Audit and Consulting Services: 2012 Report

2012 REPORT OF ACCOMPLISHMENTS

OFFICE OF AUDIT AND CONSULTING SERVICES

12 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012

2 UNIVERSITY OF TENNESSEE

All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity, age, physical or mental disability, or covered veteran status. Eligibility and other terms and conditions of employment benefits at the University of Tennessee are governed by laws and regulations of the State of Tennessee, and this non-discrimination statement is intended to be consistent with those laws and regulations. In accordance with the requirements of Title VI of the Civil Rights Act of 1964, Title IX of the Education Amendments of 1972, Section 504 of the Rehabilitation Act of 1973, and the Americans with Disabilities Act of 1990, The University of Tennessee affirmatively states that it does not discriminate on the basis of race, sex, or disability in its education programs and activities, and this policy extends to employment by the university. Inquiries and charges of violation of Title VI (race, color, national origin), Title IX (sex), Section 504 (disability), ADA (disability), Age Discrimination in Employment Act (age), sexual orientation, or veteran status should be directed to the Office of Equity and Diversity (OED), 1840 Melrose Avenue, Knoxville, TN 37996-3560, telephone 865-974-2498 (V/TTY available) or 865-974-2440. Requests for accommodation of a disability should be directed to the ADA Coordinator at the Office of Equity and Diversity. • A project of the Office of Audit and Consulting Services of the University of Tennessee.

OFFICE OF AUDIT AND CONSULTING SERVICES REPORT 2012 3

CONTENTS

Mission 4

Message froM the executive Director 5

overview of auDit anD consulting services 6Audits 6Investigations 7Management Support 7Staffing 7

institutional coMpliance 8Mission 8Responsibilities 8Institutional Compliance Office 82012 Accomplishments and Plans for 2013 8

2013 auDit plan 9 2012 accoMplishMents 9

2012 projects coMpleteD 11

internal auDits 12UT System Administration 12Knoxville 12Health Science Center 14Chattanooga 15 Martin 16 Institute of Agriculture 16

investigations 17UT System Administration 17Knoxville 17Health Science Center 18Chattanooga 18Institute of Agriculture 18

procureMent carD auDits 19

equipMent auDits 19

follow-up auDits 19

suppleMentary projects 20

appenDix a: organization of the university of tennessee 2013 22 anD auDit anD consulting services 23

appenDix B: internal auDit charter 24

appenDix c: personnel qualifications 25

appenDix D: procureMent carD auDits 28

appenDix e: equipMent auDits 28

appenDix f: follow-up auDits 29


The mission of Audit and Consulting Services is to help management and the Board of Trustees ensure that the university’s assets and information are adequately protected, university operations are efficient and effective, and the university is complying with applicable policies, laws, and regulations

To accomplish this mission, Audit and Consulting Services strives to:• Maintain a staff of qualified professional employees who

are knowledgeable of the university’s policies, procedures, and operations

• Identify significant internal control weaknesses and policy violations in departmental and functional financial operations and provide practical and effective recommendations for improvement

• Identify significant weaknesses in the confidentiality, integrity, and availability of information systems and provide practical and effective recommendations for improvement

• Identify inefficient or ineffective operations and provide practical and effective recommendations for improvement, as requested by management

• Conduct cost analyses of services or processes with reasonable accuracy using cost accounting principles, as requested by management

• Investigate substantive allegations of fraud, waste, and abuse of university assets in a legal and objective manner to identify losses to the university and parties responsible

• Identify, using risk assessment tools, the significant risks to the university’s financial operations and information at the department and functional levels

• Safeguard, through the office’s compliance function, the university community from the regulatory risks it faces by identifying compliance risks, promoting awareness of those risks and our compliance efforts through communication and education, and developing innovative and effective ways to mitigate compliance risks through collaboration with the university community

• Ensure objectivity in evaluations performed and recommendations made by maintaining an appropriate degree of independence from university operations

• Maintain operating standards consistent with those established by The Institute of Internal Auditors

• Communicate recommendations to university management and other interested parties by producing clear, effective, and timely reports

• Maintain a working relationship with the state comptroller’s office

• Educate the university community on sound business practices and internal controls

audit and consulting services Knoxville staff ut conference center Bldg suite 149 Knoxville, tn 37996-4114Kasandra g atwoodSenior [email protected]

Brittany M BarnettAuditor/Investigations [email protected]

judith a BurnsAssociate [email protected]

leigh cheek Institutional Compliance [email protected]

sherry s DavisAssociate [email protected]

john M foxAssociate [email protected]

shelly j gettyAdministrative [email protected]

elizabeth h hallAssociate [email protected]

Douglas hawksSenior Performance [email protected] 865-974-4460

james h hodge Senior [email protected] 865-974-3865

sandy s jansenExecutive [email protected]

nancy j lange Auditor/Procurement [email protected]

linda p [email protected]

william a MolesDirector of Institutional [email protected]

jim e purcellSenior IT [email protected]

stephanie steevesAssociate [email protected]

jay a taylorAuditor/Investigations [email protected]

health science center staff 920 Madison Building, suite #909 Memphis, tn 38163-2101taylor cupples Assistant Auditor [email protected]

chasity r DavisSenior [email protected]

leon [email protected]

chattanooga staff Dept 4855 744 Mccallie avenue, suite 410 chattanooga, tn 37403-2598steven g BamburgSenior [email protected]

MISSIONAt the conclusion of each engagement, reports are issued to audited parties, senior management, the Audit Committee of the Board of Trustees, and the Tennessee Division of State Audit.


For Audit and Consulting Services, 2012 was a year of rebuilding As you know, a number of vacant positions were filled, including mine In addition

to my hire, we hired six new ACS team members this year: two performance auditors, an information technology auditor, two auditors in Memphis, and an auditor in Knoxville

As we worked to bring on new team members, the staff continued to provide solid audit and compliance coverage for the university We completed 150 projects, which included required audits, risk-based engagements, engagements in progress from 2011, other unplanned projects, procurement card audits, equipment audits, monthly procurement card monitoring, and follow-up engagements

In addition to the formal engagements summarized in this report, various staff members served on committees, conducted training, consulted with departments on ad hoc issues, trained compliance officers in conducting risk assessments, and guided campus administrators in setting priorities to address compliance issues

We dedicated efforts to make progress on some long-term projects this year In an effort to ensure compliance with the Federal Sentencing Guidelines for Organizations, the Institutional Compliance Office worked with management to revise UT’s Code of Conduct and began communicating the Code to the university We will fully roll out the communication plan during the first quarter of 2013 As part of the plan to focus efforts on effectiveness and efficiency of operations, our two performance auditors began to implement the performance auditing initiative The team’s first engagement was conducted at the Health Science Center, and the report should be issued in early 2013 In addition, our information technology auditor is working with our entire audit team to incorporate IT audit work into all of our engagements

Looking ahead in 2013, we foresee a year of change We will continue to provide value to the university by identifying stakeholder expectations, fully embracing a risk-centric strategy, becoming more efficient and effective with our resources, and setting goals and measuring our progress We will continue to focus on incorporating information technology audit steps into our engagements so that this type of audit work will become second nature for all auditors and will continue to focus efforts on effectiveness and efficiency without losing sight of the other assurance services, such as engagements focused on controls

I wish to express thanks to the entire ACS staff for their hard work and dedication They continued to add value to the university while we filled vacancies I would also like to thank the Audit Committee for the opportunity to serve the University of Tennessee

As we begin the 2013 audit year, I look forward to working with the Audit Committee, university management, and the ACS staff to enhance operations and mitigate risks at the university

Sandy S Jansen, CIA, CCSA, CRMAExecutive Director

TO ThE AUDIT COMMITTEE OF ThE UNIVERSITy OF TENNESSEE BOARD OF TRUSTEES:


Audits

One of our main roles is to reduce the university’s risk, or exposure to loss To that end, we develop an annual audit plan based on a risk assessment Our objectives are to evaluate risk exposures related to the university’s governance, operations, and information systems and to evaluate the potential for fraud We also evaluate the adequacy and effectiveness of internal controls (administrative and operational policies, procedures, and practices) in responding to risks, determine compliance with applicable policies and regulations, and make recommendations to strengthen any deficiencies noted The types of audits we perform are discussed below

Financial. Our office performs a limited number of financial audits (e g , public radio stations) annually as required We examine the financial statements and perform tests of transactions sufficient to express an opinion on the financial statements as a whole

Internal control. The nature of this work is to identify significant internal control weaknesses in departmental and functional financial operations and provide effective recommendations for improvement We also identify the significant risks to the university’s financial operations and information at the departmental and functional levels Internal control engagements can contribute to and improve the governance of the area being audited, especially when control environment recommendations are included

Auditing for fraud. Our objective here is to look for fraudulent transactions One result of this work may include recommendations to improve internal controls These audits, along with risk assessments for other audit engagements, evaluate the potential for the occurrence of fraud

Compliance. The goal in such audits is to determine whether university policies and external laws and regulations are being followed This type of work is usually coupled with reviewing internal controls so that we can provide recommendations to strengthen the controls to help prevent future violations of policies or regulations

Information technology (IT). IT audits are designed to identify significant weaknesses in the confidentiality, integrity, and availability of the university’s information systems and to provide effective recommendations for improvement In addition, this work evaluates whether the information technology governance of the university supports its strategies and objectives These audits are performed to help safeguard the information systems and the data stored on them, including administrative and student data, programs and operating systems, personal computers, servers, and networks Objectives include assessing vulnerabilities in both technical and physical security; ensuring that university systems conform to best practices in industry standards; reviewing the storage and transmittal of electronic information; determining compliance with applicable policies, laws, and regulations; and making recommendations to strengthen any deficiencies noted

Performance. We conduct performance audits and other consulting-type projects in response to requests from university administration and departments and from other sources such as risk assessments Our objectives are to provide management with information to improve an area’s organizational structure, staffing, and operating procedures and to ensure that UT resources are used effectively and efficiently, accounted for properly, and safeguarded adequately We also determine whether operations and programs are being carried out as planned and their results are consistent with university objectives Performance audits can address whether internal controls are operating effectively and in compliance with legal or other requirements, though such objectives are examined routinely in financial and compliance audits

A Audit and Consulting Services provides the University of Tennessee system with

objective, independent appraisals of accounting, financial, administrative, and other operations in departments and units as a service to all levels of management and the UT Board of Trustees. These appraisals help ensure that the university’s assets are protected, departments are operating efficiently and effectively, and UT is complying with applicable policies, laws, and regulations. Our role is also to facilitate cost-effective decisions that will support the missions and strategic plan of the University of Tennessee and, through our assurance and consulting activities, to add value to UT’s operations. The internal auditing profession is governed by standards promulgated by The Institute of Internal Auditors, Inc., which require us to evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach. The primary functions of the office are conducting audits (financial, compliance, information technology, and performance) and investigations and overseeing the university’s institutional compliance function.

