SCO Audit Tales Chapter II Sonoma State University
Agenda Why?? Timeline Scope Preparation Defining Parameters Audit Team Areas of SCO Interest Areas of Campus Concern Current Status Lessons Learned
Why?? California Code Education Code 89721 Notwithstanding any other provision of law, the CFO of each campus of the CSU shall deposit into and maintain in local trust accounts (l) Moneys collected as higher education fees and income from students of any campus of the CSU The Controller shall have the authority to audit the expenditure of these funds. Legal authority for RMP also authorizes the SCO to audit CSU Fund 485 expenditures
Timeline January 10, 2008 Exit Conference for FISMA Audit January 28, 2008 Campus was advised that SCO was considering Sonoma for a student fee audit March 4, 2008 Conference Call with CO and Sacramento State March 5, 2008 Preparation Begins March 12, 2008 Entrance Conference/Information Request March 20, 2008 Information Submitted to SCO March 24, 2008 Fieldwork Begins June 9, 2008 KPMG Interim Fieldwork begins June 19, 2008 SCO Informal Exit Conference July 10, 2008 - Sonoma closes 07/08 September 8, 2008 - KPMG begins Fieldwork November 19, 2008 - Sonoma advised that FISMA will begin in March 2009 December 4, 2008 SCO Draft Report received for comment December 15, 2008 Sonoma provides responses to SCO
Scope CSU Fund 485 Disbursements The contract between the CSU and the SCO stated that the audit Will include testing to determine whether or not expenditures from the trust accounts are legal and proper May, at SCO discretion, include revenue collection processes of the student fee revenue accounts to ensure that they are expensed in a legal and proper manner
Scope CSU Fund 485 Disbursements The contract between the CSU and the SCO stated that The SCO shall assess the effectiveness of the internal and administrative controls to achieve the CSU s control objectives for the student fee trusts, including but not limited to, compliance with statutes, rules, and regulations governing the use and maintenance of such accounts The SCO shall conduct pilot audits at one or two campuses and, if necessary, adjust the audit program based on findings during the pilot
Scope CSU Fund 485 Disbursements After consultation with the CO and Sacramento State and review of the Ed Code, Sonoma took the position that The audit scope should be limited to operating expenses created thru the Accounts Payable sub system from CSU Fund 485, PO s and associated internal controls The SCO audit should dove tail and build upon, not replicate, our recently completed FISMA audit and our KPMG audit
Preparation Reviewed Sonoma s FIRMS data that was provided to the SCO State GL 9000 Operating Expenditures for CSU Fund 485 by FIRMS Object Code for 06/07 and 07/08 That data contained about one year of RMP Disbursement transactions and PO s February 2007 Wells Fargo Disbursements Go Live thru December 2007
Preparation Tied FIRMS balances to Journal Sources to define and focus the audit scope clearly At Sonoma, APS Journal Source represents disbursements from the AP subsystem Our position: Transactions from all other Journal Sources and CSU Funds are out of scope
Defining Parameters Example - FIRMS Recon by Journal Source 7/07 thru 12/07 SCOPE
Defining Parameters About 84% of CSU Fund 485 expenditure transactions are for compensation Those transactions are processed by the SCO and the State Treasury - therefore, they should not be audited About 8% of CSU Fund 485 expenditure transactions are processed by Sonoma s Accounts Payable department and Wells Fargo Bank - therefore, they are in scope Simply stated, this should be an audit of expense transactions that we formerly would claim in the General Fund
Audit Team Four Auditors were scheduled to perform fieldwork Usually three were on campus at any given time Fieldwork commenced March 24, 2008 and was estimated to end mid May 2008 Fieldwork actually ended June 19, 2008 Some fieldwork would be performed remotely because Audit Team will have PeopleSoft Access Fieldwork actually consisted of 8 weeks on campus and 5 weeks at the SCO Information requests continued while the team worked from the SCO
