ANNUAL INTERNAL AUDIT REPORT

2y ago
33 Views
2 Downloads
579.15 KB
12 Pages
Last View : 1m ago
Last Download : 2m ago
Upload by : Kian Swinton
Transcription

ANNUAL INTERNAL AUDIT REPORTFiscal Year 2015Prepared by:Internal Audit & Consulting Services Office7703 Floyd Curl DriveSan Antonio, TX 78229-3900

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015TABLE OF CONTENTSI.Compliance with House Bill 16 . 3II.Compliance with the Benefits Proportionality Audit Requirements for HigherEducation Institutions . 3III.Internal Audit Plan for Fiscal Year 2015 . 4IV.Consulting Services and Non-Audit Services Completed . 7V.External Quality Assurance Review (Peer Review) . 7VI.Internal Audit Plan for Fiscal Year 2016 . 8VII.External Audit Services Procured in FY15 . 11VIII.Reporting Suspected Fraud and Abuse . 11Exhibit AExternal Quality Assurance Review (Peer Review) Executive Summary. 12Page 2 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015I. Compliance with House Bill 16The Texas Internal Auditing Act requires state agencies to file an annual report of the agency’s internalaudit activities and to post the report on the institution’s internet web site. The purpose of the annualinternal audit report is to provide information on the assurance services, consulting services, and otheractivities of the internal audit function. In addition, the annual report assists central oversight agencies inplanning their work and coordinating efforts.Compliance with House Bill 16 includes posting the following on the The University of Texas HealthScience Center at San Antonio (UT Health Science Center San Antonio or HSC) public web site: The Internal Audit Plan FY16, as prescribed by Texas Government Code, Section 2102.008.The Annual Internal Audit Report FY15, as required by Texas Government Code, Section2102.009.In addition, Section III “Internal Audit Plan for Fiscal Year 2015,” will include a detailed summary of theweaknesses, deficiencies, wrongdoings and concerns noted, as well as a summary of the actions taken toaddress the concerns raised. The report will be posted by November 1st of each year.II. Compliance with the Benefits Proportionality Audit Requirements for HigherEducation InstitutionsRider 8, page III-39, the General Appropriations Act (84th Legislature, Conference Committee Report),requires that higher education institutions conduct an internal audit during fiscal year 2016 of benefitsproportional by fund, using a methodology prescribed by the State Auditor’s Office. The rider requiresthat the audit examine appropriation years (AY) 2012 through 2014, and be completed no later thanAugust 31, 2016. To comply with Rider 8, a benefits proportionality audit is included in the UT HealthScience Center San Antonio FY 2016 annual audit plan.An internal audit of the proportionality of higher education benefits process was conducted during FY2015 at the request of the Governor. The scope of the audit included benefits funding proportionality forappropriation year (AY) 2013. Audit procedures were consistent with the methodology prescribed by theState Auditor’s Office to comply with Rider 8, and included review of source information obtained fromthe internal accounting system and the State’s Uniform Statewide Accounting System (USAS), review ofthe benefits proportionality reporting process, validation of the accuracy of information and proportionalfunding calculations reported to the State Comptroller on the Benefits Proportionality by Fund Report(APS 011), and testing to verify eligibility of employee benefits paid with appropriated funds.Because AY 2013 was included in the prior year audit, the benefits proportionality audit conducted duringFY 2016 will include only AY 2012 and AY 2014. The results of the AY 2013 audit will be included inthe resulting audit report, with a statement certifying that the procedures followed were consistent withthe methodology prescribed by the State Auditor’s Office.Page 3 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015III. Internal Audit Plan for Fiscal Year 2015FY 15 Engagement / Report NameReport Date / StatusFinancialAnnual Financial Statement Audit FY14 (Year-End) AssistanceCompletedAnnual Financial Statement Audit FY15 (Interim) AssistanceCompletedReview of Sub-Certification Process and Monitoring Key Controls11/21/2014Proportional Benefits Funding11/26/2014Facilities Management Work Order SystemIn-progressOperationalExecutive Officer Travel and Entertainment ExpendituresPresident Travel & Entertainment Expenses (Assistance to UTS AuditOffice)UT Med SchedulingFaculty Productivity- Teaching; ResearchReferrals4/1/2015No assistance requiredReplaced by ICD-10 ReadinessAssessmentPostponedDental School - Business OperationsCombined with UT MedicineSchedulingPostponed to FY16Department of Emergency MedicineIn-progressDepartment of Psychiatry8/26/2015ComplianceSchool of Nursing Faculty Compensation Plan4/27/2015SAO A-133 Single Audit AssistanceCompletedResidency Programs: Family Practice Residency Program Operational Grant Emergency and Trauma Care Education Partnership Program- Emergency Medicine- Surgical Critical Care- Graduate NursingJoint Admissions Medical Program (JAMP) Annual Financial ReportOpinion1/5/20151/5/201510/31/2014Information TechnologyAnnual Financial Statement Audit FY15 (Interim) AssistanceCompletedInformation Security Compliance (TAC 202 & UTS 165)Postponed to FY16Research Core FacilityPostponed to FY16EPIC Cadence - SchedulingDental School - Billing AxiUmMobile Devices (BYOD)Follow-UpCombined with UT MedicineSchedulingCombined with Dental School BusinessOperationsPostponed