UTEP - 2013 Internal Audit Annual Report (Final)

THE UNIVERSITY OF TEXAS AT EL PASO
Internal Audit Annual Report
Fiscal Year
2013
THE UNIVERSITY OF TEXAS AT ELPASO
Office of Auditing and

Consulting Services
October 30, 2013

TO:
Kate McGrath, Governors Office of Budget, Planning and Policy

Ed Osner, Legislative Budget Board
Internal Audit Coordinator, State Auditors Office
Ken Levine, Sunset Advisory Commission
FROM:
William A. Peters, Director, Auditing and Consulting Services
SUBJECT:
The University of Texas at El Paso Internal Audit Annual Report for fiscal
year 2013
Attached please find the 2013 Internal Audit Annual Report for the University of Texas at
El Paso as required by the Texas Internal Auditing Act. Should you have questions or
need additional information, please contact me at (915) 747-8921 or e-mail
wpeters@utep.edu.
Administration Bldg.
Fourth Floor
El Paso, Texas 79968-0586
(915) 747-5191
Fax (915) 747-8913
The University of Texas at El Paso

Internal Audit Annual Report
Table of Contents
Fiscal Year 2013
TABLE OF CONTENTS
I.
Internal Audit Plan for Fiscal Year 2013..
II.
List of Consulting Engagements and Non-Audit Services Completed ... 31
III.
External Quality Assurance Review..
33
IV.
Internal Audit Plan for Fiscal Year 2014.
40
V.
External Audit Services.
71
VI.
Reporting Suspected Fraud and Abuse
71

Office of Auditing and Consulting Services
2013 Audit Plan
Final
Approved by Internal Audit Committee
September 05, 2012
UTEP 2013 Annual Internal Audit Report Page 1

2012-2013 Annual Audit Plan
TABLE OF CONTENTS
OVERVIEW ....................................................................................................................................................1
IDENTIFICATION OF THE AUDIT UNIVERSE AND RISK ASSESSMENT...........................................2
SCOPE OF AUDITS .......................................................................................................................................5
BUDGET AND STAFFING ...........................................................................................................................6
CALCULATION OF FY 2013 AUDIT HOURS ............................................................................................6
COMMENTARY ON VALUE ADDED ..7
INSTITUTIONAL PROCESSES AND RELATED SUB-PROCESSES .......................................................8
FISCAL YEAR 2013 AUDIT PLAN ........................................................................................ APPENDIX A

INSTITUTION PROCESSES TIER I ....................................................................................... APPENDIX B
RESEARCH AND DEVELOPMENT TIER II ......................................................................... APPENDIX C
INFORMATION TECHNOLOGY TIER II .............................................................................. APPENDIX D
TIER I RISKS NOT COVERED IN AUDIT PLAN ................................................................ APPENDIX E
AUDIT HOURS ......................................................................................................................... APPENDIX F
FIVE YEAR HISTORY ............................................................................................................ APPENDIX G

Attachment A
Institutional Processes and Sub-Processes
OVERVIEW
In accordance with the Texas Internal Auditing Act (Article 62525d, Vernons Texas Civil
Statutes),TheUniversityofTexasSystemAdministrationPolicyUTS129InternalAuditActivities,
and The Institute of Internal Auditors International Professional Practices Framework (IPPF)
PerformanceStandard2010Planningand2210PlanningConsiderations,wehavepreparedan
auditplanforfiscalyear2013.The2013AuditPlanisadescriptionoftheinternalauditactivities
thatwillbeperformedbytheOfficeofAuditingandConsultingServicesinfiscalyear2013.
Theprocessofpreparingthe2013AuditPlanincludedidentifyingthoseareasthatareconsidered
themostimportantandensuringthatactivitieswiththegreatestriskareaudited.TheInternal
AuditCommitteereviewedandapprovedthe2013AuditPlan.MembersoftheInternalAudit
Committeeprovidedinput,asdidDeansandDepartmentDirectors/Chairs,whereappropriate.
TheInternalAuditCommitteeiscomprisedofthefollowingmembers:
Dr.DianaNatalicio,PresidentandChairoftheInternalAuditCommittee
Dr.JuniusGonzales,Provost,VicePresidentforAcademicAffairs
Ms.CynthiaVilla,VicePresidentforBusinessAffairs
Dr.StephenRiter,VicePresidentforInformationResourcesandPlanning
Dr.GaryEdens,InterimVicePresidentforStudentAffairs
Dr.RobertoOsegueda,VicePresidentforResearch
Mr.RichardAdautoIII,ExecutiveVicePresident
Mr.EdwardEscudero,ExternalMember
Inputwasalsoreceivedfrom:
Ms.SusanAvena,Manager,ResearchandSponsoredProjects
Mr.CoreyBailey,Director,StudentDevelopmentCenter
Mr.GerardD.CochraneJr.,ChiefInformationSecurityOfficer,InformationTechnology
Dr.KathleenCurtis,Dean,CollegeofHealthSciences
Ms.DianeDeHoyos,Director,PurchasingandGeneralServices
Ms.ManuelaDokie,AssistantVicePresident,ResearchandSponsoredProjects
Ms.GuadalupeGomez,Manager,ContractsandGrantsAccounting
Mr.HenryW.Humphreys,AssociateDirector,IntercollegiateAthletics
Ms.CatherineMcCorryAndalis,AssociateVicePresident/DeanofStudents,Associate
VicePresidentofStudentLife
Mr.RobertMoss,AssistantVicePresident,EnvironmentalHealthandSafety
Mr.AndrewPena,Director,HumanResourceServices
Ms.AdrianaPrice,AssistantVicePresident,InstitutionalAdvancement
Dr.EliasProvencioVasquez,DeanSchoolofNursing
Ms.TessyRappe,DirectorAssociateComptroller,BusinessServices
Mr.BobStull,AthleticsDirector,IntercollegiateAthletics
Mr.AnthonyTurrietta,AssociateVicePresidentforBusinessAffairs/ComptrollerVPBA

Attachment A
Dr.JorgeVillalobos,Director,FacilitiesServices
Dr.CraigWestman,AssociateVicePresident,EnrollmentServicesManagement
Mr.JamesR.Williams,AssociateDirectorofStudentFinancialAid
TheInternalAuditCommitteemembers,theseindividuals,andselectedmembersoftheirstaffs,
providedinformationrelativetotheirspecificareasofresponsibility,plusinsightintootherareas
inwhichtheyinteracted,orhadknowledgeand/oropinions.
IDENTIFICATIONOFTHEAUDITUNIVERSEANDRISKASSESSMENT
TheInstituteofInternalAuditorsInternationalProfessionalPracticesFramework(IPPF)requires
thatinternalauditorsdevelopanauditplanbasedontheassignmentofrisktotheaudituniverse.
TheaudituniverseisasubjectiveassessmentofauditableareasattheUniversityofTexasatEl
Paso(UTEP).Toidentifytheaudituniverse,wereviewedpriorauditplans,theannualfinancial
report (AFR), the budget; various risk assessments, and a fiveyear history of audit activity
(Appendix G). The audit plan was broken down into six major categories and sub categories
(AppendixA):
1. Financial
2. Operational
3. Compliance
4. InformationTechnology
Withineachoftheabove,subcategoriesof:
UTSystemorExternallyRequired
RiskBasedTierOne:InstitutionalProcesses
RiskBasedTierTwo:AuditableAreas
5. FollowupAudits
6. Projects
Considerationofthefollowingwasgivenindevelopingthe2013AuditPlan:
Managementinput
Variousriskassessments
Economicalandefficientuseofinternalauditresources
Required activities (i.e., KTEP FM Radio audit, Annual Financial Reporting, NCAA
Compliance,etc.)
Requirementsofthefollowingactionplans:

Attachment A
o 1994ActionPlantoEnhanceInternalControlsthroughAwareness,Accountability,
andAuditCommittees
o 1996ActionPlantoEnhanceInternalControls
o 1998and2003ActionPlanstoEnhanceInstitutionalCompliance
In the development of the 2013 Annual Audit Plan, the Assurance Continuum Enterprise Risk
Management Model (ERM) was used as the risk assessment methodology. The ERM risk
assessmentmethodologywasusedinplanningforauditsintheRiskBasedTierOne:Institutional
ProcessesandRiskBasedTierTwo:AuditableAreascategories.
Thefollowingdescribesourplanningprocesstopreparethe2013AuditPlan.
RISKASSESSMENTMETHODOLOGY
A Tier One (Institutionwide Risk Assessment) was performed using the following Processes
(AuditableUnits)applicabletoacademicinstitutions.Thesubprocessesincludedineachprocess
areidentifiedinAttachmentA.
ACADEMICINSTITUTIONPROCESSES
1. GovernanceandLeadership
2. InstructionandAcademicSupport
3. ResearchandDevelopment
4. StudentServices
5. HumanResourceManagement
6. FinancialManagement
7. AssetandRiskManagement
8. PurchasingandWarehousing
10. UniversityRelationsandAlumniAffairs
11. PlantOperationandMaintenance
12. AuxiliaryandServiceDepartments
13. EnvironmentalHealthandSafety
14. IntercollegiateAthletics
15. InformationResourcesUseandSecurity
16. UniversitySecurityandPoliceDepartment
17. InstitutionalComplianceProgram
ATierTworiskassessmentisrequiredforResearchandInformationTechnology.Thevertical
axisofeachTierTworiskassessmentincludesthesubprocesseslistedinAttachmentA.
TheTierOneandTierTworiskassessmentswereperformedusingtheERMmodel,andforeach
a Risk Footprint was developed. The vertical axis of the Tier One footprint is the applicable

Attachment A
businessprocessesfromthelistabove.Thehorizontalaxisisthebusinessriskidentifiedand
ranked for each process. All identified business risks for a process included consideration of
financial,complianceandoperationalelements.
VALUATIONOFIMPACTANDPROBABILITY
IMPACTTheimpactofariskistheeffectasingleoccurrenceofthatriskwillhaveuponthe
achievementoftheinstitutionsgoalsandobjectives.Therearethreevalues:
HIGHTheeffectwillcausethecomponentnottoachieveitsgoalsandobjectives.Itisa
showstopper.
MEDIUM The effect will cause the institution to operate inefficiently and/or expend
unplannedresourcestomeetgoalsandobjectives.
LOWTherewillbenomeasurableeffectupontheachievementofinstitutionalgoals
andobjectives.
PROBABILITYTheprobabilitythatariskwillbecomerealityalsohasthreevalues:
HIGHAneventisinevitable,orthereisagreatlikelihoodthataneventwilloccur.
MEDIUMTheriskisneitherextremelylikelynorhighlyunlikely.Theprobabilityofan
eventissimilartooccurrenceswithinthenormalcourseofoperations.
LOWTheriskofaneventishighlyunlikelyorwouldrequireacombinationofmultiple
failures.
Past experience within the institution and within higher education was used in determining
probability. Probability is assessed as if only Level 1 Controls (those in place or exercised at
execution)exist.
ANNUALAUDITPLAN
Theriskfootprintswereconvertedtothefinalproductinthefollowingmanner:
TheTierOneRiskFootprintprocessesthatdidnothaveaTierTwoRiskFootprintwere
includedintheAnnualAuditPlanbaseduponthenumberofcriticalriskseachcontained.
Thesubprocesseswithineachprocesswhichcontainedtheidentifiedcriticalrisksare
includedintheauditplan.
TheTierTwoRiskFootprintsareincludedinthisarearegardlessoftheirpositiononthe
TierOne(Institutionwide)riskfootprint.Thesubprocessestobeauditedarethosefrom
eachTierTworiskfootprintthathavethehighestrankedriskorthelargestnumberof
criticalrisks.
FollowupAudits

Attachment A
InaccordancewiththeInstituteofInternalAuditorsPerformanceStandard2500Monitoring
Progress,afollowupprocessisinplacetomonitorandensurethatmanagementactionshave
beeneffectivelyimplemented,orthatseniormanagementhasacceptedtheriskofnottaking
action.Implementationdatesofauditreportrecommendationsaremonitoredandfollowing
thosedates,thestatusofauditrecommendationsaredeterminedandreportedtomanagement.
ChangeinManagementAudits
Theauditableuniversewasdevelopedthroughinquirieswithcollegedeans,directorsandvice
presidents. The goal of performing changeinmanagement audits is to provide a consulting
servicetonewmanagersbyreviewingexistinginternalcontrolsandprovidingtheinformation
necessary for the development of an adequate internal control system, which will provide
reasonable assurance of sound management. Selected colleges/departments with new
Deans/Directorswillbeaudited.Sincemostoftheworkisdoneonanasrequestedbasis,arisk
assessment was not performed and audits are determined as management changes occur
throughoutthefiscalyear.
Projects
The goal of performing special projects is to provide management with analyses, appraisals,
recommendations,counsel,andinformationconcerningtheactivitiesreviewed.Includedinthis
categoryofauditsare,internalandexternalqualityassurancereviews,UTSystemrequestsand
specialrequestsandinvestigations.Muchoftheworkiseitherdoneasmandatedoronanas
requestedbasis;therefore,ariskassessmentwasnotperformed.
CarryforwardAudits
Carryforwardauditsarethose20112012AnnualAuditPlanauditsthatareinprogressat
August31,2012.
2013RiskAssessments
ProcessRiskassessmentsarelocatedinAppendicesBthroughD.

Attachment A
SCOPEOFAUDITS
The International Professional Practices Framework (IFFP) addresses the scope of work as
follows:
"Thescopeoftheengagementshouldincludeconsiderationofrelevantsystems,
records, personnel, and physical properties, including those under control of
thirdparties.
Inperformingconsultingengagements,internalauditorsshouldensurethatthe
scopeoftheengagementissufficienttoaddresstheagreeduponobjectives.
Internalauditorsshould:
Review the reliability and integrity of financial and operating
information and the means used to identify, measure, classify, and
reportsuchinformation.
Review the systems established to ensure compliance with those

policies,plans,procedures,laws,andregulations,whichcouldhavea
significant impact on operations and reports, and should determine
whethertheorganizationisincompliance.
Reviewthemeansofsafeguardingassetsand,asappropriate,verify
theexistenceofsuchassets.
Appraise the economy and efficiency with which resources are

employed.
Review operations or programs to ascertain whether results are

consistent with established objectives and goals and whether the
operationsorprogramsarebeingcarriedoutasplanned.
Theplannedscopeofeachoftheauditsinthe2013AnnualAuditPlanisdescribedinAppendixA.
BUDGETANDSTAFFING
ThebudgetfortheOfficeofAuditingandConsultingServiceswaspreparedinaccordancewith
U.T.SystemAdministrationandUTEPguidelinesandwasapprovedbyUTEPAdministrationand
theBoardofRegents.
Career development for the staff is a strategic goal of the Office of Auditing and Consulting
Services. It is the Directors practice to create a working environment that facilitates career
opportunities for the audit staff within and outside the office. The Office of Auditing and
Consulting Services will continue its efforts toward developing staff to their highest potential
through the performance of operational audits, exposure to high levels of management, and
trainingtargetedatnontraditionalauditareasandachievementofprofessionalcredentialing.