At the conclusion of each engagement, reports are issued to audited parties, senior management, the Audit Committee of the Board of Trustees, and the Tennessee Division of State Audit.

The internal audit function reports to the Audit Committee, with administrative oversight by UT’s chief financial officer. (Appendix A is the university’s organizational chart, and Appendix B is the Internal Audit Charter, which establishes our purpose, authority, and responsibility in the university community.)

OVERVIEW OF AUDIT AND CONSULTING SERVICES


investigAtions

State law requires Audit and Consulting Services to investigate substantive allegations of fraud, theft, abuse, and shortages and losses of university assets Our objectives include verifying the facts in a legal and objective manner, determining responsibility, identifying control breakdowns that led to the loss, and recommending corrective actions to help ensure that similar actions do not occur in the future These matters are referred to the state comptroller’s office for its review and possible referral for criminal prosecution

MAnAgeMent support

ACS provides other value-added work, such as promoting appropriate ethics and values within the university, communicating risk and control information on a system-wide level, and coordinating and communicating information among the Board of Trustees, State Audit, and UT management

stAffing

The Audit and Consulting Services staff consists of an executive director, 2 associate directors, 15 audit professionals, a compliance director and officer, a coordinator/editor, and a support staff member (Biographical information is provided in Appendix C ) The staff has over 200 years of combined auditing experience, with most of that obtained at higher education institutions The average tenure in the office is approximately 10 years Four staff members are certified public accountants (2 inactive); 8 are certified internal auditors; 2 are certified information systems auditors; 2 are certified fraud examiners; and 1 is a certified compliance and ethics professional In addition to these and other certifications, over half the professional staff has master’s degrees The audit staff received numerous hours in continuing education credits for the year, which includes training received at seminars, conferences, workshops, and in classes The auditors are members of such professional organizations as The Institute of Internal Auditors and the Association of College and University Auditors Some staff members also served on university committees at the request of management and provided training on internal controls and procurement cards See pages 20 and 21 for detailed information

In auditing for fraud, our objectives are to look for fraudulent transactions and to evaluate the potential for the occurrence of fraud.

IT audits performed by our office are designed to identify significant weaknesses in the confidentiality, integrity, and availability of the university’s information systems and to provide effective recommendations for improvement.

INSTITUTIONAL COMpLIANCE


Mission

The mission of Institutional Compliance is to serve and safeguard our university community from the regulatory risks we face and promote a cultural environment of high ethical standards by:

• Identifying compliance risk faced by the university community • Promoting an awareness of compliance risks and the objectives

of our compliance activities through communicating with and educating the university community

• Developing innovative and effective ways to mitigate compliance risk through collaboration with the university community

responsibilities

The Institutional Compliance Office is responsible for designing, implementing, and monitoring the UT system-wide compliance program The office’s primary responsibilities include the following:

• Develop and implement the university compliance risk assessment process

• Assist the campus/institute compliance committees in their various duties

• Help functionally responsible offices overcome barriers to compliance by recommending improved controls or providing independent services such as communicating the need for new procedures, resources, or stronger enforcement or working as a liaison between multiple parties

• Independently investigate and act on matters related to compliance • Collaborate with the university community to develop

innovative and effective ways to mitigate compliance risk • Report regularly to the Executive Compliance Committee and

the Audit Committee • Promote the university’s Code of Conduct and Compliance

Hotline

institutionAl CoMpliAnCe offiCe

The Institutional Compliance Office was established in 2008 to coordinate and oversee the University of Tennessee’s compliance programs and assure compliance with all regulatory areas, including federal, state, and local laws and regulations and university policies The objectives of the office are to promote a cultural environment of high ethical standards and to safeguard the university community from regulatory risk by identifying compliance risks, assessing the adequacy of the university’s various compliance programs with respect to meeting the standards of the Federal Sentencing Guidelines for Organizations, and developing innovative and effective ways to mitigate compliance risks through collaboration with the university community Operated as a division of Audit and Consulting Services, the office is guided by the Executive Compliance Committee, composed of administrators on the UT president’s staff

An important function of the Institutional Compliance Office is performing periodic compliance risk assessments The objectives of these risk assessments are to identify control weaknesses, identify areas of noncompliance, and develop plans for corrective action The assessments also serve to ensure that each UT campus and institute has assigned a compliance officer to each significant regulation The office provides training to the compliance officers in important general compliance issues and in performing their risk assessments Institutional Compliance also guides and assists the campus oversight committees at UT Knoxville (UTK) and UT Health Science Center (UTHSC), with plans for such a committee at each campus and institute to review the results of the risk assessment and establish the compliance priorities for the campus or institute

2012 ACCoMplishMents And plAns for 2013

In 2012, the Institutional Compliance Office assisted the UTK Campus Compliance Committee in analyzing the results of the campus compliance risk assessment and in developing plans of corrective action The risk assessment included approximately 400 regulations or compliance areas The committee identified the compliance risk priority as implementing training programs for sponsored projects accounting and safety, which account for 51 of the 152 top risks identified Detailed corrective action plans have been developed for these areas and are pending review and approval by the campus administration The office also completed the data collection phase of the UTHSC compliance risk assessment A chairman was appointed for UTHSC’s Campus Compliance Committee and is working with our office to analyze the data and determine who should be on the committee to help identify priorities and develop plans of corrective action UTHSC shares many risks with UTK and will benefit from work UTK has already done to address these areas The office continued to be involved in revising the university’s Code of Conduct to meet the requirements of the Federal Sentencing Guidelines for Organizations Institutional Compliance is involved in an awareness campaign for the Code which will officially launch during the first quarter of 2013 In other duties, the office coordinated the university system-wide Self-Assessment of Controls, which addressed internal controls for personnel/payroll and resalable inventories in all UT departments, managed an investigation of the UTK Radiation Safety department regarding inappropriate use of materials, and continued to train the compliance officer who was hired in December 2011 In 2013, Institutional Compliance is dedicated to four areas of focus We plan to focus on facilitating campus compliance committees at UTK and UTHSC We also plan to conduct a risk assessment at the UT Institute of Agriculture We will monitor compliance by using data analytics and inspections of high-risk compliance areas at UTK and continue to promote an ethical culture in the university community


As illustrated in “2013 Allocation of Time,” Audit and Consulting Services divides effort among five areas After consideration of estimated time for staff meetings, continuing professional education, holidays, and annual leave, we determined our allocable chargeable time to be approximately 19,700 hours ACS has budgeted 18 percent of hours for required audits, audits required by statute, administrative policy, or based on an agreement with management; 5 percent of hours for audits in progress on January 1, 2013, from the prior calendar year; 19 percent for unplanned investigations and special projects; 55 percent for risk-based engagements resulting from our annual assessment of risks; and 3 percent for other value-added work such as training provided by the ACS team and committee service As shown in “2013 Audit Plan by Project Type,” ACS will perform a variety of engagements We have planned to conduct work in four areas of focus for 2013 We plan to dedicate 14 percent of our effort on fraud prevention and detection projects Our office has the opportunity to enhance current practices to develop a more mature fraud prevention and detection program In the 2012 Report to the Nations on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners concluded that “organizations lose an estimated 5 percent of their revenues to fraud each year ” Fraud is not decreasing, and our office can assist the university in prevention and detection We also plan to focus on effectiveness and efficiency of operations by dedicating 17 percent of our effort on such engagements ACS has new team members to assist with this endeavor In addition, we will continue to focus on internal controls as a basic part of the work we perform by dedicating 30 percent of our effort As part of the control work, we have developed a new audit program to audit expenditures and equipment at the departmental level Although similar work has been done in the past as procurement card and equipment audits,

the new approach will provide departmental management a more in-depth look at controls and one audit process for the entire expenditure cycle We have 13 percent of our efforts dedicated to these engagements, with 17 percent for other control work

2012 Projects by Campus

UT System Administration 6Knoxville 17Health Science Center 8Chattanooga 4Martin 3Institute of Agriculture 3

As illustrated in “2012 Projects by Campus,” we provided audit coverage across the UT system In addition to the projects shown, we conducted follow-up audits to ensure that our recommendations in previous years’ audits were implemented We also conducted procurement card audits and equipment audits across the UT system Results are presented later in the report Consistent with past years, most of the projects were conducted for UT Knoxville and the UT Heath Science Center, our flagship campus and the academic healthcare center The majority of projects completed for UT system administration provided coverage for all campuses and institutes and included projects such as the Self-Assessment of Internal Controls and annual risk assessment

controls 30%

information technology 6%

financial 2%

compliance 4%

fraud prevention

and Detection 14%

other 8%

investigations 19%

effectiveness and efficiency

17%

2013 Audit Plan by Project Type2013 Allocation of Time

risk Based55%

investigations19%

audits in progress

5%

required audits 18%

other value added 3%

2013 AUDIT pLAN

2012 ACCOMpLIShMENTS

1 0 UNIVERSITY OF TENNESSEE

Auditors tested university records for indicators of fictitious employees, employee conflicts of interest, fictitious vendors, and personal use of UT procurement cards. No indicators of fraud were identified, but recommendations were made to strengthen procedures for payroll accounts and employees who are paid as vendors.

