This document provides an overview of an internal audit presentation. It introduces the internal audit team members and discusses who internal audit is and what they do. It explains the five components of internal control - control environment, risk assessment, control activities, information and communication, and monitoring activities. It also addresses common questions about internal controls and what departments can do to prepare for an internal audit, such as reviewing operations and control self-assessments. The presentation aims to help attendees understand internal auditing and controls.

1. Raheel Qureshi, CPA
Tara Pritchett, CCSA
March 3, 2016
1

2. Please silence your cell phones
Take notes – share ideas!
Feel free to ask questions throughout
the presentation.
“The only stupid question is the one
that’s never asked.”
-Ramon Bautista
2

3. Name
Department
Position
What brought you to this class?
Your last audit experience
3

4. 4
 Who is Internal Audit?
 What are internal controls?
 What can I do to reduce anxiety when I get a
visit from an Internal Auditor?

5. 5
Cato Hall
3rd Floor
Your Internal Audit Team
Raheel Qureshi
7-5698 Diana Hill
7-5695
Tara Pritchett
7-5694
Tom York
7-5693
Julie Earls
7-0049

6. The Internal Audit Department is an
independent and objective assurance and
consulting activity guided by a philosophy of
adding value to improve the operations of the
University. It assists the University in
accomplishing its objectives by bringing a
systematic and disciplined approach to
evaluate and improve the effectiveness of the
University’s governance, risk management,
and internal controls.
6

7. To enhance and protect organizational
value by providing risk-based and
objective assurance, advice, and
insight.

8. Demonstrates integrity.
Demonstrates competence and due professional care.
Is objective and free from undue influence
(independent).
Aligns with the strategies, objectives, and risks of the
organization.
Is appropriately positioned and adequately resourced.
Demonstrates quality and continuous improvement.
Communicates effectively.
Provides risk-based assurance.
Is insightful, proactive, and future-focused.
Promotes organizational improvement.

9. 1. NCAA Compliance -
Transition to FBS Football
2. Capital Campaign Gift
Accounting Practices
3. Facilities Management -
Design Services
4. Technology Transfer Office
5. Office of Study Abroad
6. Human Resources
Department
7. NCAA Compliance - Football
Attendance Verification
8. Student Union, Activities and
Recreation
9. Belk College of Business
Operations Administrative
Review
10. Student Accounts Operations
11. Undergraduate Admissions
12. Financial Aid Operations
13. Internal Controls Self
Assessment
14. IT Security - Change
Management
9
Complete In Progress Not Started

10. 10
Staff Auditor
Diana Hill
Staff Auditor
Julie Earls
Staff Auditor
Tara Pritchett
Staff Auditor
Raheel Qureshi
Director
Tom York
Chancellor
Vice Chancellor for
Business Affairs
Chair, Audit,
Compliance and ERM
Committee

11. 11
Board/Audit Committee
Senior Management
1st Line of
Defense
Department Admins
Business Managers
3rd Line of
Defense
Internal Audit
2nd Line of
Defense
Risk Management
& Compliance
State
Auditors

12. That’s you!
College business offices
Business support
specialists
Department officers and
administrative assistants
Supervisors, managers,
directors
12

13. Risk Management
Compliance Functions (Research, Athletics, etc.)
RMSS – Police and Public Safety, Environmental
Health and Safety
IT Security
Controller’s Office
Director of Compliance – Sue Burgess
13

14. Internal Audit – That’s us!
14

15. 15
 Who is Internal Audit?
 What are internal controls?
 What can I do to reduce anxiety when I get a
visit from an Internal Auditor?

16. 16

17. Internal Controls are steps within a process designed
to provide reasonable assurance regarding the
achievement of objectives:
Effectiveness and Efficiency of Operations
Reliability of Financial Reporting
Compliance with applicable Laws, Regulations,
Policies & Procedures
17

18. How can the job be completed to the intended
result in an easier, faster way?
How can the job be done with accurate results?
How can the unit reach maximum productivity
using minimal resources?
18

19. University Policy 601.8 – Appropriate Use of
University Funds:
Appropriated funds
Foundation Funds
Discretionary Funds
Grant funds – University Policy 601.12
19

20. Federal laws – FERPA, Title IX
State laws – Department of Labor, Department of
Licensing
County/City laws – Waste disposal, code
enforcement
UNC System policies – Personnel, tuition
UNC Charlotte policies – legal.uncc.edu
Compliance calendar
IT Standards and guidelines – itservices.uncc.edu
20