Attachment A
CALCULATIONOFFY2013AUDITHOURS
TheCalculationofAvailableHoursisincludedinAppendixF.Totaldirecthoursassignedto
auditsandprojectsarereflectedinAppendixA.
COMMENTARYONVALUEADDEDOFAUDITPLANUPDATE
General:
Thedefinitionof"VALUEADDED"canvaryconsiderablyfromoneauditdepartmenttothenext
butforOACSitdescribesauditworkthatwillhelpmanagementmeettheUniversitysgoalsand
objectivesinadditiontoverifyingcompliancewithpoliciesandprocedures.Organizationsare
lookingtointernalauditingdepartmentstoaddvalue,improvecostcontrols,andsolveproblems.
Motivated by the universal mandate to curtail expenses and boost efficiencies, the auditing
departmentwillseekwaystoaddvalue.
Generalplanobjectives:
Planauditsaccordingtotheresultsoftherisksensitiveenvironmentreview.
Executeauditsemphasizingacostconsciousculture.
Focusonissueidentificationandseekimprovementresolutionandhighlightattention
tofutureperformancebybringinginsight,knowledge,judgment,andanalyticalskillsto
allauditandconsultingengagements.
Becomeawareofandarticulatechangeswhenperceptionsofriskchangethroughout
theyear.
Aggressivelyandconstructivelyconsideremergingtechnologyrisksand
improvementopportunities.
Evaluateopportunitiestoleveragecomputeraidedaudittechnologytoincreaseaudit
effectivenessandefficiency.
Objectivesoftheinternalauditprofessionalstaff:
Havetheexpertisetoaskinsightfulquestions.
Establishavaluebasedculturethroughwordandaction.
Keepconstituentsinformedthroughouttheauditprocess.
Differentiateandbalancediscussion,guidance,anddirectives.
Continuallyassessmanagementsplanstoensurefuturesuccess.
Measureperformanceagainstforwardlookingmeasuressuchasbenchmarkingandbest
practices.
Buildandmaintainrelationshipsofmutualtrustandrespect,andengageinopendialogue
andregularinteraction.
Maintain a core of experienced audit staff with indepth knowledge of audit skills
supportedwithcontinuoustraining.

Attachment A
I. Governance&Leadership
A.
B.
C.
D.
E.
F.
Governance
OrganizationalStructure
OfficeofthePresident
InternalCommunications
LegalServices
InternalandExternalAuditing
1. SingleAuditAct
2. TexasInternalAuditingAct,Article62525d
3. InstituteofInternalAuditorsStandards
4. GenerallyAcceptedGovernmentalAuditingStandards
II. Instruction&AcademicSupport
A. ManagementofDepartments&ProgramsofStudy
1. EducatorCertification
B. Accreditation/InstitutionalEffectiveness
1. 170HourRule
2. 120HourRule
3. IntegratedPostsecondaryEducatorDataSystems
4. LegislativeBudgetBoardPerformanceMeasures
5. ReportstotheTexasHigherEducationCoordinatingBoard
6. ReportstoUTSystem
C. ProgramDevelopment&ProgramEvaluationProcess
1. OfficialInventoryofPrograms
D. Faculty
1. Recruitment&TenurePolicies
2. Development
3. Turnover
4. Workloads&Productivity
5. DegreeProductivity(numbergrantedvs.numberoffulltimefaculty)
6. VerificationofFacultyQualifications
7. RightsandResponsibilitiesofFaculty
E. Instructional&AcademicTechnology
F. SpecialPrograms
1. DevelopmentalEducation
2. StudentswithDisabilities
3. StudyAbroad
G. CourseScheduling&Availability
1. Undergraduate
2. Graduate
3. DistanceEducation
4. ProfessionalandPublicPrograms

Attachment A
H. DeploymentofResourcesamongAcademicPrograms
I. Library
J. CoreCurriculum
1. FieldsofStudy
K. TexasSuccessInitiative
L. HealthAffairs
1. StudentBackgroundChecks
2. LicensingandCertification
3. ProgramAccreditation
4. ClinicalLaboratories
M. SchoolofNursing
2. Licensing
3. Certification
4. HospitalBasedTeaching
5. AttractingandMaintainingFaculty
III. Research&Development
A. FinancialIssuesGrants&ContractsManagement
1. CostTransfersEffortReporting
2. CostSharing
3. Facilities&AdministrativeCostAccounting
4. FinancialReportingtoGrantingAgencies
5. CashManagement
6. RecordsArchivingC&G
7. SubrecipientMonitoringExpenditure
8. ARRA
B. AnimalResearch
1. VeterinarianServices
2. InstitutionalAnimalCareandUseCommittee
3. Preparationofcertificationsandassurances
C. HumanSubjectResearch
1. InstitutionalReviewBoard(ProtectionofSubjects/participants)
2. ProtectionofResearcher
3. ProtectionofResearch
D. SponsoredPrograms
1. EffortReporting
2. NegotiationofAgreements
3. Preparationofcertifications&assurances
4. CoordinationofgiftsandgrantswithDevelopmentoffice
5. OGCGuidelinesforcontractsandsubcontracts

Attachment A
6. Backdoorawards
7. ExportControllicensing/lawsInternationalTrafficinArmsRegulations(ITAR)
8. AdministrationofContracts,Grants&CooperativeAgreements
9. ResearchandSponsoredProjectsMetrics
10. SubrecipientmonitoringProgrammatic
11. DigitalResearchData
E. ProposalReview
1. CostEstimates
2. ProposalCompliance
3. Eligibilityforsubmittingproposals
F. ResearchEthicsandIntegrity
G. TechnologyTransfer
1. InventionDisclosure
2. IntellectualPropertyPolicy
3. Equitypositionsinstartupcompanies
4. RoyaltyAudit
5. Licensingandmaterialtransferagreements
6. NondisclosureAgreements
H. Training
I. OtherAgreements
1. ProcessingAffiliationAgreementswithOutsideAgencies
2. MemorandumsofUnderstanding
3. InternationalAgreements
J. ProposalDevelopment
1. ProposalDevelopmentServices
2. IdentificationandNotificationofFundingOpportunities
3. ResearchCommunication
K. ConflictofInterestinSponsoredResearch
IV. StudentServices(AcademicInstitutions)
A. AdministrationAcademicServices
B. RecruitmentProcessing
C. AdmissionsProcessing
D. EnrollmentManagement
1. Title19
E. RegistrationProcessing
F. StudentRecords
G. FinancialAid
1. Reporting
2. DrawingDown
3. ReturnofFunds
4. Institutional/ProgramEligibility
5. CashManagementRules

Attachment A
H.
I.
J.
K.
L.
M.
N.
O.
6. StateRegulationsandReporting
7. Recertification
8. CompletiononDOEQuarterlyReportDisbursements
9. StudentEligibility
10. Verification
StudentHealthServices
CounselingandGuidanceServices
1. ReleaseofMentalHealthRecords
2. CareerCounselingServices
StudentOrganizations&OtherActivities
StudentGrievances
1. Undergraduate
2. Graduate
StudentGovernmentAssociation
OfficeofInternationalPrograms
1. TrackingofInternationalStudents(SEVIS)
2. PASEProgram
3. PassportServices
4. J1Visas
FamilyEducationRightsandPrivacyAct(FERPA)
Outreach
1. RenewalandPublicRelations
2. Programmatic
3. InteractionofAdultsandMinorChildren
AdministrationStudentServices
StudentConductandDiscipline
CareerCenter
RecreationalSports
StudentPublications
ChildcareServices
P.
Q.
R.
S.
T.
U.
V. HumanResourceManagement
A. Organizational&StaffingofHumanResourcesFunction
1. PersonnelRecordsAdministration
B. ClassificationandSalaryAdministration
1. FairLaborStandardsAct
C. AppointmentofRelatives
D. LeaveAdministration
E. PerformanceAppraisalSystem
F. Recruitment&SelectionProcess(nonfaculty)
G. HiringPractices(nonfaculty)
1. VeteransPreferences
H. StaffDevelopment&ContinuingEducation

Attachment A
I. EmployeeRelations&GrievanceProcess
1. DisciplineandDismissalofEmployees
J. StaffTurnover
K. ContractingforHumanResourcesrelatedFunctions
L. CriminalBackgroundChecks
M. EqualOpportunityandAffirmativeAction
1. DiscriminationagainstProtectedClasses
2. NondiscriminationnotificationContractclause
3. AffirmativeActionPlan
4. EmploymentDiscriminationPreventionTraining
N. ReductionsinForce
O. FamilyMedicalLeaveAct(FMLA)of1993
P. ImmigrationReformandControlActof1986
Q. UTFlex,IRC125
R. DeferredContributionPlan
S. AnnualORPParticipationReport
T. Chapter821,etseq.,TexasGovernmentCode
U. TaxShelterAnnuityPrograms(TSAP)
V. Repositoryforfacultycredentialfolders
W. FacultyVisas
VI. FinancialManagement
A.
B.
C.
D.
Organization&Management
Budgeting&Planning
BudgetMonitoring&Review
AccountsPayable
1. Issuanceof1099and1042FormsforVendorPayments
2. PromptPayment
3. VendorPayments
E. PayrollManagement
1. MandatoryGarnishmentsforTaxLevies,Bankruptcies,ChildSupport&Student
Loans
2. ChildSupportEnforcementRequirements
3. VoluntarySalaryDeductions(i.e.SavingsBonds,Annuities,UTFlex)
4. Withholdingoftaxesfromemployeewagesandtimelydeposits
5. NonresidentAlienTaxation
6. FederalTaxReporting
7. IRSCode117,amendedbyTaxReformAct&TMRAof1988
8. RetirementContributions
9. TRSReportingandTransmittaloffunds
10. ORPcollectionoffunds,transmittaloffundsandreporting
F. AccountingProcedures&InternalFinancialControls
G. Reporting(regulatory&management)

Attachment A
H.
I.
J.
K.
L.
M.
N.
O.
P.
Q.
VII.
A.
B.
C.
D.
E.
F.
G.
H.
VIII.
1. ReportingRequirements
2. PreparationofQuarterlyStateAuditorFullTimeEmployeeReport
3. AnnualFinancialReport
4. SPAtoAFRReconciliation
5. UnclaimedPropertyManagementandReporting
6. CodingofAccounts
7. ControlofNonStandardorNonRecurringJournalEntries
SegregationofDutiesandReconciliationofAccounts
ApprovalofImproper/ErroneousDisbursementsbyProcessingUnits
ConflictofInterestandFinancialDisclosure
LiquorLicense
TravelManagementServices
EmergencyLoanProgrammanagement,fundingandcollection
InterestAllocation
StudentGeneralPropertyDeposit
RedFlagRules
Asset&RiskManagement
CashManagement/InvestmentManagementStrategies
Endowments&Gifts
InvestmentManagement,InvestmentStrategies,andPublicFundsInvestmentAct
FixedAssetManagement,TrackingandCounting,Reporting&SurplusProperty
InsuranceCoverage,RiskManagement,Safety,andWorkersComp
BondedIndebtednessandIssuance
TuitionandFeesManagement
1. MgmtofCollectiononOverdueStudentReceivables&NSFChecks
2. AccountsReceivableTuitionandFeesCollectionProcess
3. FeesAllocation&Justification
Purchasing&Warehousing
A.
B.
C.
D.
E.
F.
G.
H.
I.
Organization&Staffing
Policies&Procedures
BidandContractingProcesses
SpecialProceduresContracts
Leases
BestValueYellowPagesTest
ProcurementCard
HistoricallyUnderutilizedBusinessProgram
PurchasingEthicsandConflictofInterest
1. VendorSelection
J. ProcurementofConsultingServices/ProfessionalServices

Attachment A
K. ProcurementPlanReport
L. UniversityRecordsRetentionandDestruction
M. ContractPerformanceMonitoringContractsover$100,000
IX. InformationTechnology(doesnotincludeenduserapplications)
A. PlanningandOrganization
1. StrategicPlanningandTechnologicalDirection/Planning
2. Organization(Communication,Relationships,HumanResources)
4. CompliancewithExternalRequirements
5. ProjectManagement
6. QualityManagement
B. AcquisitionandImplementation
1. AcquireandMaintainApplicationSoftware
2. AcquireandMaintainTechnologyInfrastructure
C. DeliveryandSupport
1. DefineandManageServiceLevels
2. ManagePerformanceandCapacity
3. ManageFacilities
4. ManageProblemsandIncidents
5. ManageData
D. Monitoring
1. ProcessMonitoring
E. SecurityforITDepartment
1 SystemandInfrastructureSecurity(SecurityofSensitiveData)
2 AdequacyofControls(ApplicationSecurity)
F. OffsiteBackupRestoration
X. UniversityRelations&AlumniAffairs
A. Community&AlumniInvolvement
1. Partnerships
2. DevelopmentOffice
3. AlumniRelationsOffice
4. Printed&ElectronicCommunications
B. Public&MediaRelations
C. PublicService
1. Relevance&ImpactofProgramstoState&LocalCommunity
2. ArtGalleries
3. CentennialMuseum
D. GovernmentalRelations

Attachment A
XI. PlantOperation&Maintenance
A. FacilityPlanning(long&shortrange)
B. RenovationsandRepairs
C. SpaceUsageEfficiency
D. MaintenanceOperations
E. CustodialServices
F. TransportationMotorPool
G. ConstructionProgramManagement
H. LandscapingandGrounds
I. Utilities/EnergyManagement
J. WarehouseOperations
K. FacilitiesManagement(DonHaskins&SunBowl)
L. ContractedOutsideServices
XII.
AuxiliaryandServiceDepartments
A. Housing
1. Availability
2. Quality
3. Cost&Services
4. Facilities
5. Health&Safety
6. Administration/Fiscal
B. Printing&Copying
C. MailServices
D. UnionServices
E. SpecialEvents
F. TicketCenter
XIII. EnvironmentalHealthandSafety
A. LaboratorySafety
B. NFPALifeSafetyCode(FireSafety)
C. EPAResourceConservationRecoveryAct(TNRCCHazardousWasteRules)
D. ControlledSubstances
E. PrecursorChemicalsControlledGlassware
F. BureauofRadiationControlRadioactivematerials
G. TDH/PCBAsbestosRulesToxicSubstanceControlAct
H. BureauofRadiationControlLaserRegulations
I. BureauofRadiationControlRadiationMachines
J. CleanAirAct(AirEmissions)
K. TNRCC(StormWaterRunoff)CleanWaterAct
L. SelectAgentRule
M. TexasWorkersCompensationAct
N. HazardousMaterialsShippingrequirements(IATA,DOT,FAA)

Attachment A
O. BSL3Oversight
P. DHSAntiterrorismStandards
XIV. IntercollegiateAthletics
A. InstitutionalControlAthletics
1. ExtraBenefits
2. FinancialAidandFederalFinancialAidRegulations
3. PlayingandPracticeSeasons
4. Recruiting
5. Education
6. Infractions
7. SummerCamps
8. Amateurism
9. EligibilityofAthletes
10. StudentWelfare
11. GenderEquity
B. AdministrationAthletics
1. LicensingandTrademarkLaws/Ethicsandsystemviolation
2. AthleticDepartmentCertification
3. AnnualConferenceComplianceAudit
4. EmploymentContractsandConductofEmployees
5. DepartmentP&PManualAthletics
6. AnnualFinancialAudit
7. NCAAHomeFootballAttendance
XV. InformationResourcesUseandSecurity
A. AdministrativeManagementControls
1. AssignmentofResponsibilities
2. PeriodicReviewofSecurityControls
3. IncidentResponseCapability
4. SecurityandTechnicalTraining
5. SystemAuthorizationandReauthorizationProcedures
6. AccessAuthorization,PersonalClearance&TerminationProcedures
7. SystemorApplicationSecurityPlan(DataCriticality,Backup&DisasterRecovery)
B. OperationalControls
1. PhysicalSecurity(AccessControls&ContingencyOperations)
2. EnvironmentalControls
3. DesktopUseandSecurity
4. Documentation
C. TechnicalControls
1. Identification
2. DataIntegrity

Attachment A
D. TAC202
1. RiskManagement
2. PasswordManagement
3. SeparationofDuties
4. DeviceandDataMediaAccessandDisposal
5. LogicalAccessControls
6. Audittrails
7. Intrusiondetection
E. UTS165
1. TransmissionSecurity
2. Solicitation,UseandMaintenanceofSocialSecurityNumbers
3. DecentralizedServers
F. PCICompliance
G. CloudComputing
H. DigitalResearchData
XVI. UniversitySecurityandPoliceDepartment
A. TheCleryAct
B. EmergencyResponsePlans
XVII. InstitutionalComplianceProgram
A. ComplianceProgramComponents/Activities
B. SpecificComplianceHighRiskAreas

Appendix A
$417,609,972 FY13 INSTITUTIONAL BUDGETED EXPENDITURES
8.8 FY13 BUDGETED AUDITORS GROSS OF VACANCIES
Fiscal Year 2013 Audit Plan
FY 2013 Audit Plan
Audit/Project
Budgeted
Hours
% of
Total
Description
Financial
UT System or Externally Required Audits
Annual Financial Report:
AFR 2012 Year-end
AFR 2013 Interim
PeopleSoft Implementation
President's Travel and Entertainment Audit
KTEP FM Radio Station
Joint Admission Medical Program (JAMP)
Year-end/Periodic Cash Counts
Risk Based Tier One: Institutional Processes
PeopleSoft Readiness - Segregation of Duties and
Reconciliation of Accounts
Required annual audit support under "Reporting (Regulatory & Management)

350
125
800
125
20
50
100
Support to the PeopleSoft implementation team locally and system-wide

UT System required annual audit
Support to external auditor
Required audit by JAMP
Recurring annual audit. May consider interim testing for selected accounts.
350
To ensure readiness for PeopleSoft implementation, sample and test to determine level
of diligence and readiness
Risk Based Tier Two: Auditable Areas

Payroll Management-Supplemental Payments
200
Limited to Supplemental Payments per discoveries on FY 2012 Payroll audit
Management Requests - Financial
150
Various periodic audits, reviews or projects as requested by management
Carry-forwards:
Contracts & Grants Accounting
Procurement Card
40
25
Contracts & Grants Accounting audit from FY 2012.

