Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | junior-fisher |
View: | 220 times |
Download: | 0 times |
Auditing the Organizational
Governance Processes
Dick Dinan, CPA, CIAAmanda Jenami, CPA, CISA, CFE, CIA, MBA
TACUA April 2010
Introduction
Overview Definition of governance Ideas to identify a candidate for a governance audit
Methodology
Who we talked with The information we requested Information analysis & verification Emerging themes/findings
Reporting
Reporting to management Reporting to the Board
This session will discuss how an audit of the governance processes was conducted in a university environment. The general concepts and audit approach should be applicable to other types of organizations as well. The presentation will include the analysis of various types of data, the types of information gathered from faculty and staff interviews, and the reporting process. We will also provide information on how this audit added value to the university.
The Texas A&M University System is comprised of 20 members that include:
11 Universities 7 Agencies 1 Health Science Center System OfficeThe System Internal Audit Department is a
shared service providing internal audit services to all System members.
An effective internal auditing activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
There are many definitions of Organizational Governance, including:
•Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)
•Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)
The IIA put out a position paper titled Organizational Governance: Guidance for Internal Auditors that provides good information on the auditor’s role in auditing the governance processes. Here is the link to this position paper: www.theiia.org/download.cfm?file=76050
If you have ever conducted audits of various university/agency processes such as financial management services, IT, HR, Student Financial Aid, Physical Plant, etc., that identify few significant control weaknesses or problems, but overall organizational performance is deteriorating, and your intuition tells you there are problems, it may be time to take another approach. A high level review of the organization’s governance processes provides the opportunity to step back and look at what is happening at the institutional level. At this level it is easier to view and assess how processes provide for overall direction/guidance, performance management, accountability, communication and transparency in the conduct of work to achieve the organization’s goals and objectives. Sometimes it is difficult to get this broad view when the audit scope and focus are on a smaller segment of the organization.
Over the last several years Texas A&M University – Kingsville had experienced decreased student enrollment, under performing programs, low faculty/staff morale, declining buildings and infrastructure, and a leadership void due to turnover and the relatively large number of interim management positions. For the most part, the audits conducted during this time were Code 3, meaning they identified a few significant issues, but mostly low level noncompliance types of issues. This is at a time when our other South Texas schools were experiencing growth in enrollment.
Rating System for Audit Reports
REPORT CODE
WHAT DOES IT MEAN
Code 1 No observations.
Code 2 Notable observations. Minor violations of controls, laws, policies, and regulations.
Code 3 Many notable and/or some significant observations. Controls were weak in one or more areas. Noncompliance with laws, policies and regulations put the department/college/component at risk. Opportunities for significant efficiencies were identified within a limited area, such as a department’s revenue handling processes.
Code 4 Many significant observations. Controls were weak in multiple areas. Significant risk for noncompliance with laws, regulations and policies. Opportunities for significant efficiencies were identified within processes that are component-wide, such as central purchasing processes.
Code 5 One or more major observations. Significant risk for loss of financial assets, legal consequences, or damage of the organization’s reputation.
There are three levels of audit findings as defined by the A&M System Internal Audit Department. They are as defined below:
Rating What does it mean?
Notable An error, weakness, or condition disclosed during an audit which can, and should be, corrected at the department or supervisor level. These are minor to moderate violations of controls, laws, and policies.
Significant An error, deficiency or condition which is a significant violation of controls, laws or policies. These are items in which a CEO, Dean, Director or Vice President need to be involved in the problem resolution.
Major
A condition which is very serious and has a high probability for legal or financial consequences or embarrassing the organization. These are items in which the Chancellor and/or member(s) of the Board need to be involved in the problem resolution.
Procedures used to gather information and perform analysis to develop findings/emerging themes.
System personnel Members of the President’s Council College Deans Student representatives Information Technology Human Resources Office of Institutional Research University employees
Who makes the university’s key decisions?
Committee Structure Organization Charts
How are university resources allocated?
Compact with the A&M System Programmatic Review Strategic Plan Enterprise Risk Management Plan Enrollment Plan
How are units held accountable?
Divisional accountability Plans Enrollment statistics Retention statistics Student satisfaction surveys Other customer satisfaction surveys
How does the university ensure compliance with requirements?
Regulatory Framework
A&M System policies and regulations University rules Faculty handbook Administrative procedures Employee training Compliance monitoring program
Does the university have the expertise necessary to carry out its mission in an effective manner, and the ability to recruit/retain quality faculty and staff?
Human resources planExperience/expertise at key positions Employee turnover reportList of vacanciesSalary competitivenessQuality of city life/amenitiesEmployee training
Does the university have processes in places to attract and retain high quality students?
Enrollment statisticsRetention statisticsGraduation statisticsACT/SAT scoresState’s top ten percent studentsStudent accommodation
Do employees have the tools necessary to be effective and efficient?