21. 21

22. Preventive:
Training on policies
Supervisor review prior to submitting
travel reimbursement
What are some other preventive
internal controls?
22

23. Detective:
Reconciling invoices to ledger
(payments)
Comparing packing list/order contents
with purchase order
What other detective internal controls
can you think of?
23

24. • Computer username/password
• Preset time out on screen saver
• 49er Mart approval path
• Card swipe door locks
• 2 signatures on DPRs
• Gate arms in controlled parking lots
• Tickets to basketball games
24

25. What types of controls are:
University Policies?
IT configuration standards?
Error messages or reports?
Prepare data backups from current
systems?
Reconciliation of petty cash?
25

26. Internal controls are the tasks that are in place to
help address risks.
26

27. A situation involving exposure to danger.
(Merriam-Webster)
The hazard or chance of loss. (dictionary.com)
A probability or threat of damage, injury,
liability, loss, or any other negative occurrence
that is caused by external or internal
vulnerabilities, and that may be avoided
through preemptive action.
(businessdictionary.com)
27

28. What “bad thing” could happen in your department?
What is the consequence if it happens?
What is the chance of it happening? (Likelihood)
How big of a deal is it? (Severity)
28

29. “A process step is a task, activity… that
moves an input closer to the final
objective.”
The department admin collects timesheets and
files them
The office submits the reimbursements to the
Travel Office within 30 days
Faculty members send an email requesting supplies
and they are stored in a locked cabinet
29

30. “An internal control… is a critical step
within the process that leads to the
success of the entire process.”
Supervisors review timesheet submissions monthly
to ensure they were completed on time
Supervisors review and approve all travel
reimbursements for accuracy before submission to
the Travel Office
Department admin staff matches the purchase
order, invoice and receiving slip before marking the
supply as received in 49er Mart
30

31. The department admin
collects timesheets and
files them
The office submits the
reimbursements to the
Travel Office within 30
days
Faculty members send an
email requesting supplies
and they are stored in a
locked cabinet
Supervisors review
timesheet submissions
monthly to ensure they
were completed on time
Supervisors review and
approve all travel
reimbursements for
accuracy before submission
to the Travel Office
Department admin staff
matches the purchase
order, invoice and receiving
slip before marking the
supply as received in 49er
Mart
31

32. Test your knowledge!
32
? Takes inventory of office supplies
before submitting an order.
? Create a spreadsheet of all
laptops, desktop computers and
printers in the department.
? Verify the serial numbers on all
laptops, desktops and printers
in the department every 6
months. A director signs off on
the spreadsheet.

33. Check out the Internal Audit website at
internalaudit.uncc.edu to read more about
Internal Controls vs. Process Steps!
33

34. 34

35. 35
Situation:
All supply requisitions come through Lisa (the admin assistant) and are
approved by the center director, Dr. Smith. College faculty working with the
center have had no complaints about Lisa and Dr. Smith thinks things are going
well, so he is surprised when the dean asks him why he has spent so much of
his annual budget so early in the year? He is not sure how to answer the dean
but does manage to say he will look into it. Dr. Smith calls Lisa and asks her
about the center’s spending and she tells him she doesn’t know what the dean
is talking about. She has been ordering what the faculty have asked for and it
has been approved by the college, so she believed everything was fine. He asks
for a spending report and it does show 75% spent and it is only November. He
wants to know more about what is being purchased but does not know what
to ask for or how to get it.

36. Cast:
Kelly: Lab manager and responsible for fixed assets inventory
Mary: The new office manager
Situation
When Kelly first started, keeping track of all the computers was difficult, especially the laptops.
Now that laptops are not part of the inventory, she has a much easier job. Over the years, she
has kept two laptops in the bottom drawer of a file cabinet in the department office. If a faculty
member needs one for a trip or a conference, he or she takes it out and brings it back when the
event is over. Kelly has recently been told that she would be able to attend the association of
lab mangers annual conference. She wanted to take a laptop to check her email and keep up
with 49er Mart, so she went to the file cabinet to get one. When she opened the drawer, it was
empty. She asked Mary where the laptops were. She said, “What laptops? I didn’t know we
had any.” Kelly and Mary went to see the department chair to ask what to do.
36

