Continuous Auditing Course Fee Management Project Report# 15-09 August 28, 2015 Office of Auditing and Consulting Services "Committed to Service, Independence and Quality" THE UNIVERSITY OF TEXAS AT EL PASO Office of Auditing and Consulting Services August 28, 2015 Dr. Diana Natalicio President, The University of Texas at El Paso Administration Building, Suite 500 EIPaso,Texas79968 Dear Dr. Natalicio: The Office of Auditing and Consulting Services has completed a continuous auditing project for course fees management. The objective of this audit was to identify high risk areas that require frequent review and to create a set of continuous auditing reports that provide timely alerts for transactions that may not be compliant with federal,state, and institutional laws and regulations. We appreciate the cooperation and assistance provided by the Office of the Provost, the Director of Student Business Services and the Vice President for Student Affairs management team during our project. Sincerely, �� }J;J>._-fj, Lori Wertz, CPA Interim Director Administration Bldg. Fourth Floor El Paso, Texas 79968-0586 (915) 747-5191 Fax (915) 747-8913 The University of Texas at El Paso Office of Auditing and Consulting Services Continuous Auditing Project # 15-09 Report Distribution: University of Texas at El Paso Dr. Gary Edens, Vice President forStudent Affairs Dr. Howard Daudistel, Interim Provost Mr. Richard Adauto, Executive Vice-President Ms. Elizabeth Flores, Associate Provost Ms. Sandra Vasquez, Assistant Vice-President for Institutional Compliance and EEO University of Texas System Dr. Stephen Leslie, Executive Vice Chancellor for Academic Affairs Mr. Alan Marks, Attorney, Office of Academic Affairs Mr. Mark Salamasick, Executive Director, Audit Academic Mr. J. Michael Peppers, Chief Audit Executive External Governor's Office of Budget Mr. Ed Osner, Legislative Budget Board Internal Audit Coordinator, State Auditor's Office Sunset Advisory Commission External Audit Committee Members Mr. David Lindau Mr. Steele Jones Auditors Assigned to the Audit: Ms. Courtney Rios, Engagement Manager Ms. Victoria Morrison, IT Auditor Ms. Narahay Buendia, Lead Auditor The University of Texas at El Paso Office of Auditing and Consulting Services Continuous Auditing Project # 15-09 TABLE OF CONTENTS EXECUTIVE SUMMARY ...................................................................................... 2 BACKGROUND ...................................................................................................... 3 PROJECT OBJECTIVES ......................................................................................... 4 SCOPE AND METHODOLOGY ............................................................................ 4 AUDIT RESULTS .................................................................................................... 5 SUMMARY .............................................................................................................. 8 APPENDIX A: Unexpended Balance Report ........................................................... 9 APPENDIX B: Questionable Expenses Report ...................................................... 10 APPENDIX C: Revenue Reasonableness Report* ................................................. 11 APPENDIX D: New and increased fees... .............................................................. 12 APPENDIX E: Three Lines Of Defense........................... ...................................... 13 The University of Texas at El Paso Office of Auditing and Consulting Services Continuous Auditing Project # 15-09 EXECUTIVE SUMMARY The Office of Auditing and Consulting Services has completed a continuous auditing project. During the project we noted the following: • Course fees management is a high risk area that benefits from continuous auditing because fee approvals, assessments, and expenditures are separate functions handled by three differentdepartments and the informationis not available in a single report. • The Provost, the Vice-President forStudent Affairs,the Director of Student Business Services, and other stakeholders lack the ability to monitor fees effectively due to the absence of reports that include information from other departments that is necessary for informed decision making. Four continuous auditing reports were created by the Office of Auditing and Consulting Services and may be used by management to monitor course fees more effectively. The reports allow staffto monitor the following areas: Unexpended balances Report Objective: Monitor unexpended fee balances at the end of every fiscal year to determine if fee balances reflect the cost recovery nature of the course fee Questionable expenditures Report Objective: Confirm that fee expenditures are spent in accordance with Texas Education Code 54 and Board of Regents' Rule 40401 Revenue Reasonableness Report Report Objective: Identify potential errors with feeassessment New and Increased Fees Report Objective: Verify that new and approved fees have been appropriately approved and assessed in a timely manner 2 The University of Texas at El Paso Office of Auditing and Consulting Services Continuous Auditing Project # 15-09 BACKGROUND The Institute oflnternal Auditors' Global Technology Audit Guide 3 (IIA GTAG 3) Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment, provides the following guidance for the development of a continuous auditing program: "Continuous auditing comprises ongoing risk and control assessments, enabled by technology and facilitated by a new audit paradigm that is shifting from periodic evaluations of risks and controls based on a sample of transactions, to ongoing evaluations based on a larger proportion of transactions. Coordinating continuous auditing, continuous monitoring, and audit testing of continuous monitoring helps internal audit and management maximize their respective returns on investment and achieve compliance objectives, and it provides the opportunity to enhance the organization's overall health and competitiveness. " GTAG 3 defines continuous assurance roles in the context of the IIA's "Three Lines of Defense" risk management and control framework: • First Line of Defense: Operating management functions that own and manage risks • Second Line of Defense: Functions that oversee risks, such as compliance • Third Line of Defense: An internal audit function that provides independent assurance For additional detail regarding the Three Lines of Defense, see Appendix E. Based on previous audit reports and feedback from stakeholders, auditors selected course fees management as the first high risk area to address with continuous auditing reports. The decision to select course fees forthe pilot project was based on the following considerations: • Course fee approval, assessment, and expenditures are handled by three separate departments. • Many departmental documents are not available online, making it difficult for stakeholders to capture the information necessary for timely decision making. • Previous audit reports from the Texas State Auditor's Office and the University of Texas at El Paso (UTEP) include findings involving course fee management. The first UTEP continuous auditing reports were created in 2014 using data from DEFINE Business Information System and Banner Student Information System (Banner). 3 The University of Texas at El Paso Office of Auditing and Consulting Services Continuous Auditing Project # 15-09 PROJECT OBJECTIVES The objectives of this project were to: A. develop PeopleSoft queries and Banner reports that continuously identify course fee transactions and data entries that may require further review, and B. ensure continuous auditing reports can be used by management as tools to increase awareness and compliance throughout the institution. SCOPE AND METHODOLOGY Auditors reviewed the methodology outlined in IIA GTAG 3 Continuous Auditing and IIA literature to identify high risk audit areas that would benefit from reports created automatically on a more frequentbasis. The key procedural steps to implement continuous auditing include: 1. Establish a continuous auditing strategy 2. Identify continuous auditing and roles 3. Determine the frequency and distribution of the reports 4. Configure continuous audit parameters 5. Prepare and validate the data 6. Report and manage results The scope includes University course fee transactions from September 1, 201 3 through February 28, 201 5. The project was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors. 4 The University of Texas at El Paso Office of Auditing and Consulting Services Continuous Auditing Project # 15-09 AUDIT RESULTS 1. Establish a continuous auditing strategy Auditors met with management in the following departments to discuss the content and format of the firstcontinuous auditing reports: • Office of the Provost • Office of Compliance • Vice-President for Student Affairs • Vice-President forBusiness Affairs • Director of Student Business Services Based on previous audit reports and the feedback fromstakeholders, auditors selected course fees management as the first high risk area to address with continuous auditing reports. 2. Identify monitoring and continuous audit roles Auditors developed the reports for continuous auditing in partnership with the Information Resources and Planning (IRP) Enterprise Computing Department. The reports can provide auditors and management with the ability