Carry-forward from FY 2012. Will include follow-up.
Financial Subtotal
2335
21%
Operational
Management Travel/Entertainment
250
Establish on-going program to sample of Executive and Management travel

reimbursements.

Tech Transfers, Licensing & Equity
International Agreements
Export Controls
Facilities Maintenance Operations (Safety)
Student Health Services
Student Records
250
100
150
200
300
300
Purchasing - Contract Performance over $100K

Fees Management
Faculty Visas
200
300
250
Include tech transfers, licensing, equity positions - ORSP

Assess processes, controls and monitoring of international agreements
Export Controls
Focus on safety protocols, training and safety record.
Emphasis on quality controls, vaccines & refrigeration, etc.
Validate controls sufficient to justify "Low" probability and review historical areas
(grades, etc.)
Validate controls for projects > $100,000 are sufficient to justify "Low" probability
Fees only. Emphasis on course, major fees and course fee surpluses.
Comprehensive review stimulated by historical/ongoing issues
Risk Based Tier Two: Auditable Areas

Sub-recipient monitoring-Expenditures
300
Effort Reporting
300
Combined audit of Sub-recipient monitoring - programmatic and monitoring of

expenditures
Limited to effort reporting by Principal Investigators
Key Changes (CIM)
350
Annual Change-In-Management audits may also include other "key" employees
Management Requests-Operational
100
Carry-forwards:
Health Sciences
Utilities. Energy Management
Bio Safety Level 3 Lab Oversight
270
50
60
2nd tier focused on Program Accreditation (HM)

Operational Subtotal
3730
34%

Appendix A
$417,609,972 FY13 INSTITUTIONAL BUDGETED EXPENDITURES
8.8 FY13 BUDGETED AUDITORS GROSS OF VACANCIES
FY 2013 Audit Plan
Audit/Project
Budgeted
Hours
% of
Total
Description
Compliance
Fed Portion of Statewide Single Audit (assistance to
SAO)
NCAA Football Attendance Audit
Emergency Management (UTS 172)
20
Recurring annual support to State Auditor's Office
50
300
NCAA Football Attendance audit

Audit required by UTS 172-Emergency Management

Conflicts of Interest - Business/ORSP
Endowments & Gifts
350
200
Financial Aid- Continuous Monitoring
400
Address campus-wide policies and risk of non-disclosure.

Validation of controls over endowments and scholarship accounts. Emphasis on
discretionary funds.
Employ CAATS on 100% of population and assist with continuous monitoring set-up
Family Education Rights & Privacy Act (FERPA)

Clery Act
200
150
International Student Workers
200
Emphasis on information collection outside of Registration and Records Office

Review of reporting accuracy and completeness including incidents from off-campus
entities
Audit of student employees' eligibility to work and visa requirements
Management Requests-Compliance
150
Carry-forwards
THECB Facilities Audit
Research Compliance
Faculty-authored Textbooks
50
200
50
Carry-forward from FY 2012, related to THECB facilities audit.

Multi-faceted review of research compliance as mandated by UT System
Continuation of follow-up on implementation of recommendations
Compliance Subtotal
2320
21%
Information Technology
Laptop Encryption
TAC 202 Information Security
IT Inventory
250
400
200
Follow-up and validation of encryption project mandated by UT System

Comprehensive, required audit
Audit of inventory control processes and monitoring for fungible IT assets

Offsite Back-up Restoration
Continuous Monitoring
300
160
Assess Policies & Procedures, readiness to respond and best practices

Pilot data-driven continuous monitoring program using best available data sources, tool
& techniques
Management Requests-IT
100
25
Carry-forward from FY 2012 regarding shared decisions for select maintenance

accounts
Carry-forward
Administration and Management Controls
Information Technology Subtotal
Follow-up
Carry-forward Accounts Payable
1435
500
13%
Normally occurring follow-up reviews as determined by prior recommendation
implementation dates
Follow-up audit carry-forward from FY 2012
25
Follow-up Subtotal
525
5%
Projects
Annual Internal Audit Report
Annual Reviews/Evaluations
Annual Risk Assessment/Audit Plan
Institutional Compliance Committee
Internal Audit Committee
Quality Assurance Review - Follow-up
Quality Assurance Review- Other Audit Departments
Training Provided by IA
UT System Strategic Initiatives (three projects)
Projects Subtotal
Total Hours
30
40
150
10
80
40
50
40
150
590
10935
5%
100%

Appendix B
Institutional Risk Assessment
INSTITUTIONAL
# ACTIVITIES
11 Plant Operations &
Maintenance
RISKS
1
HM Maintenance
Operations
2
HM Utilities/Energy
Management
3
MMConstruction
Program
Management
4
MMContracted Outside
Services
5
MMCustodial Services
6
7
8
MMTransportation-Motor ML Facilities
ML Facility Planning
Pool
Management (Don
(long & short range)
Haskins & Sun Bowl)
9
ML Renovations and
Repairs
10
ML Space Usage
Efficiency
2 Instruction &
Academic Support
HM Tuition and Fees

HM Export Control
Management
Licensing International Traffic in
Arms Regs. (ITAR)
HL Health Sciences
MMAccreditation/Instituti MMCore Curriculum

onal Effectiveness
LM Course Scheduling & LL Academic

Availability
Agreements
LL Faculty
LL Instructional &
Academic
Technology
LL Library
4 Student Services
HH Student Health
Services
HL Financial Aid
HL Family Educational
Rights and Privacy
Act (FERPA)
HL Student Records
MMCounseling Center
ML Outreach
ML Registration
Processing
ML SB1414-Student
Camps
5 Human Resource
Management
HM Faculty Visas
MH Performance
Appraisal System
MMDependent Eligibility MMAppointment of

Relatives
MMClassification and
MMCriminal Background MMEmployee Relations MMEqual Opportunity
Salary Administration
Verifications
& Grievance Process
MMHiring Practices (non- MMImmigration Reform

faculty)
and Control Act of
1986
14 Intercollegiate
Athletics
HM AdministrationAthletics
HM Institutional ControlAthletics
n/a
n/a
n/a
15 Information
Resources Use and
Security
HM PCI Compliance
MMTAC 202
MMAdministrative/Manag
ement Controls
Cloud Computing
MMDigital Research
Data
MMOperational Controls MMTechnical Controls
MMUTS 165
n/a
n/a
HL Laboratory Safety
MMPrecursor Chemicals ML Bureau of Radiation

Controlled Glassware
Control-Laser
Regulations
ML Bureau of Radiation
control-Radioactive
materials
ML DHS Antiterrorism
Standards
ML Select Agent Rule
HL Contract
Performance
Monitoring over
$100,000
MMPurchasing Ethics
and Conflict of
Interest
ML Leases
LL Best Value Yellow

ML Review and
ML Procurement of
Pages Test
Evaluation of Bid and
Consulting and
Contracting Process
Professional Services
LM EPA Resource
Conservation
Recovery Act
(TNRCC Hazardous
Waste Rules)
LL Miner Mall
13 Environmental Health HM BSL3 oversight

and Safety
n/a
8 Purchasing
HM Procurement Card
6 Financial
Management
HM Segregation of Duties MMAccounts Payable

and Reconciliation of
Accounts
9 Information
Technology
HM Offsite back-up
restoration
MMSecurity for IT
Department
ML Delivery and Support LL Acquisition and

Implementation
3 Research &
Development
HL Animal Research
M Financial Issues
M
M Other Agreements
M
1 Governance &
Leadership
7 Asset & Risk
Management
HL Office of the
HL Legal Services
M Governance
President
M
ML Insurance Coverage,
HL Endowments & Gifts M Organization &
Risk Management
M Management-Asset
and Safety
& Risk Management
16 University Security
HL Emergency
ML The Clery Act
and Police
Response Plans
Department
10 University Relations ML Community & Alumni ML Public Service
& Alumni Affairs
Involvement
12 Auxiliary and Service ML Union Services
LM Mail Services
Departments
ML Historically
Underutilized
Business Program
HL Enrollment
Management
n/a
MMAccounting
MMBudget Monitoring & MMOrganization &
Procedures & Internal
Review
ManagementFinancial Controls
Financial
Management
n/a
LL Governmental
Relations
LM Printing & Copying
n/a
M Human Subject
M Research
ML Internal and External ML Internal

ML Organization
Auditing
Communications
Structure
LL Contract
LL Bonded Indebtedness LL Cash
Performance
and Issuance
Management/Investm
Monitoring over
ent Management
$100,000
Strategies
- n/a
- n/a
- n/a
LL Public & Media

Relations
LL Bookstore
n/a
LL Food Services
n/a
ML NFPA Life Safety

Code (Fire Safety)
LM Payroll Management LM Conflict of Interest

and Financial
Disclosure
LL Information
LL Monitoring
Technology Planning
and Organization
M Technology Transfers M Sponsored Projects

M
M
MMStudent Grievances
n/a
n/a
n/a
LM Hazardous Materials
Shipping
requirements (IATA,
DOT, FAA)
LL Organization &
Staffing
LL Reporting (regulatory LL Approval of

& management)
Improper/Erroneous
Disbursements by
Processing Units
LL Budgeting & Planning
n/a
n/a
n/a
M Proposal
M Development
ML Conflict of Interest in ML Proposal Review

Sponsored Research
ML Research Ethics and

Integrity
n/a
n/a
n/a
n/a
LL Fixed Asset
Management &
Surplus Property
LL Tuition and Fees

Management
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
LL Hotel - Ground Lease LL Housing
LL Special Events
LL Ticket Center
Legend:
HH, HM
HL, MH
MM, ML, LH
LM, LL
Planned
Carry forward
=
=
=
=
=
=
Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
Manage and Monitor (all Levels of Control but no traditional audit)
Monitor (only Execution Controls & Supervisory Controls)
Accept (accept the risk and have no controls)
Included in Fiscal 2013 Audit Plan
Carried forward from Fiscal 2012

Appendix C
Research Risk Assessment
REASEARCH
# ACTIVITIES
1 Financial IssuesGrants & Contracts
Management
RISKS
1
HH Sub-recipient
monitoringExpenditures
2
3
HM Financial Reporting HM Grants-Accounts
to Granting Agencies
Receivable Billing
4 Sponsored Projects
HM Effort Reporting
MH Sub-recipient
MonitoringProgrammatic
3 Human Subject
Research
HL Institutional Review
Board (Protection of
participants)
2 Animal Research
4
MMARRA Reporting
5
MMCost Sharing
6
7
MMCost Transfers-Effort MMRecords
Reporting
Management C&G
8
LL Cash Management
9
LL Facilities &
Administrative Cost
Accounting
MMCoordination of gifts
and grants with
Development Office
MMDigital Research
Data
MMPreparation of
certifications &
assurances
ML Back door awards
ML Negotiation of
Agreements
LM Research and
Sponsored Projects
Metrics
LL OGC Guidelines for

contracts and
subcontract
HL Preparation of
certifications &
assurances-IRB
HL Protection of
Research
LL Protection of
Researcher
n/a
n/a
n/a
n/a
n/a
HL Preparation of
certifications &
assurances-IACUC
MMBSL3 Usage
MMVeterinarian Services ML Institutional Animal

Care and Use
Committee
n/a
n/a
n/a
n/a
n/a
9 Other Agreements
MH International
AgreementsResearch Related
MMMemorandums of
UnderstandingResearch Related
MMProcessing Affiliation Agreements with

Outside Agencies
n/a
n/a
n/a
n/a
n/a
n/a
5 Proposal Review
MH Cost Estimates
ML Eligibility for
LL Proposal Compliance submitting proposals
n/a
n/a
n/a
n/a
n/a
n/a
ML Identification and
Notification of
Funding
Opportunities
ML Proposal
Development
Services
10 Proposal
Development
ML Research
Communication
n/a
n/a
n/a
n/a
n/a
n/a
11 Conflict of Interest in SML Conflict of Interest in Sponsored Research
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
6 Research Ethics and ML Research Ethics and Integrity

Integrity
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
7 Technology Transfer
LM Equity positions in
startup companies
LL Intellectual Property
Policy
LL Invention Discloser
LL Licensing and
material transfer
agreements
LL Non-Disclosure
Agreements
LL Royalty Auditing
n/a
n/a
n/a
8 Training
LL Training
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Legend:
HH, HM
HL, MH
MM, ML, LH
LM, LL
Planned
Carry forward
=
=
=
=
=
=

Appendix D
IT Risk Assessment
IT
# ACTIVITIES
11 XV UTS165
6 IX Offsite back-up
restoration
12 XV PCI Compliance
RISKS
1
2
HM Transmission
MMDecentralized
Servers
Security (Encryption
and Data Integrity)
3
MMSolicitation, Use and Maintenance of
Social Security
Numbers
HM Offsite back-up
restoration
n/a
n/a
HM PCI Compliance
n/a
n/a
MMAssignment of
7 XV
MMAccess
Authorization,
Responsibilities
Administrative/Manag
Personnel Clearance
ement Controls
& Termination
Procedures
MMIntrusion Detection
10 XV TAC 202
MMAudit Trails
8 XV Operational
Controls
MMDesktop Use and

Security
MMDocumentation
3 IX Delivery and
Support
MMManage Performance ML Manage Data

and Capacity
1 IX Information
MMProject Management ML Compliance with
External
Technology Planning
Requirements
and Organization
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
MMPeriodic Review of
Security Controls
MMSecurity and
Technical Training
MMSystem Authorization MMSystem or

ML Incident Response
and Reauthorization
Application Security
Capability
Procedures
Plan (Data Criticality,
Back up, & Disaster
Recovery)
MMRisk Management
MMSeparation of Duties ML Device and Data
Media Access and
Disposal
MMLogical Access
Controls
MMPassword
Management
MMPhysical Security
(Access Controls &
Contingency
Operations)
ML Environmental
Controls
ML Manage Problems
and Incidents
LL Define and Manage

Service Levels
ML Financial
Management
n/a
n/a
n/a
LL Manage Facilities
n/a
n/a
LL Organization
(Communication,
Relationships,
Human Resources
LL Strategic Planning
and Technological
Direction/Planning
n/a
n/a
9 XV Technical
Controls
MMData Integrity
n/a
n/a
n/a
n/a
n/a
5 IX Security for IT
Department
MMSystem and
ML Adequacy of Controls Infrastructure
(Application Security)
Security (Security of
Sensitive Data
n/a
n/a
n/a
n/a
n/a
2 IX Acquisition and
Implementation
ML Acquire and Maintain ML Acquire and Maintain Application Software

Technology
Infrastructure
n/a
n/a
n/a
n/a
n/a
13 XV Cloud Computing M
M
14 XV Digital Research M
Data
M
4 IX Monitoring
LL
MMIdentification
4
n/a
Cloud Computing
n/a
n/a
n/a
n/a
n/a
n/a
Digital Research
Data
Process Monitoring
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Legend:
HH, HM
HL, MH
MM, ML, LH
LM, LL
Planned
Carry forward
=
=
=
=
=
=

Appendix E
High Risks Not Covered
Tier One and Tier Two - Red Risks NOT Covered in Audit Plan for FY 2013
Ranking
Risk
Explanation/Mitigation
Internal Audit Action
HM
Utilities/Energy Management
Audit in progress, carried forward to 2013
Complete audit
HM
BSL3 Oversight
Complete audit
HM
Procurement Card
Complete audit
HM
PCI Compliance
Weaknesses identifed and being addressed by subject matter experts Reassess in 2013
HM
Institutional Control - Athletics
Reliance on external auditors including UT System
Reassess in 2013
HM
Administration - Athletics
Reliance on external auditors including UT System
Audit NCAA Football attendance

Appendix F
Available Audit Hours
Director
Audit & Project
General Administration
Training/CPE
Holidays
Vacation & Sick Leave
Total Hours
Managers &
Supervisors
Staff
Total
1,100
2,921
6,914
10,935
70%
592
96
104
188
473
192
208
366
825
578
473
674
1,890
866
785
1,228
12%
6%
5%
8%
2,080
4,160
9,464
15,704
100%
Note: The total hours are based on 7.55 budgeted positions net of 1.25
estimated vacancies at the staff level.

