11 SUMARIO / INDICE DOS ANEXOS DOCUMENTAIS
12 RESUMEN / RESUMO DA TESE
The Audit Plan is reviewed and approved as follows:
The UTRGV Executive Leadership – Audit plan approved on July 16, 2015.
The UT System Audit Office – Audit plan presented on July 20, 2015.
The University of Texas Rio Grande Valley
FY 2016 Annual Audit Plan APPENDIX A
FY 2016 Audit Plan Engagements Financial Audits and Projects
FY 2015 Financial Statement Audit - Final Procedures 300 Required assistance to Deloitte (1st Quarter FY 16) on the FY 2015 AFR audit of UT System FY 2016 Financial Statement Audit Interim 125 Required assistance to Deloitte (4th Quarter FY 16) on the FY 2016 AFR audit of UT System THECB Peer Review Facilities Audit 100 Assess, verify, and improve data reported to THECB on the use of campus facilities and project funding NCAA Agreed Upon Procedures 300 Assist the UT System Audit Office with the required FY 2015 NCAA Agreed Upon Procedures for UTPA Review of Asset Management 300 Ensure UTB and UTPA assets were appropriately and accurately transferred to the UTRGV financial system. SAO Financial Portion of Statewide Audit 50 Assist the State Auditor's Office with the FY 2015 A-133 Audit for UTPA UTS 142.1 Certification 75 Perform audit work regarding account reconciliation, segregation of duties and other areas as required by UTS 142.1
Financial Subtotal 1250 10.7% Operational Audits and Projects
Medical School Consulting 800 Provide consulting services to the new medical school as they achieve accreditation and establish business processes Business Process Consulting 600 Perform analysis of UTRGV's new business processes to ensure that they have appropriate internal controls and include best practices UTShare PeopleSoft Consulting 700 Assist with the implementation of PeopleSoft for UTRGV
Student Academic History Consulting 200 Perform a review of student academic history data to ensure data was transferred accurately to UTRGV. Executive Travel and Entertainment 250 Audit of the UTRGV Executive Management travel & entertainment expenses President's Travel and Entertainment 50 Assist UT System Audit Office in conducting the audit of President's travel and entertainment expenses for UTB and UTPA Contract Administration 350 Perform an audit of contracting processes based on the requirements of Senate Bill 20
Operational Subtotal 2950 25.3% Compliance Audits and Projects
NCAA Compliance Audit 150 Review UTPA Athletics department for compliance with NCAA regulations over recruiting Endowments and Scholarship Awards 200 Perform an audit of endowments and scholarships to ensure awards follow donor/funding source intent for UTRGV Title IX 200 Ensure UTRGV has appropriate policies, processes and internal controls to comply with Title IX regulations Joint Admission Medical Program (JAMP) 100 Required FY 2015 financial audit of JAMP for UTPA
Benefits Proportionality by Fund 300
Legislative mandate to review the university's salary expenditures and associated employee benefits funded through the State of Texas general revenue appropriation to ensure compliance with the General
Appropriations Act for UTB and UTPA
Research Compliance 400 Perform an audit of UTRGV research activities to ensure compliance with federal regulations
Compliance Subtotal 1350 11.6% Information Technology Audits and Projects
Texas Administrative Code (TAC) 202 600 Perform an audit of information security to ensure compliance with TAC 202 Payment Card Industry Data Security Standards (PCI) 200 Perform an audit to ensure compliance with standards regarding payment card data security
BlackBoard 200 Perform an audit to ensure UTRGV BlackBoard has appropriate access controls
Continuous Audits of Pro-cards 200 Perform control and risk assessments on UTRGV procurement card data to identify potentially fraudulent transactions
Information Technology Subtotal 1200 10.3% Follow Up
Follow Up 100 Perform follow up on open UTRGV recommendations
Follow Up Subtotal 100 0.9% Percent of Total Original Budget Description 7
The University of Texas Rio Grande Valley
FY 2016 Annual Audit Plan APPENDIX A
FY 2016 Audit Plan Engagements Percent of Total Original Budget Description Development - Operations