37. 37

38. Control Environment – policies &
procedures, overall tone from management.
Risk Assessment – identify the things that
keep you from accomplishing your
objective.
Control Activities – approvals,
reconciliations, segregation of duties, etc.
Information & Communication – use
relevant information and communicate
appropriately.
Monitoring – How are you doing? Is the
process working?
38

39. How they apply to you
39
Control Environment –
department head
announcing policy changes,
how financial reporting is
handled and
communicated, and how
university standards are
discussed and enforced

40. How they apply to you
40
Risk Assessment -
considerations for security of
cash collected, evaluation of
student worker access to
department files, and the
information security
vulnerabilities posed by
maintaining a set of laptop
computers for check-out by
traveling faculty

41. How they apply to you
41
Control Activities –
authorizations, approvals,
verifications, reconciliations,
business performance
reviews, and segregation of
duties

42. How they apply to you
42
Information and
Communication - sharing
and validating requests for
information when received,
then sharing and validating
responses before their
release

43. How they apply to you
43
Monitoring Activities -
regular financial status
reports as well as progress
reports for major
department initiatives

44. A short video on internal controls

45. 45
 Who is Internal Audit?
 What are internal controls?
 What can I do to reduce anxiety when I get a
visit from an Internal Auditor?

46. What you can do to be proactive before a
visit from Internal Audit
How you can improve controls in your unit
46

47. Learn University standards
Review admin operations
Determine areas to be addressed in
more detail
Take the Control Self – Assessment
workshop (tomorrow or October 25)
Check out internalaudit.uncc.edu
for more information!
47

48. We schedule an entrance meeting with the
Director of the department being audited
We provide a list of items that we need for
review, based on the nature of the audit
A timeline is established – typically 6 – 10 weeks
During the course of the audit, we will contact
you regularly with questions and updates – we
encourage you to ask questions, too!
48

49. Used by Internal Audit to prepare the
work program
“Brain storming” of potential risks

50. 50

52. 52

54. 5 Myths About Internal
Auditing…

55. 55

56. A. Compliance with applicable
laws, regulations, policies &
procedures
B. Prevention of fraud
C. Incorporating ethical
business practice standards
D. Periodic reviews by Internal
Audit
56

57. A. The one you used last.
B. All assigned funds.
C. Only the petty cash fund.
D. The monthly phone bill.
57

58. A. Control Environment
B. Monitoring
C. Organizational Structure
D. Risk Assessment
58

59. A. A means to an end.
B. Authorized procedures.
C. The particular category in which a control
is placed.
D. Steps within a process designed to
provide reasonable assurance regarding
the achievement of your objectives.
59

60. A. Segregation of Duties
B. Reconciliations
C. Security of Assets
D. All of the Above
60

61. A. The Chancellor
B. Business Units
C. The Safety Office
D. Internal Audit
61

62. A. Review Internal Audit’s website for
articles and presentations
B. Attend a Controls Self Assessment
workshop
C. Ask lots of questions
D. All of the above!
62

63. 63
Cast:
Brittany: Primary admin assistant in the department
for over 10 years. “Go to” person for the faculty
members with reputation as someone who gets the job
done.
Christina: The new staff member

64. 64
Situation:
Due to an unexpected illness of her mother, Brittany was out on sick
leave for two weeks during the time fee payments for lab supplies were
being collected. The chair asked Christina to follow up with those
students who still owed the fee and to give him a status report. As
Christina reviewed the spreadsheet that she found on the shared drive,
some things did not add up. The amount of money on the spreadsheet
did not match what was showing in Banner as deposited. When she
contacted several students listed as still owing the fee, each one said
they had already paid and had a receipt from Brittany. After hearing
and seeing all of this, Christina took her concerns to the chair, who
called Internal Audit.

65. What’s happened here?
What are the first steps to take? How bad is this
situation?
What could the department have done to
prevent or detect this?
What do you do now?

66. 66

67. Segregation of Duties - Does any one person have too
much control?
Goals and Objectives – Every unit has them. Do you
know yours?
New Employee Onboarding - How do you welcome
someone new?
Policies and procedures – Do you know which ones
apply to you and your department?
Faith, hope and trust are not internal controls - What
are the words most often said after a fraud is
uncovered?
67

68. Find us on the web at: http://internalaudit.uncc.edu/
University homepage Faculty & Staff Tools & Resources
68