MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures
description
Transcript of MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures
![Page 1: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/1.jpg)
MSU Department of Internal AuditPresents:
Internal Audit Processes and Procedures
Thomas Luccock, Director
![Page 2: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/2.jpg)
0-2
Presenters• Thomas Luccock• Jana Dean• Steve Kurncz• Jim Jesswein
![Page 3: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/3.jpg)
0-3
Overview of Topics• Organization and Mission• Internal Controls• Risk Assessment• Typical Findings• Fraud Awareness and SAS 99• Information Technology Auditing• The Internal Audit Quiz Bowl
![Page 4: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/4.jpg)
0-4
Organization Chart
Thomas N. LuccockDirector
Executive Management
Amanda Vankoevering Secretary III
.9 FTE
Jean M. BrownSenior Auditor II
VacantSenior Auditor
Rebecca FedewaSenior Auditor
Amy RefiorSenior Auditor
.75 FTE
James A. JessweinSenior Auditor
Mike ChandelIT Auditor
Steve KurnczSenior IT Auditor
Internal Audit9.65 FTES
All GF
Jana DeanAudit Manager
Greg MeehanStudent Employee
![Page 5: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/5.jpg)
0-5
Our Mission
“To assist University units in effectively discharging their duties
while ensuring proper control over University assets.“
![Page 6: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/6.jpg)
0-6
Our Charter• Introduction• Purpose• Authority• Responsibility• Independence• Audit Scope• Special Investigations• Reporting• Audit Standards and Ethics
![Page 7: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/7.jpg)
0-7
What is Internal Auditing?Internal auditing is an independent, objective
assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
-Courtesy of the Institute of Internal Auditors
![Page 8: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/8.jpg)
0-8
The IIA Standards• Independence• Professional Proficiency• Scope• Performance of Audit• Management• Code of Ethics
![Page 9: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/9.jpg)
0-9
Internal Controls• An integrated system to protect an entity’s
resources and assess risk.• A system of checks and balances.• An established way to prevent and detect
intentional and unintentional errors.• Examples include segregation of duties,
reconciliation, and proper authorization.• Controls can be preventive or detective.
![Page 10: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/10.jpg)
0-10
Who is Responsible for Internal Controls?
Management Delegated to operational
Areas
Everyone in the Organization
![Page 11: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/11.jpg)
0-11
Common Types of Internal Controls
Situation Type of Control
Requiring Passwords to access functions Preventive
Locking the office when the entire staff leaves Preventive
The person who collects money does not reconcile the fund ledgers
Preventive/ Detective
Supervisor review of reconciliations Preventive/ Detective
Authorized signatures for DPVs and JVEs Preventive
Petty cash fund locked in safe Preventive
Procurement card statement approval by supervisor
Detective
Required procurement card training Preventive
![Page 12: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/12.jpg)
0-12
Policy Statements• MSU Manual of Business Procedures
http://ctlr.msu.edu/mbp/httoc.htm
Travel Reimbursement
Cash Handling Procedures
Cell Phone usage practices
It even covers flower purchasing requirements…
• Departmental Policies
![Page 13: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/13.jpg)
0-13
Procurement Card Policy• Manual Available at
http://purchasing.msu.edu• Key Concerns-
– Approval– Documentation– Appropriate Purchases
![Page 14: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/14.jpg)
0-14
Regulatory Requirements• NCAA• / EPA• Contracts and Grants • Financial Aid• A133• Record Retention
– http://www.msu.edu/unit/msuarhc/
![Page 15: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/15.jpg)
0-15
Organizational Risk• What is Risk?
-The potential or likelihood of an event adversely impacting the assets of the organization or the organization’s business objectives.
-courtesy of Jefferson Wells
![Page 16: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/16.jpg)
0-16
The Big PictureCertain factors may impact the industry, organization, or
the auditable unit.
![Page 17: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/17.jpg)
0-17
What is Risk Assessment?• Its purpose:
– To identify the level of uncontrolled risk.– To perform an independent appraisal of the
design of an organization’s system of internal control.
– Includes all the work activities that provide assurance that the auditable unit has appropriate controls in place to comprehensively, effectively, and efficiently manage its risks.
![Page 18: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/18.jpg)
0-18
How can risk assessment be used?
• To determine which areas within a given business process should be reviewed.
• To design tests to verify the adequacy of the identified controls.
• To support a cyclical approach to auditing.
