UAC ANNUAL REPORT - USFsystem.usf.edu/.../pdfs/upcoming-meetings/120210/0910UACAnnualReport.pdf ·...

2009-10

UAC ANNUAL REPORT

University Audit & Compliance 2

University Audit & Compliance Debra Gula, CPA Executive Director Jeff Muir, JD Chief Compliance Officer Caroline Fultz-Carver, CCEP Associate Compliance Officer Kate Head, CPA, CFE, CISA Associate Director Steve Cuppett, CPA, CIA, CISA Assistant Director Amy Alspach, CPA, CFE Assistant Director Josh Maslyn, CIA, CISA, MCSE Senior Information Technology Auditor Donette Boddiford, CIA Senior Audit Consultant Eric Harmon, CPA, CIA Audit Consultant Jessica Pecora, CPA Audit Consultant John Casas, CPA Audit Consultant Jolanda Thompson Administrative Specialist

2009-10 UAC Team (left to right) Standing: Jessica Pecora, Donette Boddiford, Josh Masyln, Jeff Muir, Steve Cuppett, John Casas, Jolanda Thompson; Sitting: Amy Alspach, Kate Head, Debra Gula, Caroline Fultz-Carver, Eric Harmon

TABLE OF CONTENTS MESSAGE FROM THE EXECUTIVE

DIRECTOR MISSION AND PURPOSE AUDITS

o CONTRACTUAL SERVICES

o BALANCES DUE TO/DUE FROM USF AND

ITS COMPONENT UNITS

o SOCIAL SECURITY NUMBER (SSN) COLLECTION AND MONITORING

o SPONSORED RESEARCH PROJECTS INVOICING

DIRECT SERVICES

o CONSULTING SERVICES

o INVESTIGATIONS

COMPLIANCE

ACTIVITY CHARTS PROFESSIONAL ACTIVITIES

AND CERTIFICATIONS UPCOMING YEAR


MESSAGE FROM THE EXECUTIVE DIRECTOR A year of making a difference… The Institute of Internal Auditors defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve and organization’s operations. Internal auditors bring unique value to senior management, governing bodies, and other university stakeholders primarily through their insight, objectivity, and the assurance they provide that policies and procedures are being followed, that the organization is complying with laws and regulations, and that the internal controls in place are adequate to mitigate risks. Four audits, five consulting services projects, and seven investigations were completed in FY 2009-10. Congratulations to Research Financial Management for an excellent audit result. Our testing of sponsored research projects invoicing concluded that invoices manually processed by RFM during the audit period were accurate, complete, and timely prepared. The Compliance and Ethics Program managed 27 EthicsPoint reports, 11 of which were substantiated. Human resource matters topped the list with 52% of reports submitted. Our 2010-11 Work Plan provides for three new audits, including tuition, comparative medicine billing, and convenience accounts. Four audits will carry over from the prior year. We will also continue to provide

continuous assurance and consulting activities in support of research, information technology, and central administrative services. In addition to conforming to the IIA’s International Standards for the Professional Practice of Internal Auditing, UAC’s commitment to professionalism includes completing ongoing training and professional development and earning professional designations. Two team members recently received the Certified Internal Auditor and Certified Compliance and Ethics Professional designations. Thank you to the university community for partnering with us on this journey to excellence. Thanks especially to the UAC Team for your immense talent and unending commitment and for choosing to put your skills to work for the USF system. We appreciate the support we receive from the President and the Board of Trustees Finance and Audit Workgroup. As the IIA often says, in order to be effective, we must be both “heard and heeded,” for it is only through your recognition and empowerment that we can truly make a difference. Debra S. Gula, CPA


MISSION AND PURPOSE University Audit & Compliance is responsible for providing the University of South Florida System with independent and objective assurance and advisory services that promote stewardship, accountability, integrity, efficiency, and compliance. These services assist the University in evaluating and improving business risk management and governance processes. The nature and scope of services provided by University Audit & Compliance include audits, reviews, management advisory services, consulting, and investigations. We are committed to upholding the values of integrity, respect, excellence, and service in the performance of our duties. AUDITS Contractual Services UAC performed an audit of contractual services purchased by the USF System during the period January 1, 2008 through December 31, 2008. Our report 09-051 was issued May 21, 2010. The Division of Purchasing, which reports to Campus Business Services, and the Department of Accounts Payable, which reports to the University Controller, share primary responsibility for the overall procurement processes including contractual services. During the calendar year 2008 audit period, in-scope contractual service payments totaled approximately $29 million. Our objective was to determine if the control environment would ensure contractual service purchases were properly approved, accurately and timely recorded, properly supported, and in compliance with laws, regulations and University policies. In addition, we assessed

whether errors and irregularities would be prevented or detected timely. Unmitigated fraud risk exists for contractual service purchases resulting from a lack of advance approvals, competitive solicitation requirements not being followed, and an overall lack of supporting documentation as follows: • Contractual service agreements did not

include sufficient detail of services to be provided,

• The receipt of contractual services was not consistently documented, and

• Contractual service payments were not always supported by a valid invoice.

As a result of the material deficiencies in the control issues identified, we are unable to express overall assurance that the control structure would prevent or detect errors or irregularities on a timely basis. In addition to the six recommendations related to the validity of purchases and payments where fraud risk exists, we also made six recommendations to improve compliance and reporting associated with contractual services, which should also help ensure federal tax requirements concerning independent contractors are met. Three recommendations were made to improve oversight and guidance for contractual services, including adoption of an electronic contract management system to enhance the efficiency and effectiveness of overall monitoring efforts, and delivery of enhanced procedures and training to promote the consistent application of processes and controls surrounding contractual services. Three of the recommendations had been fully implemented and four were partially implemented before the report was issued. Issue 13, which involves a software solution for contract management, will require


additional resources. Several recommendations require collaboration between Purchasing and Accounts Payable to implement. Balances Due To/Due From USF and its Component Units UAC performed an audit of balances due to/due from the University of South Florida and its discretely presented component units as reported in the University’s financial statements for the year ended June 30, 2009. Our report 09-057 was issued on May 21, 2010. Our objective was to determine if due to/due from balances as reported in the University’s financial statements were: • Accurate, complete, and recorded timely, • Properly approved and supported, • In agreement with the respective due

to/due from balances as reported in the component unit financial statements, and

• In compliance with generally accepted accounting principles.

Some differences were identified between the due to/due from balances reported in the University’s financial statements and the balances reported by its component units. Only one of the differences identified resulted in an audit adjustment by the University prior to issuing their 2009 financial statements. Although the remaining differences were not material in terms of the need for financial statement restatement, the differences were indicative of deficiencies in the process of recording and disclosing due to/due from balances. Differences were also identified in the methodology utilized by the University and its component units when disclosing the balances in the balance sheet and notes to the financial statements. Reasons for the inconsistencies include:

• A lack of communication between the entities

• A lack of supporting documentation for due to/due from entries

• Differences in the methodology used to report these balances

• A lack of system-wide policies and procedures for reporting due to/due from balances.