CommunicationInformation systemsStaff developmentEmployee evaluationsEmployee goal setting
Independent Reports
Salary Comparative Study The Coordinating Board System Employee Turnover Vacancies – System Payroll System Overdue Mandatory Training – System Training
Database
Testing
Collaborative interviews Secret shoppers Program reviews New hire starting salaries Review of Institutional Effectiveness Plans
Inadequate planning/Lack of focus
Lack of candid assessment of strengths, opportunities, weaknesses, threats
Lack of strategies on mission accomplishment
Lack of focus on strengths – Engineering, Music, and Wildlife
No academic plan No master plan
BA in Pre-Medical Technology, 2000 BA in Pre-Dentistry, 2000 BA in Anthropology, 2001 Emphasis in Production Agriculture/Ornamental Horticulture, 2002 BS in Restaurant and Foodservice Management, 2002 BBA in Economics, 2002 MS in Gerontology, 2002 MA/MS in Supervision, 2002 BS in Industrial Engineering, 2006 BS in Natural Gas Engineering, 2006 MA/MS in Elementary Education, 2006 MA in Kinesiology, 2006 BA in Geology, 2007 BA in Geography, 2007 MS in Geology, 2007 BS in School Health, 2007
Lack of performance monitoring/compliance monitoring framework
Inadequate regulatory framework Overdue program reviews Overdue tenure track reviews Learning effectiveness reviews (pre-& post-class) Overdue mandatory training Lack of goal/performance gap analysis Decentralized survey administration – integrity of results A large number of divisional goals not met No “closing-the-loop” between planning and assessment Resource allocation not tied to assessment. Do employees
have the tools necessary to perform their duties effectively and efficiently?
Customer Service
No priority placed on good customer service. Most support services – customer complaints. Employees had not been provided with the tools
necessary to succeed. Some hiring decisions had been based on financial
resources rather than on expertise. Student information system had not been
implemented in an efficient manner. Employees had not been adequately trained on a new
email management software. Management did not track complaints.
Leadership Style
Four Presidents in ten years Non-participative non-
cohesive style High turnover in middle
management – department chairmen, etc.
Leadership waits for under-performers to retire.
Underperformers are moved around the campus and not terminated.
Limited cross departmental communication
Departments operate in silos
Too Many Interims
Provost Vice President for Finance &
Administration Dean of Engineering Dean of Business Executive Director of
University Facilities Director of Physical Plant Director of Admissions
Frugal Fiscal Management
Substandard accommodation Inexperienced management and staff
Organizational Culture
Small community Not much external experience
High vacancy rate attributed to:
Uncompetitive salaries Advertising positions at salary ranges the
University did not intend to offer; Many leave after a few months A comparative salary study – resulted in a
raise for 80% of the faculty Entire original Banner implementation team
had left three years after implementation
The University has not adequately invested in technology for improved competitiveness.
IT function had not been pro-active in providing campus community with guidance.
Duplicative efforts at department level. IT function is decentralized,
uncoordinated, duplicative and wasteful.
The student information system had not been implemented in the most effective and efficient manner.
System not set up to perform automatic admissions.Transcripts still loaded manually.Transfer articulation performed manually.Original implementation did not include CAPP –student advising still cumbersome, inefficient and prone to error.No ongoing employee training.
The University’s governance processes do not adequately define expectations or ensure achievement of expected performance for a competitive higher education institution.
The University lacks a strong accountability framework that provides management with the status of key University activities and responsive solutions to problems.
The weak governance processes have contributed to the University experiencing a significant decrease in student enrollment; freshmen retention and on-time graduation rates that are below state goals; faculty salaries that are some of the lowest among the state’s doctoral and south Texas universities; and research funding declining to its lowest level since 2003.
With four presidents in ten years, the University has not seen consistent leadership to help it address the complex challenges facing today’s universities. The University has operated in what has been described as “frugal” fiscal culture which has led to a sense of mediocrity. The University has not adequately invested in its human capital and information technology operations, thus hindering its ability to provide its students, faculty and staff with an environment that fosters success and excellence. See full report at http://www.tamus.edu/offices/iaudit/Reports
University President The new president called the report “an invaluable tool”
for him going forward. Thought the team had “asked the right questions.” Recommended that a governance audit should be
performed every time there was a new president coming into a university.
Made the report open to everyone on campus by posting on their intranet.
Called a university-wide meeting the same week he received the report .
Faculty said “it was good and that it should just be the beginning.”
Created committees responsible for implementing initiatives to address issues identified in the report. All committee work was driven by timelines, deliverables, and due dates for implementation of corrective actions. Status meetings are held bi-weekly to monitor progress.
Audit Committee Chair
Thought the audit report would be a useful tool to the new President.
Applauded the President’s response to the audit report during the committee meeting.
Indicated that the audit was the first of its kind and “intended to do more of these.”
Team:Dick Dinan, [email protected] , (979) 458-7144Amanda Jenami, [email protected] , (979) 458-
7135
Address: Texas A&M University System
System Internal Audit Department1200 TAMUCollege Station, Texas 77843Phone: (979) 458-7100 Fax: (979) 458-7111