UT System/SAO External Reporting 250 Reporting requests from System, State Auditor's Office, etc. Annual Audit Plan and Risk Assessment 150 Prepare audit plan for FY 2017 and make necessary changes to FY 2016 audit plan Internal Audit and other Committees 400 Conduct and prepare for Internal Audit Committee meetings and attend campus committees and other meetings with management Council Meetings 150 Attendance and presentations at UT System Internal Audit Council meetings TeamMate and audit software 100 Maintain and upgrade the Teammate audit program libraries and templates and implement the other modules Management of Audit Activity 400 Staff meetings to discuss updates/status of multiple audit projects
Internal Controls Training 200 Provide internal control training to UTRGV staff
Development - Operations Subtotal 1650 14.1% Development - Initiatives and Education
UT System Audit Office Initiatives 100 Staff's participation in System Audit Office Initiatives
Professional Organizations 200 Staff's activities associated with professional audit related associations
Continuing Professional Education 619 Training for professional staff
Assistance to other departments 200 Assistance to other departments
Internal Audit Office Organization and Strategy 200 Establish of UTRGV Internal Audit Office structure, update internal audit manual and procedures, and develop internal audit strategic plan
Development - Initiatives and Education Subtotal 1319 11.3% Reserve
Financial Reserve 500
Operational Reserve 800
Special Requests and Investigations 550
Reserve Subtotal 1850 15.9%
Total Budgeted Hours 11669 100.0%
Reserve to conduct audits, consulting, internal control reviews, investigations, and/or other assurance activities as requested from UTRGV management, UT System or other external sources
The University of Texas Rio Grande Valley
FY 2016 Annual Audit Plan APPENDIX B
Objective at Risk Detailed Risk Description Vulnerability Likelihood Impact Risk Score (CHML) UT System Taxonomy On the Plan? Audit Name
Medical School - Develop and open the UTRGV Medical School
Contracts with hospitals, providers and medical revenue management do not benefit UTRGV
HIGH HIGH HIGH CRITICAL
22.1.3. Strategic Planning Yes Medical
School Consulting Medical School - Develop and open the UTRGV
Medical School
UTRGV does not have an effective Practice
Plan HIGH HIGH HIGH CRITICAL
21. Practice Plan No
Medical School - Develop and open the UTRGV Medical School
The administrative organization is not ideal
for a medical school HIGH HIGH HIGH CRITICAL
22.1.3. Strategic Planning Yes Medical
School Consulting UTRGV Organization - Establish the
organizational structure and business processes for UTRGV
Lack of effective internal controls HIGH HIGH HIGH CRITICAL
1.2. Internal Audit Yes Business Process Reviews UTRGV Organization - Establish the
organizational structure and business processes for UTRGV
Lack of polices for coordinated business processes (not doing it the UTB or the UTPA way)
HIGH HIGH HIGH CRITICAL
1. Governance Yes Business
Process Reviews IT Security - Develop an Effective Information
Security Program
Lack of protection of confidential information
(access, mobile devices, cyber attacks...) HIGH HIGH HIGH CRITICAL
3.8.7. Information Security
Operations Yes TAC 202
Implementation of UTRGV ERP Systems Not having a working ERP that users know how to operate and get information HIGH HIGH HIGH CRITICAL 3.6. Business Applications Yes UTShare Consulting Implementation of UTRGV ERP Systems System is not configured effectively and
converted data is not accurate HIGH HIGH HIGH CRITICAL
3.6. Business Applications Yes UTShare Consulting Student Success - Maximize students' potential
for academic success
UTB and UTPA students degree plans consolidation and progress towards graduation not transferred properly
HIGH HIGH HIGH CRITICAL
3.6.3. Student Records
System (Banner) Yes Student
Academic History Campus Safety - To protect the life and property
of students, faculty, and staff of the University by providing a secure and safe environment
Non-compliance with Title IX with regard to
sexual assault offenses HIGH HIGH HIGH CRITICAL
12.5.1. Campus Security Yes
Title IX
Medical School - Develop and open the UTRGV Medical School
Medical school does not obtain LCME
accreditation HIGH MEDIUM HIGH HIGH
22.1.Medical Professions
Schools Yes Medical School
Consulting Medical School - Develop and open the UTRGV
Medical School Risks with Student/Residency program HIGH MEDIUM MEDIUM HIGH
22.1.2. Graduate
Education Yes Medical School
Consulting IT Security - Develop an Effective Information
Security Program
Lack of professional staff to develop and
maintain security program HIGH MEDIUM HIGH HIGH