Promulgation of system-wide policies and procedures by the University Controller with the assistance of the University Treasurer will help ensure the transparency and accuracy of the financial statements of the University and each of its component units. In addition to recommendations designed to improve the accounting and reporting of due to/due from balances, we have included in our report disclosure issues that need to be further reviewed and addressed by management of the University and the component units. Social Security Number (SSN) Collection and Monitoring UAC performed an audit of Social Security Number (SSN) Collection and Monitoring within the USF System. Our report 10-039 was issued on June 28, 2010. Our project scope was limited to compliance with USF Policy 0-516, USFID-SSN Appropriate Use Policy. The primary audit objectives were to determine whether collection, transmission, storage, and use of SSNs within the USF System complied with USF Policy 0-516. Based on our preliminary audit risk assessment, we determined that SSN collection and monitoring within the USF System did not comply with Policy 0-516. Because the control and governance framework outlined in Policy 0-516 was not fully in place, detailed testing of controls was not performed.


The Information Technology Management Council is assigned primary responsibility for all SSN collection and monitoring within the USF System, and should begin fulfilling this role by: • Authorizing and annually recertifying all

SSN use within the USF System as required by Policy 0-516,

• Verifying that security measures are in place and functioning, and

• Ensuring that known SSN security issues are resolved timely.

Sponsored Research Projects Invoicing UAC performed an audit of the sponsored research projects invoicing process for the six-month period from January 1, 2009 through June 30, 2009. Our report 10-025 was issued on June 17, 2010. During this period, Research Financial Management (RFM) generated a total of 4,243 invoices valued at $104,104,040. Our project scope was limited to the invoicing process used by RFM. Our objective was to determine if sponsored research projects invoicing was accurate, complete, and timely. RFM utilizes the FAST system to generate invoices for sponsors of cost-reimbursable projects that will pay by Letter of Credit (LOC). An LOC is an authorization to draw funds from a sponsor for a stated amount and within a stated time period. Drawn funds are for payment of specified costs incurred by USF. RFM also utilizes the FAST system to generate invoices for sponsors of fixed price projects.

Invoices for sponsors of cost reimbursable projects that will not pay by LOC are generated manually outside the FAST system and manually entered into the FAST Accounts Receivable module to allow for the receipt of revenues from sponsors billed. RFM has developed an “in-house” data extraction process which downloads actual expenditures from FAST into a workbook used to prepare cost reimbursable sponsor billings. We focused detailed testing on the manually generated invoices due to the high risk for errors. Manual invoices accounted for 32.31% of the research dollars billed during our audit period. Our audit testing indicated that invoices manually processed by RFM during the audit period were accurate and complete (agreed with expenditures posted in FAST) and prepared timely (in accordance with the sponsor’s defined billing schedule). Of the 883 manually generated invoices from the audit period, only five were not entered into the FAST System as an accounts receivable. Corrections were made after the payments had been received by USF Cashier’s Office staff who found no corresponding receivables in FAST. Total unrecorded receivables were $302,534, but corrections were made before the University’s official year-end financial statements were impacted. The manual creation of invoices outside of FAST, however, continues to hamper the efficiency and effectiveness of RFM’s invoicing process. RFM has been actively working on a project to fully implement invoicing through the FAST system.


Audits/Reviews41%

Follow-Up4%Consulting

Services10%

Investigations40%

Contingencies5%

UAC DIRECT SERVICESFY 2009-10

DIRECT SERVICES Consulting Services Consulting projects are collaborations between management and UAC. Services may be requested in advance and included as part of the annual work plan; however, many requests are made during the year. A project’s objective will vary depending on the needs of management, but may include improving a process or procedure, assisting in the implementation of a new system, interpreting laws, rules, policies, and other guidance or facilitating education/training programs. These services are proactive in nature and can be helpful to any University function or department. During 2009-10, five consulting projects, including two Management Letters related to

investigations, were performed for the USF System, including University Services, the Office of Research and Innovation, and the College of Business. Two major projects are outlined below: ARRA Reporting UAC reviewed the USF System’s framework for meeting the reporting requirements in Section 1512 of the American Recovery and Reinvestment Act of 2009 (ARRA). Section 1512 requires recipients of funds to submit a report of specific data elements to the Federal funding agency no later than 10 days after the end of each calendar quarter. Further guidance issued by the Office of Management and Budget (OMB) provides funding recipients with information necessary to effectively implement the Section 1512 reporting requirements. OMB M-09-21 Section 4 requires that recipients of funds


perform data quality reviews which “are intended to emphasize the avoidance of two key data problems – material omissions and significant reporting errors.” Overall, good faith efforts have been made to report complete and accurate data, including the following: • Key ARRA reporting responsibilities were

assumed by the appropriate parties. • A means of tracking ARRA funds was

established through unique fund codes and project attributes.

• Preparation of each quarterly report was well documented.

• Helpful guidance was made available on the University’s website, including an overview of ARRA funds, appropriate and inappropriate uses of ARRA funds, budgeting information, and general reporting information.

• ARRA guidance was proactively monitored for changes and updates.

UAC made three recommendations including the use of consistent transactional periods, reconciliation with official FAST records, and incorporating additional data quality review measures in existing procedures. Unclaimed Property Review UAC performed a limited review for unclaimed property belonging to the USF System. We reviewed the official unclaimed property websites of all 50 states, identifying a total of 87 items belonging to the University of South Florida System. We identified $30,988 in unclaimed USF System property that needs to be recovered from the State of Florida Department of Financial Services and $60 held by the State of Georgia Department of Revenue. We also included an additional 17 items totaling $3,221 that may also belong to the

USF System or separate but affiliated organizations like student clubs. For these items, potential USF System ownership was indicated but not conclusive, based on the names, addresses, and or descriptions listed on the State of Florida website. Information Technology UAC’s information system projects are performed in accordance with the ISACA (Information Systems Audit and Control Association) Standards and Guidelines. ISACA has designed this guidance as the minimum acceptable level of performance required to meet the professional responsibilities set out in the ISACA Code of Ethics for Auditing and Control Professionals. These Standards and Guidelines are consistent with the Control Objectives for Information and Related Technology (COBIT)--an IT governance framework which permits management to bridge the gap between control objectives, technical issues, and business risk. There are currently three Certified Information Systems Auditors (CISAs) on the UAC team. This year the IT Audit Team focused on factors which impacted the confidentiality, integrity, and availability of systems and resources held within these systems. Confidentiality not only includes whether sensitive data is secured, but also whether access is effectively controlled. Emphasis this year also included ensuring entitlement reviews were being performed on a periodic basis, user role assignments were compatible, and access levels were appropriate. In addition to the audits of the OASIS to FAST interface and Purchasing/Accounts Payable Oversight, the IT Audit Team issued two reports resulting in eleven formal recommendations. Due to the sensitive and confidential nature of these recom-mendations, details are not included in this report.


