Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
NDUS Audit

NDUS Audit

Ratings: (0)|Views: 529|Likes:
Published by Rob Port
NDUS Audit
NDUS Audit

More info:

Published by: Rob Port on Mar 14, 2014
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Larson Allen Risk Assessment Summary report and NDUS internal audit plan The NDUS conducted a system-wide risk assessment because it is a good business practice and the first step in developing internal audit plans for the upcoming year(s). A risk assessment such as this allows us to gather data and inventory potential areas where either additional focus should be placed or an opportunity to create additional guidance or efficiencies exists. Several of the institutions have similar opportunities which may cross functional areas as well. For example, under
 the need for funding for new equipment and facilities is mentioned, but facilities improvements also are mentioned under
Environmental Health and Safety
 Based on the completed Larson Allen Risk Assessment, the NDUS audit plan will be a two-fold approach that covers both the long-term or entity-level and short-term or process-level audits. To cover the entity-level controls, the NDUS will take an Enterprise-wide Risk Management (ERM) approach to ensure all institutions have adequate entity-level controls in place. In most cases the entity-level controls will be completed primarily by the campus, with support from the NDUS internal auditor. Many of these entity-level controls may already be in place while others may take one or two years to fully develop and implement. The entity-level controls consist of, but are not limited to:
Code of conduct/ethics policies signed yearly by all employees
Business continuity and business recovery plans
Business process efficiencies and standardization, and
Segregation of Duties (from system access perspective) The NDUS audit plan will also encompass the process-level audits on a short-term basis. These audits may include, but are not limited to:
Vender/purchasing audit
Payroll/time recording audit
Enrollment compliance audit
Time and Expense audit
Payment Card Industry (PCI) compliance These audits deal directly with some of the opportunities identified by the Larson Allen Risk Assessment. The yearly audit plan will be reviewed by the chancellor and approved by the BAFC before being completed by the NDUS internal auditor. A summary of all the Risk Assessment reports follows. The majority of the opportunities can be placed into one of three buckets: compliance, funding/allocation, and system level. Included in the compliance column are the items or areas that can be audited. They deal mainly with SBHE policies and procedures. The funding/allocation column deals with those areas that could be enhanced or improved if the NDUS had more funding. These items may not be auditable, but the Internal Auditor could assist in gathering
data or information for the system or the SBHE. The last column includes those opportunities that fall under the enterprise-wide controls to be addressed in the long term because several of them will take years to develop and implement. The NDUS internal auditor will offer guidance and assistance where possible, but the majority of the system-level opportunities will be completed at the institution level.
A. ComplianceB. Funding/AllocationC. System level
• Opportunity for development,
implementation and/or training on policies and procedures.
• Opportunity's with
faculty/staff recruitment and retention.
• Opportunity with Distant Ed
expansion and program funding.
• Opportunity's around building
and physical security on campuses.
• Opportunity to develop more
consistent and efficient business processes.
• Opportunity to develop and
implement business continuity/disaster recovery plans.
• Opportunity to enhance I/T
network and security
A.1 Functional areaB.1 Functional AreaC.1 Functional Area
Policy and Procedure opportunities in several areas.
• Emergency Preparedness• Grants Administration• Governance• Student Affairs• Student Financial Processing• Financial Close
Opportunity for the board/ NDUS and/or legislators to review or build into funding model.
• Campus Security• Athletics• Human Resources• Faculty & Staff • Grants Administration
Opportunity for the system to work together and leverage resources to complete large initiatives.
• Faculty & Staff • Governance• Human Resources• Student Affairs• Financial Close• I/T
A.2 AuditableB.2 Un-auditableC.2 Assistance, Guidance & ReviewEnrollment Review (2012):
To ensure compliance with all SBHE policies regarding enrollment specifically seminar, Distant Ed/Extended campus, and Dual credit students.
Time and Expense Compliance (2012):
To ensure compliance with all SBHE policies regarding time tracking and reporting.
PCI Compliance (2013)Vendor selection and Purchasing (2013)
• Gather Data and information to
help support actions/decisions
• Opportunity for NDUS to develop
consistent, efficient processes to enhance academic and administrative functions allowing greater student experience
•Opportunity for campuses to
develop Business Continuity and Disaster recovery plans to ensure campuses remain in operation.
• Opportunity to develop succession
plans or cross-training plans to ensure smooth transition.
 Larson Allen Risk Assessment Summary
Taken from Final reports- illustration purposes ONLY 
Color coded Summary of Larson Allen Risk Assessments
I/TCampus SecurityFin Close & ReportingEmergency PreparednessGovernanceHR & PayrollMarketingStudent AffairsStudent Financial ProcessingAcademic AffairsAthleticsFaculty & Staff Operations & Auxiliary servicesCont. EdGrants AdminEnvironmental HealthBSCDCBDSULRSCMaSUMiSUNDSCSNDSUUNDVCSUWSCNDUS
No risks identified by campus interviewees

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->