Appendix G
Audits
President
Intercollegiate Athletics
FY 2008
FY 2009
FY 2010
FY 2011
FY 2012
A/S
A/S
A/S
A/S
A/S
F-Follow Up Audit
A-All Other Audits

S-Special Requests
E-External Audits
Legend: I-Inventory Audit

P-Hourly Payroll Audit
C-Internal Control Audit
-Athletics Receivables
-Athletics Summer Camps
-Athletics Business Plan
President's Office
Provost
Academic Affairs
College of Business Administration
-Accounting
-Economics and Finance
-Information and Decision Sciences
-Marketing and Management
-Dean's Office
College of Education
-Teacher Education
-Educational Leadership
-Educational Psychology
-Dean's Office
College of Engineering
-Civil Engineering
-Computer Science
-Electrical and Computer Engineering
-Engineering Programs
-Mechanical and Industrial Engineering
-Metallurgical and Materials Engineering
-Dean's Office
College of Health Sciences
-Continuing Education in Nursing
-Institute for Border Health
-School of Allied Health
-Kinesiology Department
-School of Nursing
- Occupational Therapy
- Physical Therapy
-Student Health Center
-Dean's Office
College of Liberal Arts
-African-American Studies
-Art
-Asian Studies
-Chicano Studies
-Communication
-Criminal Justice
-English
-History
-KTEP-FM Radio Station
-Languages and Linguistics
-Military Science
-Music
-Oral History
-Philosophy
-Political Science
-Psychology
-Religious Studies
-Social Work
-Sociology and Anthropology
-Theatre Arts
- Western Cultural Heritage
-Women's Studies
-Dean's Office
College of Science
-Biological Sciences
-Chemistry
-Geological Sciences
-Mathematical Sciences
-Physics
-Dean's Office
University College
Graduate School
Technology Planning and Distance Learning
Center for Law and Border Studies
VPAA's Office
Enrollment Services
-Financial Aid
-Registrar's Office
-Undergraduate Admissions and Recruitment
-Texas Success Initiative
JAMP
A
F
S
A
S
E
S
F
E
F

Appendix G
Audits
VPRSP
FY 2008
FY 2009
FY 2010
FY 2011
FY 2012
-Center for Environmental Resource Management

-Center for Study of Western Hemispheric Trade

-IM3/Texas Center
-MIE
-NSF/USI
Norman Hackerman ATP
-TAME
-TMAC
-Americorps
-Socorro Mission Restoration
-Human Subject Research
-Animal Research
-Time & Effort Reporting
-Contracts & Grants Accounting
-Cost Sharing
Export Controls
-Sub-recipient Monitoring of Grants
Ctr for Defense Systems Research and Nat Ctr for Border Sec & Imm
VPRSP's Office
F
F
F
A/F
A
A

F-Follow Up Audit
A-All Other Audits
S-Special Requests
E-External Audits
A
A
A
A
F
A
E
E
A
S
VPBA
Annual Financial Report
-Accounts Receivable
-Auxiliary Enterprise Fund
-Gifts
-Investments
-Tuition and Fees
-Year End Inventory and Cash Counts
Auxiliary Services and Continuing Education
-Food Services
-Various Cash Counts
-Inventory Count
-Professional and Continuing Education
-Special Events and Union Programs
-University Bookstore
-University Ticket Center
Facilities Services
-Accounts Payable
-Budgeting Office
-Contracts and Grants Accounting
-General Accounting
-Payroll
-Conflict of Interest
-Student Business Services
ARRA
Purchasing and Materials Management
-Mail Services
-Procurement Card
-Print Shop
Miner Mall
-Contract and Bid Processes
VPBA's Office
S
S
F/A
S/I
S
S
S
A
F
A
A
A
EVP
Institutional Advancement
-Alumni Relations
-Scholarships
-University Development
-University Communications
-University Relations
-Conference Services
Human Resource Services
-Faculty Visas
Dependent Eligibility
Institutional Compliance
-Contracts and Grants
-Financial Aid
S
A
A
A
F
A
A
-Intercollegiate Athletics
-WAC Review/CUSA Review
-Segregation of Duties and Reconciliation of Accounts
-Student FICA
-Institutional Compliance Office
-Fixed Assets
Auditing and Consulting Services
Environmental Health and Safety
University Police
Emergency Management Plan
VPIA's Office
Equal Opportunity/Affirmative Action Office (EO/AA)
A
A/E
A/E
A
A/S
A
F
F

Appendix G
Audits
VPSA
FY 2008
Outreach Programs
FY 2009
FY 2010
FY 2011
FY 2012
Student Development
-Counseling Services
-Dean of Students Office
-Student Publications
-Housing System
-International Programs
-PASE Program
-Study Abroad Program
-Recreational Sports
-Student Government Association
-Student Development
Union Services
F
A

F-Follow Up Audit
A-All Other Audits
S-Special Requests
E-External Audits
F
S
Student Support Services
VPSA's Office
VPIRP
-Digital Media Center
Library
-Library Copy Center
-CIO
-Information Technology Services
-Customer Technology Services

-Networking and Telecommunication Services
-General Controls
-Goldmine (Student Information System)
-IT Travel
-IT Furniture
-IT Change Management
-IT Security
Payment Card Industry
Digital Research Data

Server Inventory
Center for Institutional Evaluation Research and Planning

Fiscal Year 2013 Internal Audit Annual Report
Approved Changes to the FY 2013 Audit Plan
TheUniversityofTexasatElPaso
OfficeofAuditingandConsultingServices
ModificationstoFiscal2013AuditPlan
ProjectsNotStartedasofMay31,2013
AnnualFinancialReport(AFR)Audit
PeopleSoftImplementationandControls
Allotheraudits
OriginalAuditPlan
I9Forms*
FinancialAid(Stipends)*
PartofTerm*
SpecialRequests*
OtherAdditions
ConflictsofInterestBusiness/ORSP**
FacultyauthoredTextbooks**
FacilitiesMaintenanceOperations(Safety)**
StudentHealthServices**
EffortReporting**
OffsiteBackupRestoration**
PayrollManagementSupplementalPayments**
KeyChangesMuseum***
StudentRecords***
SubrecipientMonitoringExpenditures***
TechTransfers,Licensing&Equity***
PurchasingContractsover$100K***
Endowments&Gifts***
ExportControls***
InternationalAgreements***
Followups***
OtherAdjustments
Project
Hours
350
800
9,785
10,935
250
150
250
250
900
350
50
200
300
300
300
200
350
300
300
250
200
200
150
200
100
5,550
ModificationstoPlan(additions)
ModificationstoPlan(deferredorcarriedforward)
Carried
In
Additions Deferred Forward Progress
530
740
830
2,100
250
150
250
250
900
(350)
(50)
(200)
(300)
(300)
(300)
(200)
(250) 100
(200) 100
(200) 100
(150) 100
(150) 50
(150) 50
(50) 100
(50) 50
(100)
(1,700) (1,300) 650
3,000
(1,700) (1,300)
Comments
Increasedfrom350to880
Increasedfrom800to1541
8.48%netoverruns
Identifiedhighriskarea
Perleadershiprequests
Newprocessunderdevelopment
Newprocessunderdevelopment
Deprioritizedduetolowerrisk
Deprioritizedduetolowerrisk
Includedin2014Plan
Includedin2014Plan
Includedin2014Plan
Partiallycompleteinprogress
Nonearetimesensitive
*ApprovedbyInternalAuditCommitteeApril9,2013
**ApprovedbyInternalAuditCommitteeJuly9,2013
***NormalcarryforwardactivityatthediscretionofCAE.InternalAuditCommitteeadvisedJuly9,2013

II.
FY20122013ConsultingServicesandNonAuditServicesCompleted
Report No.
&
Date
12-11
05/02/2013
Report name
and
High-Level Audit Objective(s)
College of health Sciences (Selected

programs)
The focal points of this audit were to
determine whether:
the programs tested had current
program accreditations,
Observations/Findings and
Recommendations
Our audit results indicated

that all four selected
programs were in compliance
with applicable laws and
policies.
Current Status
(Fully
Implemented,
Substantially
Implemented
Fiscal Impact/ Other
Incomplete/Ongoin
Impact
g, or Not
Implemented)
with brief
description if not
yet implemented
Fully Implemented Enhances continuous
compliance with
rules, regulations,
policies and
procedures.
students met the program

compliance requirements,
laboratory inspections are current,
and
the laboratory facilities are
properly secured and available
only to authorized personnel.
12-23
09/18/2012
2012 End-of-Fiscal-Year Cash Counts

The objective of the year-end cash
count review is to verify the
existence and accuracy of the
authorized change funds reflected in
BIS at August 31, 2012.
Voucher reconciliation at the

Student Business Services
should be performed in a
timely manner.
Incomplete /
Ongoing
Discrepancies in
cash counts are to
be reviewed by
management and
resolved promptly
Reduces the risk of

errors and possibly
fraudulent activities.
13-14
07/09/2013
Emergency Management Plan (EMP)

The objective of the EMP audit was to
review the draft of the proposed plan
to determine whether it contains the
essential components to be compliant
with The University of Texas System
wide Policy 172 (UTS 172).
UTEP must incorporate all

remaining elements of
National Incident
Management System into the
UTEP EMP to remain
compliant with UTS 172.
Incomplete /
Ongoing
There currently is a
University Training
proposal being
finalized.
Personnel at each
department need to
complete the
assigned training.
Enhances compliance
with the proposed
EMP.

13-17
03-19-2013
Professional Nursing Shortage

Reduction program (PNSP)
The objectives of this audit was to
determine if the Program is in
compliance with University policies
procedures and the THECB allowable
cost guidelines.
Special
Request
02/14/2013
Review of sales of USB or Flash

Drives by University Writing Center
The objective of this project was to
determine whether sales of USB drives
were occurring, and if so, to determine
whether those sales are in compliance
with applicable policies and
procedures for on-campus sales.
Special
Request
04/2013
to
08/2013
PeopleSoft Process Mapping (Various

Departments)
The objective of this project was to
help each participant department to:
Identify the cross-functional
process manager(s)
Identify the cross functional/cross
organizational team
Map the flow of key departmental
operations to aid management in
recognizing and understanding
risks/deficiencies
Find controls to mitigate risks and
to enhance operational efficiency
and effectiveness.
The PNSP at UTEP is in

overall compliance with
policies and procedures and
THECB guidelines.
Fully implemented
Institution is in
compliance with
rules, regulations,
policies and
procedures.
The sale of USB Drives by

the University Writing Center
was not in compliance with
allowable on-campus
solicitation requirements.
Fully implemented
Institution and
departments are in
compliance with
rules, regulations,
policies and
procedures.
Risks and inefficiencies have