Advisory Services UAC is committed to providing proactive advice on internal controls, operations, and compliance. Requests for advisory services may come from various management levels throughout the University. The information we provide through these services assists management in decision-making and improving operations. Results of these types of services are communicated verbally or through memorandums.

External Support and Follow-Up Activity In accordance with the International Standards for the Professional Practice of Internal Auditing, UAC follows up on all internal audit observations to determine if corrective actions have been taken. We also follow up on recommendations made in reports issued by the State of Florida Office of the Auditor General or other external agencies. Utilizing a web-based tracking

system, UAC can efficiently and effectively manage and document follow-up related activities. Two Follow-Up Reports, covering the period from July 1, 2009, through June 30, 2010, were issued during the fiscal year. UAC reported on the implementation status of agreed-upon corrective actions. The recommendations made during this period related to the following categories: • Accountability and responsibility • Accuracy and completeness • Compliance with laws, regulations, or

University policies • Effective and efficient operations • Information security • Security and safety • Separation of duties • Timely and properly authorized • Timely and properly recorded • Training and guidance


Accountability & Responsibility, 8%

Accuracy & Completeness, 27%

Compliance with Rules & Laws, 7%

Effective & Efficient Operations, 8%

Information Security, 7%

Safety & Security, 4%

Separation of Duties, 4%

Timely & Properly Authorized, 15%

Timely & Properly Recorded, 12%

Training & Guidance, 8%

UAC RECOMMENDATIONS

0 5 10 15 20 25 30

Training & Guidance

Timely & Properly Recorded

Timely & Properly Authorized

Separation of Duties

Safety & Security

Information Security

Effective & Efficient Operations

Compliance with Rules & Laws

Accuracy & Completeness

Accountability & Responsibility

IMPLEMENTATION

Outstanding Accepts Risk Closed-Verified Closed-Not Verified


Investigations The President and the Board of Trustees have charged UAC with performing investigations related to the University and its related organizations. An investigation is an objective review of evidence related to a complaint or allegation. Complaints and concerns may be received from the University’s EthicsPoint reporting system or directly from an individual, or may be forwarded from various University offices or state and local government agencies. Reports of concerns, complaints, and allegations may or may not be supported by the facts. That is why it is critical that the investigative process be managed discreetly and confidentially to ensure the integrity of the process and protect the reputations of named individuals. Florida law supports the need for confidentiality during investigations and permits active investigations to be classified as exempt from public record. Only those with a legitimate business need are provided with information related to ongoing investigations.

Approximately 40% of our project effort (direct services) during 2009-10 was expended on investigations compared to 13% in FY 2008-09. Out of nineteen total complaints, four were referred to other units and eight remained open at June 30, 2010. Of the seven completed investigations, the complaints were unsubstantiated in three cases. However, four of the allegations were substantiated in the following categories:

The three classified as misappropriations in the table above concluded that resources of the institution had been misused, and the misuse appeared to meet the definition of a theft. As a result, the cases were referred to the University Police department. The other investigation related to the repeated misuse of a PCard. The cardholder reimbursed most of the charges after they were identified by the reconciler. Any control deficiencies identified during our investigations were communicated to management. COMPLIANCE The USF System’s Institutional Compliance and Ethics Program was established in 2007 with the appointment of a Chief Compliance Officer (CCO) and the Institutional Compliance and Ethics Council (ICEC), composed of university compliance professionals, managers of high-risk units, and faculty representatives. The CCO and ICEC were charged by President Genshaft and the Board of Trustees to create and maintain an

UAC Investigations

Classification No.

Misappropriations 3

Fiscal misconduct – non research 1

Total 4


effective program based on best practices to prevent, monitor, detect, and respond to non-compliance and recommend corrective actions to fully meet regulatory requirements. This year the compliance program welcomed an Associate Compliance Officer, whose primary focus is expansion of the program’s Enterprise Risk Management activities and conflict of interest related issues. Leadership of the USF System eCOI Project was a major focus for the program this year. This new web-based, conflict of interest disclosure system will greatly enhance the university’s ability to track and manage potential employee conflicts as well as create a much more user-friendly disclosure process for faculty and staff. The eCOI Project also included the creation and approval of two new USF System Policies: Individual Conflicts of Interest in USF System Research Projects (0-309), and Florida Code of Ethics for Public Officers and Employees: Compliance and Disclosure (0-027). A new system policy on institutional conflicts of interest is also in the works. Other Institutional Compliance and Ethics Program activities during the year included: • Continuation of Enterprise Risk Management

workshops for high-risk units: completion of enterprise risk assessment of the Purchase Order/Accounts Payable process involving Purchasing and Property Services and the Controller’s Office; facilitation of a risk assessment for the Travel Office; and consultation on risk-assessment program for the Office of Information Security

• Consultation, planning, and educational material for new Employee Orientation and Manager Training programs with USF Talent Management

• Major gap-analysis project concerning compliance with the federal Higher Education Opportunity Act reauthorization

• Numerous consultation projects with USF System units concerning compliance-related issues such as export controls, contract and grant management, and financial disclosure, as well as education and policy presentations with university groups such as the Council of Deans, Chairs Development Workshop, A&P Council, USF Staff Senate, and College of Behavioral and Community Sciences.

The Chief Compliance Officer is responsible for the management of the USF System’s anonymous hotline, EthicsPoint. Of the 27 reports received during FY 2009-10, 11 were substantiated, 15 were unsubstantiated, and one was in progress at year-end.

Substantiated vs. Unsubstantiated

Substantiated Unsubstantiated Open Total HR 5 9 14 DEO 2 1 3 Safety 2 1 3 Research 2 2 COI 1 1 2 Donor Steward

1 1

Medical 1 1 Data Privacy 1 1 Total 11 15 1 27

14 52%

3 11%

3 11%

2 7%

2 7%

1 4%

1 4%

1 4%

EthicsPoint Reports

HR, 14 DEO, 3 Safety, 3Research, 2 COI, 2 Donor Steward, 1Medical, 1 Data Privacy, 1


ACTIVITY CHARTS

Audits/Reviews24%

Follow-Up3%

Consulting Services6%

Investigations23%

Contingencies3%

Admin17%

Staff Development2%

Holidays and Leave22%

UAC TOTAL HOURSFY 2009-10

PROJECT BUDGET % ACTUAL % DIRECT SERVICES: Audits/Reviews 5,600 29% 4,547 24% Follow-up 500 3% 489 3% Consulting Services 1,250 7% 1,074 6% Investigations 1,850 10% 4,383 23% Contingencies 1,300 7% 561 3% Total Direct Services 10,500 56% 11,054 59% OTHER: Administration 3,665 20% 3,206 17% Staff Development 360 2% 404 2% Holidays and Leave 4,195 22% 4,056 22% Total Other 8,220 44% 7,666 41% TOTAL 18,720 100% 18,720 100%


PROFESSIONAL ACTIVITIES & CERTIFICATIONS UAC is proud of the experience and professionalism of its staff. During 2009-2010, we continued our involvement with organizations that support higher education and internal auditing activities. UAC staff members participate in a number of professional organizations which include: Professional Organizations Association of College and University Auditors