OFFICE OF AUDIT AND CONSULTING SERVICES REPORT 2012 1 1

In 2012, Audit and Consulting Services (ACS) completed 41 engagements, including required audits, risk-based projects, projects in progress from 2011, investigations, and other

unplanned projects The office also completed 31 procurement card and 50 equipment audits, 12 monthly procurement card analyses intended to detect fraud, and 16 follow-ups on recommendations issued in previous years Of particular interest in 2012 was the completion of an auditing for fraud engagement The audit has been conducted for several years and tests for indicators of fraud This year’s focus was employee conflicts of interest, fictitious vendors, and personal use of procurement cards Although we found no instances of fraud, we provided recommendations to enhance internal controls We also completed internal audits for the fiscal year ended June 30, 2012, of the Office of the President, Office of the Chancellor at UT Knoxville, and the Office of the Chancellor at the Health Science Center, as required by Tennessee Code Annotated § 49-7-3001 This statute is intended to strengthen higher education financial accountability and requires risk-based internal financial audits for the offices of the university president and the chancellors The statute requires at least 30 percent of the offices to be audited in any given year We found no evidence of fraud, waste, or abuse and provided recommendations to continue to enhance processes and controls In addition to the required senior executive audits, we observed all university-owned furnishings in the chancellor’s residence to account for assets during the transition of chancellors at UT Chattanooga All items were accounted for Among significant work, our office completed the Self-Assessment of Internal Controls, which is performed to comply with the Tennessee Financial Integrity Act of 1983 Each year, our office surveys all University of Tennessee departments (approximately 500) on controls We cycle through eight processes and related controls and survey on two areas each year This year’s areas were human resources/payroll and inventories We see the self-assessment as one of the most important projects we conduct each year because it allows us to reach all UT departments at least annually and provides a forum for educating departmental management on effective controls The Act also requires the completion of an entity-wide risk assessment Each fall, our office facilitates a risk assessment session with the chief financial officer and the chief business officers to update the risk assessment to reflect changes in the university’s operating environment Additionally, we performed year-end inventory observations and verified balances Each year we test the inventory counts for departments that have inventories for resale to either the public or other university departments The purpose of the testing is to help ensure the accuracy of the balances on the financial statements A report was not issued for this work Instead, we communicated directly with management and verified that the balances booked were consistent with the totals we reviewed

Historically, this work was conducted to support the Division of State Audit as part of the university’s financial audit; however, they no longer rely on the inventory observations performed We have discussed a new approach with management Rather than performing observations in the future, we plan to audit particular areas to determine if control weaknesses exist in the inventory process Of note for the UT Knoxville campus, we completed a series of audits for the College of Arts and Sciences, the largest college on the campus The objectives of the audits were to determine whether management had established sound internal controls and to determine compliance with university policy We recommended process improvements to comply with policy and improve controls We also completed the final engagement in a series of audits of the American Recovery and Reinvestment Act stimulus funds This engagement focused on funds at UT Knoxville, including the UT Space Institute We found that expenditures complied with applicable grant guidelines At the UT Health Science Center (UTHSC), we examined affiliation agreements in two engagements The objectives of the audits were to determine compliance with the agreements In both cases, we recommended control enhancements We also conducted two audits, at the request of the chancellor, to examine business processes in two colleges UTHSC recently recruited new deans for the College of Pharmacy and College of Nursing As such, the chancellor asked that we prioritize work in those colleges The reports provided the new deans information on business processes to assist them in establishing strong control environments The office completed nine investigations of fraud, waste, and abuse this year As always, even when fraud was not confirmed, we examined internal controls for potential improvements Our reports included recommendations to enhance procedures to strengthen controls The 31 procurement card audits covered 206 cards Violations included the lack of separation of duties between the verifier and cardholder, missing receipts, sensitive minor equipment purchases, and statements not electronically approved We also conduct a monitoring analysis where all card transactions are reviewed for the university for a month This year, 136,782 transactions totaling $33,431,430 98 were reviewed No fraud was identified, but we noted numerous policy violations In 2012, no cards were canceled for significant misuse We conducted 50 equipment audits in 2012, examining 1,321 inventory items with a total value of $14,546,665 Approximately 98 percent of the equipment items selected for observation was located Seventy percent of the departments maintained accurate records and/or complied with policies and procedures These results suggest that the university’s equipment records are reasonably accurate The most significant findings included items that were not located and had no documentation supporting their disposal and items with incorrect serial numbers in the inventory system

2012 pROJECTS COMpLETED


office of the chancellorThe audit scope included travel, entertainment, equipment, payroll, procurement card, and other expenses for fiscal year 2012 The expenditures were reviewed for compliance with university policies and to determine whether they appeared appropriate and reasonable The department complied with university policies and procedures for the period reviewed Therefore, no recommendations for improvement were provided

wuot-fM radioAuditors conducted the annual financial audit of UT Knoxville’s public radio station, WUOT-FM, for the year ended June 30, 2012, with comparative information presented for fiscal year ended June 30, 2011, and prepared the report for submission to the Corporation for Public Broadcasting (CPB) This audit is required by the CPB and was included in the annual audit plan The financial statements present fairly, in all material respects, the financial position of the station as of June 30, 2012 and

Knoxville

self-assessment of internal controls/risk assessmentEach year the university performs a self-evaluation of internal accounting and administrative controls to comply with the Tennessee Financial Integrity Act of 1983 Requirements of the Act include performing an entity-wide risk assessment and a comprehensive evaluation of internal controls Audit and Consulting Services (ACS) coordinates the university’s compliance efforts and conducts the self-assessment using a web-based questionnaire For the evaluation of controls, the university reviews the controls for two areas each year, with 2012’s topics being human resources/payroll and inventories Of approximately 500 UT departments, 105 departments identified and corrected 177 control weaknesses in the areas reviewed No material weaknesses were noted for the university ACS facilitated the 2012 entity-wide risk assessment of UT’s financial operations with the assistance of the campus/institute chief business officers This was an update of the 2011 risk assessment, and minor changes were made to existing risks Risks and recommended corrective actions were reported to the individual departments, and the results of the risk assessment and control weaknesses were reported to the state Attached were the letter from the university’s president to the state comptroller and the commissioner of finance and administration and the results of the assessment of internal controls

office of the presidentThe audit scope included travel, entertainment, equipment, payroll, the university-owned residence, and other expenses for fiscal year 2012 The expenditures were reviewed for compliance with university policies and to determine whether they appeared appropriate and reasonable Recommendations were made to ensure compliance with UT’s entertainment policies, specifically to document the number attending or expected to attend an event and the business purpose of the function and to and to separately identify alcoholic beverages on receipts to ensure they are charged to an appropriate restricted account

effort certification reportingThe objective of the audit was to determine whether effort reported in the university’s effort certification reporting (ECR)

system was accurate and certified by knowledgeable individuals The audit focused on the accuracy of effort certifications made by or for a sample of 25 university employees from September through December 2011 In accordance with federal requirements, UT maintains the electronic process to distribute salary and wage expenses to sponsored projects based on each employee’s reported percentage of effort toward the projects The certification process is decentralized, and individual departments are responsible for ensuring that effort was certified accurately and appropriately The reported effort was accurate for the employees reviewed Departments must obtain and retain appropriate written documentation for employees who did not certify effort directly in the ECR system

auditing for fraudThe audit was performed to find indicators of fraudulent activity in the records of the university’s financial and human resources system, IRIS Auditors tested for indicators of fictitious employees, employee conflicts of interest, fictitious vendors, and personal use of UT procurement cards The scope included all active employee and procurement card holder data as of August 2011 and all vendors paid in fiscal year 2011 No indicators of fraud were identified, but control weaknesses were found regarding payroll accounts and employees who have been paid as vendors, which could leave the university vulnerable to undetected fraudulent activity Recommendations were provided to help ensure the integrity of UT’s records and improve IRIS controls, including terminating employees from the payroll system who have not been paid in 18 months or longer and changing the status of individuals and vendors in the payroll system who are not paid as employees but wish to be affiliated with the university

year-endTo facilitate year-end closing of the university’s financial records, the department provides year-end instructions and special requests to certain UT system and Knoxville-campus departments Auditors coordinate the observation of physical inventories and provide inventory balances for adjusting entries made by the campus/institute business offices

ut systeM AdMinistrAtion

INTERNAL AUDITS


2011, and the changes in its financial position and its cash flow for the years then ended in conformity with generally accepted accounting principles

ut police Department—evidence and property inventoryAuditors selected 25 items from the UT Police Department’s (UTPD) lost and found inventory and 25 items from the evidence inventory All items reviewed in the evidence inventory were considered high-risk items, including money, precious metals, jewelry, firearms, and drugs All items were accounted for; proper documentation was provided; the items were maintained in a clean and orderly manner and protected from damage and deterioration; overflow inventory is being protected from damage and deterioration; access to all areas is limited to authorized personnel; and the status of all evidence and property is reflected in UTPD records (January 2012)

ut police Department—evidence and property inventoryAuditors selected 26 items from the UT Police Department’s (UTPD) lost and found inventory and 25 cases from the evidence inventory Each case reviewed contained at least one item considered high risk, including money, precious metals, jewelry, firearms, and drugs All items were accounted for; proper documentation was provided; the items were maintained

in a clean and orderly manner and protected from damage and deterioration; overflow inventory is being protected from damage and deterioration; access to all areas is limited to authorized personnel; and the status of all evidence and property is reflected in UTPD records (December 2012)

englishThe audit scope included invoice processing, deposits and revenue, ledger reconciliation, and use of information technology resources for fiscal year 2011 Also, a four-year analysis of all expenditures was performed Recommendations were made to retain invoices as required by university policy and to document entertainment expenditures adequately

theatreThe audit scope included invoice processing, deposits and revenue, ledger reconciliation, accounts receivable, and use of information technology resources for fiscal year 2011 Also, a four-year analysis of all expenditures was performed Recommendations were made to reevaluate the current oversight and accounting procedures and strengthen internal controls over the accounts receivable function in compliance with UT policy, including properly documenting accounts receivable procedures, deposits, receipts, refunds, invoices,