been identify by
management.
Incomplete /
Ongoing
Management
started to
implement controls
to mitigate risks in
preparation for the
full implementation
of PeopleSoft.
Enhances operational
and fiscal
effectiveness, reduces
inefficiencies and
mitigates risks.
III.
ExternalQualityAssuranceReview
EXECUTIVESUMMARY
InaccordancewithTheIIAInternationalStandardsfortheProfessionalPracticeof
Internal
Auditing(Standards),theUniversityInternalAuditingCharterandasdirectedbythe
Directorof
AuditingandConsultingServices,weconductedaqualityselfassessmentoftheinternal
auditactivityoftheUniversityofTexasatElPaso(UTEP)OfficeofAuditingand
Consulting
Services(OACS)inpreparationforvalidationbyanindependentassessor.Our
conclusionisthattheOACSInternalAuditfunctiongenerallyconformswithTheIIA
Standardsforthe
ProfessionalPracticeofInternalAuditing(Standards),theU.S.Government
Accountability
OfficesGovernmentAuditingStandards,theIIACodeofEthics,andtheTexasInternal
AuditingAct.Ourconclusionisbasedoncompletionofaselfassessmentusingthe
MasterPeer
ReviewProgramdevelopedbytheTexasStateAgencyInternalAuditForum(SAIAF),
guidancesetforthintheIIAQualityAssessmentManualfortheInternalAuditActivity,
6thedition,andthereviewoffoursetsofworkingpapersusingtheSAIAFWorking
PaperReviewTool.The
IndependentValidatorsconcurwithourconclusion,asnotedintheattached
Independent
ValidatorsStatement.TheperiodreviewedfortheselfassessmentwasSeptember1,
2010throughMarch31,2011.Aspartofourcommitmenttocontinuousimprovement,
duringtheselfassessmentweidentifiedopportunitiestoenhanceourprocessesand
documentation,andhaveidentifiedtheminthefinalsectionofthisreportentitled
OpportunitiesforImprovement.
TheIIAQualityAssessmentManualsuggestsascaleofthreeratings,generally
conforms,partiallyconforms,anddoesnotconform.GenerallyConformsisthe
topratingandmeansthatanIAactivityhasacharter,policies,andprocessesthatare
judgedtobeinconformancewiththeStandards.PartiallyConformsmeans
deficienciesinpracticearenotedthatarejudgedtodeviatefromtheStandards,but
thesedeficienciesdidnotprecludetheIAactivityfromperformingitsresponsibilitiesin
anacceptablemanner.DoesNotConformmeansdeficienciesinpracticearejudgedto
besosignificantastoseriouslyimpairorprecludetheIAactivityfromperforming
adequatelyinallorinsignificantareasofitsresponsibilities.
OPPORTUNITIESFORIMPROVEMENT
Ourselfassessmenthelpedidentifythefollowingareaswherepracticesand/or
documentationcouldbeenhanced:
TimelinessofDirectorWorkpaperFinalApprovals:
Duringthecourseoftheselfassessment,itwasnotedthataftertheprojectleadhad
completedthedetailedreviewofaproject,thedirectorfinalapprovalsoftheprojects
werenotcompletedonatimelybasis.Forthefourspecificprojectsreviewed,the
planning,fieldwork,andreportingsectionswerenotformallyapprovedinTeamMate
untilafterthereportwasissued.
ManagementResponse:
Staffandmanagementaremakingconcertedeffortstotimelycommunicatedatesand
availabilityofsectionsreadyformanagementreviews.Inthefuture,qualityassurance
andfinalreviewsbytheDirectorwillbeperformedonamoretimelybasisandpriorto
reportissuance.
AuditCycleTime:
Fourprojectswerereviewedduringtheselfassessment.Basedontheworkperformed,
itwasnotedthatthelengthoftimebetweenwhentheengagementnotificationwas
sentandthereportpublishedaveragedfourmonthsormore.
ManagementResponse:
AnewinternalpolicywasadoptedonJune30,2010whichprovidesrecommended
timelinestocompletevarioussectionsofanauditproject.Theoverallobjectiveisto
completeauditprojectsfromplanningthroughtheissuanceoftheauditreportwithina
tenweekperiod.Exceptionstothetimelinewouldbeincaseswheretheclienthas
requestedtheauditbedeferred/suspendedtoaccommodateuniquecircumstances
suchaselectronicsystemimplementationorenhancement,changesinpersonnelor
otherpriorityactivitiesrequiredoftheclientbyseniormanagementinwhichtheaudit
processwouldinterferewithotherclientactivities.Managementwillincrease
monitoringeffortstomorecloselymeettimelycompletiongoals.
CommunicatingResults:
Basedontheprojectsreviewed,threeofthefourfinalreportswerenotdistributedto
theappropriateexternalpartiesonatimelybasis.Thefourthreportreviewedwasa
followupreport,whichisnotdistributedoutsidetheuniversity.Werecommendthata
procedurebeaddedtoTeamMateintheReportingsectionrequiringtheleadauditorto
obtainandattachdocumentationverifyingtheactualdistributionofthereportto
externalparties.
ManagementResponse:
WeagreeandanewproceduralstepisbeingcreatedinTeamMatetoensurereports
aredisseminatedtoallappropriateexternalpartiesuponreleaseofthereportto
management.Theprocedurewillrequiresignoffbytheassignedseniorauditor
confirmingcopieshavebeendistributed.
DocumentationofConsultingandSpecialInvestigations:
Wedonothaveformalproceduresfordocumentingconsulting/specialrequestprojects.
Duringthefollowupreviewofthe2008selfassessment,aprojecttemplatewas
suggestedasadocumentationtool.Thecurrentreviewindicatedthetemplatehadnot
beenimplemented.Werecommendthatastandardizedprocessforconsulting/special
requestprojectsbemadeapriority.
ManagementResponse:
Weagreethatastandardizedprocessforconsultingandspecialprojectsshouldbe
developedandimplemented.WewilldevelopatemplateforuseinTeamMatewhich
willformalizetheprocess.
However,wewillcontinuetoperforminvestigationsoutsideofthenormalauditand
specialprojectenvironment,andspecificallyexcludethemfromTeamMate.
OrganizationalIndependenceandObjectivity:
BasedonthepreviousQARandsubsequentfollowupreview,thecurrentpracticeisfor
the
AuditDirectortoreportfunctionallytothePresidentandadministrativelytothe
ExecutiveVice
President.Inreviewingthecurrentorganizationalcharts,itwasnotedthattheDirector
hasafunctionalreportingline(solidline)totheExecutiveVicePresident.Thisshouldbe
changedtoadottedlinetoindicateadministrativereporting.Additionally,theHuman
Resources
ManagementSystem(HRMS)showstheDirectorasaprimaryreporttotheExecutive
Vice
President,withnosecondaryreport.ThisshouldberevisedtoshowthePresidentasthe
primary
reportandtheExecutiveVicePresidentasthesecondaryreport.
ManagementResponse:
EffortstomaketheorganizationchartandHRMScorrectionswillbeimmediately
initiated.
AssessmentofFraudRiskinthePlanningStage:
GovernmentAccountingStandard(GAS)7.30statesthatInplanningtheaudit,auditors
shouldassessrisksoffraudoccurringthatissignificantwithinthecontextoftheaudit
objectives.
Sincewedontcurrentlydocumentthisintheplanningstage,itisrecommendedthat
specificquestionsregardingfraudbeaddedtoourcurrentICQformtoindicateour
considerationoffraudriskforeachproject.
ManagementResponse:
WeagreeandwillincorporateintotheICQspecificreferencesandquestionsrelatingto
clientspecificknowledgeoffraudulentactivityanddeterminingtheextentofclient
recognitionoftheredflagsoffraud.
DefinitionofInternalAuditing:
Standard1010requiresthedefinitionofInternalAuditingtoberecognizedinthe
charteranditsuggeststhatthechiefauditexecutiveshoulddiscussthedefinitionof
Internal
Auditingwithseniormanagement.Thecurrentcharterdoesnotcontainthedefinition
of
InternalAuditing.Werecommendthatthecharterbemodifiedtoincludethedefinition
ofinternalauditingandthattheDirectordiscussthedefinitionwiththeAudit
Committeeatleastannually.
ManagementResponse:
ThecharterwillbemodifiedtoincludethedefinitionofInternalAudit.
CodeofEthics:
Thereiscurrentlynotaprocessinplacetorequiretheauditstafftoaffirmtheir
responsibilitiestoconformtotheIIACodeofEthics.Werecommendthattheaudit
projectobjectivitystatementbemodifiedtoincludethisaffirmationorthatanannual
acknowledgementstatementberequiredofallIAprofessionalstafftoacknowledge
theirresponsibilitiestoconformtotheIIACodeofEthics.
ManagementResponse:
Anacknowledgementstatementaffirmingeachstaffmembersresponsibilitytoconfirm
tothe
IIACodeofEthicswillbeaddedtotheprocessandincludedwiththeannualConflictof
Interest
Statementacknowledgedbyeachstaffmember.
FollowupActivity:
Implementamechanismtoensurefollowupproceduresareperformedinatimelier
manner.
Thiscanbeaccomplishedbyissuingquarterlyfollowupstatusreportscoveringmultiple
engagements.
ManagementResponse:
Changeshavebeenmadetotheexceptionstrackingdatabasetoensurethatfollowups
are
entered and responsibility has been assigned to more timely identify audits ready for
followup.
OVERALLCONCLUSION
TheUTEPOfficeofAuditingandConsultingServicesiscommittedtocontinuous
improvement.Theselfassessmentallowedustheopportunitytorevisitandimprove
ourpracticesandrelateddocumentation.

2014 Audit Plan
Approved by Internal Audit Committee

July 9, 2013

FY 2013-2014 Annual Audit Plan
TABLE OF CONTENTS
OVERVIEW ....................................................................................................................................................1
IDENTIFICATION OF THE AUDIT UNIVERSE AND RISK ASSESSMENT...........................................1
SCOPE OF AUDITS .......................................................................................................................................6
BUDGET AND STAFFING ...........................................................................................................................6
CALCULATION OF FY 2013 AUDIT HOURS ............................................................................................7
COMMENTARY ON VALUE ADDED...........7
INSTITUTIONAL PROCESSES AND RELATED SUB-PROCESSES .......................................................8
FISCAL YEAR 2014 AUDIT PLAN ........................................................................................ APPENDIX A

INSTITUTION PROCESSES TIER I ....................................................................................... APPENDIX B
RESEARCH AND DEVELOPMENT TIER II ......................................................................... APPENDIX C
INFORMATION TECHNOLOGY TIER II .............................................................................. APPENDIX D
ATHLETICS TIER II ................................................................................................................ APPENDIX E
TIER I RISKS NOT COVERED IN AUDIT PLAN ................................................................. APPENDIX F
AUDIT HOURS ........................................................................................................................ APPENDIX G
FIVE YEAR HISTORY ............................................................................................................ APPENDIX H

OVERVIEW
In accordance with the Texas Internal Auditing Act (Article 62525d, Vernons Texas Civil
Statutes),TheUniversityofTexasSystemAdministrationPolicyUTS129InternalAuditActivities,
and The Institute of Internal Auditors International Professional Practices Framework (IPPF)
PerformanceStandard2010Planningand2210PlanningConsiderations,wehavepreparedan
auditplanforfiscalyear2014The2014AuditPlanisadescriptionoftheinternalauditactivities
thatwillbeperformedbytheOfficeofAuditingandConsultingServicesinfiscalyear2014
Theprocessofpreparingthe2014AuditPlanincludedidentifyingthoseareasthatareconsidered
themostimportantandensuringthatactivitieswiththegreatestriskareaudited.TheInternal
AuditCommitteereviewedandapprovedthe2014AuditPlan.MembersoftheInternalAudit
Committeeprovidedinput,asdidDeansandDepartmentDirectors/Chairs,whereappropriate.
TheInternalAuditCommitteeiscomprisedofthefollowingmembers:
Dr.DianaNatalicio,PresidentandChairoftheInternalAuditCommittee
Dr.JuniusGonzales,Provost,VicePresidentforAcademicAffairs
Ms.CynthiaVilla,VicePresidentforBusinessAffairs
Dr.StephenRiter,VicePresidentforInformationResourcesandPlanning
Dr.GaryEdens,VicePresidentforStudentAffairs
Dr.HowardDaudistel,SeniorExecutiveVicePresident
Dr.RobertoOsegueda,VicePresidentforResearch
Mr.RichardAdautoIII,ExecutiveVicePresident
Ms.CarolynMora,ExternalMember
Inputwasalsoreceivedfrom;Mr.JerryCochrane,ChiefInformationSecurityOfficer;Mr.Jesse
Manciaz,InterimDirectorHumanResourceServices;Ms.SandraVasquez,DirectorInstitutional
Compliance;Mr.BobStull,AthleticDirector;Dr.CatieMcCorryAndalis,AssociateVicePresident
OfficeofStudentLife;Dr.JorgeVillalobos,DirectorFacilitiesServices;Mr.JuanGonzales,Director
StudentBusinessServices;Mr.SteveShults,DirectorIntercollegiateAthletics;andMs.Teresa
Almengor, Senior Research Administrator. The Internal Audit Committee members, these
individuals,andselectedmembersoftheirstaffs,providedinformationrelativetotheirspecific
areas of responsibility, plus insight into other areas in which they interacted, had knowledge
and/oropinions.
IDENTIFICATIONOFTHEAUDITUNIVERSEANDRISKASSESSMENT
TheInstituteofInternalAuditorsInternationalProfessionalPracticesFramework(IPPF)requires
thatinternalauditorsdevelopanauditplanbasedontheassignmentofrisktotheaudituniverse.
TheaudituniverseisasubjectiveassessmentofauditableareasattheUniversityofTexasatEl
Paso(UTEP).Toidentifytheaudituniverse,wereviewedpriorauditplans,theannualfinancial
report (AFR), the budget; various risk assessments, and a fiveyear history of audit activity
(AppendixH).Theauditplanwasbrokendownintosevenmajorcategoriesandsubcategories
(AppendixA):

1.
2.
3.
4.
Financial
Operational
Compliance
InformationTechnology
Withineachoftheabove,subcategoriesof:
UTSystemorExternallyRequired
5. FollowupAudits
6. Projects
7. Reserve
Considerationofthefollowingwasgivenindevelopingthe2014AuditPlan:
Managementinput
Variousriskassessments
Economicalandefficientuseofinternalauditresources
Required activities (i.e., KTEP FM Radio audit, Annual Financial Reporting, NCAA
Compliance,etc.)
Requirementsofthefollowingactionplans:
o 1994ActionPlantoEnhanceInternalControlsthroughAwareness,Accountability,
andAuditCommittees
o 1996ActionPlantoEnhanceInternalControls
o 1998and2003ActionPlanstoEnhanceInstitutionalCompliance
In the development of the 2014 Annual Audit Plan, the Assurance Continuum Enterprise Risk
Management Model (ERM) was used as the risk assessment methodology. The ERM risk
assessmentmethodologywasusedinplanningforauditsintheRiskBased:TierOne:Institutional
ProcessesandRiskBased:TierTwo:AuditableAreascategories.
Thefollowingdescribesourplanningprocesstopreparethe2014AuditPlan.
RISKASSESSMENTMETHODOLOGY
A Tier One (Institutionwide Risk Assessment) was performed using the following Processes
(AuditableUnits)applicabletoacademicinstitutions:Thesubprocessesincludedineachprocess
areidentifiedinAppendixA.
ACADEMICINSTITUTIONPROCESSES
1. GovernanceandLeadership

2. InstructionandAcademicSupport
3. ResearchandDevelopment
4. StudentServices
5. HumanResourceManagement
7. AssetandRiskManagement
8. PurchasingandWarehousing
10. UniversityRelationsandAlumniAffairs
11. PlantOperationandMaintenance
12. AuxiliaryandServiceDepartments
13. EnvironmentalHealthandSafety
14. IntercollegiateAthletics
15. InformationResourcesUseandSafety
16. UniversitySecurityandPoliceDepartment
ATierTworiskassessmentisrequiredforResearch,InformationTechnology,andAthletics.The
verticalaxisofeachTierTworiskassessmentincludesthesubprocesseslistedinAppendixA:
TheTierOneandTierTworiskassessmentswereperformedusingtheERMmodel,andforeach
a Risk Footprint was developed. The vertical axis of the Tier One footprint is the applicable
businessprocessesfromthelistabove.Thehorizontalaxisisthebusinessriskidentifiedand
rankedforeachprocess.Allidentifiedbusinessriskforaprocessincludedfinancial,compliance
andoperational.
VALUATIONOFIMPACTANDPROBABILITY
IMPACTTheimpactofariskistheeffectasingleoccurrenceofthatriskwillhaveuponthe
achievementoftheinstitutionsgoalsandobjectives.Therearethreevalues:
HIGHTheeffectwillcausethecomponentnottoachieveitsgoalsandobjectives:itisa
showstopper
MEDIUM The effect will cause the institution to operate inefficiently and/or expend
unplannedresourcestomeetgoalsandobjectives
LOWTherewillbenomeasurableeffectupontheachievementofinstitutionalgoals
andobjectives
The following factors were presented for consideration during the assessment of IMPACT for
eachelementintheriskpopulation:
HumanHealthandSafety
Societal/Environmental
Monetary(financial,economicorcasualty)
Business/Operations
InformationTechnology(andsecurity)
PublicRelations

ReportingandDisclosure
Strategic
Compliance
PROBABILITYTheprobabilitythatariskwillbecomerealityalsohasthreevalues:
HIGHAneventisinevitable,orthereisagreatlikelihoodthataneventwilloccur.
MEDIUMTheriskisneitherextremelylikelynorhighlyunlikely.Theprobabilityofan
eventissimilartooccurrenceswithinthenormalcourseofoperations.
LOWTheriskofaneventishighlyunlikelyorwouldrequireacombinationofmultiple
failures.
Past experience within the institution and within higher education was used in deciding
probability. Probability is assessed as if only Level 1 Controls (those in place or exercised at
execution)exist.
ThefollowingfactorswerepresentedforconsiderationduringtheassessmentofPROBABILITY
foreachelementintheriskpopulation:
History
ConflictsofInterest
SusceptibilitytoFraudofTheft
ChangesinKeyLeadershiporPersonnel
KnownWeaknessinControlActivities
PoliciesandProceduresinNeedofUpdate
ComplexityofUnitorProcess

ANNUALAUDITPLAN
Theriskfootprintswereconvertedtothefinalproductinthefollowingmanner:
TheTierOneRiskFootprintprocessesthatdidnothaveaTierTwoRiskFootprintwere
includedintheAnnualAuditPlanbaseduponthenumberofcriticalriskseachcontained.
Thesubprocesseswithineachprocesswhichcontainedtheidentifiedcriticalrisksare
includedintheauditplan.
TheTierTwoRiskFootprintsareincludedinthisarearegardlessoftheirpositiononthe
TierOne(Institutionwide)riskfootprint.Thesubprocessestobeauditedarethosefrom
eachTierTworiskfootprintthathavethehighestrankedriskorthelargestnumberof
criticalrisks.
FollowupAudits
InaccordancewiththeInstituteofInternalAuditorsPerformanceStandard2500Monitoring
Progress,afollowupprocessisinplacetomonitorandensurethatmanagementactionshave
beeneffectivelyimplemented,orthatseniormanagementhasacceptedtheriskofnottaking
action.Implementationdatesofauditreportrecommendationsaremonitoredandfollowing
thosedates,thestatusofauditrecommendationsaredeterminedandreportedtomanagement.
Theauditableuniversewasdevelopedthroughinquirieswithcollegedeans,directorsandvice
presidents. The goal of performing changeinmanagement audits is to provide a consulting
servicetonewmanagersbyreviewingexistinginternalcontrolsandprovidingtheinformation
necessary for the development of an adequate internal control system, which will provide
reasonable assurance of sound management. Selected colleges/departments with new
Deans/Directorswillbeaudited.Sincemostoftheworkisdoneonanasrequestedbasis,arisk
assessment was not performed and audits are determined as management changes occur
throughoutthefiscalyear.
Projects
The goal of performing special projects is to provide management with analyses, appraisals,
recommendations,counsel,andinformationconcerningtheactivitiesreviewed.Includedinthis
categoryofauditsare,internalandexternalqualityassurancereviews,UTSystemrequestsand
specialrequestsandinvestigations.Muchoftheworkiseitherdoneasmandatedoronanas
requestedbasis;therefore,ariskassessmentwasnotperformed.
Reserves
Hoursarereservedforengagements(specialrequests,investigationsandconsulting)thatare
notidentifiedorknownatthetimetheplanisestablished,butfrompastexperiencewillbe
requiredandassignedduringtheyear.Asthefiscalyearprogressesandengagementsbecome
known,thesehourswillbereallocatedtotheappropriatecategoriesdesignatedintheplan.

