9.1 The Internal Audit Function

Overview

The purpose of this section is to describe the internal audit function at Georgia Tech, show how the department is organized, indicate its reporting responsibility, and give a summary of the nature and scope of audit work performed.

9.1.1 Original Audit Charter

The Internal Auditing Department was established in 1978 by Dr. J. M. Pettit, then President of the Institute. Dr. Pettit in a memorandum to the campus on March 15, 1978, explained the establishment of an internal audit function as follows [with slight modification to his memorandum to omit references to Southern Tech and the named Vice President for Business and Finance]:

In order to meet a long-standing need and to comply with the recommendations of the Regents' Central Office, an Internal Audit Department has been established to serve the requirements of . . . Georgia Tech . . . This department will report operationally to . . . (the) Vice President for Business and Finance; but it will report directly to me on its findings and recommendations.

The primary objectives of this department, consistent with the objectives of audit activity, will be:

  • To determine that internal systems and controls are adequate and effective.

  • To verify the existence of assets and the maintenance of proper safeguards for their protection.

  • To insure that institutional policies and procedures, appropriate laws, and good business practices are followed.

  • To evaluate the adequacy and reliability of information available for management decisions.

In addition to conducting a regular program of audit activities, it is planned that the new department will reserve a portion of its time for special projects and management assistance to departments upon request. If you have needs which fall within the scope of audit activities, or if you have related problems requiring professional assistance, you are encouraged to utilize the capabilities of the audit staff. It is my intent, and certainly the intent of the audit group, that it will maintain a program of constructive service to the campus.

9.1.2 Functional Statements

According to functional statements adopted at the time of organization, the audit department has these defined responsibilities:

  1. Conducts reviews and evaluations of management practices and procedures at the Georgia Institute of Technology. Reviews will include but are not limited to:

    • Evaluations of internal control systems to determine their adequacy for the protection of institutional assets, the production of accurate and reliable information, and the assurance that institutional policies and procedures, State and Federal laws, and contractual policies are followed.

    • Determinations as to whether Institute resources (personnel, property, funds, etc.) are being utilized in an economical and efficient manner, including the underlying causes of any inefficiencies or wasteful practices.

    • Determinations as to whether desired results or benefits are being achieved from approved programs.

    • Formulating recommendations to management for improvement in, or correction of, inefficient practices and procedures.

  2. Conducts special studies of procedural or problem areas as requested or directed by appropriate levels of management.

  3. Reviews the requirements for new Automated Data Systems (ADS) and major modifications to existing systems to ensure that they are adequately defined, properly justified, and include the necessary internal controls.

  4. Prepares formal reports on the results of completed reviews, discusses these reports with appropriate levels of management, and distributes them to the President, Georgia Institute of Technology, and other levels of management as deemed appropriate.

  5. Conducts follow-up on prior recommendations to determine whether management has corrected the previously reported conditions or whether such conditions still exist.

  6. Serves as liaison with Federal, State, and other audit agencies.

  7. Operates independently of all Georgia Institute of Technology operational activities to assure complete objectivity when conducting reviews and evaluations.

9.1.3 Internal Organization and Reporting

The Department of Internal Auditing is organized as a part of the business operations of the Institute. The President of the Institute, in a memorandum dated March 21, 1995, has directed that the department report to the Senior Vice President for Administration and Finance for organizational and reporting purposes. The Director of Internal Auditing also has a direct reporting channel to the President of the Institute and to the Vice Chancellor for Fiscal Affairs of the Board of Regents on any matters that he feels should be brought to the attention of those officials.

9.1.4 Board of Regents Directive

(The Policy Manual, Section 710.02, as revised August 1, 1991.)

All Directors of Internal Audit at institutions having an Internal Auditor or Internal Audit Department shall have a direct reporting relationship to the President of that institution and the Vice Chancellor of Fiscal Affairs and Treasurer of the Board. The President of each institution having an Internal Auditor shall determine the organizational and operating reporting relationships of the Internal Auditor at their institution. The Vice Chancellor for Fiscal Affairs and Treasurer shall have the authority to direct the Internal Auditors to audit specific functions at their institutions.

