University of California
First Annual
Compliance and Audit Symposium 2009
Tools and Techniques Part II
For the Beginning Auditor
Ravi Ravindran, UCSF
Susana Atwood, UCOP
Payroll and Personnel System
• Full inquiry access to the Payroll and
Personnel System may be useful in
investigations and audits.
• The system can be used to ascertain an
employee’s hire date, separation date, salary
distribution and leave balances as well as any
leave or salary adjustments made.
• There are differences between the different
campuses in how they have customized PPS.
PPS main
PPS Main Menu
PPS Central Menu
IGEN
IAPT
PPS PAR Menu
PAR Reg
PAR Skl
PPS Leave balances
Risk Assessment
• As part of the preliminary review, risk is
assessed. The audit program is written based
on the results of the risk assessment.
Risk Matrix - Example 1
RISK MATRIX
Deficit in Fund Control Procedure Likelihood of deficit and no Potential Risk
Type approved corrective action Impact Level
plan
General funds Reports are run at year-end by Budget and balances Unlikely at control point level, Harmful Moderate
at the control point level are monitored to ensure no likely at lower levels for some
deficits occur funds.
Discretionary Reports are run monthly by Budget and balances Unlikely at control point level, Somewhat Moderate
funds reviewed. Prime responsibility lies with control likely at lower levels for some harmful
points. funds.
Recharge A deficit is required to be included as an addition to Likely for some activities Somewhat Moderate
activities expenses in the rate computation for the next year. harmful
Opportunity Reports are run at year-end by Budget and reviewed Unlikely Harmful Moderate
funds to ensure deficits are eliminated.
Academic Senate At year-end control points have to send verification Unlikely Harmful Moderate
Awards to the Academic Senate Office acknowledging
overdrafts have been cleared.
Risk Matrix – Example 2
Risk & Control Matrix
Audit Audit Risk Control Activity Chance Potential Impact Risk Level
Prog Ref Objective of Risk
Not part To ensure 1) All costs of research study PI prepares the budget Unlikely High (costs omitted from the Moderate
of the that all clinical are not included in the and it is reviewed by the budget can’t be recovered)
scope of trial costs are budget. department.
the recovered. Moderate (two year old
costs may be lower than
project
current costs) Moderate
2) Budgeted costs are Two year old costs are
underestimated obtained from Feero. Likely
C.1 – C.3 To ensure that 1) Standard care costs are PI initially identifies Unlikely High (some research costs Moderate
Billing is not accurately identified. standard care costs, then may be billed to insurers as
accurate. reviewed by department. SOC)
2) Reconciliations are not Study coordinator Likely Moderate (errors may not Moderate
performed, or not reconciles the clinical trial be identified)
performed properly. accounts monthly.
3) ZZ number is not on the For patient encounter Unlikely High (research costs may be Moderate
label for research forms and ancillary billed to insurers)
procedures. service requisitions
chargeable to the study,
the ZZ number is entered
on the labels.
Accounting Manual
• The purpose of the Accounting Manual is to
provide campuses direction with accounting
transactions, procedures and reports that
shall be uniform throughout the University.
• There is a search engine for the manual.
• http://www.ucop.edu/ucophome/policies/acc
tman/ This index provides both the Manual
and the Business and Finance Bulletins
Accounting Manual: Section II.B,
A-000-7
• This section describes documentation
required to support financial transactions:
– Salary and wages including benefits. Also see BUS
IA-101 (Internal Control Standards Departmental
Payrolls)
– Non-payroll disbursements
– Recharges (interdepartmental transfers which
credit the service unit and charge the customer
unit)
Documentation required to support
financial transactions (continued)
– Transfers of expense
– Cash receipts. See Business and Finance Bulletin
BUS-49 (Policy for Cash and Cash Equivalents
Received)
Accounting Manual
• Other sections that may be useful for auditors
are:
– Section II.C, D-224-17: Delegation of authority –
signature authorization.
– Section IV: Cash and banking operations.
– Section V: Accounts Receivable operations.
– Section VI: Accounts Payable operations.
– Section VII: Payroll operations.
– Section XII: Plant Funds accounting.
Contracts and Grants Manual
• This manual sets forth UC system-wide
policies for the solicitation, acceptance and
administration of awards from extramural
sponsors.
http://www.ucop.edu/raohome/cgmanual/
• There is a search engine for the manual.
• Chapter 4 is on Audit and provides useful
background.
Academic Personnel Manual (APM)
• The APM contains policies and procedures
applicable to academic appointees.