to FY16CompletedPage 4 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015FY 15 Engagement / Report NameReport Date / StatusConsultingFacilities Management Work Order SystemIn-progressInstitutional Research Core LaboratoriesIn-progressPhysician Quality Reporting System (PQRS) at UT Medicine11/10/2014ICD-10 Readiness Assessment8/28/2015ProjectsInternal Audit CommitteeCompletedFY16 Risk Assessment and Annual Audit PlanCompletedFY14 SAO Internal Audit Report11/1/2014UT System MetricsUT System RequestsCompletedCompletedTeamMate and Website MaintenanceCompletedQuality Improvement ProjectsCompletedFY15 Internal Audit Plan DeviationsInternal Audit and Consulting Services performed all engagements on the FY15 annual audit plan withthe deviations noted below. There was a deficit in the fiscal year’s available hours due to vacancies. Tocompensate for the decreased staffing levels, the original FY15 annual internal audit plan was revised andchanges were presented to and approved by the Institutional Internal Audit Committee. All audits inprogress at the end of FY15 were carried forward for completion in the FY16 internal audit plan.Engagements Replaced/Combined/Added: The UT Health Science Center San Antonio internal audit staff was not required to assist the UTSystem Audit Office on its annual System-wide audit of the Presidents’ Travel and Entertainment(T&E) Expenditures. The Referrals and EPIC Cadence-Scheduling engagements were combined with their operationalaudit counterpart, UT Medicine Scheduling; however the UT Medicine Scheduling engagementwas replaced with ICD-10 which was deemed to be higher risk. Dental School-AxiUm Billing was combined with Dental School Business Operations (FY16). Two investigations were requested during the 4th quarter of FY15 and were added to the auditplan.Engagements Postponed: Dental School – Business Operations (FY16) Mobile Devices (FY16) Research Core Facility-IT (iLab post implementation - FY16) Information Security Compliance - TAC 202 & UTS 165 - (FY16) Faculty Productivity–Teaching; Research (TBD)Page 5 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015FY15 Summary of Internal Audit Recommendations and Implementation StatusReport Date,Name & Number11/21/2014Review of Sub-CertificationProcess and Monitoring KeyControls(15-05)Internal AuditRecommendationsSeparate the Access Control Executive access rightsand account reconciliation duties for propersegregation of duties. Consider revising themonitoring plan for segregation of duties to include areview of departmental user access.11/26/2014None noted.Proportional Benefits Funding(15-03)Implementation Statusof RecommendationsFully implemented.No managementresponse required.4/1/2015Executive Officer Travel andEntertainment Expenditures(15-09)Revise policies related to include supervisory approval To be completed byof entertainment reimbursements.November 2015.8/26/2015Department of Psychiatry(15-13)This report is confidential and is exempt from publicdisclosure under Texas Government Code, Section552.139.4/27/2015School of NursingFaculty Compensation Plan(15-10)Develop and communicate standardized proceduresFully implemented.for supplemental compensation as well as maintaininga repository of all original documentation related tofaculty compensation. In addition, a clause should beincluded in the Memorandums of Appointmentpertaining to incentive compensation for disincentivesand reduction in commitment hours. Lastly, anapproval of compensation plan should be obtainedfrom the Executive Vice Chancellor for Health Affairs.Implementation ongoing.1/5/2015None noted.Residency Programs:Family Practice ResidencyProgram Operational Grant(15-25)- Emergency Medicine (15-28)- Surgical Critical Care (15-27)- Graduate Nursing (15-26)No managementresponse required.10/31/2014Joint Admissions MedicalProgram (JAMP) AnnualFinancial Report Opinion(15-11)No managementresponse required.None noted.Page 6 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015IV. Consulting Services and Nonaudit Services CompletedThe table below summarizes the key FY15 consulting and nonaudit services performed by Internal /10/2014Physician QualityReporting System(PQRS) at UT Medicine(15-C-21)Review UT Medicine’sPQRS initiative andreadiness to reportcalendar year 2014quality measures to theCenters for Medicareand Medicaid Services(CMS)Develop physician documentation standards to ensureconsistency in the documentation of quality data in the medicalrecords related to PQRS. In addition, PQRS dashboards andfeedback reports should be utilized to analyze and communicatePQRS quality measures to providers. Consideration should begiven to naming a Chief Quality Officer for clinicaleffectiveness, patient safety, patient centeredness, and healthcare quality improvement at UT Medicine.8/28/2015ICD-10 ReadinessAssessment(15-C-24)Conduct an ICD-10Readiness Assessmentat UT Medicine.An ICD-10 Steering Committee was formed to provideoversight over ICD-10 with key performance indicators beingrolled out to identify any issues after the transition. Codertraining was completed on June 1, 2015 and dual codinganalysis of all billing providers is on target to be completed byAugust 31, 2015. Furthermore, Epic, EpicCare, 3M andCodeAssyst have been replaced or upgraded to be ICD-10compliant. Additionally, new software, Diagnosis Translatorand Training Curriculum, have been purchased andimplemented to assist with ICD-10. Lastly, the clearinghouse,TriZetto, tested all commercial payers and has reported that theyare ready for the transition to ICD-10.Challenges in preparation for the transition