(ACUA)

Institute of Internal Auditors (IIA) Association of Certified Fraud Examiners

(ACFE) Information System Audit & Control

Association (ISACA) American Institute of Certified Public

Accountants (AICPA) National Association of College and University

Business Officers (NACUBO) National Council of University Research

Administrators (NCURA)

Certifications Our team maintains numerous professional certifications demonstrating their continued commitment to the audit and investigative professions. Current certifications held by our staff include: Certified Public Accountant

Certified Internal Auditor

Certified Fraud Examiner Certified Information Systems Auditor

Certified Compliance and Ethics Professional

Microsoft Certified System Engineer

Advanced Degrees In addition to professional certifications, advanced degrees held by UAC include: Master of Accountancy

University of South Florida

Master of Business Administration University of South Florida

Master of Management - Leadership and Organizational Effectiveness University of South Florida

Master of Education - Instructional

Technology University of South Florida

Master of Public Administration


Doctorate of Medical Sciences University of South Florida

Juris Doctor Stetson University

UPCOMING YEAR The following chart reflects our expected allocation of personnel resources during 2010- 2011.

Audits/Reviews30%

Follow-up3%

Consulting Services9%

Investigations10%

Contingency7%

Admin21%

Holidays/Leave18%

Staff Dev & Training

2%

UNIVERSITY AUDIT & COMPLIANCEFY 2010-11 WORK PLAN

% ofHours Effort

DIRECT SERVICESAudits/Reviews

Core Processes:FAST A/R - 3rd party billing 800Tuition 1,000Comparative Medicine billing 600EBS:PS Travel Module (including Pcards) 800OASIS TBD 800Financial/Accounting Issues:Convenience Accounts 600Academic Affairs:Florida Centers of Excellence or21st Century World Class Scholars 600

Subtotal 5,200

Continuous AssuranceResearch Initiative Accounts 100

Follow-up; Coordinate External Audits 5005,800 32.8%

Consulting ServicesExport Controls 150Conflict of Interest Reporting System 200Special Projects 400

ERM: System-wide Risk Assessment 200Emerging Issues - compliance, financial, IT 600

Subtotal 1,550 8.8%

Investigations 1,850 10.5%

Contingency 1,318 7.4%TOTAL DIRECT SUPPORT 10,518 59.5%

INDIRECT SUPPORTIndirect Support 849Administration 2,823

TOTAL INDIRECT SUPPORT 3,672 20.8%

OTHERStaff Development & Training 340Staff Vacancy 0Holidays and Leave 3,150

TOTAL OTHER 3,490 19.7%

TOTAL HOURS AVAILABLE (CAE + 8.5 STAFF) 17,680 100.0%

Approved by Board of Trustees Finance and Audit Workgroup on August 19, 2010.


jthompsonRectangle

jthompsonTypewritten TextUniversity Audit & Compliance 15

University Audit and Compliance 3702 Spectrum Boulevard, Suite 180

Tampa, Florida 33612-9444 Phone: 813-974-2705

Facsimile: 813-974-3735 Website: www.usf.edu/uac

http://usfweb2.usf.edu/uac/�

09-10 UAC Annual Report 111810_DR.pdf/TABLE OF CONTENTSMESSAGE FROM THE EXECUTIVE DIRECTORMISSION AND PURPOSEAUDITSDIRECT SERVICESInformation TechnologyAdvisory ServicesInvestigationsACTIVITY CHARTSPROFESSIONAL ACTIVITIES & CERTIFICATIONSCertificationsAdvanced DegreesUPCOMING YEAR

Work Plan FY 2010-11 081910Work Plan

(2009-10)

(UAC ANNUAL REPORT)

University Audit & Compliance

Debra Gula, CPA

Executive Director

Jeff Muir, JD

Chief Compliance Officer

Caroline Fultz-Carver, CCEP

Associate Compliance Officer

Kate Head, CPA, CFE, CISA

Associate Director

Steve Cuppett, CPA, CIA, CISA

Assistant Director

Amy Alspach, CPA, CFE

Assistant Director

Josh Maslyn, CIA, CISA, MCSE

Senior Information Technology Auditor

Donette Boddiford, CIA

Senior Audit Consultant

Eric Harmon, CPA, CIA

Audit Consultant

Jessica Pecora, CPA

Audit Consultant

John Casas, CPA

Audit Consultant

Jolanda Thompson

Administrative Specialist

2009-10 UAC Team (left to right) Standing: Jessica Pecora, Donette Boddiford, Josh Masyln, Jeff Muir, Steve Cuppett, John Casas, Jolanda Thompson; Sitting: Amy Alspach, Kate Head, Debra Gula, Caroline Fultz-Carver, Eric Harmon

TABLE OF CONTENTS

· MESSAGE FROM THE EXECUTIVE DIRECTOR

· MISSION AND PURPOSE

· AUDITS

· Contractual Services

· Balances Due To/Due From USF and its Component Units

· Social Security Number (SSN) Collection and Monitoring

· Sponsored Research Projects Invoicing

· DIRECT SERVICES

· Consulting Services

· Investigations

· COMPLIANCE

· ACTIVITY CHARTS

· PROFESSIONAL ACTIVITIES

AND CERTIFICATIONS

· UPCOMING YEAR


MESSAGE FROM THE EXECUTIVE DIRECTOR

A year of making a difference…

The Institute of Internal Auditors defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve and organization’s operations.

Internal auditors bring unique value to senior management, governing bodies, and other university stakeholders primarily through their insight, objectivity, and the assurance they provide that policies and procedures are being followed, that the organization is complying with laws and regulations, and that the internal controls in place are adequate to mitigate risks.

Four audits, five consulting services projects, and seven investigations were completed in FY 2009-10. Congratulations to Research Financial Management for an excellent audit result. Our testing of sponsored research projects invoicing concluded that invoices manually processed by RFM during the audit period were accurate, complete, and timely prepared.

The Compliance and Ethics Program managed 27 EthicsPoint reports, 11 of which were substantiated. Human resource matters topped the list with 52% of reports submitted.

Our 2010-11 Work Plan provides for three new audits, including tuition, comparative medicine billing, and convenience accounts. Four audits will carry over from the prior year. We will also continue to provide continuous assurance and consulting activities in support of research, information

technology, and central administrative services.

In addition to conforming to the IIA’s International Standards for the Professional Practice of Internal Auditing, UAC’s commitment to professionalism includes completing ongoing training and professional development and earning professional designations. Two team members recently received the Certified Internal Auditor and Certified Compliance and Ethics Professional designations.

Thank you to the university community for partnering with us on this journey to excellence. Thanks especially to the UAC Team for your immense talent and unending commitment and for choosing to put your skills to work for the USF system.

We appreciate the support we receive from the President and the Board of Trustees Finance and Audit Workgroup. As the IIA often says, in order to be effective, we must be both “heard and heeded,” for it is only through your recognition and empowerment that we can truly make a difference.