No material weaknesses were noted for the university in the 2012 Self-Assessment of Internal Controls. UT departments corrected 177 control weaknesses in the human resources/payroll and inventory functions.


office of the chancellorThe audit scope included travel, entertainment, equipment, payroll, procurement card, and other expenses for fiscal year 2012 The expenditures were reviewed for compliance with university policies and to determine whether they appeared appropriate and reasonable Recommendations were made to record equipment correctly in the inventory system and remove missing equipment from the official records, enter travel information correctly on UT expense reports, and attribute all transactions to the appropriate general ledger account As the result of inadvertent travel reporting errors, the chancellor should repay the university $32 50 and his two administrative assistants $27 50 each

office of the vice chancellor for academic, faculty, and student affairsThe audit scope included entertainment expenditures, invoices, and equipment for fiscal year 2011 Invoices should be coded

correctly to ensure an accurate accounting of the amount spent on a particular purchase order

health sciences libraryThe audit scope included invoices, equipment, and non-exempt payroll for fiscal year 2011 The department should print the check register before payday to verify that those listed are active employees and the amounts paid are correct and retain a signed copy of the report

neurosurgery/semmes-Murphey agreementThe affiliation agreement between the College of Medicine’s (COM) Neurosurgery department and the Semmes-Murphey Clinic was reviewed to determine if both parties were complying with the contract Under the 1995 agreement, annual payments were to be made to the university Auditors found no record of payments made under this agreement, and

internAl Audits: heAlth sCienCe Center

and agreements for goods and services; separating the duties of receiving, recording, and depositing funds received; and writing off uncollectible accounts, among others

college of arts and sciencesFour departments were audited in the College of Arts and Sciences (English, Mathematics, Theatre, and School of Music) The audit scope included administrative functions such as invoice processing, deposits and revenue, ledger reconciliation, accounts receivable, and use of information technology resources Results and recommendations were reported to the individual departments, including separating the duties of depositing, invoicing, and reconciliation; retaining invoices; documenting entertainment expenses; and managing accounts receivable properly The departments responded to and have taken corrective actions or agreed to the recommendations to correct their exceptions

athletics Business officeThe audit scope included invoice processing, ledger reconciliation, contract payments, revenue collections, and petty cash for fiscal year 2011 Recommendations were made to monitor the lodging contract process to help prevent overcharges and employee travel abuse, verify grants-in-aid for student-athletes outside the Athletics Compliance office, better monitor travel advances, pay invoices in a timely manner, document entertainment expenditures properly, and perform a supervisory review of the petty cash reconciliation and unannounced counts of the fund

american recovery and reinvestment act (arra) — stimulus fundsARRA stimulus funds were audited at UT Knoxville (UTK), including the UT Space Institute (UTSI) Expenditures, payroll, and supporting documentation were reviewed for fiscal year 2010-2011 to evaluate the internal controls over the funds received and to determine compliance with the state fiscal

stabilization fund guidelines and the US Office of Management and Budget’s Circular A-21 As of December 2010, UTK and UTSI had been awarded $31,545,990 and $404,731, respectively The expenditures complied with the applicable guidelines

volcard officeThe review was conducted to determine compliance with the Payment Card Industry Data Security Standard (PCI DSS) Self-Assessment Questionnaires (SAQ) in the VolCard Office, which accepts credit card deposits to debit accounts for UT students, faculty, and staff The objective was to determine whether the VolCard Office complied with university and PCI DSS credit card-handling policies and procedures and to verify that the information on the SAQ forms was complete and correct The office’s compliance was adequate, with recommendations to correct the SAQ forms regarding service providers and to develop a formal policy restricting credit card information sent via end user communication (e g , e-mail) Corrected forms should be resubmitted to the Treasurer’s office Auditors will recommend that the Treasurer’s office update Policy FI0311 to restrict the transmission of credit card information since many UT departments rely on this policy to meet PCI DSS requirements

ut Book and supply storeThe updated policies and procedures were reviewed for processing credit and debit cards using the point-of-sale (POS) system The POS terminal captures and transmits credit card information via a secure connection to TouchNet, a third-party vendor, for authorization/approval Elavon, UT’s standard third-party processor, will process the credit card transactions No weaknesses were identified

athleticsThe policies and procedures were reviewed for processing credit and debit cards using a wireless point-of-sale device No weaknesses were identified


internAl Audits: ChAttAnoogA

a former COM dean recalled that previous management of both entities waived the payments The contract was amended in 2010, requiring Semmes-Murphey to make quarterly payments of $6,250 These payments have been made The agreement should be reviewed for accuracy and relevancy and updated where necessary, and the General Counsel’s office should be consulted regarding any collection of back fees from Semmes-Murphey

neurology/semmes-Murphey agreementThe affiliation agreement between the College of Medicine’s Neurology department and the Semmes-Murphey Clinic was reviewed to determine if both parties were complying with the contract Under the 1987 agreement, annual payments were to be made to the university From 1992 through 2010, Semmes-Murphey made payments totaling $342,548 28 The basis of payment changed twice during this period, from 5 percent of salaries of the Neurology faculty working at the clinic to 5 percent of patient collections, then to 2 5 percent of patient collections Little documentation was found, and none appeared to have been approved by an appropriate UT official Payments were suspended from 2004 until 2008, and no written agreement to suspend these payments was found The chair of Neurology stated sufficient payments had been made as of 2010 to approximate 2 5 percent of payment collections from 2000 through 2010, which could not be confirmed Other stipulations in the contract appeared dated, and it was not processed through the campus Contracts office as required The agreement should be reviewed for accuracy and relevancy; updated where necessary, including the addition of an audit clause; and administered in accordance with university policy The General

Counsel’s office should be consulted regarding the sufficiency of the payments to meet the contract’s original intent and whether Semmes-Murphey owes any fees to UTHSC

college of pharmacyThe audit scope included a review of entertainment and travel expenses for fiscal year 2010 and interdepartmental transfers for 2010 and 2011 The objective was to determine whether the college had established internal controls to ensure that expenses were in compliance with policy Itemized invoices should be obtained from vendors for entertainment expenditures, and employees who perform clinical studies should charge only related items to the project and follow the proper closeout procedures Auditors will follow up within a year to ensure that the recommendations were implemented

college of nursingThe purpose of the audit was to evaluate the adequacy of internal controls and adherence to university fiscal policies and procedures Entertainment expenses, purchasing invoices, equipment, and exempt payroll were reviewed for fiscal year 2011 Substantial annual and sick leave balances were found for four out-of-state instructors of online courses Since January 2012, these faculty have been required to submit monthly timesheets, but only one has reported any leave Because they are not local, have no set hours, and are largely part-time, overseeing their work time is difficult College and campus administrators should consider changing the status of all out-of-town employees to contract or term employees with no leave benefits Otherwise, the college should provide clear, written guidelines as to when out-of-town faculty must record leave

wutc-fM radioAuditors conducted the annual financial audit of UT Chattanooga’s public radio station, WUTC-FM, for the year ended June 30, 2012, with comparative information presented for fiscal year ended June 30, 2011, and prepared the report for submission to the Corporation for Public Broadcasting (CPB) This audit is required by the CPB and was included in the annual audit plan The financial statements present fairly, in all material respects, the financial position of the station as of June 30, 2012 and 2011, and the changes in its financial position and its cash flow for the years then ended in conformity with generally accepted accounting principles

Motor poolThe audit was performed to determine compliance with applicable university policies and procedures and to evaluate

the system of internal controls The scope included reviewing records for accurate reporting of vehicles and equipment, use of university vehicles, departmental expenditures, vehicle rental procedures and charges, use and security of fuel cards, and reporting of taxable fringe benefits for commuting The department complied with university policies and procedures, with no recommendations for improvement provided

chancellor’s residence equipmentUniversity-owned furnishings in the chancellor’s residence were observed as of September 30, 2012 The review included all items on the internal asset report and items listed as assets in the residence on the UT Equipment Inventory Report All university-owned furnishings assigned to the chancellor’s residence, according to UT records, were observed in the residence


ut extension Bank accountsThe university bank accounts were reviewed for the Campbell, Dickson, Putnam, Robertson, and Sumner County Extension offices The audit scope included a review of bank account records, the receipt and expenditure of funds, and related financial records for 2010–2011 Each office received a separate report detailing noncompliance with university policy or Extension financial procedures and responded to the recommendations UT Extension administration should address two primary concerns: timely deposits and reimbursements to county-paid Extension employees Other recommendations concerned proper documentation of receipts and deposits, supervisory review and approval of the monthly reconciliation, travel reimbursements, and maintaining check signature authorizations on file