CarryforwardAudits
Carryforwardauditsarethose20122013AnnualAuditPlanauditsthatareinprogressat
August31,2013.
2014RiskAssessments
ProcessRiskassessmentsarelocatedinAppendicesBthroughE.
SCOPEOFAUDITS
The International Professional Practices Framework (IFFP) addresses the scope of work as
follows:
"Thescopeoftheengagementshouldincludeconsiderationofrelevantsystems,
records, personnel, and physical properties, including those under control of
thirdparties.
Inperformingconsultingengagements,internalauditorsshouldensurethatthe
scopeoftheengagementissufficienttoaddresstheagreeduponobjectives.
Internalauditorsshould:
Review the reliability and integrity of financial and operating

information and the means used to identify, measure, classify, and
reportsuchinformation.
Review the systems established to ensure compliance with those
policies,plans,procedures,laws,andregulations,whichcouldhavea
significant impact on operations and reports, and should determine
whethertheorganizationisincompliance.
Reviewthemeansofsafeguardingassetsand,asappropriate,verify
theexistenceofsuchassets.
Appraise the economy and efficiency with which resources are
employed.
Review operations or programs to ascertain whether results are
consistent with established objectives and goals and whether the
operationsorprogramsarebeingcarriedoutasplanned.
Theplannedscopeofeachoftheauditsinthe2014AnnualAuditPlanisdescribedin
AppendixA.

BUDGETANDSTAFFING
ThebudgetfortheOfficeofAuditingandConsultingServiceswaspreparedinaccordancewith
U.T.SystemAdministrationandUTEPguidelinesandwasapprovedbyUTEPAdministrationand
theBoardofRegents.
Career development for the staff is a strategic goal of the Office of Auditing and Consulting
Services. It is the Directors practice to create a working environment that facilitates career
opportunities for the audit staff within and outside the office. The Office of Auditing and
Consulting Services will continue its efforts toward developing staff to their highest potential
through the performance of operational audits, exposure to high levels of management, and
trainingtargetedatnontraditionalauditareasandachievementofprofessionalcredentialing.
CALCULATIONOFFY2014AUDITHOURS
TheCalculationofAvailableHoursisincludedinAppendixGandtotaldirecthoursassignedto
auditsandprojectsarereflectedinAppendixA.
COMMENTARYONVALUEADDEDOFAUDITPLANUPDATE
General:
Thedefinitionof"VALUEADDED"canvaryconsiderablyfromoneauditdepartmenttothenext
butforOACSitdescribesauditworkthatwillhelpmanagementmeettheUniversitysgoalsand
objectivesinadditiontoverifyingcompliancewithpoliciesandprocedures.Organizationsare
lookingtointernalauditingdepartmentstoaddvalue,improvecostcontrols,andsolveproblems.
Motivated by the universal mandate to curtail expenses and boost efficiencies, the auditing
departmentwillseekwaystoaddvalue.
Generalplanobjectives:
Planauditsaccordingtotheresultsoftherisksensitiveenvironmentreview.
Executeauditsemphasizingacostconsciousculture.
Focusonissueidentificationandseekimprovementresolutionandhighlightattention
tofutureperformancebybringinginsight,knowledge,judgment,andanalyticalskillsto
allauditandconsultingengagements.
Becomeawareandarticulatechangeswhenperceptionsofriskchangethroughoutthe
year.
Aggressivelyandconstructivelyconsideremergingtechnologyrisksand
improvementopportunities.

Objectivesoftheinternalauditprofessionalstaff:
Havetheexpertisetoaskinsightfulquestions.
Establishavaluebasedculturethroughwordandaction.
Keepconstituentsknowledgeablethroughouttheauditprocess.
Differentiateandbalancediscussion,guidance,anddirectives.
Continuallyassessmanagementsplanstoensurefuturesuccess.
Measureperformanceagainstforwardlookingmeasuressuchasbenchmarkingand
practices.
Build and maintain relationships of mutual trust and respect and engage in open
dialogueandregularinteraction.
Maintainacoreofexperiencedauditstaffwithindepthknowledgeofauditskills
supportedwithcontinuoustraining.

FY 2013-2014 Audit Plan
Attachment A
I. Governance&Leadership
A.
B.
C.
D.
E.
F.
Governance
OrganizationalStructure
OfficeofthePresident
InternalCommunications
LegalServices
InternalandExternalAuditing
1. SingleAuditAct
2. TexasInternalAuditingAct,Article62525d
3. InstituteofInternalAuditorsStandards
4. GenerallyAcceptedGovernmentalAuditingStandards
II. Instruction&AcademicSupport
A. ManagementofDepartments&ProgramsofStudy
1. EducatorCertification
B. Accreditation/InstitutionalEffectiveness
1. 170HourRule
2. 120HourRule
3. IntegratedPostsecondaryEducatorDataSystems
4. LegislativeBudgetBoardPerformanceMeasures
5. ReportstotheTexasHigherEducationCoordinatingBoard
6. ReportstoUTSystem
C. ProgramDevelopment&ProgramEvaluationProcess
1. OfficialInventoryofPrograms
D. Faculty
1. Recruitment&TenurePolicies
2. Development
3. Turnover
4. Workloads&Productivity
5. DegreeProductivity(numbergrantedvs.numberoffulltimefaculty)
6. VerificationofFacultyQualifications
7. RightsandResponsibilitiesofFaculty
E. Instructional&AcademicTechnology
F. SpecialPrograms
1. DevelopmentalEducation
2. StudentswithDisabilities
3. StudyAbroad
G. CourseScheduling&Availability
1. Undergraduate
2. Graduate
3. DistanceEducation
4. ProfessionalandPublicPrograms
H. DeploymentofResourcesamongAcademicPrograms

Attachment A
I. Library
J. CoreCurriculum
1. FieldsofStudy
K. TexasSuccessInitiative
L. HealthAffairs
2. LicensingandCertification
3. ProgramAccreditation
4. ClinicalLaboratories
M. SchoolofNursing
2. Licensing
3. Certification
4. HospitalBasedTeaching
5. AttractingandMaintainingFaculty
III. Research&Development
A. FinancialIssuesGrants&ContractsManagement
1. CostTransfersEffortReporting
2. CostSharing
3. Facilities&AdministrativeCostAccounting
4. FinancialReportingtoGrantingAgencies
5. CashManagement
6. RecordsArchivingC&G
7. SubrecipientMonitoringExpenditure
8. ARRA
B. AnimalResearch
1. VeterinarianServices
2. InstitutionalAnimalCareandUseCommittee
C. HumanSubjectResearch
1. InstitutionalReviewBoard(ProtectionofSubjects/participants)
2. ProtectionofResearcher
3. ProtectionofResearch
D. SponsoredPrograms
1. EffortReporting
2. NegotiationofAgreements
3. Preparationofcertifications&assurances
4. CoordinationofgiftsandgrantswithDevelopmentoffice
5. OGCGuidelinesforcontractsandsubcontracts
6. Backdoorawards
7. ExportControllicensing/lawsInternationalTrafficinArmsRegulations(ITAR)
8. AdministrationofContracts,Grants&CooperativeAgreements

Attachment A
9. ResearchandSponsoredProjectsMetrics
10. SubrecipientmonitoringProgrammatic
11. DigitalResearchData
E. ProposalReview
1. CostEstimates
2. ProposalCompliance
3. Eligibilityforsubmittingproposals
F. ResearchEthicsandIntegrity
G. TechnologyTransfer
1. InventionDisclosure
2. IntellectualPropertyPolicy
3. Equitypositionsinstartupcompanies
4. RoyaltyAudit
5. Licensingandmaterialtransferagreements
6. NondisclosureAgreements
H. Training
I. OtherAgreements
1. ProcessingAffiliationAgreementswithOutsideAgencies
2. MemorandumsofUnderstanding
3. InternationalAgreements
J. ProposalDevelopment
1. ProposalDevelopmentServices
2. IdentificationandNotificationofFundingOpportunities
3. ResearchCommunication
K. ConflictofInterestinSponsoredResearch
IV. StudentServices(AcademicInstitutions)
A. AdministrationAcademicServices
B. RecruitmentProcessing
C. AdmissionsProcessing
D. EnrollmentManagement
1. Title19
E. RegistrationProcessing
F. StudentRecords
G. FinancialAid
1. Reporting
2. DrawingDown
3. ReturnofFunds
4. Institutional/ProgramEligibility
5. CashManagementRules
6. StateRegulationsandReporting
7. Recertification
8. CompletiononDOEQuarterlyReportDisbursements
9. StudentEligibility
10. Verification

Attachment A
H. StudentHealthServices
I. CounselingandGuidanceServices
1. ReleaseofMentalHealthRecords
2. CareerCounselingServices
J. StudentOrganizations&OtherActivities
K. StudentGrievances
1. Undergraduate
2. Graduate
L. StudentGovernmentAssociation
M. OfficeofInternationalPrograms
1. TrackingofInternationalStudents(SEVIS)
2. PASEProgram
3. PassportServices
4. J1Visas
N. FamilyEducationRightsandPrivacyAct(FERPA)
O. Outreach
1. RenewalandPublicRelations
2. Programmatic
3. InteractionofAdultsandMinorChildren
P. AdministrationStudentServices
Q. StudentConductandDiscipline
R. CareerCenter
S. RecreationalSports
T. StudentPublications
U. ChildcareServices
V. HumanResourceManagement
A. Organizational&StaffingofHumanResourcesFunction
1. PersonnelRecordsAdministration
B. ClassificationandSalaryAdministration
1. FairLaborStandardsAct
C. AppointmentofRelatives
D. LeaveAdministration
E. PerformanceAppraisalSystem
F. Recruitment&SelectionProcess(nonfaculty)
G. HiringPractices(nonfaculty)
1. VeteransPreferences
H. StaffDevelopment&ContinuingEducation
I. EmployeeRelations&GrievanceProcess
1. DisciplineandDismissalofEmployees
J. StaffTurnover
K. ContractingforHumanResourcesrelatedFunctions
L. CriminalBackgroundChecks
M. EqualOpportunityandAffirmativeAction

Attachment A
1. DiscriminationagainstProtectedClasses
2. NondiscriminationnotificationContractclause
3. AffirmativeActionPlan
4. EmploymentDiscriminationPreventionTraining
N. ReductionsinForce
O. FamilyMedicalLeaveAct(FMLA)of1993
P. ImmigrationReformandControlActof1986
Q. UTFlex,IRC125
R. DeferredContributionPlan
S. AnnualORPParticipationReport
T. Chapter821,etseq.,TexasGovernmentCode
U. TaxShelterAnnuityPrograms(TSAP)
V. Repositoryforfacultycredentialfolders
W. FacultyVisas
VI. FinancialManagement
A.
B.
C.
D.
Budgeting&Planning
BudgetMonitoring&Review
AccountsPayable
1. Issuanceof1099and1042FormsforVendorPayments
2. PromptPayment
3. VendorPayments
E. PayrollManagement
1. MandatoryGarnishmentsforTaxLevies,Bankruptcies,ChildSupport&Student
Loans
2. ChildSupportEnforcementRequirements
3. VoluntarySalaryDeductions(i.e.SavingsBonds,Annuities,UTFlex)
4. Withholdingoftaxesfromemployeewagesandtimelydeposits
5. NonresidentAlienTaxation
6. FederalTaxReporting
7. IRSCode117,amendedbyTaxReformAct&TMRAof1988
8. RetirementContributions
9. TRSReportingandTransmittaloffunds
10. ORPcollectionoffunds,transmittaloffundsandreporting
F. AccountingProcedures&InternalFinancialControls
G. Reporting(regulatory&management)
1. ReportingRequirements
2. PreparationofQuarterlyStateAuditorFullTimeEmployeeReport
3. AnnualFinancialReport
4. SPAtoAFRReconciliation
5. UnclaimedPropertyManagementandReporting
6. CodingofAccounts

Attachment A
H.
I.
J.
K.
L.
M.
N.
O.
P.
Q.
VII.
A.
B.
C.
D.
E.
F.
G.
H.
VIII.
7. ControlofNonStandardorNonRecurringJournalEntries
SegregationofDutiesandReconciliationofAccounts
ApprovalofImproper/ErroneousDisbursementsbyProcessingUnits
ConflictofInterestandFinancialDisclosure
LiquorLicense
EmergencyLoanProgrammanagement,fundingandcollection
InterestAllocation
StudentGeneralPropertyDeposit
RedFlagRules
Asset&RiskManagement
CashManagement/InvestmentManagementStrategies
Endowments&Gifts
InvestmentManagement,InvestmentStrategies,andPublicFundsInvestmentAct
FixedAssetManagement,TrackingandCounting,Reporting&SurplusProperty
InsuranceCoverage,RiskManagement,Safety,andWorkersComp
BondedIndebtednessandIssuance
1. MgmtofCollectiononOverdueStudentReceivables&NSFChecks
2. AccountsReceivableTuitionandFeesCollectionProcess
3. FeesAllocation&Justification
Purchasing&Warehousing
A.
B.
C.
D.
E.
F.
G.
H.
I.
Organization&Staffing
Policies&Procedures
BidandContractingProcesses
SpecialProceduresContracts
Leases
BestValueYellowPagesTest
ProcurementCard
HistoricallyUnderutilizedBusinessProgram
PurchasingEthicsandConflictofInterest
1. VendorSelection
J. ProcurementofConsultingServices/ProfessionalServices
K. ProcurementPlanReport
L. UniversityRecordsRetentionandDestruction
M. ContractPerformanceMonitoringContractsover$100,000
IX. InformationTechnology(doesnotincludeenduserapplications)
G. PlanningandOrganization

