The purpose of this section
is to describe the internal audit function at Georgia Tech, show how the
department is organized, indicate its reporting responsibility, and give
a summary of the nature and scope of audit work performed.
9.1.1 Original Audit Charter
The Internal Auditing
Department was established in 1978 by Dr. J. M. Pettit, then President of
the Institute. Dr. Pettit in a memorandum to the campus on March 15, 1978,
explained the establishment of an internal audit function as follows [with
slight modification to his memorandum to omit references to Southern Tech
and the named Vice President for Business and Finance]:
In order to meet
a long-standing need and to comply with the recommendations of the Regents'
Central Office, an Internal Audit Department has been established to serve
the requirements of . . . Georgia Tech . . . This department will report
operationally to . . . (the) Vice President for Business and Finance;
but it will report directly to me on its findings and recommendations.
The primary objectives
of this department, consistent with the objectives of audit activity,
In addition to conducting
a regular program of audit activities, it is planned that the new department
will reserve a portion of its time for special projects and management assistance
to departments upon request. If you have needs which fall within the scope
of audit activities, or if you have related problems requiring professional
assistance, you are encouraged to utilize the capabilities of the audit
staff. It is my intent, and certainly the intent of the audit group, that
it will maintain a program of constructive service to the campus.
- To determine that
internal systems and controls are adequate and effective.
- To verify the existence
of assets and the maintenance of proper safeguards for their protection.
- To insure that
institutional policies and procedures, appropriate laws, and good business
practices are followed.
- To evaluate the
adequacy and reliability of information available for management decisions.
9.1.2 Functional Statements
According to functional
statements adopted at the time of organization, the audit department has
these defined responsibilities:
- Conducts reviews
and evaluations of management practices and procedures at the Georgia
Institute of Technology. Reviews will include but are not limited to:
of internal control systems to determine their adequacy for the
protection of institutional assets, the production of accurate and
reliable information, and the assurance that institutional policies
and procedures, State and Federal laws, and contractual policies
as to whether Institute resources (personnel, property, funds, etc.)
are being utilized in an economical and efficient manner, including
the underlying causes of any inefficiencies or wasteful practices.
as to whether desired results or benefits are being achieved from
recommendations to management for improvement in, or correction
of, inefficient practices and procedures.
- Conducts special
studies of procedural or problem areas as requested or directed by appropriate
levels of management.
- Reviews the requirements
for new Automated Data Systems (ADS) and major modifications to existing
systems to ensure that they are adequately defined, properly justified,
and include the necessary internal controls.
- Prepares formal
reports on the results of completed reviews, discusses these reports
with appropriate levels of management, and distributes them to the President,
Georgia Institute of Technology, and other levels of management as deemed
- Conducts follow-up
on prior recommendations to determine whether management has corrected
the previously reported conditions or whether such conditions still
- Serves as liaison
with Federal, State, and other audit agencies.
- Operates independently
of all Georgia Institute of Technology operational activities to assure
complete objectivity when conducting reviews and evaluations.
9.1.3 Internal Organization
The Department of Internal
Auditing is organized as a part of the business operations of the Institute.
The President of the Institute, in a memorandum dated March 21, 1995, has
directed that the department report to the Senior Vice President for Administration
and Finance for organizational and reporting purposes. The Director of Internal
Auditing also has a direct reporting channel to the President of the Institute
and to the Vice Chancellor for Fiscal Affairs of the Board of Regents on
any matters that he feels should be brought to the attention of those officials.
9.1.4 Board of Regents Directive
(The Policy Manual,
Section 710.02, as revised August 1, 1991.)
of Internal Audit at institutions having an Internal Auditor or Internal
Audit Department shall have a direct reporting relationship to the President
of that institution and the Vice Chancellor of Fiscal Affairs and Treasurer
of the Board. The President of each institution having an Internal Auditor
shall determine the organizational and operating reporting relationships
of the Internal Auditor at their institution. The Vice Chancellor for
Fiscal Affairs and Treasurer shall have the authority to direct the Internal
Auditors to audit specific functions at their institutions.