The Director of Internal Audit of each System institution with an Internal Auditor shall meet at least annually with the Vice Chancellor for Fiscal Affairs and Treasurer to discuss audits, audit findings, and a proposed schedule.

The Assistant Vice Chancellor for Fiscal Affairs responsible for Internal Auditing and the Directors of Internal Audit for the System institutions with an Internal Auditor shall provide an annual report to an audit subcommittee of the Finance and Business Committee of the Board.

9.1.5 Nature of Audit Work

Audit work done by the department may be grouped into two broad categories: financial audits and operational, or performance, audits.

  1. Financial audits include financially-related audits. The audit of the Institute's basic financial statements is performed on an annual basis (year ending June 30) by the State Audit Department.

    Financially-related audits may include audits of the following items:

    • Segments of financial statements.

    • Statement of revenues and expenses.

    • Statement of cash receipts and disbursements.

    • Statement of fixed assets.

    • Expenditures for specific programs or services.

    • Internal control systems as they relate to accounting, reporting, and transaction processing.

    • Computer-based systems and EDP controls.

    • Specific processing systems such as cash collections, payroll, and accounts payable.

    • Special investigations involving fraud or serious violations of policy.

  2. Operational, or performance, audits conducted by the department generally relate to economy and efficiency of operation, whether resources are being used economically and efficiently, whether good management practices are being followed, and whether there has been compliance with applicable policies, laws, and regulations.

    Such audits, for example, may consider whether a unit:

    • Is following sound procurement practices.

    • Is properly utilizing its personnel to achieve a high level of performance and is avoiding duplicated effort, overstaffing, and ineffective management practices.

    • Is complying with Institute policies.

    • Is complying with applicable laws and regulations that may affect the acquisition, protection, and use of Institute resources.

    • Is achieving satisfactory results in the performance of its assigned functions.

9.1.6 Scope of Audit Work

The scope of audit work, including the selection of specific audit areas, is determined by the following factors:

  1. Annual Audit Plan

    In accordance with the President's memorandum of March 21, 1995, the Director of Internal Auditing will prepare an annual audit plan which addresses internal control systems, financial operations, and special reviews. This plan will consider the audit plan prepared by the Vice Chancellor for Fiscal Affairs and will be coordinated with, and reviewed by, the Senior Vice President for Administration and Finance. The plan will be derived from a campus-wide assessment of risk, consideration of changing environmental and regulation issues, together with regular periodic audits of all Institute activities.

    The audit plan will be prepared in the spring of each fiscal year, reviewed by the Senior Vice President for Administration and Finance, and published before the beginning of the new fiscal year.

  2. Coordination of Audit Plan

    The Institute's audit plan will be coordinated with the activities of external audit agencies and will be supportive of the audit effort of these agencies:

    • Federal

      The department is requested to furnish copies of all audit reports to auditors of the Defense Contract Audit Agency (DCAA) and to provide special assistance as needed.

      The department performs an annual audit of Personal Service Reporting under the Plan-Confirmation System under the provisions of OMB Circular No. A-21, Revised. A requirement of this circular is that an independent internal evaluation must be made of the system to ensure its integrity and compliance with the standards set forth in the circular.

      The department performs an annual audit of the time-reporting system used by the Georgia Tech Research Institute (GTRI). This audit also is a requirement of OMB Circular No. A-21, Revised.

    • State

      The department is requested to furnish copies of all audit reports to State auditors and to provide special assistance as needed.

    • Board of Regents (BOR)

      An annual audit of Wire Transfers is a requirement of Procedural Directive No. 22, issued on July 1, 1989.

      The Board of Regents also requires an annual audit of Continuing Education Units (C.E.U.'s). This audit report is evaluated by the Vice Chancellor for Services to assure that uniform C.E.U. Policies and reporting procedures are being followed by the Institute.