Attachment A
1. StrategicPlanningandTechnologicalDirection/Planning
2. Organization(Communication,Relationships,HumanResources)
4. CompliancewithExternalRequirements
5. ProjectManagement
6. QualityManagement
H. AcquisitionandImplementation
1. AcquireandMaintainApplicationSoftware
2. AcquireandMaintainTechnologyInfrastructure
I. DeliveryandSupport
6. DefineandManageServiceLevels
7. ManagePerformanceandCapacity
8. ManageFacilities
9. ManageProblemsandIncidents
10. ManageData
J. Monitoring
2. ProcessMonitoring
K. SecurityforITDepartment
3 SystemandInfrastructureSecurity(SecurityofSensitiveData)
4 AdequacyofControls(ApplicationSecurity)
L. OffsiteBackupRestoration
X. UniversityRelations&AlumniAffairs
A. Community&AlumniInvolvement
1. Partnerships
2. DevelopmentOffice
3. AlumniRelationsOffice
4. Printed&ElectronicCommunications
B. Public&MediaRelations
C. PublicService
1. Relevance&ImpactofProgramstoState&LocalCommunity
2. ArtGalleries
3. CentennialMuseum
D. GovernmentalRelations
XI. PlantOperation&Maintenance
A. FacilityPlanning(long&shortrange)
B. RenovationsandRepairs
C. SpaceUsageEfficiency
D. MaintenanceOperations
E. CustodialServices
F. TransportationMotorPool
G. ConstructionProgramManagement

Attachment A
H.
I.
J.
K.
L.
LandscapingandGrounds
Utilities/EnergyManagement
WarehouseOperations
FacilitiesManagement(DonHaskins&SunBowl)
ContractedOutsideServices
XII.
AuxiliaryandServiceDepartments
A. Housing
1. Availability
2. Quality
3. Cost&Services
4. Facilities
5. Health&Safety
6. Administration/Fiscal
B. Printing&Copying
C. MailServices
D. UnionServices
E. SpecialEvents
F. TicketCenter
XIII. EnvironmentalHealthandSafety
A. LaboratorySafety
B. NFPALifeSafetyCode(FireSafety)
C. EPAResourceConservationRecoveryAct(TNRCCHazardousWasteRules)
D. ControlledSubstances
E. PrecursorChemicalsControlledGlassware
F. BureauofRadiationControlRadioactivematerials
G. TDH/PCBAsbestosRulesToxicSubstanceControlAct
H. BureauofRadiationControlLaserRegulations
I. BureauofRadiationControlRadiationMachines
J. CleanAirAct(AirEmissions)
K. TNRCC(StormWaterRunoff)CleanWaterAct
L. SelectAgentRule
M. TexasWorkersCompensationAct
N. HazardousMaterialsShippingrequirements(IATA,DOT,FAA)
O. BSL3Oversight
P. DHSAntiterrorismStandards
XIV. IntercollegiateAthletics
A. InstitutionalControlAthletics
1. ExtraBenefits
2. FinancialAidandFederalFinancialAidRegulations
3. PlayingandPracticeSeasons
4. Recruiting

Attachment A
B.
XV.
A.
B.
C.
D.
E.
5. Education
6. Infractions
7. SummerCamps
8. Amateurism
9. EligibilityofAthletes
10. StudentWelfare
11. GenderEquity
AdministrationAthletics
1. LicensingandTrademarkLaws/Ethicsandsystemviolation
2. AthleticDepartmentCertification
3. AnnualConferenceComplianceAudit
4. EmploymentContractsandConductofEmployees
5. DepartmentP&PManualAthletics
6. AnnualFinancialAudit
7. NCAAHomeFootballAttendance
InformationResourcesUseandSecurity
AdministrativeManagementControls
1. AssignmentofResponsibilities
2. PeriodicReviewofSecurityControls
3. IncidentResponseCapability
4. SecurityandTechnicalTraining
5. SystemAuthorizationandReauthorizationProcedures
6. AccessAuthorization,PersonalClearance&TerminationProcedures
7. SystemorApplicationSecurityPlan(DataCriticality,Backup&DisasterRecovery)
OperationalControls
1. PhysicalSecurity(AccessControls&ContingencyOperations)
2. EnvironmentalControls
3. DesktopUseandSecurity
4. Documentation
TechnicalControls
1. Identification
2. DataIntegrity
TAC202
1. RiskManagement
2. PasswordManagement
3. SeparationofDuties
4. DeviceandDataMediaAccessandDisposal
5. LogicalAccessControls
6. Audittrails
7. Intrusiondetection
UTS165
1. TransmissionSecurity
2. Solicitation,UseandMaintenanceofSocialSecurityNumbers
3. DecentralizedServers

Attachment A
F. PCICompliance
G. CloudComputing
H. DigitalResearchData
XVI. UniversitySecurityandPoliceDepartment
A. TheCleryAct
B. EmergencyResponsePlans
Appendix A
$418,233,135 FY 14 INSTITUTIONAL BUDGETED EXPENDITURES
FY14 8 BUDGETED AUDITORS GROSS OF VACANCIES
FY2014AuditPlan
Audit/Project
Budgeted
Hours
%of
Total
Description
Financial
Requiredannualauditsupportunder"Reporting(Regulatory
&Management)
UTSystemorExternallyRequiredAudits
FinancialStatementAudit(AFR)
AFR2013Yearend
AFR2014Interim
President'sTravel,EntertainmentandUniversity
ResidenceMaintenanceExpenseAudit
500
TBD
10
ProvidesupporttotheUTSystemauditorsperformingthe
audit.
SupporttothePeopleSoftimplementationteamlocallyand
systemwide
Supporttoexternalauditor
Recurringannualaudit.Mayconsiderinterimtestingfor
selectedaccounts.
1700
PeopleSoftImplementation
KTEPFMRadioStation
Yearend/PeriodicCashCounts
20
100
350
PayrollManagementSupplementalPayments
250
Emphasisontuition,course,majorfeesandcoursefee
surpluses.
LimitedtoSupplementalPaymentsperdiscoveriesonFY
2012Payrollaudit
CarryforwardAudits
FinancialSubtotal
2930
25%
Operational
Executives'TravelandEntertainmentExpenseAudit
StudentHealthServices
300
OngoingprogramtosampleExecutiveandManagement
travelreimbursements.
300
300
Emphasisonqualitycontrols,vaccines&refrigeration,etc.
Reviewofcompliancewithforeignworkeremployment
regulationswithafocusonstaffvisas.
Limitedreviewofpoliciesandproceduresandstatusof
continuousmonitoring.
CoordinatewithOICtoreviewproposednewprocesses.
AuditprocessinQ4orasimplementationallows.
Visacompliance(StaffVisas)
250
ProcurementCard
350
ConflictofInterest
300
RecordingofgiftsandgrantswithinDevelopmentOffice
AthleticsEmploymentContractsandConductof
Employees
Reviewprocessforreportingandrecordinggiftsreceivedby
InstitutionalAdvancement.
ReviewofcoachescontractsandcompliancewithNCAArules
250
300
Reviewoftheregistrationprocessforefficienciesandto
ensureinternalcontrolsareinplace.
400
AnnualChangeInManagementauditsmayalsoinclude
other"key"employees
CarryforwardAudits
EndowmentsandGifts
150
StudentRecords
200
MuseumGiftShopevaluationandrecommendations
forefficiencyandstaffing
150
Validationofcontrolsoverendowmentsandscholarship
accounts.Emphasisondiscretionaryfunds.
Validatecontrolssufficienttojustify"Low"probabilityand
reviewhistoricalareas(grades,etc.)
Limitedreviewofoperationsforchangeinmanagement
focusedprimarilyonproposedchangesinthegiftshop
CIMefficiencyrevewforRegistrationProcessing
OperationalSubtotal
3250
28%
Appendix A
$418,233,135 FY 14 INSTITUTIONAL BUDGETED EXPENDITURES
FY14 8 BUDGETED AUDITORS GROSS OF VACANCIES
FY2014AuditPlan
Audit/Project
Budgeted
Hours
Compliance
NCAAFootballAttendanceAudit
FedPortionofStatewideSingleAudit(assistanceto
SAO)
%of
Total
Description
60
60
NCAAFootballAttendanceaudit
RecurringannualsupporttoStateAuditor'sOffice
EffortReporting
StudentWelfareAthletics
300
200
LimitedtoeffortreportingbyPrimaryInvestigators
Reviewathleticsprogramstoinsuresafety,academicsuccess
andoverallwellbeingofathletes
CarryforwardAudits
TechTransfers,Licensing&Equity
150
PurchasingContractsover$100K
SubrecipientMonitoring
150
200
InternationalAgreements
ExportControls
100
100
Reviewofprocessesfortechnologytransferandrelated
licensesandagreements
Reviewofotherthanconstructioncontractsover$100K
Auditsubrecipientagreementsandreviewmonitoringof
thirdpartycompliance
Reviewofagreementsforclarityandcompleteness
Reviewofexportcontrolprocessesforcompliancewith
federalandstaterequirements
1320
11%
TAC202InformationSecurity
300
Auditcriteriagroupedtocoverpartseachyearona
continuousbasis.
TransmissionSecurity(EncryptionandDataIntegrity)
250
Reviewproceduresforensuringtransmissionencryptionfor
sensitiveandconfidentialinformation
Determineadequacyofproceduresforremovingaccessto
clearingorterminatedemployees
AccessAuthorization,PersonnelClearance&
TerminationProcedures
300
CarryforwardAudits
InformationTechnologySubtotal
Followup
FollowupSubtotal
Projects
ExternalQualityAssessment
850
500
7%
500
4%
120
InternalQualityAssuranceandImprovementProgram
(threeinitiatives)
AnnualAuditPlanDevelopment(includingrisk
assessment)
AnnualInternalAuditReport
AnnualReviews/Evaluations
UTSystem,SAOHotlinerequestedreviews
TeamMate,Idea,WebsiteDevelopmentand
Maintenance
InternalAuditCommitteePreparationandParticipation
150
ExecutiveComplianceCommitteeParticipation
InstitutionalCommitteeMeetings
ProfessionalOrganization/AssociationParticipation
TrainingProvidedbyInternalAudit
10
40
60
120
ProjectsSubtotal
Reserve
Consulting/ManagementRequests
Investigations
ReserveforAuditofEmergingRisks
ReserveSubtotal
TotalHours
Normallyoccurringfollowupreviewsasdeterminedbyprior
recommendationimplementationdates
Prepatoryselfassessmentandassistancefortheexternal
assessment
Workgroupinitiativesandimplementationofnew
procedures
150
30
40
50
30
80
880
8%
700
558
700
1958
11688
17%
100%

Appendix B
Institutional Risk Assessment
RISKS
1
# ACTIVITIES
Student Services HH
Human Resource
Management
HH
StudentHealth
Services
HM CounselingCenter HL
ImmigrationReform
StaffingofHuman
andControlActof
Resources
MM
Function
HM 1986
Research &
Development
HM
AnimalResearch
HumanSubject
HM Research
Financial
Management
HM
Payroll
Management
HL
Purchasing
Instruction &
Academic
Support
Asset & Risk

Management
Environmental
13 HealthandSafety
BudgetMonitoring&
Review
HL
FinancialAid
HL
EqualOpportunity
FacultyVisas
Leave
MM Administration
MM
FinancialIssues
Grants&Contracts
Management
MM
ProposalReview
Budgeting&
Planning
AccountsPayable
MH
PurchasingEthics
andConflictof
Interest
ExportCntrl
licensing/lawsIntl
TrafficinArms
Regs(ITAR)
ML
ML
ML
Leases
StudentRecords
ML
MM
StaffDevelopment&
ContinuingEducation ML
SB1414Student
Camps
ML
Classificationand
Salary
Administration
ML
StudentGrievances LL
Contractingfor
HumanResources
relatedFunctions ML
Administration
AcademicServices
Criminal
Background
Verifications
ResearchEthics
andIntegrity
Organization&
Management
Financial
Management
ConflictofInterest
inSponsored
Research
LL OtherAgreements
LL
Reporting
(regulatory&
management)&
MM CloseOutProcess ML RedFlagRules
ML
Procurementof
Consultingand
ProfessionalServices ML
Reviewand
EvaluationofBid
andContracting
Process
LL
BestValueYellow
PagesTest
LL
LM
CourseScheduling&
Availability
LM
HealthSciences
LL
CoreCurriculum
LL
ML
CustodialServices
ML
FacilityPlan(long
&shortrange)
ML
Landscapeand
Grounds
MM
TechnicalControls MM UTS165
n/a
FixedAsset
Management&
SurplusProperty
LL
Training
ML
ConflictofInterest
andFinancial
Disclosure
MM
10
LL
ML
Administration
StudentServices
Employee
Relations&
GrievanceProcess
LM
Proposal
Development
Segregationof
Dutiesand
Reconciliationof
Accounts
MinerMall
LL
Organization&
Staffing
Faculty
LL
Instructional&
Academic
Technology
Renovationsand
ML Repairs
ML
SpaceUsage
Efficiency
n/a
n/a
n/a
Insurance
Coverage,Risk
Managementand
Safety
n/a
n/a
LL
HM
TuitionandFees
Management
HL
SchoolofNursing
MM
Accreditation/Instit
utional
Effectiveness
MM
Maintenance
Operations
HL
Utilities/Energy
Management
MM
ContractedOutside
Services
MM
Transportation
MotorPool
MM
DigitalResearch
Data
MM
MM
Governance
ML
Operational
Controls
Internaland
ExternalAuditing
TAC202
Organizational
Structure
HazMatShipping
requirements(IATA,
DOT,FAA)
LM
n/a
TDH/PCBAsbestos
RulesToxic
SubstancesControl
NFPALifeSafety
LL
Code(FireSafety) LM Act
Bureauof
RadiationControl
LaserRegulations
HL
Administrative/Ma
nagementControls MM CloudComputing
Officeofthe
LegalServices
HL President
Endowments&
Gifts
MH
Organization&
ManagementAsset
&RiskManagement MH
TuitionandFees
Management
LL
ML
LM
LL
SelectAgentRule
Information
Technology
Planningand
Organization
ContractPerformance
Review&Monitoring
over$100K
LL
EPAResConserv
RecoveryAct(TNRCC
HazardousWaste
Rules)
LM
LL
Monitoring
n/a
n/a
n/a
n/a
BureauofRadiation
controlRadioactive
materials
ML
LaboratorySafety
ML
Offsitebackup
restoration
SecurityforIT
MM Department
ML
Acquisitionand
Implementation
LL
Deliveryand
Support
Emergency
ResponsePlans
ML
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Administration
MM Athletics
Community&
Alumni
ML Involvement
InstitutionalControl
MM Athletics
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
ML
LL
HotelGround
Lease
LL
MailServices
LL
Printing&Copying LL
SpecialEvents
LL
TicketCenter
n/a
Housing
TheCleryAct
Academic
Agreements
Construction
Program
Management
MM PCICompliance
MM
Internal
ML Communications
ML
Cash
Management/Invest
Bonded
mentManagement
Indebtednessand
Strategies
LL
Issuance
LL
PrecursorChemicals
Controlled
ML
MM Glassware
MM BSL3oversight
Information
Technology
HL
UniversitySecurity
andPolice
HL
16 Department
ML
Governmental
Relations
ML
PublicService
LL
Public&Media
Relations
ML
UnionServices
LL
Bookstore
LL
FoodServices
HH, HM
= Extensive Risk Management & Considerable Risk Management (all Levels of Control* plus a traditional audit)
HL, MH
= Manage and Monitor (all Levels of Control but no traditional audit)
MM, ML, LH
LM, LL
HL
MM SponsoredProjects MM
Accounting
Procedures&
InternalFinancial
MM
MM Controls
Contract
PerformanceReview
&Monitoringover
$100K
MM
Historically
Underutilized
BusinessProgram
Registration
Processing
ProcurementCard HL
Intercollegiate
14 Athletics
University
Relations &
10 Alumni Affairs
Auxiliaryand
Service
12 Departments
MM
HM
PlantOperations&
11 Maintenance
HL
Information
ResourcesUseand
MM
15 Security
Governance &
1 Leadership
HL
3
FamilyEducational
RightsandPrivacy
Act(FERPA)
HL
= Monitor (only Execution Controls & Supervisory Controls)

= Accept (accept the risk and have no controls)