to ICD-10: Recruiting Coders Retaining Existing Coders Getting Physicians Re-engaged Training of Hospital Based Physicians at UniversityHospitalInvestigationInvestigate allegedtimekeepingirregularities.Allegations were substantiated and reported to the HSC Policefor further investigation.V. External Quality Assurance Review (Peer Review)An external Quality Assurance Review was performed by PricewaterhouseCoopers in FY14.See Exhibit A.Page 7 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015VI. Internal Audit Plan for Fiscal Year 2016The Institutional Internal Audit Committee approved the FY16 Internal Audit Plan on July 23, 2015.FY16 Planned 15 Financial StatementAudit (Year-End)100Assist the Deloitte auditors in the performance of substantive testingfor the audit of the Annual Financial Report (FY15 year-end work).FY16 Financial StatementAudit (Interim)180Subcertification Process andMonitoring of Key Controls100Assist the Deloitte auditors in the performance of financial and ITcontrol testing for the audit of the Annual Financial Report (FY16interim work).Validate the institutional monitoring plan related to segregation ofduties and account reconciliations.University of Texas Rio GrandeValley (UTRGV) Contract(s)and Related Reimbursementsfor Services Provided300Evaluate contracts and reimbursements related to the RegionalAcademic Health Center campus transition to UTRGV.Accounts Payable300Account ReconciliationsProcess300Assess the adequacy and effectiveness of internal controls overaccounts payable.Evaluate the internal controls over the redesigned accountreconciliations process.Delivery System ReformIncentive Payment (DSRIP)300Assess the adequacy and effectiveness of internal controls in place toensure key milestones and goals under the 1115 Waiver are met.100Evaluate system configurations and internal controls over the newlyautomated payment requests, as well as review system user access.ConsultingPeopleSoft Financials UpgradeOperational1,640President’s Travel,Entertainment and UniversityResidence MaintenanceExpenses Audit (assistance toSystem Audit Office)40Assist the System Audit Office in evaluating and testing compliancewith Regent Rule 20205: Expenditures for Travel, Entertainment, andHousing by Chief Administrator.Executives’ Travel andEntertainment Expenses Audit160Evaluate and test compliance with the HSC and UTS policies for traveland entertainment expenses incurred by senior leaders.Practice Plan - Conflicts ofInterest300Evaluate compliance with Conflict of Interest policies and procedures.Contract AdministrationReview300Determine whether the institution is procuring in a cost-effective,transparent and ethical manner, as required per Senate Bill 20.Dental School - BusinessOperations300Evaluate the financial internal controls at the School of Dentistry.Practice Plan - Billing &Collections340Review and evaluate the internal controls over billing and collectionsat UT Medicine.200Perform a post implementation review of the research core facilitiescomputer system.ConsultingiLab Post ImplementationReviewPage 8 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015FY16 Planned tate Auditor's Office (SAO)A-133 Single Audit Assistance40Coordinate SAO audits.Residency ProgramAward/Family & CommunityMedicine80Review expenditures for the Residency program and report oncompliance with grant regulations to the Texas Higher EducationCoordinating Board.Residency ProgramAward/Emergency Medicine40Residency ProgramAward/McAllen FamilyPracticeBenefits Proportionality80Review expenditures for the Residency program and report oncompliance with grant regulations to the Texas Higher EducationCoordinating Board.Review expenditures for the Residency program and report oncompliance with grant regulations to the Texas Higher EducationCoordinating Board.Determine whether state appropriated funds used to pay employeebenefits are in proportion to salaries or wages paid from those funds.Assess the adequacy and effectiveness of internal controls over cancerclinical trials billing at the CTRC.350Cancer Therapy and ResearchCenter (CTRC) Clinical TrialsBillingDecentralized Cancer ClinicalTrials BillingGift Compliance Review400Research Export Controls200HIPAA Privacy Rule300Information Technology300300Assess the adequacy and effectiveness of internal controls over cancerclinical trials billing outside of CTRC.Ascertain compliance with restricted gifts and donations.Assess the adequacy and effectiveness of export controls to determinecompliance with U.S. export control regulations.Evaluate HSC's program for compliance with the HIPAA PrivacyRule.1,484TAC 202 & UTS 165Compliance300Evaluate the HSC program for compliance with Texas AdministrativeCode (TAC) 202 and UTS 165 information security standards.Mobile Device Management300Assess data security of personal portable devices.UT Medicine IT GeneralControls Review (Organization& Management, VendorManagement, AssetManagement, and ITOperations Review)284Perform a review of the organization, management, and IT operationsareas within the Control Objectives for Information and RelatedTechnology (COBIT) framework, as well as assess vendormanagement and asset management at UT Medicine.Centralized IT GeneralControls Review (Organization& Management, VendorManagement, AssetManagement, and ITOperations Review)300Perform a review of the organization, management, and IT operationsareas within the COBIT framework, as well as assess vendormanagement and asset management for Centralized IT services.HIPAA Security Rule300Evaluate HSC's program for compliance with the HIPAA SecurityRule.Page 9 of 12

