Board of Visitors Audit, Compliance, and Risk Committee ... ACR Meeti… · Board of Visitors...
Transcript of Board of Visitors Audit, Compliance, and Risk Committee ... ACR Meeti… · Board of Visitors...
Board of VisitorsAudit, Compliance, and Risk Committee
December 9, 20161
REVISEDDecember 6, 2016
Audit Department Activities
2
DECEMBER 2016Audit Plan Status
3
4
17%
33%
4%4%
13%
29%
Types of Audit Projects PerformedThrough November 30, 2016
Agreed Upon ProceduresAuditConsultationFollow UpsPilot AuditProject Health Check
Assurance and Advisory Projects: Completed FY 2017 To Date
Subject UVA DivisionCurry School of Education Academic Division
Darden Fund Transfers Academic
Distributed IT Systems Current State Assessment
Academic
FY2016 Inventories (UVA Bookstore, Pharmacy)
Academic, Health System
Action Plan Implementation Status—Follow Ups
Academic, Health System
Epic Phase 2 Implementation—Project Health Check (2nd Report)
Health System
Integrated Assurance: Athletics Compliance (NCAA)
Academic 5
6
Assurance and Advisory Projects: In Progress as of December 2016 BOV Meeting
Subject Areas of Audit Focus UVA DivisionEpic Phase 2 Implementation—Project Health Check
IT Security; Clinical/Operational Readiness; Project Management
Health System
IT System Security: Privileged Access Management of Administrative Access to Key Medical Center ITSystems
Health System
Fiscal Stewardship: Internal Controls Data Analytics
Research ComplianceControls
Academic
NCAA Football Attendance Certification of Attendance Figures
Academic
SCADA Consultation Security of BuildingsSystems
Academic
7
Assurance and Advisory Projects: In Progress as of December 2016 BOV Meeting
Subject Areas of Focus UVA DivisionSecureUVA-- Project Health Check Security Enhancement
Plan ProgramGovernance, Project Management
Academic
Office of the President: Travel and Expenses (FY16)
Compliance with University ExpenditurePolicies
Pan-University
Ivy Cloud — Project Health Check w/ Security and Governance Focus
Data Security; System Governance
Pan-University
Ufirst HR Transformation Project Health Check
Program Governance; Project Management; Financial Management
Pan-University
8
Current View of Risk-Prioritized Projects(Remainder of FY2017)
Subject UVA DivisionEpic Phase 2 Implementation—Project Health CheckContinues through Go-Live (July 1, 2017)
Health System
340B Drug Discount Program Health System
IT Change Controls Health System
Special Collections Library Controls and Procedures Academic Division
Ufirst Project Health Check Continues through Go-Live Pan-University
Integrated Assurance: Environmental Health & Safety Pan-University
Strategic Investment Fund: Monitoring Pan-University
FOLLOW UP ON MANAGEMENT ACTION PLANSStatus of Action Plans Due Prior to December 2016 BOV Meeting
9
10
2
3
25
2
2
2
0 5 10 15 20 25 30
Priority 1
Priority 2
Legacy (Unrated)
Action Plan Completion Status Through November 30, 2016by Priority Rating
Closed Open
University Compliance: Report on Medical Center Compliance and Privacy
Officer Search
11
Enterprise Risk Management Update
ERM Priorities
ERM Priorities
Reposition Program
Enhance Board
ReportingOnboard Health System
13
14
Adopt ERM Charter
Create Risk Mgmt. Network
Develop Key Risk List
Develop Risk Management /Mitigation
Feb. 2016 Mar. 2016 Dec. 2016 Mar. 2017 Jun. 2017
Academic Division
Health System
Adopt ERM Charter
Create Risk Mgmt. Network
Develop Key Risk List
Develop Risk Management /Mitigation
ERM Priorities Timeline
4.
Response and
Management of Key
Identified Risks
3.
Assessment of Identified
Risks
2.
Identify Risks to Major
Objectives
1.
Clarify Major
Objectives
Updating the Key Risk List
BOV – Audit, Compliance,
and Risk
President and Cabinet
Risk Management
Council
Risk Management
Network –Health System
Risk Management Network–
Academic Division
ERM Network
16
December 2016ERM Key Risk Dashboard – Academic DivisionACADEMIC DIVISION RISK EXEC. OWNER
RESOURCES - diminished, or loss of, financial resources from major funding sources. (e.g., State, Advancement, Research, Endowment) EVP-COO
RESEARCH - research leadership, infrastructure, and funding to adequately support the accomplishment of our research objectives
EVP-ProvostEVP-Health Affairs
STATE - concern about whether public policy in the State will continue to be supportive of quality public higher education President
FACULTY - attracting, retaining, and developing a distinguished faculty EVP-Provost
LEADERSHIP – maintaining and renewing a highly skilled and cooperative executive team given the attractive alternatives for the best executives President
EXECUTIVE TRANSITION – preparing for an executive leadership transition and a potential change in the University’s strategic direction
BOVPresident
IT SECURITY – enhancing cybersecurity in an era of increasing threats EVP-COO
RESOURCE ALLOCATION – developing an optimal process for allocating resources in meeting strategic objectives EVP-COO
ADVANCEMENT – developing a campaign strategy that adequately addresses philanthropic investment, fundraising strategies, and the governance implications of the resulting distribution of resources between the University and foundations VP for Advancement
COMPETITIVE ENVIRONMENT – assessing the University's competitive space in undergraduate programs, especially in comparison with graduate or professional programs EVP-Provost
SAFETY – maintaining a safe environment for the University community EVP-COOVP for Student Affairs
INVESTMENTS - stewarding assets particularly related to investable assets EVP-COO
!
18
Closed Session
Audit, Compliance, and Risk Committee Agenda
CLOSED SESSIONDiscussion of IT security matters
as provided for in § 2.2-3711
(A)(19) of the Code of Virginia
19
20
Resume Open Session and Adjourn