Debra S. Gula, CPA

MISSION AND PURPOSE

University Audit & Compliance is responsible for providing the University of South Florida System with independent and objective assurance and advisory services that promote stewardship, accountability, integrity, efficiency, and compliance. These services assist the University in evaluating and improving business risk management and governance processes.

The nature and scope of services provided by University Audit & Compliance include audits, reviews, management advisory services, consulting, and investigations. We are committed to upholding the values of integrity, respect, excellence, and service in the performance of our duties.

AUDITS

Contractual Services

UAC performed an audit of contractual services purchased by the USF System during the period January 1, 2008 through December 31, 2008. Our report 09-051 was issued May 21, 2010. The Division of Purchasing, which reports to Campus Business Services, and the Department of Accounts Payable, which reports to the University Controller, share primary responsibility for the overall procurement processes including contractual services.

During the calendar year 2008 audit period, in-scope contractual service payments totaled approximately $29 million.

Our objective was to determine if the control environment would ensure contractual service purchases were properly approved, accurately and timely recorded, properly supported, and in compliance with laws, regulations and University policies. In addition, we assessed whether errors and irregularities would be prevented or detected timely.

Unmitigated fraud risk exists for contractual service purchases resulting from a lack of advance approvals, competitive solicitation requirements not being followed, and an overall lack of supporting documentation as follows:

· Contractual service agreements did not include sufficient detail of services to be provided,

· The receipt of contractual services was not consistently documented, and

· Contractual service payments were not always supported by a valid invoice.

As a result of the material deficiencies in the control issues identified, we are unable to express overall assurance that the control structure would prevent or detect errors or irregularities on a timely basis.

In addition to the six recommendations related to the validity of purchases and payments where fraud risk exists, we also made six recommendations to improve compliance and reporting associated with contractual services, which should also help ensure federal tax requirements concerning independent contractors are met. Three recommendations were made to improve oversight and guidance for contractual services, including adoption of an electronic contract management system to enhance the efficiency and effectiveness of overall monitoring efforts, and delivery of enhanced procedures and training to promote the consistent application of processes and controls surrounding contractual services.

Three of the recommendations had been fully implemented and four were partially implemented before the report was issued. Issue 13, which involves a software solution for contract management, will require additional resources. Several recommendations require collaboration between Purchasing and Accounts Payable to implement.

Balances Due To/Due From USF and its Component Units

UAC performed an audit of balances due to/due from the University of South Florida and its discretely presented component units as reported in the University’s financial statements for the year ended June 30, 2009. Our report 09-057 was issued on May 21, 2010.

Our objective was to determine if due to/due from balances as reported in the University’s financial statements were:

· Accurate, complete, and recorded timely,

· Properly approved and supported,

· In agreement with the respective due to/due from balances as reported in the component unit financial statements, and

· In compliance with generally accepted accounting principles.

Some differences were identified between the due to/due from balances reported in the University’s financial statements and the balances reported by its component units. Only one of the differences identified resulted in an audit adjustment by the University prior to issuing their 2009 financial statements. Although the remaining differences were not material in terms of the need for financial statement restatement, the differences were indicative of deficiencies in the process of recording and disclosing due to/due from balances. Differences were also identified in the methodology utilized by the University and its component units when disclosing the balances in the balance sheet and notes to the financial statements. Reasons for the inconsistencies include:

· A lack of communication between the entities

· A lack of supporting documentation for due to/due from entries

· Differences in the methodology used to report these balances

· A lack of system-wide policies and procedures for reporting due to/due from balances.

Promulgation of system-wide policies and procedures by the University Controller with the assistance of the University Treasurer will help ensure the transparency and accuracy of the financial statements of the University and each of its component units.

In addition to recommendations designed to improve the accounting and reporting of due to/due from balances, we have included in our report disclosure issues that need to be further reviewed and addressed by management of the University and the component units.

Social Security Number (SSN) Collection and Monitoring

UAC performed an audit of Social Security Number (SSN) Collection and Monitoring within the USF System. Our report 10-039 was issued on June 28, 2010. Our project scope was limited to compliance with USF Policy 0-516, USFID-SSN Appropriate Use Policy. The primary audit objectives were to determine whether collection, transmission, storage, and use of SSNs within the USF System complied with USF Policy 0-516.

Based on our preliminary audit risk assessment, we determined that SSN collection and monitoring within the USF System did not comply with Policy 0-516. Because the control and governance framework outlined in Policy 0-516 was not fully in place, detailed testing of controls was not performed.

The Information Technology Management Council is assigned primary responsibility for all SSN collection and monitoring within the USF System, and should begin fulfilling this role by:

· Authorizing and annually recertifying all SSN use within the USF System as required by Policy 0-516,

· Verifying that security measures are in place and functioning, and

· Ensuring that known SSN security issues are resolved timely.

Sponsored Research Projects Invoicing

UAC performed an audit of the sponsored research projects invoicing process for the six-month period from January 1, 2009 through June 30, 2009. Our report 10-025 was issued on June 17, 2010. During this period, Research Financial Management (RFM) generated a total of 4,243 invoices valued at $104,104,040.

Our project scope was limited to the invoicing process used by RFM. Our objective was to determine if sponsored research projects invoicing was accurate, complete, and timely.

RFM utilizes the FAST system to generate invoices for sponsors of cost-reimbursable projects that will pay by Letter of Credit (LOC). An LOC is an authorization to draw funds from a sponsor for a stated amount and within a stated time period. Drawn funds are for payment of specified costs incurred by USF. RFM also utilizes the FAST system to generate invoices for sponsors of fixed price projects.

Invoices for sponsors of cost reimbursable projects that will not pay by LOC are generated manually outside the FAST system and manually entered into the FAST Accounts Receivable module to allow for the receipt of revenues from sponsors billed. RFM has developed an “in-house” data extraction process which downloads actual expenditures from FAST into a workbook used to prepare cost reimbursable sponsor billings. We focused detailed testing on the manually generated invoices due to the high risk for errors. Manual invoices accounted for 32.31% of the research dollars billed during our audit period.

Our audit testing indicated that invoices manually processed by RFM during the audit period were accurate and complete (agreed with expenditures posted in FAST) and prepared timely (in accordance with the sponsor’s defined billing schedule).

Of the 883 manually generated invoices from the audit period, only five were not entered into the FAST System as an accounts receivable. Corrections were made after the payments had been received by USF Cashier’s Office staff who found no corresponding receivables in FAST. Total unrecorded receivables were $302,534, but corrections were made before the University’s official year-end financial statements were impacted.

The manual creation of invoices outside of FAST, however, continues to hamper the efficiency and effectiveness of RFM’s invoicing process. RFM has been actively working on a project to fully implement invoicing through the FAST system.

DIRECT SERVICES

Consulting Services

Consulting projects are collaborations between management and UAC. Services may be requested in advance and included as part of the annual work plan; however, many requests are made during the year. A project’s objective will vary depending on the needs of management, but may include improving a process or procedure, assisting in the implementation of a new system, interpreting laws, rules, policies, and other guidance or facilitating education/training programs. These services are proactive in nature and can be helpful to any University function or department.