UT Health Science Center San AntonioAnnual Internal Audit Report - Fiscal Year 2015FY16 Planned EngagementFollow-UpBudgetedDescriptionHoursPerform follow-up of audit recommendations on a quarterly basis.384Development - Operations1,104Annual risk assessment/auditplan development400Perform the annual risk assessment and develop the annual audit plan.Internal audit committeepreparation/participation160Prepare materials and organize the institutional audit articipation80Participate in UT System committees that will enhance institutionalaudit department capabilities.Metrics/Internal QualityAssurance and ImprovementProgram activities160Prepare internal audit performance measures for reporting to UTSystem and implement quality assurance and improvement programs.TeamMate, IDEA, website, etc.development/maintenance160Maintain and update the audit management software system,TeamMate, and public-facing Internal Audit & Consulting Serviceswebpages, including preparing the annual internal audit activity reportas required by the State Legislature.Staff meetings related to themanagement of the internalaudit function144Hold staff meetings related to the management of the internal auditfunction.Development – Initiativesand Education740System Audit Office initiativesparticipation (committees,workgroups, research, etc.)140Institutional strategic or qualityinitiatives (EQA action plans)40Individual ContinuingProfessional Education (CPE)training (includes related travel)560Reserve1,426Total Budgeted Hours10,548Provide an opportunity to collaborate with System Audit Office oninitiatives.Participate in initiatives focused on adding value and enhancingquality.Provide an opportunity to develop internal audit skills andcompetencies.Provide for advisory services or training to the institution, completeadditional audits as prescribed by UT System, address emerging risksor management request, and support institutional investigations.Risk Assessment Used to Develop the Internal Audit Plan and Additional “High” Risks NotIncludedThe institutional annual risk assessment was conducted using the methodology developed by the UTSystem Audit Office. The risk assessment entailed using a top-down approach based on the institutionalstrategic objectives and pri