![Page 19: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/19.jpg)
0-19
Audit Tools used during a risk assessment• Opening meeting• Internal control questionnaires and flowcharts• Regulatory requirements• Prior audit reports and correspondence• Observation of daily activities• Risk Survey – plan to circulate periodically
![Page 20: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/20.jpg)
0-20
Risk Assessment Approach• Quantifying Risk
-High
-Medium
-Low• Degree of Control
-High
-Medium
-Low
Other risk assessment methods utilize convenient
color coding.
![Page 21: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/21.jpg)
0-21
Typical Findings• Deposits• Payroll• Reconciliation• Segregation of Duties• Procurement Cards• Travel Reimbursements
![Page 22: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/22.jpg)
0-22
Fraud AwarenessSAS 99• Requirements• 24 Hour Hotline or web reporting
– Complete Anonymity– 1-800-763-0764– www.msu.edu/unit/intaudit
/hotline.html
Employee Responsibilities
![Page 23: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/23.jpg)
0-23
Types of Fraud
Fraud
1. Misstatements arising from fraudulent financial reporting (eg. falsification of accounting records)
2. Misstatements arising from misappropriation of assets (eg. theft of assets or fraudulent expenditures).
![Page 24: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/24.jpg)
0-24
Fraud Facts
• According to the Association of Certified Fraud Examiners (ACFE), U.S. businesses lose approximately 5% of their annual revenues to fraud.
• Seventy five percent of companies surveyed by the KPMG reported that they had experienced at least one instance of fraud during the previous 12 months
• The ACFE estimates that the median loss suffered by organizations with fewer than 100 employees is $190,000 per fraud scheme. previous version of the same study, completed in 2002, added that:
• According to the ACFE, the median length of time between when a fraud begins and when it is ultimately detected is 18 months.
• In its 2006 Report to the Nation, the ACFE reports that frauds are more likely to be detected by a tip than by other means such as internal audits, external audits, or internal controls.
![Page 25: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/25.jpg)
0-25
The Fraud Triangle
Opportunity
RationalizationPressure /
Motives
![Page 26: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/26.jpg)
0-26
Pressures and Motives• Financial pressures – rising debt/bills; spouse
loses job; poor credit• Work Related Pressures – adverse
relationship with management; promotions, compensation or other awards inconsistent with expectations
• Vice pressures• Other pressures
![Page 27: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/27.jpg)
0-27
Opportunity• Lack or circumvention of internal controls• Past failure to discipline wrongdoers• Management apathy• Unwillingness or inability to detect fraud• Lack of an audit trail
![Page 28: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/28.jpg)
0-28
Rationalization• The organization owes it to me.• I am only borrowing the money.• They can afford it.• I deserve more.• It’s for a good purpose.
![Page 29: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/29.jpg)
0-29
Profile of an Embezzler• Tends to be a trusted employee• Works long hours; first in/last out• Skirts mandatory vacation policy• Opposes cross training• Likeable and generous• Personality may change, moodiness may set
in, when stress of embezzlement catches up to them, or when they are about to be caught
• Evasive and usually good at lying
![Page 30: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/30.jpg)
0-30
Fraud Red Flags• Not separating functional responsibilities of
authorization, custodianship, and record keeping. No one should be responsible for all aspects of a function from the beginning to the end of the process.
• Unrestricted access to assets or sensitive data (e.g., cash, personnel records, etc.)
• Not recording transactions resulting in lack of accountability
• Not reconciling assets with the appropriate records
![Page 31: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/31.jpg)
0-31
More Red Flags• Unauthorized transactions• Controls not implemented due to lack of
personnel or adequate training• “Walk through” approvals• Unimplemented Controls• Living beyond one’s means
![Page 32: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/32.jpg)
0-32
Prevention• Senior management team sets the moral and ethical
compass for others to follow• Management must clearly communicate zero
tolerance for fraud and reinforce the message on a regular basis
• Strict ethical code at all levels• Tighten computer security• Actively seek out red flags• Make staff accountable• Utilize MSU’s prevention tools• Learn and understand behavioral cues• Use the hotline!!
![Page 33: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/33.jpg)
0-33
What is an Information Technology Audit?
Information Technology (IT) auditing is defined as any audit that encompasses the review and evaluation of all aspects (or any portion) of automated information processing systems, including related non-automated processes, and the interfaces between them.