3.8.1. Information Security
Leadership & Governance Yes TAC 202
Talent Management - Recruiting and hiring the
most talented employees Compensation not paid timely or accurately HIGH HIGH MEDIUM HIGH
5.2. Compensation Yes Business
Process Reviews Talent Management - Recruiting and hiring the
most talented employees
Lack of consistent business policies and
processes HIGH HIGH MEDIUM HIGH
5. Human Resources Yes Business Process Reviews Talent Management - Recruiting and hiring the
most talented employees
Not hiring enough people to conduct classes
and business processes HIGH HIGH MEDIUM HIGH
5.5. Recruiting Yes Business
Process Reviews Talent Management - Recruiting and hiring the
most talented employees Mismanagement of student employees HIGH HIGH MEDIUM HIGH
5. Human Resources No
Implementation of UTRGV ERP Systems
Lack of training so that users do not know how to operate the system, cannot retrieve information and may set up shadow systems
HIGH MEDIUM HIGH HIGH
3.6. Business Applications Yes
UTShare Consulting Student Success - Maximize students' potential
for academic success
Student may not be able to graduate due to
availability of classes HIGH HIGH MEDIUM HIGH
17.3.Student Retention and Graduation No
Campus Safety - To protect the life and property of students, faculty, and staff of the University by providing a secure and safe environment
Labs and other areas with hazardous materials are not adequately managed and secured
HIGH MEDIUM HIGH HIGH
10.4.Environmental Health and Safety No
Campus Safety - To protect the life and property of students, faculty, and staff of the University by providing a secure and safe environment
Ineffective management of risks unique to
the US-Mexico border HIGH MEDIUM HIGH HIGH
12.5.1. Campus Security No
Campus Safety - To protect the life and property of students, faculty, and staff of the University by providing a secure and safe environment
Clery Act reporting may be inaccurate or incomplete with the expansion of the reporting area for UTRGV
HIGH MEDIUM HIGH HIGH
12.5.1. Campus Security No
Student Success - Maximize students' potential for academic success
UTB and UTPA students degree plan consolidation and progress towards graduation not transferred properly
HIGH MEDIUM HIGH HIGH
3.6.3. Student Records
System (Banner) Yes Academic Student
History Financial Reporting - To provide accurate and
timely reporting of financial matters to the appropriate internal and external recipients.
Identification and transfer of all UTB and UTPA assets to UTRGV not properly conducted.
MEDIUM HIGH LOW HIGH
2.1. Financial Reporting Yes Review of
Asset Management Financial Reporting - To provide accurate and
timely reporting of financial matters to the appropriate internal and external recipients.
Identification and transfer of all UTB and UTPA research grants to UTRGV not properly conducted.
MEDIUM HIGH HIGH HIGH
4.1. Research
Administration Yes Research Compliance Development - Expand and enhance essential
philanthropic and other support for the university among alumni, faculty, staff, students, and friends throughout Texas, the nation, and the world
Scholarships are not awarded in compliance
with endowment requirements MEDIUM MEDIUM HIGH HIGH
14.4.Stewardship Activities Yes
Endowments and Scholarships Research - To maximize success in research and
innovation for faculty, students, and staff, as well as to comply with all required standards of research administration.
Grants from previous institutions may not be moved appropriately to the UTRGV financial and grant systems
HIGH MEDIUM HIGH HIGH
10.4.Environmental Health
and Safety Yes
Research Compliance
The University of Texas Rio Grande Valley
FY 2016 Annual Audit Plan APPENDIX B
Objective at Risk Detailed Risk Description Vulnerability Likelihood Impact Risk Score (CHML) UT System Taxonomy On the Plan? Audit Name
Research - To maximize success in research and innovation for faculty, students, and staff, as well as to comply with all required standards of research administration.
Risks of inaccurate effort reporting and non-
compliance with grant requirements HIGH MEDIUM HIGH HIGH
4.1. Research
Administration Yes Research
Compliance Facilities Management - To develop, operate,
and maintain high quality facilities.
New construction increases financial,
operational and compliance risks MEDIUM HIGH HIGH HIGH
6. Facilities Management No
Facilities Management - To develop, operate, and maintain high quality facilities.