ut extension Bank accountsThe university bank accounts were reviewed for the Bedford, Coffee, Cumberland, Loudon, and Wilson County Extension offices The scope included a review of bank account records, the receipt and expenditure of funds, and related financial records for 2009–2010 Each office received a separate report detailing noncompliance with university policy or Extension financial procedures and responded to the recommendations The UT Extension administrative office responded with corrective actions to three particular concerns: addressing the serious issues of noncompliance at the Loudon County office (including proper equipment management and acquisition and ensuring that purchases are university related), clarifying the types of purchases allowable from the bank accounts, and documenting all disbursements from the bank accounts Recommendations also addressed timely and intact deposits, among others

internAl Audits: institute of AgriCulture

skyhawk card officeThe audit scope included invoices, equipment, and exempt payroll for fiscal year 2011 Equipment serial numbers should be listed correctly in the inventory system; serial and tag numbers should be verified on the annual inventory printout to ensure their accuracy and any discrepancies corrected; and equipment should be tagged

public safetyThe audit scope included a review of Campus Security Act compliance; drug, alcohol, and weapons storage procedures; and officer training compliance Recommendations addressed enhancing documentation of evidence destruction after case

resolution, inventory procedures for student weapons storage and other inventories, and check-out procedures for student weapons

ncaa student assistance fund—athletics DepartmentThe NCAA Student Assistance Fund was audited for fiscal year 2011-2012 The audit, required annually by the Ohio Valley Conference, was performed to determine adherence to the NCAA guidelines and to evaluate the adequacy and effectiveness of existing internal controls The disbursements complied with the NCAA’s use of funds guidelines To strengthen controls over the funds, Athletics should include fifth-year athletes on applicable rosters and document entertainment expenses according to UT policy requirements

internAl Audits: MArtin

An investigation performed to determine if an employee successfully passed a background check by falsifying documents resulted in UT’s improving its background check process to allow cross-referencing of identification information.


facilities planningThe review was conducted to investigate allegations made to the state comptroller’s hotline that specifications for a roofing system for a UT Chattanooga capital project were written so that contractors were limited to one manufacturer for the system and that the system was selected and installed without a bidding process The objective was to determine if the specifications were proprietary to a single manufacturer and to examine the contract award process for the project Auditors found no evidence to support the allegations The initial specifications provided

the option of the specified manufacturer or an equivalent substitution in the bidding process The specifications were rewritten as a result of cost concerns Three manufacturers that could provide the specified roofing system were identified in the addendum, and the option for an equivalent substitution remained in the general contract provisions Multiple contractors submitted bids for the project, and the bid processes for the roofing system appeared to comply with state guidelines and university policies and procedures

INVESTIGATIONS

ut systeM AdMinistrAtion

radiation safetyThe review examined allegations regarding the Radiation Safety department (RSD) at UT Knoxville (UTK) It was alleged that a student employee in RSD was a security risk, RSD handled radioactive material improperly and violated its state of Tennessee license, and university resources were used inappropriately An initial investigation performed by the U S Joint Terrorism Task Force and the UT Police Department resulted in no criminal charges UT auditors then reviewed to determine whether the allegations were true and examined the department’s internal controls Allegations of the student’s inappropriate behavior appeared true (left cars containing radioactive material unlocked, propped open a door to the RSD office when it contained radioactive materials, and used a lead box containing radioactive material as a weight for a driving a truck in snow) He was trained on transporting and securing radioactive material and was reprimanded by the former RSD director The student resigned from RSD and withdrew from UT Most allegations regarding RSD’s improper handling of radioactive materials and violating its state license appeared false The one violation was not recording natural-source uranium and thorium received from a state community college on the department’s inventory Procedures were implemented to record such material properly in the future The former director admitted using university equipment for his personal business without approval, which violated UT policy, but such use likely had negligible effect He resigned from the university Background checks should be performed on student job candidates and UTK departments periodically instructed to report the acquisition of naturally occurring uranium and thorium and other reportable materials to RSD

Men’s swimming and Diving—athleticsAuditors investigated allegations that the former Men’s Swimming head coach improperly solicited a donor and diverted funds intended for the university to an outside organization, Tennessee Aquatics The objectives were to determine whether financial misconduct occurred and to evaluate internal controls in the Athletics department The coach solicited $100 from a

donor which he initially deposited in his personal account and later transferred to the Tennessee Aquatics account, but there was no evidence he solicited the donor named in the initial complaint The review noted that Athletics had not historically provided oversight for Tennessee Aquatics’ activities and expenditures and a formal agreement did not exist between UT and the organization Auditors recommended that management establish requirements such as written agreements for all outside organizations wishing to become affiliated with the university and that procedures be enhanced to strengthen controls, such as for disclosing outside financial interests, procurement card purchase review, and camp registration cash handling

Development and alumni affairsThe Knoxville Police Department (KPD) reported that a Temporary Help Pool employee working in the Tyson Alumni House may have falsified employment documentation to conceal prior convictions for theft and that a subsequent background check conducted for her returned inaccurate results The review was performed to determine if the employee successfully passed a background check by falsifying documents and to evaluate the associated controls in UT Knoxville’s Development and Alumni Affairs and in Human Resources (HR) After KPD’s report, discrepancies were found in her employment documents, then auditors discovered the required background check was not done Also, the employee’s supervisor determined she had altered one timesheet by eight hours The employee was terminated after a background check, using correct identification information, returned numerous criminal convictions and other issues, including identity theft Recommendations were made to improve controls to protect against false time reporting; verify information provided by employees and compare to proof of identification; and strengthen a flaw in UT’s background check process to allow cross-referencing of identification information The Development department implemented corrective actions to help mitigate the risk of false time reporting; HR implemented corrective actions to help ensure that background checks are conducted for all new employees; and the company that

Knoxville


Kingsport higher education centerThe review was conducted after an anonymous allegation was made that the director of the Doctor of Education program at the Kingsport Higher Education Center directed improper payments to an individual The director is assigned a UT procurement card, but he has no signature authority for any university accounts

Applicable procurement card transactions and transactions from university accounts potentially influenced by the director were searched, and no payments or transactions were found as alleged Also, no vendor payments using the alleged recipient’s name (and variations) were found in university records No evidence was found to support the allegation

Biosystems engineering and soil scienceThe review was conducted after it was alleged that the former business manager did not report all leave taken She resigned in November 2011 to move out of state The manager admitted taking 48 hours of leave that she did not report in July 2010 The Payroll Office deducted the hours from her leave balance, reducing the amount of her final paycheck The manager stated she submitted a leave request for the leave taken in July and the

department head told her to take the leave even though she had not earned enough hours and to record it later Because issues were noted in the department’s leave processing procedures, auditors could not determine if the manager had reported all leave taken The department has taken steps to correct the concerns noted, strengthening procedures for approving and recording leave

investigAtions: ChAttAnoogA

investigAtions: institute of AgriCulture

investigAtions: heAlth sCienCe Center

office of the chancellorThe review was conducted to investigate an anonymous allegation that the executive vice chancellor used his position to facilitate receiving a PhD from the UT Health Science Center (UTHSC) and manipulated the system for his own benefit None of the administrators interviewed were aware of any policies prohibiting a full-time administrator from enrolling in a UTHSC advanced degree program, and his transcript appeared to be in

order The dissertation committee chair said the executive vice chancellor was not provided any benefit because of his position and was required to meet the same program requirements as other students He became the executive vice chancellor while working on his dissertation Based on the interviews and policies reviewed, auditors found no evidence to substantiate the allegation and recommended no further action

conducts background checks for UT has agreed to modify the process The falsified wages were deducted from the employee’s final paycheck

facilities servicesAuditors investigated allegations of overcharging by Tennessee Skyline Glass (TSG), the former glass and door repair contractor for UT Knoxville (UTK) The allegations stated TSG overcharged UTK’s Facilities Services for labor on most jobs; TSG and Facilities Services purposefully scheduled work outside of normal business hours, allowing higher service call and labor rates; and a former superintendent allowed the inflated costs because of a personal relationship with TSG staff Concerns regarding labor rates appeared justified, but Facilities Services paid the labor charges because the contract did not include a general labor rate Facilities staff did not appear to monitor the charges on invoices submitted by TSG Also, the former glass and door hardware contractor, 3T Glass, overcharged Facilities Services for automatic door closers Auditors were unable to substantiate that TSG intentionally performed work outside of regular business hours to charge higher labor rates The former superintendent had an outside relationship with the owner of TSG, but the relationship did not appear to influence the bidding process for the 2008 contract with TSG Two bids submitted during the review were apparently the result of collusion