Appendix C
Research Risk Assessment
RISKS
#
4
ACTIVITIES
Sponsored Projects
Financial Issues-Grants
& Contracts
Management
Animal Research
Human Subject
Research
Proposal Review
9
8
Other Agreements
10
6
7
11
Coordinationofgifts
andgrantswith
DevelopmentOffice HH
OGCGuidelinesfor
contractsand
ML Backdoorawards
MM subcontract
DigitalResearch
MM Data
FinancialReporting
toGranting
GrantsAccounts
CostTransfers
Subrecipient
MM ReceivableBilling ML EffortReporting
HM monitoring
MM CostSharing
MM Agencies
Preparationof
InstitutionalAnimal
certifications&
CareandUse
Veterinarian
assurancesIACUC
n/a
ML Services
LL
ML BSL3Usage
ML Committee
Preparationof
InstitutionalReview
certifications&
Protectionof
Board(Protectionof
Protectionof
ML Researcher
ML assurancesIRB
LL
Research
n/a
ML participants)
Eligibilityfor
submitting
Proposal
LL
Compliance
n/a
n/a
MH CostEstimates
ML proposals
Processing
Affiliation
Memorandumsof
International
Agreementswith
Understanding
AgreementsResearch
OutisideAgencies
n/a
n/a
LM ResearchRelated LL
MM Related
HH
EffortReporting
8
Researchand
SponsoredProjects
LL Metrics
LL
LL
Negotiationof
Agreements
Facilities&
Administrative
CostAccounting
Preparationof
certifications&
assurances
LL
Records
ManagementC&G
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
LM
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Proposal Development
Research Ethics and
Integrity
MM Training
Identificationand
Notificationof
Funding
LM
ML Opportunities
ResearchEthicsand
ML Integrity
Proposal
Development
Services
LL
Research
Communication
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Technology Transfer
ConflictofInterestin
SponsoredResearch
Equitypositionsin
LM startupcompanies
LL
ConflictofInterestin
LL SponsoredResearch
IntellectualProperty
Policy
LL
InventionDiscloser LL
n/a
Licensingand
materialtransfer
agreements
LL
NonDisclosure
Agreements
LL
RoyaltyAuditing
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
Training
HH, HM
HL, MH
MM, ML, LH
LM, LL


Appendix D
IT Risk Assessment
RISKS
1
# ACTIVITIES
Transmission
Security(Encryption
Decentralized
HM andDataIntegrity) MM Servers
11 XVUTS165
Access
Authorization,
PersonnelClearance
XV
Administrative/Management
&Termination
Assignmentof
Controls
MM Procedrues
MM Responsibilities
10 XV TAC 202
MM AuditTrails
IncidentResponse
MM Capability
LogicalAccess
MM IntrusionDetection MM Controls
DesktopUseand
MM Security
XV Operational Controls
IX Security for IT Department HL
IX Offsite back-up restoration HL
XV Technical Controls
Solicitation,Useand
Maintenanceof
SocialSecurity
MM Numbers
Environmental
MM Documentation
MM Controls
Systemand
Adequacyof
Infrastructure
Controls(Application
Security(Securityof
Security)
MM SensitiveData
n/a
Offsitebackup
restoration
n/a
n/a
n/a
n/a
PeriodicReviewof
Securityand
MM SecurityControls
MM TechnicalTraining
Password
MM Management
MM RiskManagement
PhysicalSecurity
(AccessControls&
Contigency
MM Operations)
n/a
n/a
n/a
n/a
n/a
Systemor
ApplicationSecurity
Plan(Data
Criticality,Backup,
SystemAuthorization
&Disaster
andReauthorization
MM Procedures
MM Recovery)
DeviceandData
MediaAccessand
MM SeparationofDuties ML Disposal
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
MM DataIntegrity
MM Identification
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
14 XVDigitalResearchData
MM CloudComputing
DigitalResearch
MM Data
n/a
n/a
n/a
n/a
n/a
n/a
12 XVPCICompliance
MM PCICompliance
n/a
n/a
n/a
n/a
n/a
IX Information Technology
Planning and Organization
Financial
ML Management
Compliancewith
External
LM Requirements
n/a
Organization
(Communication,
Relationships,
HumanResources
LL
Project
Management
LL
n/a
n/a
IX Delivery and Support
ManageProblems
ML andIncidents
LL
ManageData
LL
ManageFacilities
LL
n/a
n/a
IX Acquisition and
Implementation
Acquireand
MaintainTechnology
LL
ML Infrastructure
DefineandManage
ServiceLevels
LL
Acquireand
Maintain
Application
Software
IX Monitoring
LL
n/a
13 XVCloudComputing
ProcessMonitoring
LL
StrategicPlanning
andTechonological
Direction/Planning
Manage
Performanceand
Capacity
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
HH, HM
HL, MH
MM, ML, LH
LM, LL


Appendix E
Athletics Risk Assessment
RISKS
1
# ACTIVITIES
Institutional
1 Control - Athletics HM
StudentWelfare
MH
Administration
2 Athletics
Employment
Contractand
Conductof
Employees
AnnualFinancial
MM Audit
HM
Infractions
MH
MM
Recruiting
Education
MM
MM
Amateurism
GenderEquity
MM ExtraBenefits
ML
NCAAHome
FootballAttendance LL
HH, HM
HL, MH
MM, ML, LH
LM, LL
FinancialAid
Playingand
andFedFin
Practice
MM AidRegs
MM Seasons
AthleticDept
Certification LL
DeptP&P
Manual
Athletics
8
Summer
MM Camps
LL
NCAA
Reporting
Academic
Performance
and
Graduation
LL Rates
9
Eligibliltyof
Athletes
n/a


Appendix F
High Risks Not Covered
Tier One and Tier Two - Red Risks NOT Covered in Audit Plan for FY 2014
Ranking
Risk
Explanation/Mitigation
Internal Audit Action
HM
Counseling Center
Audited in 2012, follow-up in 2013
Reassess in 2014
HM
Human Subject Research
Audited 2012 no findings
Reassess in 2014
HM
Immigration Reform and Control

Act of 1986
Audited I-9 Compliance 2013
Follow-up 2014

Appendix G
Five Year History
Calculation of Available Hours
Director
Audit & Project
General Administration
Training/CPE
Holidays
Vacation & Sick Leave
Total Hours
Managers &
Supervisors
Staff
Total
1,046
2,996
7,646
11,688
70%
592
96
104
242
441
192
208
323
839
506
520
889
1,872
794
832
1,454
11%
5%
5%
9%
2,080
4,160
10,400
16,640
100%
Note:
The total hours are based on 8 budgeted positions net of 1 estimated vacancy at
the staff level.

Appendix H
Five Year History
Audits
President
Intercollegiate Athletics
FY 2009
FY 2010
FY 2011
FY 2012
FY 2013
A/S
A/S
A/S
A/S
A/S
F-Follow Up Audit
A-All Other Audits

S-Special Requests
E-External Audits

C-Internal Control Audi
-Athletics Receivables
-Athletics Summer Camps
-Athletics Business Plan
President's Office
Provost
Academic Affairs
College of Business Administration
-Accounting
-Economics and Finance
-Information and Decision Sciences
-Marketing and Management
-Dean's Office
College of Education
-Teacher Education
-Educational Leadership
-Educational Psychology
-Dean's Office
College of Engineering
-Civil Engineering
-Computer Science
-Electrical and Computer Engineering
-Engineering Programs
-Mechanical and Industrial Engineering
-Metallurgical and Materials Engineering
-Dean's Office
College of Health Sciences
-Continuing Education in Nursing
-Institute for Border Health
-School of Allied Health
-Kinesiology Department
-School of Nursing
- Occupational Therapy
- Physical Therapy
-Student Health Center
-Dean's Office
College of Liberal Arts
-African-American Studies
-Art
-Asian Studies
-Chicano Studies
-Communication
-Criminal Justice
-English
-History
-KTEP-FM Radio Station
-Languages and Linguistics
-Military Science
-Music
-Oral History
-Philosophy
-Political Science
-Psychology
-Religious Studies
-Social Work
-Sociology and Anthropology
-Theatre Arts
- Western Cultural Heritage
-Women's Studies
-Dean's Office
College of Science
-Biological Sciences
-Chemistry
-Geological Sciences
-Mathematical Sciences
-Physics
-Dean's Office
University College
Graduate School
Technology Planning and Distance Learning
Center for Law and Border Studies
VPAA's Office
Family Education and Privacy Act (FERPA)
Enrollment Services
-Financial Aid
-Registrar's Office
-Undergraduate Admissions and Recruitment
-Texas Success Initiative
JAMP
S
F
A
F
S
E
S
F
F
A
E
F

Appendix H
Five Year History
Audits
VPRSP
FY 2009
FY 2010
FY 2011
FY 2012
FY 2013
-Center for Environmental Resource Management

-Center for Study of Western Hemispheric Trade
3
-IM /Texas Center

-MIE
F-Follow Up Audit
-NSF/USI
Norman Hackerman ATP
-TAME
-TMAC
-Americorps
-Socorro Mission Restoration
-Human Subject Research
-Animal Research
-Time & Effort Reporting
-Contracts & Grants Accounting
-Cost Sharing
Export Controls
-Research Compliance
- BSL3 Lab
-Sub-recipient Monitoring of Grants
Ctr for Defense Systems Research and Nat Ctr for Border Sec & Imm
VPRSP's Office
F
A/F
A
A
A-All Other Audits

S-Special Requests
E-External Audits
A
A
A
F
A
A
A
F
VPBA
Annual Financial Report
-Accounts Receivable
-Auxiliary Enterprise Fund
-Gifts
-Investments
-Tuition and Fees
-Year End Inventory and Cash Counts
Auxiliary Services and Continuing Education
-Food Services
-Various Cash Counts
-Inventory Count
-Professional and Continuing Education
-Special Events and Union Programs
-University Bookstore
-University Ticket Center
Facilities Services
-Accounts Payable
-Budgeting Office
-Contracts and Grants Accounting
-General Accounting
-Payroll
-Conflict of Interest
-Student Business Services
-Utilities, Energy Management
ARRA
Purchasing and Materials Management
-Mail Services
-Procurement Card
-Print Shop
Miner Mall
-Contract and Bid Processes
VPBA's Office
S
S
A
S
F/A
A
E
A
S
F
A
F
A
A
F
A
A
A
A
EVP
Institutional Advancement
-Alumni Relations
-Scholarships
-University Development
-University Communications
-University Relations
-Conference Services
Human Resource Services
-Faculty Visas
Dependent Eligibility
Institutional Compliance
-Contracts and Grants
-Financial Aid
-Intercollegiate Athletics
-WAC Review/CUSA Review
-Segregation of Duties and Reconciliation of Accounts
-Student FICA
-Institutional Compliance Office
-Fixed Assets
Auditing and Consulting Services
Environmental Health and Safety
University Police
Emergency Management Plan
VPIA's Office
Equal Opportunity/Affirmative Action Office (EO/AA)
S
A
A
A
F
A
A
A
A
A/E
A
A/S
A
F
F
A
A

Appendix H
Five Year History
Audits
VPSA
Outreach Programs
Student Development
FY 2009
FY 2010
FY 2011
FY 2012
FY 2013
-Counseling Services

-Dean of Students Office
F-Follow Up Audit
-Student Publications
-Housing System
-International Programs
-PASE Program
-Study Abroad Program
-Recreational Sports
-Student Government Association
-Student Development
Union Services
Student Support Services
VPSA's Office
F
A
A-All Other Audits

S-Special Requests
E-External Audits
VPIRP
-Digital Media Center
Library
-Library Copy Center
-CIO
-Information Technology Services
-Customer Technology Services
-Networking and Telecommunication Services
-General Controls
-Goldmine (Student Information System)
-IT Travel
-IT Furniture
-IT Change Management
-IT Security
Payment Card Industry
Digital Research Data
Laptop Encryption
IT Inventory
Server Inventory
Center for Institutional Evaluation Research and Planning
PeopleSoft Implementation
A
A
A
A
F
F
A
A
F
A
A
S
S

V.
ExternalAuditServices
ThefirmofStockton,Scurry&Smith,P.C.,wasengagedtoperformtheauditforfiscalyear2013
of the KTEP FM radio station located on the UTEP campus. The audit was required by The
CorporationforPublicBroadcastingtoenableUTEPtocontinuereceivinggrantfundingfromthat
organization.
VI.
ReportingSuspectedFraudandAbuse
The University of Texas at El Paso has independent organizations that implement the
requirements of Section 7.09, Fraud Reporting, General Appropriations Act (83rd. Legislature,
ConferenceCommitteeReport)ArticleIXandTexasGovernmentCode,Section321.022.Office
of Auditing and Consulting Services and the Office of Institutional Compliance jointly and
separatelyprovidevariousmonitoringandreportingactivitiestodetectandpreventfraudand
abuse.
Actionsweretakentoimplementtherequirementsofthefollowing:
Fraud Reporting. Section 7.09, Fraud Reporting, General Appropriations Act (83rd.
Legislature,ConferenceCommitteeReport)ArticleIX:TheUniversityhasaHotlinelinkon
thehomepagewebsiteasadirectlinktotheStateAuditorswebpageforreportingfraud,
wasteandabuseinTexas.InadditionthereisaHotlinewebsitecompliancemodulethat
maybeaccessedbyallfacultystaffandstudentemployeesthatoutlinetheprocessfor
reportingandprovidesinformationtoaccesstheSAOfraudreportingsite.
TexasGovernmentCode,Section321.022.Therehavebeennoinstancesinwhichthere
is cause to believe that money received from the state may have been lost,
misappropriatedormisused,orthatotherfraudulentorunlawfulconducthasoccurred.
Therefore,noreportingtotheStateAuditorsOfficewasrequired.

UTEP - 2013 Internal Audit Annual Report (Final)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

UTEP - 2013 Internal Audit Annual Report (Final)

Uploaded by

Copyright:

Available Formats

THE UNIVERSITY OF TEXAS AT EL PASO

Internal Audit Annual Report

THE UNIVERSITY OF TEXAS AT ELPASO

Office of Auditing and

October 30, 2013

Kate McGrath, Governors Office of Budget, Planning and Policy

William A. Peters, Director, Auditing and Consulting Services

The University of Texas at El Paso

Internal Audit Plan for Fiscal Year 2013..

List of Consulting Engagements and Non-Audit Services Completed ... 31

External Quality Assurance Review..

Internal Audit Plan for Fiscal Year 2014.

External Audit Services.

Reporting Suspected Fraud and Abuse

THE UNIVERSITY OF TEXAS AT EL PASO

2013 Audit Plan

UTEP 2013 Annual Internal Audit Report Page 1

The University of Texas at El Paso

FISCAL YEAR 2013 AUDIT PLAN ........................................................................................ APPENDIX A

UTEP 2013 Annual Internal Audit Report Page 2

The University of Texas at El Paso

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 4

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 5

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 6

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 7

The University of Texas at El Paso

Review the systems established to ensure compliance with those

Appraise the economy and efficiency with which resources are

Review operations or programs to ascertain whether results are

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 9

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 10

The University of Texas at El Paso

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 12

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 13

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 14

The University of Texas at El Paso

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 16

The University of Texas at El Paso

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 18

The University of Texas at El Paso

UTEP 2013 Annual Internal Audit Report Page 19

The University of Texas at El Paso

Required annual audit support under "Reporting (Regulatory & Management)

Support to the PeopleSoft implementation team locally and system-wide

Risk Based Tier Two: Auditable Areas

Limited to Supplemental Payments per discoveries on FY 2012 Payroll audit

Management Requests - Financial

Various periodic audits, reviews or projects as requested by management

Contracts & Grants Accounting audit from FY 2012.

Establish on-going program to sample of Executive and Management travel

Risk Based Tier One: Institutional Processes

Purchasing - Contract Performance over $100K