      In accordance with Section 710.02, The Policy Manual, Board of Regents, "the Vice Chancellor for Fiscal Affairs and Treasurer shall have the authority to direct the Internal Auditors to audit specific functions at their institutions."

      Acting under recommendations made by BOR auditors, this department has completed such audits as those on the Georgia Tech Foundation, Inc., and the Bursar's Cash Receipts System. As a matter of procedure, the department will give high priority to any future BOR requests for audits.

  3. Special Investigations

    A significant amount of audit time is spent in conducting special investigations. Such audit work must usually take priority over scheduled audits because of its critical nature and the need to achieve the resolution of a problem as soon as possible. Examples of situations that may require special handling are:

    • Cash losses.
    • Forged checks.
    • Violations of contractual agreements.
    • Unexplained inventory losses.
    • Falsification of documents.

  4. Departmental Assistance

    The audit department has a policy of helping those departments requesting its help and of attempting to make a positive contribution to the solution of problems. This can usually be accomplished in a number of ways, including:

    • Preparation of needed reports.
    • Special analyses of accounting data.
    • Review of procedures.
    • Professional advice on matters of concern.

  5. Special Requests

    The audit department welcomes special requests for audits when there is a demonstrated need for them. If some particular area of operation requires attention, or if there is some process which is not working properly and needs review, these should be brought to the attention of the audit director.

9.1.7 Professional Training and Competence

The audit department maintains a staff of highly trained auditors with extensive audit experience.

The audit scope, methodology, and procedures used in audit work conform to the standards of the profession. Where appropriate, statistical sampling, standardized data collection, and other approved audit techniques are used in the audit process.

Staff auditors who are licensed as Certified Public Accountants in the State of Georgia must participate in programs of Continuing Professional Education (CPE) in order to maintain their certification. The Georgia State Board of Accountancy requires 80 hours of CPE over a two-year period, with a minimum of 20 hours in any one year. Sixteen of the 80 hours must be in accounting and auditing subjects.

The EDP auditor, who is a Certified Information System Auditor (CISA), also has a requirement of 40 hours of CPE annually in order to maintain current certification.

Effective in 1995, all other staff auditors will be required to meet the CPE requirements of the State Board of Accountancy. The only exception will be those staff members who are preparing for, and actually take, the CPA examination.

In the selection of CPE courses, auditors are expected to select those courses of greatest benefit to them professionally. Another major consideration in the selection of courses will be the complementary benefit of all courses to the total effort of the department.

The department has a reference library of over two hundred volumes on accounting, auditing, taxation, and related subjects. It also subscribes to a number of publications on current and emerging issues.

9.1.8 Data Processing Auditor

The audit department has one data processing auditor who is an integral part of departmental operations. The DP Auditor has these specialized functions:

  1. Performs complete audits in DP-related areas such as the Computer Center and the Office of Information Technology.

  2. Conducts audits and produces reports on automated controls in functional application systems, such as registration, financial aid, payroll, and cash receipts. Such audits may be performed independently or conducted in support of audits assigned to other auditors.

  3. Assists external auditors in their performance of financial and operational audits. Assistance is usually provided by accessing and delivering automated information from campus computer systems.

  4. Functions as a computer system control/audit advisor to campus administrators.

  5. Maintains contact with software designers and functional administrators by participating in campus committees.

  6. Provides recommendations on how best to secure and control many of the complex automated systems under development.

9.1.9 Activity Reports

In accordance with established requirements, the department produces two types of reports on its activities:

  1. President's Report

    Each year, the department furnishes a report on its activities to the Senior Vice President for Administration and Finance. This report, along with those from other business units, provides the material for the Senior Vice President to write, and furnish to the President, a summary of significant happenings in the business area. This material is incorporated into the President's Report on the Institute.

  2. Semiannual Report of Internal Audit Activity

    On a semiannual basis, the department provides a comprehensive report of its activities for the periods ending on December 31 and June 30. This report includes a condensed summary of all audits performed during the period. Copies of this report go to appropriate officials on the Board of Regents staff.