Auditors recommended researching prevailing wage rates, monitoring contractor invoices, changing the RFQ preparation procedures, and deterring bidder collusion, among others

college of social workAuditors investigated an account established at Regions Bank by the College of Social Work’s Nashville office The UT Knoxville college business manager discovered the “coffee” account when the accounting coordinator was on leave The purpose of the investigation was to determine if any funds in the account were used for reasons other than university business The account is thought to have existed for at least 20 years, with the knowledge of administrators in the Nashville office Some documentation, such as bank statements and checks, was missing, and one statement included a $425 withdrawal for a personal mortgage fee The associate dean said Regions Bank mistakenly withdrew the fee from the coffee account instead of her personal account, and the error was resolved No evidence was found that the coffee account was misused intentionally, but auditors could not determine when the account was established Expenditures, except for the mortgage fee, appeared to be for departmental business The account’s existence, however, violated university policy The coffee account was closed and the funds deposited properly College administration in Knoxville is now responsible for handling all funds and processing invoices for the Nashville office


annual procurement card summary The report summarizes procurement card audits performed from November 2011 through October 2012 and monthly procurement card monitoring from October 2011 to September 2012 Thirty-one procurement card audits were conducted on 206 cards in the UT system (2,501 transactions on 1,088 monthly statements) Violations included a lack of separation of duties between the verifier and cardholder, missing receipts, receipts not meeting policy requirements, sensitive minor equipment purchases, statements not signed by the cardholder and verifier, and statements not electronically approved Higher rates of exceptions were noted for separation of duties, no electronic approval, and missing receipts The IRIS Administrative Support department has developed aids to monitor policy compliance, including a report to the campus/institute chief business officers showing statements that were not electronically approved so that the business officers may follow up with the departments and a report identifying cardholders

who verify their own statements This year no cards were canceled for significant misuse Whereas the traditional auditing process involves sampling, the monthly monitoring involves a cursory review of all card transactions for the university system for a month, primarily to identify fraudulent activity In the monitoring, 136,782 transactions totaling $33,431,430 98 were reviewed No fraud was identified, but policy violations included exceeding the entertainment and $5,000 purchase limit and capital asset, personal, and travel-related purchases Split purchases dropped for the fourth consecutive year Personal purchases rose, partly because of inadvertent selection of procurement card numbers when purchasing online Sensitive minor equipment purchases continued to be the most frequent policy violation All violations were discussed with the departments and resolved Results and recommendations were reported to the departments audited and those contacted in the monthly monitoring process (Appendix D is a complete list of departments )

annual equipment summaryFifty equipment audits were performed from November 2011 through October 2012 Auditors examined 1,321 inventory items with a total value of $14,546,665 Approximately 98 percent of the equipment selected for observation was located Seventy percent of the departments maintained accurate records and/or complied with policies and procedures Of the 30 percent not complying (15 departments), 3 were follow-up audits and continued to have compliance issues These results suggest that the university’s equipment records are reasonably accurate The most significant findings included items that were not located and had no documentation supporting their disposal and items with incorrect serial numbers in the inventory system A common exception was missing tags or incorrect tag numbers (40 percent of departments), largely attributed to loss from frequent use and errors when many items are entered in the inventory system at once The Controller’s Office should reemphasize the requirement to verify serial and tag numbers during the annual inventory process Audit results and recommendations were reported to the audited departments, which responded and agreed to the recommendations to correct their exceptions (Appendix E is a complete list of departments )

In 2012, the audit staff followed up on 16 audits and investigations to determine whether their recommended corrective actions had been implemented (Appendix F is a complete list of departments )

EqUIpMENT AUDITS

pROCUREMENT CARD AUDITS

FOLLOW-Up AUDITS

The results of our 2012 monthly procurement card monitoring indicated that split purchases dropped for the fourth consecutive year. Also, no cards were canceled this year for significant misuse.

About 98 percent of the equipment items selected for observation this year was located, and 70 percent of departments maintained accurate records and/or complied with policies and procedures. These results suggest that the university’s equipment records are reasonably accurate.


Other completed audit-related projects and enhancements were designed to educate the university community, improve accountability, and improve office efficiency

At the request of management, some Audit and Consulting Services staff members also served on university committees and provided training on internal controls, procurement cards, and other areas

AutoAudit

AutoAudit, a commercial software package used by the department, is designed to assist in managing and conducting audits and other projects This database tool includes modules for planning and budgeting audit projects, reporting and managing staff time, creating electronic workpapers, and other functions In 2012, we revised the audit programs for procurement cards and equipment, which changed the format of the programs and related workpapers The programs reside in the AutoAudit library and provide steps and guidance on conducting procurement card and equipment audits and creating workpapers The procurement card program includes test work preparation, determining the audit population, testing monthly statements and receipts, and testing for exceptions such as split transactions and cards with low or no activity For equipment, the program addresses test work preparation, determining the audit population, performing equipment observations, and completing an Internal Control Questionnaire

funding forMulA Audits

For many years, at the request of the Division of State Audit, Audit and Consulting Services conducted audits based on the university’s enrollment figures as of the 14th day of each fall semester to verify the accuracy of the enrollment data submitted to the Tennessee Higher Education Commission (THEC) In 2010, the funding formula for the state’s higher education institutions changed significantly Previously relying mostly on enrollment data, the formula is now based on outcomes, including data on degree production, research funding, and graduation rates, among others In the summer of 2012, ACS staff members met with Tennessee Board of Regents’ (TBR) auditors and THEC staff to discuss audit approaches for outcome data In spring 2013, we will work with TBR to develop audit objectives and the audit program that will be used statewide

SUppLEMENTARy pROJECTS

steve BamburgConflict of Interests Review Committee (April 2011 to present) The purpose is to review outside financial interests disclosed by faculty and staff at UT Chattanooga to determine if the interests create a potential conflict between the employees’ personal and university responsibilities The committee will make recommendations to the campus chief business officer to ensure the campus is in compliance with university policies and state statutes

judy BurnsHuman Resources Policy Advisory Group (June 2010 to present) The purpose is to advise the Human Resources officers of changes needed in university HR policies The system-wide group reviews existing policies to ensure that all needed information is included, the policies are clear and

understandable, and they apply to all campuses and institutes The group may also suggest new policies

leigh cheekFinancial Information Security Committee (June 2005 to present) The purpose is to address security measures required by the Gramm-Leach-Bliley Act and the Payment Card Industry Data Security Standards The committee continues to work on the university’s compliance efforts and has developed appropriate policies for compliance

chasity DavisChancellor’s Exempt Staff Selection Committee. (October 2012 to present) The purpose is to select an award recipient annually from UTHSC’s non-faculty exempt employees who has

ut CoMMittee AssignMents

Previously based on enrollment data, the state’s funding formula is now based on outcomes like degree production, research funding, and graduation rates. In spring 2013, we will work with the Tennessee Board of Regents to develop audit objectives and the audit program that will be used statewide.

As a result of our audit of the UTK VolCard Office, UT fiscal policy was revised to restrict the transmission of credit card information via e-mail and other such communication.

American Recovery and Reinvestment Act (stimulus) funds were audited at UT Knoxville and UT Space Institute. The campuses’ use of the funds received ($31,545,990 and $404,731, respectively) complied with applicable state and federal guidelines.


demonstrated outstanding service to the university community beyond the expectation of his or her position

john fox Conflict of Interests Review Committee (August 2008 to present) The purpose is to review outside financial interests disclosed by faculty and staff at UT Knoxville to determine if the interests create a potential conflict between the employees’ personal and university responsibilities The committee chair further investigates potential conflicts identified by the committee Capital Projects Financial Reporting Committee (March 2011 to present) The purpose is to develop a financial report for ongoing capital projects to better communicate each project’s status to campus administrators The committee has developed a draft financial report

sandy jansenBenefits Advisory Board (March 2012 to present) This group, composed of administrators from all UT campuses and institutes,

meets quarterly to discuss issues involving all types of employee benefits, such as leave, insurance, retirement, and tuition waivers

Bill Moles (facilitator and non-voting member)UT Knoxville Campus Compliance Committee (October 2011 to present) and UT Health Science Center Campus Compliance Committee (September 2012 to present) The purpose of both committees is to interpret the results of the compliance risk assessment the Institutional Compliance Office performs for the campus and to establish priorities and appropriate plans of corrective action

jim purcellIT Security Community of Practice (July 2012 to present) The Security CoP provides input to the Statewide IT Committee on priorities related to the university’s IT security strategy The Security CoP ensures that the committee has necessary information on security priorities, best practices, and standards to make decisions concerning IT priorities and investments, IT applications, overall policies and standards, and common data and business processes

Kasandra atwood taught an IRIS training class on producing, reviewing, and reconciling ledgers

Brittany Barnett and jay taylor taught classes through Human Resources on the importance of effective internal controls for UT Knoxville departments

john fox presented a framework for organizing workpapers in the office’s electronic workpaper system at the 2012 annual auditors meeting The framework provides a method to consistently organize workpapers for most projects for greater understanding, promotes better documentation of a project’s objectives, and helps ensure that the objectives are met In addition, he presented a set of workpaper rules to improve the clarity of documents included in the workpapers

james hodge taught a class through Human Resources on moving expenditures from one cost center or WBS element to another

sandy jansen presented “Fraud Risk Assessment” at the University Risk Management and Insurance Association’s 2012 Annual Meeting Sandy discussed the fraud risk assessment methodology

she developed at another institution and will incorporate into audit work at the University of Tennessee At the Association of College and University Auditors’ 2012 Annual Conference, she led a professional development session on adding value to an auditor’s career by becoming involved in professional organizations

linda Marion presented the training workshop “Hit Parade of Grammar and Style” for ACS staff at the 2012 annual auditors meeting The presentation covered various grammatical elements, UT style points, and words commonly misused in ACS reports and other communications, including examples and exercises

jim purcell presented “Integrating IT Audits” for ACS staff at the 2012 annual auditors meeting The presentation addressed steps and techniques for including elements of IT audits into most university internal audits

jay taylor taught classes on UT procurement cards through Human Resources The class introduces the concepts, policies, and responsibilities of procurement card management, including reconciling monthly statements

To expand their knowledge and obtain the required continuing education credits (CPE), auditors in the department attended training in areas as diverse as interviewing through linguistic lie detection, human resources law, cyber security, computer forensics, higher education compliance, integrated IT auditing, fraud detection with data mining, Dodd-Frank Legislation Whistleblower Program, background checks, and root cause analysis The ACS audit staff obtained over 1,040 CPEs in 2012

trAining provided within And outside the university

trAining obtAined within And outside the university

Internal auditors received training in such diverse areas as interviewing through linguistic lie detection, human resources law, cyber security, computer forensics, higher education compliance, integrated IT auditing, fraud detection with data mining, background checks, and root cause analysis.


