46]. DAC follow-up work in progress. DAC audit report issued June 2013 [47]. DAC follow-up work in progress. DAC audit report issued July 2013 [48]. DAC follow-up work in progress. Academic Affairs (Registrar) Work in progress. Estimated completion in September

23 Audits Scheduled for Audit Accounts Payable Review Cash Forecasting and Budgeting Review Administrative Services Assistance Program (ASAP) - (Added to Audit Plan after FAMU BOT approval in August 2013) Assessment of Compliance with 2012 Florida Statute ACE Academic Support Services Review Financial Aid Process Review Contracts and Grants Review Research Compliance Assessment Information Technology General Controls Assessment Information Technology Automated Controls Assessment Department of Public Safety Review SACS Follow-up Projects Policies and Procedures Review Campus Unit DAFS (Controller) DAFS (Budget/Controller) DAFS (ASAP) Academic Affairs/DAFS Athletics Student Affairs (Financial Aid) Division of Sponsored Research (Office of Contracts & Grants Management) Division of Sponsored Research (Division of Research) Information Technology Information Technology Student Affairs (Office of Vice President) Various Various VI. Financial Audit The State of Florida s Office of the Auditor General annually conducts a financial audit of FAMU's accounts and records for the fiscal year ending June 30. The Office of the State of Florida Auditor General conducts the audits pursuant to Section 11.45, Florida Statutes [49] and applicable standards contained in Government Auditing Standards issued by the Comptroller General of the United States. 23

24 A Fiscal Year The 2012 fiscal year financial audit for FAMU was issued in March 2013 [50]. The University received an unqualified opinion from the Auditor General s office [50]. The University has received unqualified financial audits for the previous four fiscal years (FY ). The audit objectives and scope were to determine if FAMU and its officers with administrative and stewardship responsibilities for FAMU's operations had done the following: Presented the University s basic financial statements in accordance with generally accepted accounting principles; Established and implemented internal control over financial reporting and compliance with requirements that could have a direct and material effect on the financial statements; and Complied with the various provisions of laws, rules, regulations, contracts, and grant agreements that are material to the financial statements. B Fiscal Year As mentioned previously in this narrative, the University participated in an on-campus entrance conference with the Auditor General on August 21, 2013, to discuss the schedule by which FAMU s 2013 fiscal year audits would be completed. The University requested the Auditor General to complete the financial audit as quickly as possible. The Auditor General informed the University during the meeting that the 2013 Financial Statement is scheduled to be issued in December VII. Operational Audit The State of Florida s Office of the Auditor General is required to conduct an operational audit of each university in the SUS at least every three years [49]. FAMU s most recent operational audit was conducted for the fiscal year ending June 30, 2012 and was issued in February 2013 [51]. 24

25 The audit contained 24 findings and recommendations. The University has developed and implemented corrective actions for each audit finding. A table summarizing the audit findings, recommendations, and the corrective actions that have been implemented by the University is included as supporting documentation [52]. Additionally, the University has hired an external professional services firm (Accretive Solutions) to provide a review (independent, third party) of the design and effectiveness of the corrective actions to address adequately each finding described in the table. Accretive Solutions will provide the University with a final report in mid- September 2013 and a copy of the report will be provided to the members of the SACSCOC Special Committee during the campus visit in September VIII. Conclusion As described in this narrative and supporting documentation, the University is in compliance with Principle 1.1. The University has taken definitive steps to enhance its internal audit function and to reiterate its commitment to operating with integrity in all matters. 25

26 DOCUMENTATION 1 Probation Sanction Letter 2 International Standards for the Professional Practice of Internal Audits IIA Standards 3 President s Corrective Action Workshop Agendas 4 Faculty Planning Conference Agenda BOT Resolution Division of Audit and Compliance (DAC) Charter 7 Government Auditing Standards 8 Resume for Richard Givens 9 Position Vacancy Announcement Richard Givens 10 Resume for Alan Sands 11 Position Vacancy Announcement Alan Sands 12 Resume for Jim Hakemoller 13 Position Vacancy Announcement Jim Hakemoller 14 Resume for Zulfiqar Gehlanvi 15 Position Vacancy Announcement Zulfiqar Gehlanvi 16 Resume for Ruoxu Li 17 Position Vacancy Announcement Ruoxu Li 18 Resume for Jessica Hughes 19 Position Vacancy Announcement Jessica Hughes 20 Resume for Carl Threatt 21 Position Vacancy Announcement Carl Threatt 22 Accretive Solutions Quality and Risk Assessment Report 23 BOT Meeting Minutes April BOT Meeting Minutes June BOT Meeting Agenda and Minutes - February Division of Audit and Compliance (DAC) Operational Manual 27 Division of Audit and Compliance Quality Assurance and Improvement Program (QAIP) 28 BOT Audit and Compliance Committee (ACC) Report August Quality Assurance Report (QAR) (Report will be provided to the Special Committee while on the site visit) 30 Training for DAC Staff 26

27 31 BOT Operating Procedures 32 Audit and Compliance Committee (ACC) Charter 33 BOT Meeting Minutes April BOT Meeting Minutes June and August BOT Meeting Minutes June 27, 2012; August 15, BOT Meeting Minutes October 31, 2012; April 11, BOT Meeting Minutes February 6, 2013; June 7, Florida Constitution (Article IX, Section 7) 39 BOG Operating Procedures 40 Corrective Action Plan- BOG March 2013 Meeting 41 Sniffen & Spellman Report Ernst & Young Final Report Internal Audit May - June Audit Work Plan Ernst & Young Risk Assessment and Internal Audit Plan Dormitory Construction Report 46 Audit of Cash Collections Points 47 Audit of the Voyager Card Program 48 Audit of the Life Gets Better Scholarship Program 49 Florida Statute Section Financial Statement FY FAMU FY 2012 Operational Audit 52 FAMU FY 2012 Operational Audit Corrective Actions 27