![Page 34: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/34.jpg)
0-34
Risks
IT infrastructure risks • Sensitive information• Monetary transactions processes• System access restrictions and enforcement• Weak password policies• Overall network security controls
![Page 35: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/35.jpg)
0-35
IT Audit Scope• University policies and guidelines
– Disaster Recovery Planning and Implementation– Acceptable Use Policy– Data Security and Backup Procedures– Managing Sensitive Data / PCI DSS Compliance
• Industry standards– Password Policies– Security Planning and Implementation– Departmental Acceptable Use Policies
![Page 36: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/36.jpg)
0-36
Information Technology Process
• Scan of systems and associated network• COBIT Standards - 'Control Objectives for
Information and related Technology‘• IT Industry “Known Best Practices”• Partnership with Libraries Computing and
Technology• Employee Responsibilities
![Page 37: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/37.jpg)
0-37
Typical IT Audit Findings• Data backup procedures• Disaster Recovery Plan• Access controls• Security practices
![Page 38: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/38.jpg)
0-38
IT Audit Sensitive Data Focus
• Unit Managing Sensitive Data Procedures and Policies– Unit SSN and other sensitive data procedures and
policies
• Unit Payment Card Industry Data Security Standard (PCI DSS) Compliance– Unit policies regarding electronic and paper
storage of credit card data– PCI DSS Compliance Questionnaire– Unit vulnerability scanning
![Page 39: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/39.jpg)
0-39
Internal Audit Website
![Page 40: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/40.jpg)
0-40
Internal Audit Hotline
![Page 41: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/41.jpg)
0-41
Internal Audit Comments
![Page 42: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/42.jpg)
0-42
Internal Audit Website Resources
![Page 43: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/43.jpg)
0-43
The Audit Bowl
![Page 44: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/44.jpg)
0-44
Question IJane is such a dedicated worker, she never misses
work – no vacations, never calls in sick. Because she is always here, we do not need to train someone to be her back up.
What Control Weaknesses exist in the above situation?A) Jane could be committing fraud that could not be
detected because no one ever does her job.B) If something does happen and Jane is not available
to perform her duties, no one else is able to step in because no one has been trained.
C) There are no control weaknesses.D) Both a and b identify weaknesses.
![Page 45: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/45.jpg)
0-45
Question IIClaire’s department sells small items off of their
departmental website. She accepts phone orders for this merchandise and stores the purchaser’s credit card number and information in an Excel spreadsheet, on her departmental share drive. Once a month Claire logs into WebCredit and runs all of the credit cards at once. Is Claire doing anything wrong? If so, why?
![Page 46: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/46.jpg)
0-46
Question IIIBob forgot his lunch money today so he borrowed from
the petty cash fund. Which statement best describes if this is a control issue or if it is an acceptable practice.
A) That’s ok as long as Bob put an IOU in the petty cash fund.
B) That’s ok as long as Bob repays the next day or at least before the fund is reconciled.
C) Borrowing from university money is never acceptable and is considered a control violation.
D) This isn’t an issue as Bob always repays the money.
![Page 47: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/47.jpg)
0-47
Question IVMary collects registration money, prepares the deposit, agrees
to the monthly fund ledger reports, and prepares the list of participants. Which statement concerning this scenario is true.
A) This makes sense because Mary is responsible for handling the conference, so she should be responsible for all areas.
B) This scenario lacks adequate segregation of duties. Someone else should be involved in at least one of the steps. The list of participants should be agreed to the fund ledger report by someone other than Mary.
C) Mary knows everything that is going on with the conference so it is more efficient to have her handle all the functions.
![Page 48: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/48.jpg)
0-48
Question VCharley is a student employee on campus. He knows
the rules dictate that he cannot work more than 29 hours in one week during the semester. He works 40 one week but will not work at all the second week. So Charley records 20 hours per week instead of 40 for week one and 0 for the second week. Is this acceptable? Why?
![Page 49: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/49.jpg)
0-49
Question VISarah is the business manager. She has several
employees that report to her and are responsible for posting all money received on their subsidiary system. Another employee prepares a deposit and sends by courier to the Cashiers Office. Sarah agrees the deposit ticket to the fund ledger each month. What step is Sarah missing?
![Page 50: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/50.jpg)
0-50
Question VIIJim’s job is to enter mail-in conference registration
forms that his department receives (for a conference they sponsor) into the AIS WebCredit system. After Jim charges the customer he keeps these forms (with full credit card numbers) in a locked cabinet for 3 years because he wants to provide them to the internal auditors, if necessary, and be able to dispute any chargeback claims? Is Jim following the recommended procedures? If not , why?
![Page 51: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/51.jpg)
0-51
Question VIIIJulie frequently takes University office supplies for home
use, such as pens, pencils, and paper. She also uses the office copy machine to make personal copies. Which statement is correct concerning this scenario?
