The Audit Connection Collaborating for Enterprise Excellence
Spring 2012, Issue No. 1
Introducing The Audit Connection
Internal Audit Staff Mike Foxman……………………Interim CAO Crystal Corey………………...Audit Manager Neha Bhavsar………….……..Senior Auditor Will Barnes……………………….…...Auditor Sheryl Brown…………Info. Systems Auditor Lisa Kedigh………….Administrative Asst. III
The Office of Internal Audit's purpose is to support the mission and vision of the Georgia Health Sciences Enterprise by: providing independent and objective management evaluations; identifying actual and potential problems; providing corrective guidance; developing management recommendations; and providing consultation services in accordance with professional internal auditing standards and compliance review guidelines.
We are here to help you! 706-721-2661 internal_audit@georgiahealth.edu georgiahealth.edu/audits
Tighten your belt and take control!
As Interim Chief Audit Officer, it is my pleasure to welcome you to the inaugural edition of “The Audit Connection,” a newsletter published by the Georgia Health Sciences (GHS) Office of Internal Audit. The name reflects its purpose – keeping our organization informed and connected to the critical audit issues and risks facing our institution. Our integrated environment is complex and dynamic. The pace at which we operate necessitates rapid decision making, continuous innovation and new opportunities for controllership. We must ensure financial, regulatory and compliance safety during this exciting time of growth for GHS. As the saying goes….”We’re here to help!” Published quarterly, our newsletter will provide content intended to educate and inform. Office of Internal Audit news Our mission and goals The support we provide as auditors and as consultants Sound Business Practices Guidance regarding appropriate internal controls Guidelines for governance and avoiding conflicts of interest Best Practices Responses to frequently asked questions (FAQs) relevant to multiple departments Process changes to enhance efficiency and effectiveness Communication represents one of the fundamental components of Internal Controls. Through The Audit Connection newsletter, we hope to keep you informed of policies, guidelines and procedures that will enable each of you to support the governance of GHS. We encourage your feedback and welcome your contributions or topics of interest. Our intent is to provide a communication vehicle relevant to you and your role in our dynamic organization.
Michael J. Foxman Interim Chief Audit Officer
Ask the Auditor! We invite you to send your questions to internal_audit@georgiahealth.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094
Page 2
The Audit Connection
Our Team Office of Internal Audit Organizational Structure
Dr. Ricardo Azziz President, GHSU & CEO GHS Health System
GHSHS GHSMC GHSMA Audit Committee Chairs
USG/BOR Associate Vice Chancellor for Audit
Michael Foxman Interim Chief Audit Officer
Lisa Kedigh Administrative Assistant III
Crystal Corey Audit Manager
Neha Bhavsar Senior Auditor
Sheryl Brown IT Auditor
Will Barnes Auditor
Senior Auditor Vacant Senior IT Auditor Vacant
Ask the Auditor! We invite you to send your questions to internal_audit@georgiahealth.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094
Page 3
The Audit Connection
Audit Services The Office of Internal Audit schedules audits, advisory services, and departmental reviews in several ways. Most audits and departmental reviews are chosen based on an annual risk assessment which uses such factors as audit sensitivity, internal control structure, last audit performed, public disclosure implications, etc. The Board of Regents or institution management may also request specific audits and reviews. Because the institution is subject to more and more regulation in every facet of our work, the scope of the audit function has expanded beyond financial aspects to cover all areas of Enterprise operations. Accordingly, the scopes of our audits may include one or more of the following: Examination of financial transactions for accuracy and compliance with institutional policies; Evaluation of institutional policies and procedures for adequate internal controls; Determination of the level of compliance with required institutional policies and procedures, state and federal laws, and government regulations; Verification of assets and the controls that protect them; and Operational and cost-efficiency evaluations.
“The Office of Internal Audit schedules audits, advisory services, and departmental reviews.�
Regarding departmental reviews, the Office of Internal Audit has developed a review template that encompasses eight major components consisting of: fiscal, human resources, legal and regulatory, health and safety, information systems, public relations, students, and general risks. These eight major components are subdivided into approximately 40 categories depending on the area being reviewed. The objectives of the departmental reviews are as follows: To meet with the management and staff of the area being reviewed to determine the level of controls; To determine the level of communication provided by divisional management to employees regarding policies, procedures, and business practices; To determine the accuracy of financial records, the effectiveness of divisional processes and compliance with policies and procedures; and To make recommendations in areas that may need minor or significant improvement. The Office also performs advisory services to institution management. These services are usually requested by a department and are intended to assist management in solving specific problems, designing control systems, or in implementing prior audit recommendations.
Ask the Auditor! We invite you to send your questions to internal_audit@georgiahealth.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094
Page 4
The Audit Connection
What are Internal Controls? Definition of Internal Control Internal control is defined as a process, carried out by our administration, faculty, and staff designed to provide reasonable assurance regarding the achievement of objectives in the following areas: Effectiveness and efficiency of operations Reliability of financial and administrative operations Compliance with applicable laws and regulations, and Safeguarding of institutional resources. Think of internal control as a map that helps us get to our destination. Obviously, just because we have a map, there is no guarantee that we will get there, but it does provide “reasonable assurance.”
“Think of Internal Control as a map that helps us get to our destination.”
Definition of Compensating Control A compensating control is an internal control that may be considered outside the normal business process which reduces the risk of an existing or potential weakness.
Who is Responsible for Internal Controls? Department chairs and directors are primarily responsible for identifying risks and assessing internal controls for their operations. In addition, individual employees have responsibility for evaluating, establishing, and/or improving, and monitoring internal controls for their areas of responsibility and accountability.
What Can Your Department/Unit Do? Several major internal control items are listed below which can assist your department/ unit with achieving reasonable controls. Identify all significant activities or processes for which your department/unit is responsible. Having such processes documented is an excellent starting point for determining and evaluating where risk and/or internal control weaknesses may exist for your department/unit. Implement an adequate segregation of duties. No single person should have control over all aspects of any financial transaction, and/or process. Divide duties among staff members to reduce risk of error and/or inappropriate actions. Separation of duties also acts as a deterrent to fraud or concealment because collusion with another individual is required to complete the fraudulent act. Ensure transactions are authorized and appropriately approved. Review records reconcile by someone other than the preparer. Provide employees with appropriate training to carry out their job duties and ensure appropriate level of supervision. Document formal policies and procedures and communicate to employees. Revisit policies and procedures periodically to ensure they remain current.
Ask the Auditor! We invite you to send your questions to internal_audit@georgiahealth.edu, and we may feature it in future issues. 1120 15th Street, Augusta, GA 30912 | Phone: 706-721-2661 | Fax: 706-721-9094