• http://www.ucop.edu/acadadv/acadpers/apm
/
• Some important sections are:
– APM 015 (Faculty Code of Conduct)
– APM 016 (University Policy on Faculty Conduct and
the Administration of Discipline)
– APM 025 (Conflict of Commitment and Outside
Activities of Faculty Members)
– APM 245 (Department Chairs)
– APM 390 (Postdoctoral Scholars)
Academic Personnel Manual
(Continued)
• APM 670 (Health Sciences Compensation Plan
and Guidelines on Occasional Outside
Activities by Health Sciences Compensation
Plan Participants)
• APM 700 (Leaves of Absence – General)
Internal Audit Manual
• The Internal Audit Manual lays out the rights and
responsibilities of the internal audit program at UC.
• It is useful when there is a difficultly in acquiring
information from a department employee.
• Although we would rather receive information from
our clients voluntarily, the Internal Audit Manual
actually gives us the right to the information. See
Charter section 1100, Scope.
Internal Audit Manual
• Section 6000 Planning, Conducting and
Reporting for Audits.
• Section 7000 Investigations
• Section 8000 Advisory Services
Internal Audit Manual
• A link to the Manual can be found at
http://www.ucop.edu/audit/manuals/auditma
nual.pdf
CAATS
ACL and Excel
• Computer Assisted Audit Techniques are
frequently used for Data Mining.
• Attached is a page of sample criteria that
might be used for Data Mining. This entire
list can be found at
http://www.ucop.edu/audit/internal/visit/dm
oue.xls
• This website is part of the Internal Auditors
Only section and requires a password.
University of California
Data Mining Opportunities
Area Description Purpose
Employees with past due cash Identify cash advances to be treated as income to employees.
Accounts Receivable advances Identify employee ineligibility for future advances.
Cash advances for separated Identify high risk receivables to potentially be treated as
Accounts Receivable employees income to the employee.
Identify phantom third parties particularly related to
Non-student third party receivables scholarships, ineffective or nonexistent billing/collection
Accounts Receivable in excess of 180 days activities.
Receivables for employees in excess Identify potential abuse of university relationship for personal
Accounts Receivable 180 days gain.
Outstanding NSF checks older than Identify potential bad debt risk to mitigate the acceptance of
Accounts Receivable 180 days subsequent bad check payments.
Outstanding NSF checks for Identify potential abuse of university relationship for personal
Accounts Receivable employees gain.
Faculty emergency loans against Identify high risk receivables to potentially be treated as
Accounts Receivable separated employees income to the employee.
Staff emergency loans against Identify high risk receivables to potentially be treated as
Accounts Receivable separated employees income to the employee.
Identify inappropriate purchasing practices e.g. kickbacks,
Capital project expense in excess of underbidding, bid requirement avoidance, etc. and
Capital Projects budget 10% over budget noncompliance with UC policies
Capital projects budgeted for
Capital Projects $249,000 and $249,999 Identify circumvention of capital projects requirements.
Multiple small projects in the same
department totaling more than Identify splitting of major project to avoid controls over large
Capital Projects $250,000 projects.
ACL
• The advantages of ACL:
– Sorting large numbers of transactions by criteria
you establish
– Selecting random samples/determining sample
size, from large numbers of transactions
– Protecting the integrity of the population loaded
and files created
• We will demonstrate the sorting function of
ACL.
ACL Table
ACL Online Learning
Excel
• Advantages of Excel
– Can be used for Data Mining for transactions up to
65,000 lines
– Can be used for selecting random samples
• We will demonstrate a sorting function of
Excel.
Planning Documents
• A sample of documents/sources/techniques
that can assist in audit planning:
– prior audits on same topic
– clients website
– Organization chart
– Laws/regulations (Both Federal and State)
– University Policy, Regents, President, Bulletins,
Manuals
– Authorization authority
Planning Documents
– Information Systems
– Client information request for:
• Financial statement
• Budget to actual reports
• Annual report
• Business Continuity Plan
• Sample reports from computer applications
– Risk Assessment
Unofficial Auditing Techniques
• During all stages of the audit keep the audit
report in mind.
• The risk assessment you have developed in
the planning stage will determine your tests.
• The tests can determine your findings.
• Your audit report is a list of your findings and
the client’s plan to address those findings
Unofficial Auditing Techniques
• Keep a draft list of items you want to cover in the
audit report as you are doing each stage of the audit.
• Although TeamMate can give you a list of all findings,
this list can help you make sure you have entered all
important issues in TeamMate.
• At the end of the audit make sure that your risk
assessment, findings and audit report flow from each
other.
Other resources and Links
• Regental Policy
http://www.universityofcalifornia.edu/regents/
policies/
• Presidential Policy
• http://www.ucop.edu/ucophome/coordrev/pol
icy/
• Business and Finance Bulletins
• http://www.ucop.edu/ucophome/policies/bfb/
Other resources and links
• Research Policy
• http://www.ucop.edu/research/policies/ucpol
s.html
• Office of General Counsel’s Comprehensive list
of all policy
• http://www.ucop.edu/ogc/policies.html
• List of all policies at UCOP home
• http://www.ucop.edu/ucophome/coordrev/uc
policies/