Not adequately managing Environmental
Health and Safety risks including lab safety MEDIUM HIGH HIGH HIGH
10.4.Environmental Health and Safety No
Community Outreach - Creating, developing, and maintaining impactful community partnerships that advance the teaching and research mission while strengthening ties to the local and global community
Lack of management and oversight of programs that involve minors (summer camps)
MEDIUM MEDIUM HIGH HIGH
11.3.Community Outreach
Programs No
UTRGV Organization - Establish the organizational structure and business processes for UTRGV
Lack of internal audit and compliance
functions HIGH LOW HIGH MEDIUM
1.1. Organizational Structure & Accountability
UTRGV Organization - Establish the organizational structure and business processes for UTRGV
UTRGV does not receive SACS COC
accreditation HIGH LOW HIGH MEDIUM
18.1.Accreditation
IT Security - Develop an Effective Information Security Program
Risks associated with decentralized and
remote locations HIGH MEDIUM MEDIUM MEDIUM
3.3. IT Infrastructure
IT Security - Develop an Effective Information Security Program
Lack of integration between UTB and UTPA
systems, poor data consolidation HIGH MEDIUM MEDIUM MEDIUM
3.3. IT Infrastructure
Talent Management - Recruiting and hiring the most talented employees
Not recruiting most talented people due to nepotism or hiring people who are not eligible to work
HIGH MEDIUM MEDIUM MEDIUM
5.5. Recruiting
Talent Management - Recruiting and hiring the most talented employees
Not providing mandatory training and
ineffective on boarding procedures HIGH MEDIUM MEDIUM MEDIUM
5.6. Training
Campus Safety - To protect the life and property of students, faculty, and staff of the University by providing a secure and safe environment
Not providing students, faculty and staff with
a safe and healthy work environment HIGH MEDIUM MEDIUM MEDIUM
12.5.1. Campus Security
Student Success - Maximize students' potential for academic success
Ensuring compliance regarding international
students HIGH LOW HIGH MEDIUM
15. Enrollment Management
Financial Reporting - To provide accurate and timely reporting of financial matters to the appropriate internal and external recipients.
Identification and transfer of all UTB and UTPA endowments to UTRGV not properly conducted.
MEDIUM LOW MEDIUM MEDIUM
2.1. Financial Reporting
Development - Expand and enhance essential philanthropic and other support for the university among alumni, faculty, staff, students, and friends throughout Texas, the nation, and the world
UTPA and UTB endowments are not
transferred to UTRGV appropriately MEDIUM LOW MEDIUM MEDIUM
14.1.Gifts and Endowments
Research - To maximize success in research and innovation for faculty, students, and staff, as well as to comply with all required standards of research administration.
Increased level of research increases risks
of misconduct/ethics/conflict of interest HIGH MEDIUM MEDIUM MEDIUM
4.4. Research Compliance
Facilities Management - To develop, operate, and maintain high quality facilities.
Keys to UTB and UTPA buildings may not have been collected when employees that are not employed at UTRGV separated
MEDIUM MEDIUM MEDIUM MEDIUM
12.5.3. Facility Access
Community Outreach - Creating, developing, and maintaining impactful community partnerships that advance the teaching and research mission while strengthening ties to the local and global community
Event that negatively impacts the reputation
of the institution MEDIUM MEDIUM MEDIUM MEDIUM
11.3.Community Outreach Programs
Community Outreach - Creating, developing, and maintaining impactful community partnerships that advance the teaching and research mission while strengthening ties to the local and global community
Lack of local business support for UTRGV MEDIUM MEDIUM MEDIUM MEDIUM
11.3.Community Outreach Programs
Athletics - Developing and maintaining an Athletics program
Contracts and sponsorships will have to be
renewed or renegotiated under UTRGV MEDIUM MEDIUM MEDIUM MEDIUM
12.10. Athletics
Athletics - Developing and maintaining an
Athletics program NCAA compliance for Division I MEDIUM MEDIUM MEDIUM MEDIUM
12.10. Athletics
The University of Texas Rio Grande Valley
FY 2016 Annual Audit Plan APPENDIX C
CAE Management
Director Team Staff Total %
Audit Hours* 1,667 3,334 6,668 11,669 80%
Non-Audit Hours:
General Administration 125 250 500 875 6%
Holidays 128 256 512 896 6%
Vacation & Sick Leave 160 320 640 1,120 8%
Total Available Hours 2,080 4,160 8,320 14,560 100%
*Note: Audit hours now include Training/CPE hours, which was a separate row under General Administration in past years.
Total Holiday V/S Leave GA Projects
CAE 2080 128 160 125 1667 Director 2080 128 160 125 1667 Assistant Director 2080 128 160 125 1667 Senior Auditor II 2080 128 160 125 1667 Senior Auditor II 2080 128 160 125 1667 Senior IT Auditor 2080 128 160 125 1667 Senior Auditor I 2080 128 160 125 1667 14560 896 1120 875 11669 open position 50%
UTRGV has 8 FTE positions budgeted (gross) with 1 FTE vacancy, resulting in 7 net positions.