During 2009-10, five consulting projects, including two Management Letters related to investigations, were performed for the USF System, including University Services, the Office of Research and Innovation, and the College of Business. Two major projects are outlined below:

ARRA Reporting

UAC reviewed the USF System’s framework for meeting the reporting requirements in Section 1512 of the American Recovery and Reinvestment Act of 2009 (ARRA). Section 1512 requires recipients of funds to submit a report of specific data elements to the Federal funding agency no later than 10 days after the end of each calendar quarter. Further guidance issued by the Office of Management and Budget (OMB) provides funding recipients with information necessary to effectively implement the Section 1512 reporting requirements. OMB M-09-21 Section 4 requires that recipients of funds perform data quality reviews which “are intended to emphasize the avoidance of two key data problems – material omissions and significant reporting errors.”

Overall, good faith efforts have been made to report complete and accurate data, including the following:

· Key ARRA reporting responsibilities were assumed by the appropriate parties.

· A means of tracking ARRA funds was established through unique fund codes and project attributes.

· Preparation of each quarterly report was well documented.

· Helpful guidance was made available on the University’s website, including an overview of ARRA funds, appropriate and inappropriate uses of ARRA funds, budgeting information, and general reporting information.

· ARRA guidance was proactively monitored for changes and updates.

UAC made three recommendations including the use of consistent transactional periods, reconciliation with official FAST records, and incorporating additional data quality review measures in existing procedures.

Unclaimed Property Review

UAC performed a limited review for unclaimed property belonging to the USF System. We reviewed the official unclaimed property websites of all 50 states, identifying a total of 87 items belonging to the University of South Florida System. We identified $30,988 in unclaimed USF System property that needs to be recovered from the State of Florida Department of Financial Services and $60 held by the State of Georgia Department of Revenue.

We also included an additional 17 items totaling $3,221 that may also belong to the USF System or separate but affiliated organizations like student clubs. For these items, potential USF System ownership was indicated but not conclusive, based on the names, addresses, and or descriptions listed on the State of Florida website.

Information Technology

UAC’s information system projects are performed in accordance with the ISACA (Information Systems Audit and Control Association) Standards and Guidelines. ISACA has designed this guidance as the minimum acceptable level of performance required to meet the professional responsibilities set out in the ISACA Code of Ethics for Auditing and Control Professionals. These Standards and Guidelines are consistent with the Control Objectives for Information and Related Technology (COBIT)--an IT governance framework which permits management to bridge the gap between control objectives, technical issues, and business risk. There are currently three Certified Information Systems Auditors (CISAs) on the UAC team.

This year the IT Audit Team focused on factors which impacted the confidentiality, integrity, and availability of systems and resources held within these systems. Confidentiality not only includes whether sensitive data is secured, but also whether access is effectively controlled. Emphasis this year also included ensuring entitlement reviews were being performed on a periodic basis, user role assignments were compatible, and access levels were appropriate.

In addition to the audits of the OASIS to FAST interface and Purchasing/Accounts Payable Oversight, the IT Audit Team issued two reports resulting in eleven formal recommendations. Due to the sensitive and confidential nature of these recom-mendations, details are not included in this report.

Advisory Services

UAC is committed to providing proactive advice on internal controls, operations, and compliance. Requests for advisory services may come from various management levels throughout the University. The information we provide through these services assists management in decision-making and improving operations. Results of these types of services are communicated verbally or through memorandums.

External Support and Follow-Up Activity

In accordance with the International Standards for the Professional Practice of Internal Auditing, UAC follows up on all internal audit observations to determine if corrective actions have been taken. We also follow up on recommendations made in reports issued by the State of Florida Office of the Auditor General or other external agencies. Utilizing a web-based tracking

system, UAC can efficiently and effectively manage and document follow-up related activities.

Two Follow-Up Reports, covering the period from July 1, 2009, through June 30, 2010, were issued during the fiscal year. UAC reported on the implementation status of agreed-upon corrective actions. The recommendations made during this period related to the following categories:

· Accountability and responsibility

· Accuracy and completeness

· Compliance with laws, regulations, or University policies

· Effective and efficient operations

· Information security

· Security and safety

· Separation of duties

· Timely and properly authorized

· Timely and properly recorded

· Training and guidance

Investigations

The President and the Board of Trustees have charged UAC with performing investigations related to the University and its related organizations. An investigation is an objective review of evidence related to a complaint or allegation.

Complaints and concerns may be received from the University’s EthicsPoint reporting system or directly from an individual, or may be forwarded from various University offices or state and local government agencies.

Reports of concerns, complaints, and allegations may or may not be supported by the facts. That is why it is critical that the investigative process be managed discreetly and confidentially to ensure the integrity of the process and protect the reputations of named individuals. Florida law supports the need for confidentiality during investigations and permits active investigations to be classified as exempt from public record. Only those with a legitimate business need are provided with information related to ongoing investigations.

Approximately 40% of our project effort (direct services) during 2009-10 was expended on investigations compared to 13% in FY 2008-09. Out of nineteen total complaints, four were referred to other units and eight remained open at June 30, 2010. Of the seven completed investigations, the complaints were unsubstantiated in three cases. However, four of the allegations were substantiated in the following categories:

UAC Investigations

Classification

No.

Misappropriations

3

Fiscal misconduct – non research

1

Total

4

The three classified as misappropriations in the table above concluded that resources of the institution had been misused, and the misuse appeared to meet the definition of a theft. As a result, the cases were referred to the University Police department. The other investigation related to the repeated misuse of a PCard. The cardholder reimbursed most of the charges after they were identified by the reconciler. Any control deficiencies identified during our investigations were communicated to management.

COMPLIANCE

The USF System’s Institutional Compliance and Ethics Program was established in 2007 with the appointment of a Chief Compliance Officer (CCO) and the Institutional Compliance and Ethics Council (ICEC), composed of university compliance professionals, managers of high-risk units, and faculty representatives. The CCO and ICEC were charged by President Genshaft and the Board of Trustees to create and maintain an effective program based on best practices to prevent, monitor, detect, and respond to non-compliance and recommend corrective actions to fully meet regulatory requirements.

This year the compliance program welcomed an Associate Compliance Officer, whose primary focus is expansion of the program’s Enterprise Risk Management activities and conflict of interest related issues.

Leadership of the USF System eCOI Project was a major focus for the program this year. This new web-based, conflict of interest disclosure system will greatly enhance the university’s ability to track and manage potential employee conflicts as well as create a much more user-friendly disclosure process for faculty and staff. The eCOI Project also included the creation and approval of two new USF System Policies: Individual Conflicts of Interest in USF System Research Projects (0-309), and Florida Code of Ethics for Public Officers and Employees: Compliance and Disclosure (0-027). A new system policy on institutional conflicts of interest is also in the works.