The Director of Internal
Audit of each System institution with an Internal Auditor shall meet at
least annually with the Vice Chancellor for Fiscal Affairs and Treasurer
to discuss audits, audit findings, and a proposed schedule.
The Assistant Vice
Chancellor for Fiscal Affairs responsible for Internal Auditing and the
Directors of Internal Audit for the System institutions with an Internal
Auditor shall provide an annual report to an audit subcommittee of the
Finance and Business Committee of the Board.
9.1.5 Nature of Audit Work
Audit work done by the
department may be grouped into two broad categories: financial audits and
operational, or performance, audits.
- Financial audits
include financially-related audits. The audit of the Institute's basic
financial statements is performed on an annual basis (year ending June
30) by the State Audit Department.
audits may include audits of the following items:
- Segments of
- Statement of
revenues and expenses.
- Statement of
cash receipts and disbursements.
- Statement of
for specific programs or services.
- Internal control
systems as they relate to accounting, reporting, and transaction
systems and EDP controls.
- Specific processing
systems such as cash collections, payroll, and accounts payable.
- Special investigations
involving fraud or serious violations of policy.
- Operational, or
performance, audits conducted by the department generally relate to
economy and efficiency of operation, whether resources are being used
economically and efficiently, whether good management practices are
being followed, and whether there has been compliance with applicable
policies, laws, and regulations.
for example, may consider whether a unit:
- Is following
sound procurement practices.
- Is properly
utilizing its personnel to achieve a high level of performance and
is avoiding duplicated effort, overstaffing, and ineffective management
- Is complying
with Institute policies.
- Is complying
with applicable laws and regulations that may affect the acquisition,
protection, and use of Institute resources.
- Is achieving
satisfactory results in the performance of its assigned functions.
9.1.6 Scope of Audit Work
The scope of audit work,
including the selection of specific audit areas, is determined by the following
- Annual Audit Plan
with the President's memorandum of March 21, 1995, the Director of
Internal Auditing will prepare an annual audit plan which addresses
internal control systems, financial operations, and special reviews.
This plan will consider the audit plan prepared by the Vice Chancellor
for Fiscal Affairs and will be coordinated with, and reviewed by,
the Senior Vice President for Administration and Finance. The plan
will be derived from a campus-wide assessment of risk, consideration
of changing environmental and regulation issues, together with regular
periodic audits of all Institute activities.
The audit plan
will be prepared in the spring of each fiscal year, reviewed by the
Senior Vice President for Administration and Finance, and published
before the beginning of the new fiscal year.
- Coordination of
audit plan will be coordinated with the activities of external audit
agencies and will be supportive of the audit effort of these agencies:
is requested to furnish copies of all audit reports to auditors
of the Defense Contract Audit Agency (DCAA) and to provide special
assistance as needed.
performs an annual audit of Personal Service Reporting under the
Plan-Confirmation System under the provisions of OMB Circular
No. A-21, Revised. A requirement of this circular is that an independent
internal evaluation must be made of the system to ensure its integrity
and compliance with the standards set forth in the circular.
performs an annual audit of the time-reporting system used by
the Georgia Tech Research Institute (GTRI). This audit also is
a requirement of OMB Circular No. A-21, Revised.
is requested to furnish copies of all audit reports to State auditors
and to provide special assistance as needed.
