INTERNAL AUDIT DEPARTMENT Internal Audit Services Departmental Compliance Audit Program (updated)

1
INTERNAL AUDIT DEPARTMENTInternal Audit
ServicesDepartmental Compliance Audit Program
(updated)

• Daisy Asiñas Mahshid Parsi
• School of Medicine - 2006

2
., and then a call from internal audit .
3
Types of Internal Audit Services at Stanford

• Compliance, Financial, Operational
• Internal Control Consultations
• IT Reviews
• Risk and Control Self Assessment (RCSA)
• Review of Allegations
• Liasion with External Auditors such as PwC and
  Govt Auditors

4
Examples of Compliance Audits

• Departmental Compliance Audit (full or partial
  scope)
• Gift processing in Office of Develop or Dept.
• Pcards
• Travel audit
• Human subjects research protocol review
• Health and Safety
• Faculty or staff conflict of interests
  commitments
• A-133 (on behalf of PwC)

5
Audit Program for Operating Unit Compliance
Audits - Dual Purpose

• Department/Unit Tool
• Areas of Focus
• Policies, Regulations
• Websites
• Internal Control Self Assessment
• Preparation for audit
• Training
• Management Oversight
• Prioritize department risks
• Easy to use

• Audit Program
• Opening Interview
• Internal Controls
• Areas IAD tests
• How IAD tests
• What IAD Measures against
• Efficient
• Effective
• Consistency

6
Compliance Audit Program - Sections

• GENERAL ADMINISTRATION
• SPONSORED PROJECTS AND OTHER RESEARCH ISSUES
• REVENUE
• ACCOUNTS/EXPENDITURES
• PAYROLL/HUMAN RESOURCES
• INFRASTRUCTURE
• RPH Research Policy Handbook,
• GM Administrative Guide Memo
• http//www.stanford.edu/dept/internal-audit/docs/c
  ompliance99.shtml

7
Areas of Audit Findings - (Since 2000)
7
1
1
10
12
12
5
2
4
3
9
2
1
4
1
6
5
5
7
6
4
7
5
3
6
7
5
9
14
7
6
5
17. Unapproved Effort Reduction
18. Faculty Bonuses
19. Staff Bonuses
20. NIH Cap
21. Allocations
22. Cost Transfers
23. Other Direct Charging
24. Unallowable Costs
25. IRB/APLAC
26. Indirect Rates
27. Other Sponsored Project
29. HR I-9
30. HR Overtime
31. HR Personnel Files
32. HR Perform./Appraisals
33. Other SU Policy
1. Property Control
2. Space Usage
3. Gift-Timeliness
4. Gift- Usage/Purpose
5. Gift- Forms/Sign./CoI
6. EHS Training
7. EHS Overall Controls
8. EHS Other
9. CoC/I
10. Overdrafts
11. Early Accounts
12. Certifications
13. Effort Charging/Reporting
14. SU-18's OTL Issues
15. Software Licenses
16. P-Card
8
Recent Governmental Enforcement

• 3/06 - University of Rochester Unpaid OT. 9.5
  Million settlement.
• 1/06 - University of Connecticut Extra
  Compensation Cost Sharing. 2.5 Million
  settlement.
• 5/05 - Mayo Clinic Allocation Cost Transfers.
  6.5 Million settlement.
• 6/05 - Cornell University Grant money used to
  support patients care at affiliate hospital.
  4.4 Million settlement.
• 4/05 - University of Alabama-Birmingham. Effort
  reporting. 3.4 Million
• 6/04 - Harvard University and an affiliated
  teaching hospital Effort reporting, equipment,
  HR issues. 3.3 Million settlement
• 3/04 - John Hopkins University Effort reporting.
  2.6 Million settlement.
• 2/03 - Northwestern University Effort reporting.
  5.5 Million settlement

9
Where do you turn in Compliance Audit Program?

• A single allocation methodology (number of FTEs)
  is used to allocate phone toll, photocopying,
  professional services, and lab supplies charges.
• 3 PI salaries in excess of the NIH salary cap
  were not recorded to an unallowable expenditure
  type.
• A subcontract invoice for 67,400 was charged to
  a NIH grant. The invoice was not sufficiently
  detailed, and the justification was presented as
  expenses were budgeted.
• A NIH grant was awarded with 25 PIs effort. The
  PI recorded only 17 of his salary to this grant.

10
Departmental Compliance Audit Program
Questions?