Other Institutional Compliance and Ethics Program activities during the year included:

· Continuation of Enterprise Risk Management workshops for high-risk units: completion of enterprise risk assessment of the Purchase Order/Accounts Payable process involving Purchasing and Property Services and the Controller’s Office; facilitation of a risk assessment for the Travel Office; and consultation on risk-assessment program for the Office of Information Security

· Consultation, planning, and educational material for new Employee Orientation and Manager Training programs with USF Talent Management

· Major gap-analysis project concerning compliance with the federal Higher Education Opportunity Act reauthorization

· Numerous consultation projects with USF System units concerning compliance-related issues such as export controls, contract and grant management, and financial disclosure, as well as education and policy presentations with university groups such as the Council of Deans, Chairs Development Workshop, A&P Council, USF Staff Senate, and College of Behavioral and Community Sciences.

The Chief Compliance Officer is responsible for the management of the USF System’s anonymous hotline, EthicsPoint.

Of the 27 reports received during FY 2009-10, 11 were substantiated, 15 were unsubstantiated, and one was in progress at year-end.

Substantiated vs. Unsubstantiated

Substantiated

Unsubstantiated

Open

Total

HR

5

9

14

DEO

2

1

3

Safety

2

1

3

Research

2

2

COI

1

1

2

Donor Steward

1

1

Medical

1

1

Data Privacy

1

1

Total

11

15

1

27

ACTIVITY CHARTS

PROJECT

BUDGET

%

ACTUAL

%

DIRECT SERVICES:

Audits/Reviews

5,600

29%

4,547

24%

Follow-up

500

3%

489

3%

Consulting Services

1,250

7%

1,074

6%

Investigations

1,850

10%

4,383

23%

Contingencies

1,300

7%

561

3%

Total Direct Services

10,500

56%

11,054

59%

OTHER:

Administration

3,665

20%

3,206

17%

Staff Development

360

2%

404

2%

Holidays and Leave

4,195

22%

4,056

22%

Total Other

8,220

44%

7,666

41%

TOTAL

18,720

100%

18,720

100%

PROFESSIONAL ACTIVITIES & CERTIFICATIONS

UAC is proud of the experience and professionalism of its staff. During 2009-2010, we continued our involvement with organizations that support higher education and internal auditing activities. UAC staff members participate in a number of professional organizations which include:

Professional Organizations

· Association of College and University Auditors (ACUA)

· Institute of Internal Auditors (IIA)

· Association of Certified Fraud Examiners (ACFE)

· Information System Audit & Control Association (ISACA)

· American Institute of Certified Public Accountants (AICPA)

· National Association of College and University Business Officers (NACUBO)

· National Council of University Research Administrators (NCURA)

Certifications

Our team maintains numerous professional certifications demonstrating their continued commitment to the audit and investigative professions. Current certifications held by our staff include:

· Certified Public Accountant

· Certified Internal Auditor

· Certified Fraud Examiner

· Certified Information Systems Auditor

· Certified Compliance and Ethics Professional

· Microsoft Certified System Engineer

Advanced Degrees

In addition to professional certifications, advanced degrees held by UAC include:

· Master of Accountancy


· Master of Business Administration


· Master of Management - Leadership and Organizational Effectiveness


· Master of Education - Instructional Technology


· Master of Public Administration


· Doctorate of Medical Sciences


· Juris Doctor

Stetson University

UPCOMING YEAR

The following chart reflects our expected allocation of personnel resources during 2010-

2011.

University Audit and Compliance

3702 Spectrum Boulevard, Suite 180

Tampa, Florida 33612-9444

Phone: 813-974-2705

Facsimile: 813-974-3735

Website: www.usf.edu/uac

UAC DIRECT SERVICES

FY 2009-10

Audits/ReviewsFollow-UpConsulting ServicesInvestigationsContingenciesAudits/ReviewsFollow-UpConsulting ServicesInvestigationsContingenciesAudits/ReviewsFollow-UpConsulting ServicesInvestigationsContingencies

Audits/ReviewsFollow-UpConsulting ServicesInvestigationsContingencies0.410000000000000314.0000000000000022E-20.10.40.05

Accountability & Responsibility, 8%Accuracy & Completeness, 27%Compliance with Rules & Laws, 7%Effective & Efficient Operations, 8%Information Security, 7%Safety & Security, 4%Separation of Duties, 4%Timely & Properly Authorized, 15%Timely & Properly Recorded, 12%Training & Guidance, 8%

UAC RECOMMENDATIONS

Chart1

UAC RECOMMENDATIONS

Accountability & ResponsibilityAccuracy & CompletenessCompliance with Rules & LawsEffective & Efficient OperationsInformation SecuritySafety & SecuritySeparation of DutiesTimely & Properly AuthorizedTimely & Properly RecordedTraining & Guidance0.080.277.0000000000000007E-20.087.0000000000000007E-20.040.040.150.120.08

UAC Direct Svs

UAC RECOMMENDATIONS

Accountability & ResponsibilityAccuracy & CompletenessCompliance with Rules & LawsEffective & Efficient OperationsInformation SecuritySafety & SecuritySeparation of DutiesTimely & Properly AuthorizedTimely & Properly RecordedTraining & Guidance0.080.277.0000000000000007E-20.087.0000000000000007E-20.040.040.150.120.08

Data Sheet

RecommendationsRounded% of CountCount

Accountability & Responsibility8%7.62%8

Accuracy & Completeness27%27.62%29

Compliance with Rules & Laws7%6.67%7

Effective & Efficient Operations8%8.57%9

Information Security7%6.67%7

Safety & Security4%3.81%4

Separation of Duties4%3.81%4

Timely & Properly Authorized15%15.24%16

Timely & Properly Recorded12%12.38%13

Training & Guidance8%7.62%8

TOTAL100%100%105

051015202530Training & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility

IMPLEMENTATION

OutstandingAccepts RiskClosed-VerifiedClosed-Not Verified

Chart1

IMPLEMENTATION

Closed-Not VerifiedTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 5915221313102911Closed-VerifiedTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 11110122Accepts RiskTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 11161121OutstandingTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 46712359192

Chart

IMPLEMENTATION

Closed-Not VerifiedTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 5915221313102911Closed-VerifiedTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 11110122Accepts RiskTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 11161121OutstandingTraining & GuidanceTimely & Properly RecordedTimely & Properly Authorized Separation of DutiesSafety & SecurityInformation SecurityEffective & Efficient Operations Compliance with Rules & LawsAccuracy & CompletenessAccountability & Responsibility 46712359192