Annual Internal Audit Report - Fiscal Year 2015 Page 3 of 12 I. Compliance with House Bill 16 The Texas Internal Auditing Act requires state agencies to file an annual report of the agency’s internal audit activities and to post the report on the institution’s internet web site. The purpose of the annual

Related Documents:

CHAPTER 12 Internal Audit Charters and Building the Internal Audit Function 273 12.1 Establishing an Internal Audit Function 274 12.2 Audit Charter: Audit Committee and Management Authority 274 12.3 Building the Internal Audit Staff 275 (a) Role of the CAE 277 (b) Internal Audit Management Responsibilities 278 (c) Internal Audit Staff .

The University of Texas MD Anderson Cancer Center Internal Audit Annual Report for FY2022 . Page . 1. of . 22. Table of Contents . I. Compliance with Texas Government Code, Section 2102.015: Posting the Internal Audit Plan, Internal Audit Annual Report, and Other Audit information on Internet Website II. Internal Audit Plan for Fiscal Year 2022

INTERNAL AUDIT Example –Internal audit report [Short Client Name] Internal Audit Report Rev. [Rev Number] STEP ONE: Audit Plan Process to Audit (Audit Scope): Audit Date(s): Lead Auditor: Audit #: Auditor(s): Site(s) to Audit: Applicable Clauses of [ISO 9001 or AS9100] S

GTAG Global Technology Audit Guides HoA Head of Agency HoIA Head of Internal Audit IA Internal Audit / Internal Auditor IA-CM Internal Audit Capability Model IAS Internal Audit Service . Audit, the Code of Ethics for Internal Auditors and the Auditing Standards. The only way

Audit’s annual report and opinion, progress of internal audit activity against the audit plan, internal audit reports. External audit Scope and depth of external audit work, its independence and value for money, annual management letter, report to those charged with governance and other reports, effectiveness of

audit committee and internal audit is fundamental to internal audit's success. 1.2. Securing the appropriate resources for internal audit to meet expectations In many organisations, the audit committee is responsible for approving the internal audit budget, and this approval is typically based on management's recommendation.

An internal audit must be planned in advance and a schedule created for each internal audit process. The Management Meetings can be used to plan the audit and to record the results of each internal audit process. When planning the internal audit, consideration to following criteria shall be included when planning an internal audit:

Southampton City Council - Annual Report 2014-15 Page 2 Contents Section Page 1. Role of Internal Audit 3 2. Internal Audit Approach 4 3. Internal Audit Opinion 5 4. Internal Audit Coverage and Output 6-7 5. Significant Issues Arising 8-9 6.