AppENDIx A: 2013 ORGANIzATION OF ThE UNIVERSITy OF TENNESSEE

BoarD of trustees

presiDent

executive assistantto presiDent

chancellorutK

chancellorutM

chief operatingofficer utsi

vice presiDentacaDeMicaffairs &

stuDent success

vice presiDent for huManresources

vice presiDentips

vice presiDentgovernMentrelations & aDvocacy

executive vp/vp research & econoMic

Dev/ornlrelationships

vice presiDent& Diversity

aDvisor

vice presiDentDevelopMent

& aluMni affairs

treasurer & chief financial

officer

executiveDirectorauDit &

consultingservices

interiM chief inforMation

officer

interiM chancellorutc

chancellorutia

chancelloruthsc

general counsel& secretary

aDMinistrative assistant

auDitcoMMittee


SAndy JAnSen, CIA, CCSA, CRMAExecutive Director

Linda MarionCoordinator

Shelly GettyAdmin Specialist II

Leigh Cheek, CIA, CISACompliance Officer

Jay TaylorAuditor

Investigations

Brittany Barnett, CFeAuditor

Investigations & Procurement Cards

nancy Lange, CIA, CISAAuditor

Procurement Cards

Student Auditors

doug Hawks, CIA, CRMASr. Performance Auditor

Stephanie Steeves, CIAAssociate Performance

Auditor

Jim Purcell, CISSP, PMPSenior IT Auditor

Kasandra AtwoodSenior Auditor

Sherry davisAssociate Auditor

Bill Miller, CPA (inactive), CGFM

Consultant

James Hodge, CIA, CGFMSenior Auditor

elizabeth Hall, CPAAssociate Auditor

Steve Bamburg, APASenior Auditor

Chasity davisSenior Auditor

Taylor CupplesAssistant Auditor

Bill Moles, CCeP, CIADirector

Institutional Compliance

Judy BurnsAssociate Director

State Coverage

John Fox, CPA (inactive)Associate Director

East Tennessee

Leon Hurt, CPA, CIA, CFeAudit ManagerWest Tennessee

ACS staff served on university committees to enhance and streamline operations and develop and revise policies, including committees on human resources policies, IT security strategy, conflict of interests, and campus compliance efforts.


stAteMent of purpose, Authority, And responsibility

purpose And sCope

Internal auditing at the University of Tennessee is an independent appraisal activity established to examine and evaluate the activities of the university as a service to management and the Board of Trustees Internal Audit assists management in carrying out their duties and responsibilities effectively by examining financial and operational internal control systems, including administrative information systems, to evaluate the extent that

• Financial, property, and information assets are safeguarded;

• Information is accurate and reliable;

• University policies and external laws and regulations are followed;

• Resources are employed efficiently and economically; and

• Operations and programs are being carried out as planned, and their results are consistent with the university’s objectives

Authority And responsibility

Internal auditors shall be authorized full and complete access to all university records (either manual or electronic), physical properties, and personnel relevant to a review The corresponding responsibility of internal auditors is to handle documents and information obtained during a review in the same prudent manner as by those employees normally responsible for them In fulfilling their responsibilities, internal audit departments at each campus or unit will

• Develop and implement audit plans and programs that respond to both risk and cost-effectiveness criteria;

• Suggest policies and procedures where appropriate;

• Provide audit reports that identify internal control issues (among others) and make cost-effective recommendations to strengthen controls;

• Facilitate the resolution of audit issues with administrators who have the most direct involvement and accountability;

• Maintain auditing standards consistent with those established by the Institute of Internal Auditors Inc to ensure the effectiveness and quality of the internal audit effort; and

• Investigate allegations involving theft or misuse of university assets

In their staff functions, internal auditors have no direct responsibility or authority over any of the operating activities examined, and their review shall not relieve others of their responsibilities Furthermore, the independence of the internal auditors should not be compromised by their implementing procedures, preparing records, or engaging in activities that internal auditors would normally review

reporting struCture

The internal audit function reports to the Audit Committee of the Board of Trustees with supporting responsibilities to the chief financial officer Campus/institute internal auditors report to the Knoxville audit office with supporting responsibilities to the chief executive of each campus or institute and their respective chief business officers When requested, internal auditors may attend senior-level staff meetings and serve on various university committees Their role at such meetings should be limited to rendering advice and staying abreast of strategic, governance, and risk issues At the conclusion of each audit, Internal Audit will issue timely reports to the audited parties, senior management, the State of Tennessee Division of Internal Audit, and the Audit Committee

AppENDIx B: INTERNAL AUDIT ChARTER


Kasandra g atwood, senior auditorBachelor of Science, Accounting, East Central University, Oklahoma, 1992

Master of Business Administration, the University of Tennessee, 2002

Kasandra Atwood joined ACS in 1999 She worked previously for a public accounting firm in Oklahoma, where she audited public school districts, cities, and towns She conducts audits and financial reviews of university departments and operations

steven g Bamburg, senior auditor, apaBachelor of Science, Accounting, Louisiana State University, 1990

Bachelor of Science, Biological Science, Louisiana Tech University, 1978

Steven Bamburg joined the office in 2009 Previously he worked as a senior Medicare auditor at a subsidiary of BlueCross BlueShield of Tennessee Steve conducts audits, investigations, and financial reviews of departments and operations on the Chattanooga campus

Brittany M Barnett, auditor, cfeBachelor of Science, Criminal Justice/Criminology

East Tennessee State University, 2005

Brittany Barnett joined the department in 2006 Previous work experience includes retail banking, banking operations, and bookkeeping She conducts investigations and financial reviews of departments and operations

judith a Burns, associate directorBachelor of Arts, English and Political Science, the University of Tennessee, 1982

Master of Arts, English, the University of Tennessee, 1984

Judy Burns joined ACS in 1986 She has served as editor and office coordinator, management analyst, manager of management consulting and fiscal policy development, and as interim executive director from August 2010–February 2012 She spent several years outside the department

managing training and user support during UT’s implementation of its financial and human resources system, rejoining the office in 2004 She has been a member of the Board of Governors for the East Tennessee Chapter of The Institute of Internal Auditors (IIA) since 2009 and a staff member/facilitator for the University of Tennessee Leadership Institute, a leadership recognition and development program for UT leaders, since 1996 Judy is currently associate director for the department

leigh cheek, institutional compliance officer, cia, cisaBachelor of Science, Mathematics, California Polytechnic State University, 1982

Leigh Cheek has over 25 years’ experience in computer science and accounting She joined ACS in 1998 and has conducted information technology security reviews and risk assessments for the university’s computer systems and networks, among other projects In late 2011, she joined the office’s

Institutional Compliance division, where she researches new laws and regulations; manages the database of laws, regulations, and the compliance risk assessment; helps create policies and procedures to maintain data integrity; and follows up on certain risks identified during the risk assessment Leigh is a past president of IIA’s East Tennessee Chapter and serves on its Board of Governors

chasity Davis, senior auditorBachelor of Business Administration, Accounting, Middle Tennessee State University, 2002

Master of Business Administration, Bethel University, 2011

Chasity Davis joined ACS in 2005 and took another position on the Memphis campus in 2011, returning to the department this year Previously she was a claims representative in the insurance industry and a cost accountant for Nissan Corporation She

performs investigative, compliance, and operational audits for the UT Health Science Center

sherry s Davis, associate auditorBachelor of Science, Computer Science, University of Tennessee, 2002

Sherry Davis joined the department in mid-2012 Previously she worked as an internal auditor for Clayton Homes and has experience in bookkeeping and computer programming Sherry conducts audits of university departments and operations

john M fox, associate director, cpa (inactive)Bachelor of Arts, Cell Biology, the University of Tennessee, 1977

Master of Accountancy, the University of Tennessee, 1981

John Fox joined the department in 1982 He worked a short time in public accounting and has been an adjunct accounting instructor over the years at Walters State Community College John helped develop and revise UT fiscal policy for 14 years

and manages the internal audit function in ACS, conducting audits and investigations as needed In 2012, he taught a financial and managerial accounting class at Walters State

AppENDIx C: pERSONNEL qUALIFICATIONS

Key:apa associate in premium auditing ccep certified compliance and ethics professionalccsa certification in control self-assessmentcfe certified fraud examinercgfM certified government financial Managercia certified internal auditor

cisa certified information systems auditorcissp certified information systems security professionalcpa certified public accountantcps certified professional secretarycrMa certification in risk Management assurancepMp project Management professional


shelly j getty, administrative specialist ii, cpsBachelor’s degree in Christian Education, Allegheny Wesleyan College, 1998

Shelly Getty joined ACS in 2000 She is the administrative assistant to the executive director and the office manager

elizabeth h hall, associate auditor, cpaBachelor of Science in Business Administration, the University of Tennessee, Knoxville, 2000

Master of Accountancy, the University of Tennessee, Knoxville, 2003

Elizabeth Hall joined ACS in early 2010 She previously worked in public accounting for KPMG, Coulter and Justus, and PYA; taught cost accounting at South College in Knoxville; and worked for UT Knoxville as a graduate teaching

assistant, graduate assistant, and residence hall director She conducts audits of university departments and operations This year, Elizabeth received her Certificate of Completion from the College Business Management Institute

Douglas hawks, senior performance auditor, cia, crMaBachelor of Science in Business Administration, Southern Utah University, 2002

Master of Business Administration, Indiana University, 2005

Master of Public Administration, Southern Utah University, 2011

Doug Hawks joined ACS in mid-2012 Previously serving as director of Internal Audit at Southern Utah University, he has worked in internal audit departments in the private sector for both large

and small companies He chairs the publications committee for the Association of College and University Auditors (ACUA) and serves as editor-in-chief for College and University Auditor He currently conducts performance audits of UT departments and operations In 2012, Doug led an effort to develop ACUA’s Internal Audit Department Start-up Guide The guide helps higher education institutions establish an internal audit department and includes resources, sample reports, and templates and is for sale on the ACUA website

james h hodge, senior auditor, cia, cgfMBachelor of Business Administration, East Tennessee State University, 1986