Datasheet

IMPLEMENTATIONS

CATEGORYCLOSED-NOT VERIFIEDCLOSED-VERIFIEDACCEPTS RISKOUTSTANDING

Training & Guidance54

Timely & Properly Recorded9116

Timely & Properly Authorized 15117

Separation of Duties21

Safety & Security211

Information Security1310623

Effective & Efficient Operations 1315

Compliance with Rules & Laws10119

Accuracy & Completeness292219

Accountability & Responsibility 11212

Totals109181476

14 52%3 11%3 11%2 7%2 7%1 4%1 4%1 4%

EthicsPoint Reports

HR, 14DEO, 3Safety, 3Research, 2COI, 2Donor Steward, 1Medical, 1Data Privacy, 1

Chart1

EthicsPoint Reports

HR, 14DEO, 3Safety, 3Research, 2COI, 2Donor Steward, 1Medical, 1Data Privacy, 1143322111HR, 14DEO, 3Safety, 3Research, 2COI, 2Donor Steward, 1Medical, 1Data Privacy, 10.518518518518518490.11111111111111110.11111111111111117.407407407407407E-27.407407407407407E-23.7037037037037035E-23.7037037037037035E-23.7037037037037035E-2

Data Sheet

Report TypeTotal%

HR, 141452%

DEO, 3311%

Safety, 3311%

Research, 227%

COI, 227%

Donor Steward, 114%

Medical, 114%

Data Privacy, 114%

TOTAL27

EP Chart

EthicsPoint Reports

HR, 14DEO, 3Safety, 3Research, 2COI, 2Donor Steward, 1Medical, 1Data Privacy, 1143322111HR, 14DEO, 3Safety, 3Research, 2COI, 2Donor Steward, 1Medical, 1Data Privacy, 10.518518518518518490.11111111111111110.11111111111111117.407407407407407E-27.407407407407407E-23.7037037037037035E-23.7037037037037035E-23.7037037037037035E-2

Audits/Reviews24%Follow-Up3%Consulting Services6%Investigations23%Contingencies3%Admin17%Staff Development2%Holidays and Leave22%

UAC TOTAL HOURSFY 2009-10

Chart1

UAC TOTAL HOURS

FY 2009-10

Audits/ReviewsFollow-UpConsulting ServicesInvestigationsContingenciesAdminStaff DevelopmentHolidays and Leave0.240.030.060.230.030.170.020.22

UAC Total Hours

UAC TOTAL HOURS

FY 2009-10

Audits/ReviewsFollow-UpConsulting ServicesInvestigationsContingenciesAdminStaff DevelopmentHolidays and Leave0.240.030.060.230.030.170.020.22

Data Sheet

ProjectBudgetHours%

Audits/Reviews5,6004,54724.29%24%

Follow-Up5004892.61%3%

Consulting Services1,2501,0745.74%6%

Investigations1,8504,38323.41%23%

Contingencies1,3005613.00%3%

Admin3,6653,20617.13%17%

Staff Development3604042.16%2%

Holidays and Leave4,1954,05621.67%22%

TOTAL18,72018,720100%100%

Audits/Reviews30%Follow-up3%Consulting Services9%Investigations10%Contingency7%Admin21%Holidays/Leave18%Staff Dev & Training2%


Chart1


Admin21%

Audits/ReviewsFollow-upConsulting ServicesInvestigationsContingencyAdministrationHolidays/LeaveStaff Dev & Training530050015501850131836723150340Audits/ReviewsFollow-upConsulting ServicesInvestigationsContingencyAdministrationHolidays/LeaveStaff Dev & Training0.299773755656108592.828054298642534E-28.7669683257918546E-20.104638009049773767.4547511312217193E-20.20769230769230770.178167420814479641.9230769230769232E-2

10-11 UAC Work Plan


Admin21%

Audits/ReviewsFollow-upConsulting ServicesInvestigationsContingencyAdministrationHolidays/LeaveStaff Dev & Training530050015501850131836723150340Audits/ReviewsFollow-upConsulting ServicesInvestigationsContingencyAdministrationHolidays/LeaveStaff Dev & Training0.299773755656108592.828054298642534E-28.7669683257918546E-20.104638009049773767.4547511312217193E-20.20769230769230770.178167420814479641.9230769230769232E-2

Data Sheet

UAC Work Plan FY 10-11

Audits/Reviews5,30030%

Follow-up5003%

Consulting Services1,5509%

Investigations1,85010%

Contingency1,3187%

Administration3,67221%

Holidays/Leave3,15018%

Staff Dev & Training3402%

17,680100%

% of

HoursEffort

DIRECT SERVICES

Audits/Reviews

Core Processes:

FAST A/R - 3rd party billing800

Tuition1,000

Comparative Medicine billing600

EBS:

PS Travel Module (including Pcards)800

OASIS TBD800

Financial/Accounting Issues:

Convenience Accounts600

Academic Affairs:

Florida Centers of Excellence or

21st Century World Class Scholars600

Subtotal5,200

Continuous Assurance

Research Initiative Accounts100

Follow-up; Coordinate External Audits500

5,80032.8%

Consulting Services

Export Controls150

Conflict of Interest Reporting System200

Special Projects 400

ERM Projects?ERM: System-wide Risk Assessment200

Emerging Issues - compliance, financial, IT600

Subtotal1,5508.8%

Investigations1,85010.5%

Contingency1,3187.4%

TOTAL DIRECT SUPPORT10,51859.5%

INDIRECT SUPPORT

Indirect Support849

Administration2,823

TOTAL INDIRECT SUPPORT3,67220.8%

OTHER

Staff Development & Training340

Staff Vacancy 0

Holidays and Leave3,150

TOTAL OTHER3,49019.7%

TOTAL HOURS AVAILABLE (CAE + 8.5 STAFF)17,680100.0%


UNIVERSITY AUDIT & COMPLIANCE

FY 2010-11 WORK PLAN

Work Plan

UNIVERSITY AUDIT & COMPLIANCE

FY 2010-11 WORK PLAN

% of

HoursEffort

DIRECT SERVICES

Audits/Reviews

Core Processes:

FAST A/R - 3rd party billing800

Tuition1,000

Comparative Medicine billing600

EBS:

PS Travel Module (including Pcards)800

OASIS TBD800

Financial/Accounting Issues:

Convenience Accounts600

Academic Affairs:

Florida Centers of Excellence or

21st Century World Class Scholars600

Subtotal5,200

Continuous Assurance

Research Initiative Accounts100

Follow-up; Coordinate External Audits500

5,80032.8%

Consulting Services

Export Controls150

Conflict of Interest Reporting System200

Special Projects400

ERM Projects?ERM: System-wide Risk Assessment200

Emerging Issues - compliance, financial, IT600

Subtotal1,5508.8%

Investigations1,85010.5%

Contingency1,3187.4%

TOTAL DIRECT SUPPORT10,51859.5%0.0%

INDIRECT SUPPORT

Indirect Support849

Administration2,823

TOTAL INDIRECT SUPPORT3,67220.8%

OTHER

Staff Development & Training340

Staff Vacancy0

Holidays and Leave3,150

TOTAL OTHER3,49019.7%

TOTAL HOURS AVAILABLE (CAE + 8.5 STAFF)17,680100.0%0.0%


UAC ANNUAL REPORT - USFsystem.usf.edu/.../pdfs/upcoming-meetings/120210/0910UACAnnualReport.pdf ·...

Documents

Transcript of UAC ANNUAL REPORT - USFsystem.usf.edu/.../pdfs/upcoming-meetings/120210/0910UACAnnualReport.pdf ·...