- Board of Regents
audit of Wire Transfers is a requirement of Procedural Directive
No. 22, issued on July 1, 1989.
of Regents also requires an annual audit of Continuing Education
Units (C.E.U.'s). This audit report is evaluated by the Vice Chancellor
for Services to assure that uniform C.E.U. Policies and reporting
procedures are being followed by the Institute.
with Section 710.02, The Policy Manual, Board of
Regents, "the Vice Chancellor for Fiscal Affairs and Treasurer
shall have the authority to direct the Internal Auditors to audit
specific functions at their institutions."
recommendations made by BOR auditors, this department has completed
such audits as those on the Georgia Tech Foundation, Inc., and
the Bursar's Cash Receipts System. As a matter of procedure, the
department will give high priority to any future BOR requests
- Special Investigations
amount of audit time is spent in conducting special investigations.
Such audit work must usually take priority over scheduled audits because
of its critical nature and the need to achieve the resolution of a
problem as soon as possible. Examples of situations that may require
special handling are:
- Cash losses.
- Forged checks.
of contractual agreements.
- Departmental Assistance
The audit department
has a policy of helping those departments requesting its help and
of attempting to make a positive contribution to the solution of problems.
This can usually be accomplished in a number of ways, including:
of needed reports.
- Special analyses
of accounting data.
- Review of procedures.
advice on matters of concern.
- Special Requests
The audit department
welcomes special requests for audits when there is a demonstrated
need for them. If some particular area of operation requires attention,
or if there is some process which is not working properly and needs
review, these should be brought to the attention of the audit director.
9.1.7 Professional Training
The audit department
maintains a staff of highly trained auditors with extensive audit experience.
The audit scope,
methodology, and procedures used in audit work conform to the standards
of the profession. Where appropriate, statistical sampling, standardized
data collection, and other approved audit techniques are used in the audit
Staff auditors who
are licensed as Certified Public Accountants in the State of Georgia must
participate in programs of Continuing Professional Education (CPE) in
order to maintain their certification. The Georgia State Board of Accountancy
requires 80 hours of CPE over a two-year period, with a minimum of 20
hours in any one year. Sixteen of the 80 hours must be in accounting and
The EDP auditor,
who is a Certified Information System Auditor (CISA), also has a requirement
of 40 hours of CPE annually in order to maintain current certification.
Effective in 1995,
all other staff auditors will be required to meet the CPE requirements
of the State Board of Accountancy. The only exception will be those staff
members who are preparing for, and actually take, the CPA examination.
In the selection
of CPE courses, auditors are expected to select those courses of greatest
benefit to them professionally. Another major consideration in the selection
of courses will be the complementary benefit of all courses to the total
effort of the department.
The department has
a reference library of over two hundred volumes on accounting, auditing,
taxation, and related subjects. It also subscribes to a number of publications
on current and emerging issues.
9.1.8 Data Processing Auditor
The audit department
has one data processing auditor who is an integral part of departmental
operations. The DP Auditor has these specialized functions:
- Performs complete
audits in DP-related areas such as the Computer Center and the Office
of Information Technology.
- Conducts audits
and produces reports on automated controls in functional application
systems, such as registration, financial aid, payroll, and cash receipts.
Such audits may be performed independently or conducted in support of
audits assigned to other auditors.
- Assists external
auditors in their performance of financial and operational audits. Assistance
is usually provided by accessing and delivering automated information
from campus computer systems.
- Functions as a
computer system control/audit advisor to campus administrators.
- Maintains contact
with software designers and functional administrators by participating
in campus committees.
- Provides recommendations
on how best to secure and control many of the complex automated systems
9.1.9 Activity Reports
In accordance with established
requirements, the department produces two types of reports on its activities:
- President's Report
Each year, the
department furnishes a report on its activities to the Senior Vice
President for Administration and Finance. This report, along with
those from other business units, provides the material for the Senior
Vice President to write, and furnish to the President, a summary of
significant happenings in the business area. This material is incorporated
into the President's Report on the Institute.
- Semiannual Report
of Internal Audit Activity
On a semiannual
basis, the department provides a comprehensive report of its activities
for the periods ending on December 31 and June 30. This report includes
a condensed summary of all audits performed during the period. Copies
of this report go to appropriate officials on the Board of Regents