James Hodge has been with ACS since 1999 Previous work experience includes internal auditing at East Tennessee State University and at North Carolina A&T State University He performs audits and financial reviews of university departments and operations and conducts investigations as needed

leon hurt, manager, cpa, cia, cfe Bachelor of Business Administration, Accountancy, University of Memphis, 1978

Leon Hurt worked 27 years at the Memphis Light, Gas and Water Division, where he prepared financial statements, performed account analyses, and served as IT project analyst, acting as a liaison between the user and programming personnel and assisting in the design and development of application systems He has worked over 20 years

in internal auditing, conducting IT, financial, and operational audits and supervising staff He joined ACS in 2007 and performs compliance and departmental audits and investigations at the Memphis campus

sandy s jansen, executive director, cia, ccsa, crMaBachelor of Business Administration, Accounting, Texas Tech University, 1994

Sandy Jansen joined ACS as the executive director in February 2012 She worked for 21 years in the Texas Tech University System, serving the last 7 years as assistant chief audit executive In her current role at UT, she oversees internal auditing, institutional compliance, and consulting services

for the university system Sandy is active in professional service She chairs the professional education committee for ACUA, leading the organization’s professional education efforts, is an ACUA faculty member, and serves as a volunteer seminar facilitator for IIA In 2012, she earned her Certification in Risk Management Assurance

nancy j lange, auditor, cia, cisaAssociate of Science, Pellissippi State Technical Community College, 1994

Bachelor of Science, Business Administration, the University of Tennessee, 1997

Nancy Lange has been with the department since 1996 She served almost 9 years in the US Air Force, working with mainframe computers as an operator and in an array of jobs pertaining to operations support functions After military service, she continued in similar positions another

6 years on a civilian contract with the Department of the Navy She manages procurement card and equipment audits

jessica n leonard, associate auditor Bachelor of Business Administration, Accounting, Morehead State University, 2003

Master of Business Administration, University of the Cumberlands, 2010

Jessica Leonard joined ACS in June 2011 She served as assistant controller at Union College for 6 years Previous audit experience includes performing fieldwork for nonprofit government audits and auditing school systems at a public accounting firm in Louisville, Kentucky Before

leaving the department in early 2012, Jessica conducted audits of university departments and operations


linda p Marion, coordinatorBachelor of Arts, English, the University of Tennessee, 1988

Master of Arts, English, the University of Tennessee, 1991

Linda Marion has been ACS’s editor and coordinator of special projects since 1990 She helped coordinate the development, revision, and issuance of university fiscal policy for 14 years She plays an integral role in the department’s process of developing, revising, and issuing

reports of audits, investigations, and IT security reviews She also coordinates special projects and develops publications to assist university departments with their financial responsibilities

william M Miller, consultant, cpa (inactive), cgfMBachelor of Science in Business Administration, Accounting, Middle Tennessee State University, 1975

Master of Business Administration, the University of Tennessee at Chattanooga, 1991

Before joining the department, Bill Miller was business manager for the College of Human Ecology at UT Knoxville and audit manager for the Division of State Audit, Comptroller of the Treasury He has

served as adjunct professor on UT’s Knoxville and Chattanooga campuses Bill is the charter president of the Association of Government Accountants’ (AGA) Chattanooga Chapter, past president of AGA’s East Tennessee Chapter, and a member of Chattanooga’s Audit Committee In 2012, he conducted audits, investigations, and financial reviews of departments and operations for UT Chattanooga on a part-time basis

william a Moles, director of institutional compliance, ccep, cia Bachelor of Science, Business Administration, the University of Tennessee, 1980

Master of Business Administration, Virginia Tech, 1983

Bill Moles began as a management analyst in the department in 1986 with the management consulting group He joined the internal audit section in 1992, where he performed internal control reviews of the university’s accounting

systems and other major functions, IT security audits, and cost studies He coordinated the annual Self-Assessment of Controls for the UT system from 1989 until 2007 As director of the Institutional Compliance Office, he works collaboratively with UT compliance programs to reduce the university’s regulatory compliance risks Bill is a past president of IIA’s East Tennessee Chapter

jim e purcell, senior it auditor, cissp, pMpBachelor of Science, Business Administration, Tusculum College, 1986

Jim Purcell joined ACS in mid-2012 His 30-year IT career spans time with TVA, Science Applications International Corporation (SAIC), and Regal Entertainment Group Jim is an instructor for the SANS Institute and has presented information security topics at various IT conferences He has served in management and staff roles in all aspects

of information technology and currently performs IT audits of university departments and operations

stephanie steeves, associate auditor, ciaBachelor of Public Management, Florida Atlantic University, 1996

Master of Public Administration, Florida Atlantic University, 2001

Stephanie Steeves came to the department in late 2012 from Palm Beach County, Florida, where she worked in county government for 23 years and served on the Board of Governors of IIA’s Palm Beach Chapter She conducts performance audits of university departments and operations

jay taylor, auditorBachelor of Arts, Political Science, the University of Tennessee, Knoxville, 2006

Master of Science, Management, Austin Peay State University, 2010

Jay Taylor has been with UT since 1998, previously as a senior audit clerk for the UT bookstore, joining the department in 2004 She performs investigations of fraud, waste, and abuse for the university system Jay is a past vice president and a board member of the Association of Certified Fraud Examiners,

Knoxville Chapter

At the 2012 annual auditors meeting, staff members presented workshops on topics such as integrating IT audits, grammar and style, and workpaper framework and rules.


KnoxvilleAnthropologyCollege of Business Administration—

Administration and Center for Executive Education

Earth and Planetary SciencesMechanical, Aerospace, and Biomedical

EngineeringReligious StudiesSocial Work Office of Research and

Public Service

institute for publiC serviCe

Municipal Technical Advisory Service

heAlth sCienCe Center Anatomy and NeurobiologyCampus RecreationHearing and Speech CenterInformation Technology ServicesLaboratory Animal Care UnitOphthalmologyPediatricsPhysiology

MArtinHealth and Human PerformanceMathematics and StatisticsStudent LifeVisual and Theatre Arts

ChAttAnoogA Athletics Business OfficeAthletics Compliance OfficeClub SportsFacilities Planning and ManagementFootballMen’s BasketballSimCenterStudent Development

institute of AgriCulture

4-H Youth DevelopmentAgricultural EconomicsFamily and Consumer SciencesPlant Sciences

Knoxville AnthropologySchool of Architecture Division of BiologyCare of Grounds—Facilities ServicesCenter for Environmental BiotechnologyChemistry—ResearchCivil and Environmental EngineeringConvenience CopierEcology and Evolutionary BiologyElectrical Engineering and

Computer ScienceExtraordinary Maintenance—

Athletics Plant MaintenanceFootballSchool of Genome Science and

Technology Joint Institute for Advanced MaterialsJoint Institute for Biological SciencesKinesiology, Recreation, and

Sport StudiesSchool of Music NutritionOIT Communications Group

ITES CenterPhysics—Research

ChAttAnoogA Biological and Environmental SciencesCollege of Business ChemistryCommunicationCollege of Engineering and Computer

Science Lupton LibraryMedia ResourcesSimCenterStudent Technology CenterTelecommunication Services

heAlth sCienCe Center Biomedical Engineering and ImagingITS Computing SystemLaboratory Animal Care UnitPathologyPharmaceutical SciencesPharmacologyPhysiologyProsthodonticsTelehealth

MArtin Agriculture, Geosciences, and

Natural ResourcesBiological SciencesEngineeringMusic

institute of AgriCulture

Animal ScienceBiomedical Research and EducationEntomology and Plant PathologyFood Science and TechnologyPlant SciencesRadiologyWildlife Health

AppENDIx D: pROCUREMENT CARD AUDITS

AppENDIx E: EqUIpMENT AUDITS

depArtMents Audited froM noveMber 2011 to oCtober 2012

depArtMents Audited froM noveMber 2011 through oCtober 2012


2012 Audit yearDate issued campus project Description type recommendations

implemented comments

Dec 2009 UTHSC Clinical Education Chattanooga Other No Given 6 months to complete

Feb 2012 UTHSC IT Department Audit Yes

Feb 2012 UTK Financial Aid Falsified Time Sheets Investigation Yes

March 2012 UTSA* Genera Audit Yes

April 2012 UTHSC Vice Chancellor for Research Audit Yes

May 2012 UTK RecSports Audit Yes

June 2012 UTSA Top Principal Investigator Audit Yes

June 2012 UTSA Equipment Process Audit No Given 6 months to complete

July 2012 UTSA Alumni Checking Accounts Audit Yes

Sept 2012 UTK Athletics Ticket Office Missing Money Investigation Yes

Sept 2012 UTK Athletics Ticket Office Investigation Yes

Nov 2012 UTK Architecture Investigation Yes

Nov 2012 UTK Motor Pool Investigation Yes

Nov 2012 UTHSC Effort Reporting Audit Yes

Dec 2012 UTHSC Library Audit Yes

Dec 2012 UTK Reliability and Maintainability Center Investigation Yes

*UT system administration

AppENDIx F: FOLLOW-Up AUDITS

RePORT OF ACCOMPLISHMenTS | 2012 | AudIT And COnSuLTInG SeRvICeSuT COnFeRenCe CenTeR BuILdInG, SuITe 149, KnOxvILLe, Tn 37996-4114 | 865-974-6611

responses froM 2012 Client QuestionnAires

• We want to thank you for your great service!

• Not only was the auditor professional, but she made us feel very relaxed and was quick to answer our questions and concerns.

• The auditor did a very professional job.

• The auditor’s pleasant demeanor made the process less stressful for all.

• It was good to have outside feedback in our process, which allowed us to revisit and affirm our procedures.

12 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012 | 2012

Audit and Consulting Services: 2012 Report

Documents

Transcript of Audit and Consulting Services: 2012 Report