A) Because the items are low cost, this is not a problem.
B) Because Julie is paid less than her co-workers, she is entitled to these extra benefits.
C) It is not acceptable to use the University property and supplies for personal use regardless of cost.
D) Julie has worked for the University for 20 years, and frequently worked extra hours. The University owes her.
![Page 52: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/52.jpg)
0-52
Question IXYou see a co-worker put some cash received for a
conference in his bag. Later you are reconciling the list of participants to the fund ledger and have a difference. What should you do?
![Page 53: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/53.jpg)
0-53
Question X Abbie is responsible for depositing all checks with the
Cashier’s Office. It is late Friday afternoon and Abbie is leaving for a 10 day vacation in the Bahamas. Her last task for the day is to open the mail. In the mail, there is a $10,000 check for the upcoming conference and the Cashier’s Office is already closed. What should Abbie do?
A) Lock the check in her desk drawer and deposit it when she returns from vacation.
B) Take the check home with her so she is sure it is secure and deposit it when she returns from vacation.
C) Give the check to Wanda, her backup, so she can make sure it is secure and deposit it first thing Monday morning.
![Page 54: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/54.jpg)
0-54
Question XIScott has a university procurement card. Scott is very careful to
keep all receipts for each purchase and makes sure no one has access to his card but him. Each month Scott agrees his receipts to his statement. He attaches the receipts to the statements and stores them in his desk in a file labeled “Procurement Card”. What control step is Scott missing?
A) Scott should verify that sales tax was not charged to the university.
B) Scott’s supervisor or a designated budget/business administrator should review and approve the statement with the receipts.
C) Scott should sign the statement as the cardholder.
D) All of the above
![Page 55: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/55.jpg)
0-55
Question XII Ben is a professor. A conference relating to his
research is being held in Orlando, Florida in May. Ben talks to his Dean and receives verbal approval for the trip. The Administrative Assistant registers Ben for the conference and contacts Spartan Travel to make the airline and hotel reservations. Ben now feels he is all set for the trip. What step is Ben missing?
![Page 56: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/56.jpg)
0-56
Question XIIIBen attended the conference and found it very useful.
He turns in the receipts for the hotel and meals, and also the airline tickets to the Administrative Assistant to process his travel voucher. What other document should Ben include?
![Page 57: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/57.jpg)
0-57
Question XIVJennifer is the Business Manager for a large department on
campus. Her secretary has just accepted a position in another department. Jennifer knows the perfect replacement who has the type of experience needed, Suzie. Suzie is Jennifer’s younger sister. Suzie would report directly to Jennifer. Which statement best describes this situation?
A) Suzie is qualified then she should be hired for the position.
B) If Suzie is a direct report to Jennifer then it appears to be a conflict of interest. Someone could accuse Jennifer of providing higher raises or other benefits to Suzie because they are related.
C) Jennifer and Suzie would work great together since they are sisters.
![Page 58: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/58.jpg)
0-58
Question XVThe Administrative Assistant for a large department is filing last
years fund ledger documents and other departmental documents. When she enters the storage room she finds it almost full. She reviews the dates on the boxes and finds many that are 10 years old. She decides she should throw those out but thought she should get approval first. Who should she contact to find out the record retention policy?
A) Internal Audit
B) Controller’s Office
C) University Archives
D) Both b and c
![Page 59: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/59.jpg)
0-59
Summary• The Internal Audit mission is defined by our
charter.• Internal Controls are everyone’s
responsibility.• Policies and procedures should be followed.• Internal Audit constantly assesses risks.• Fraud should be reported.• Internal Audit is available for advice.
![Page 60: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/60.jpg)
0-60
Audience Questions?• Comments may be directed to our website at- • www.msu.edu/~intaudit/comments.html• (submissions may be made anonymously, if
so desired)• Remember to tell your friends about the
Fraud Hotline at 1-800-763-0764 or www.msu.edu/unit/intaudit/hotline.html
![Page 61: MSU Department of Internal Audit Presents: Internal Audit Processes and Procedures](https://reader034.fdocuments.net/reader034/viewer/2022051020/56815a9c550346895dc81d8c/html5/thumbnails/61.jpg)
0-61
Methods of Reporting Fraud• MSU Hotline – call center/web reporting• Direct contact with Internal Audit/DPPS/HR
Key links:
IA website: www.msu.edu/~intaudit
Fiscal misconduct guidelines:
http://www.ctlr.msu.edu/mbp/fiscaLmisconduct.html