Areas of SCO Interest Chart of Accounts and All 485 PS Funds Organization Chart and Staff Interviews PeopleSoft Access and Training for Audit Team Observe Processes/Review Business Process Guides, Documentation & Transactions Create Vendor E Reqs, Bidding & PO s Create Voucher Contract Terms & Payments Matching Hospitality Run Pay Cycles Invoice Processing Distribute Checks Signature Authority Reconcile Bank Accounts Creating Trust Funds Mail Distribution Cashiering
Areas of SCO Interest Communications to the Campus about RMP Trust Fund Agreements for 485 Student Health Center Report 9 Requested for SHC Travel Pre Authorization, Audit of Travel Claims, Review of Receipts and supporting documents SUF & Application Fee Reconciliations for every month Duplicate Payments processed by AP Check Register, Voided Checks, review of Check Foils for every payment sample, Check Stock & Log ProCard - Transactions, Training, Signatories, Policies Property Tagging/Fixed Assets
Areas of SCO Interest Info and Sample Requests 485 AP transaction queries that included Invoice Number, Invoice Date, Accounting Date, Vendor Name, Control Group, Voucher ID, PO Number, Check Number, Fund, Account, FIRMS Object Code, Amount 485 PO queries that included PO Number, Vendor, PO Date, PO End Date, PO Amount, Open Enc Amount 485 Sample PO queries tied to AP transaction detail and Enc liquidation A combination of PO info with detailed AP activity against the encumbrances Samples drawn from those queries for review 230 AP Samples (Direct Pay, Invoices, Pro Card) Control Groups, Payment Requests, Invoices, Supporting Docs 50 PO Samples and Related Payments Contract Files, Buyers Notes, E Reqs, Amendments, Supporting Docs
Areas of Campus Concern PeopleSoft Access Requests for Audit Team Vendor, Voucher, PO, Chartfields, Query, Users, Reports, CSU Manage State and Systemwide Requirements PeopleSoft, Chart of Accounts and remedial CSU training requirements for Audit Team - CSU 99 Persistent Requests to Review RA - CSU Fund 499 at Sonoma Ownership of their office area for the duration of the audit Duplication of FISMA and KPMG audits SUF Recons, Bank Recons, Review of Trust Agreements, Review of Signature Authority, Fixed Assets, ProCard, Travel, Hospitality, Detailed Review of Internal Controls
Areas of Campus Concern Differences in SCO and CSU Organizational Cultures Lack of Disclosure as audit proceeded Observations/Findings/Concerns not communicated consistently Concerns could have been addressed as the audit progressed Requests for information without disclosure of the issue or concern they wanted to review - What is the purpose of this exercise?? Unclear Fieldwork Schedule Shifting on/off weeks and end date Unfamiliarity with the CSU and routine expenditures that support our educational mission SCO s conclusion - the CSU is a quasi agency CSU is a very different type of agency for them to audit Unusual expenditures when compared to other State agencies Different Recons, reporting & year end requirements from other agencies
Current Status December 4, 2008 SCO Draft Report received for comment December 15, 2008 Sonoma provides responses to SCO We can not discuss the report until the SCO publishes it
Lessons Learned Common Sense Rules - Be Prepared. Treat CSU Fund 485 like the General Fund Clear findings from any recent audits Document your Business Processes and Internal Controls Test processes and controls regularly to ensure that you re walking the walk Build a set of canned queries to retrieve data in the SCO s preferred format View your world from the SCO s perspective Run the queries now and review questionable transactions Test for duplicate payments
Lessons Learned Common Sense Rules - Be Prepared. Ensure that transactions are well documented and authorized by valid signatories Question the audit team if requests do not make sense They are still learning about the CSU, PeopleSoft and Fund 485 Learn a new mantra - Out of Scope Be able to explain clearly why a request is not appropriate Take a deep breath! Because this too will pass
Questions?? Thanks for your time!