Auditing the Organizational

Governance Processes

Dick Dinan, CPA, CIAAmanda Jenami, CPA, CISA, CFE, CIA, MBA

TACUA April 2010

Introduction

Overview Definition of governance Ideas to identify a candidate for a governance audit

Methodology

Who we talked with The information we requested Information analysis & verification Emerging themes/findings

Reporting

Reporting to management Reporting to the Board

This session will discuss how an audit of the governance processes was conducted in a university environment. The general concepts and audit approach should be applicable to other types of organizations as well. The presentation will include the analysis of various types of data, the types of information gathered from faculty and staff interviews, and the reporting process. We will also provide information on how this audit added value to the university.

The Texas A&M University System is comprised of 20 members that include:

11 Universities 7 Agencies 1 Health Science Center System OfficeThe System Internal Audit Department is a

shared service providing internal audit services to all System members.

An effective internal auditing activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

There are many definitions of Organizational Governance, including:

•Corporate governance is the system by which companies are directed and managed. It influences how the objectives of the company are set and achieved, how risk is monitored and assessed, and how performance is optimized. (Australia)

•Corporate governance is a scheme for ensuring that the executive managers, who have been placed in charge of the company, fulfill their duties. (Japan)

The IIA put out a position paper titled Organizational Governance: Guidance for Internal Auditors that provides good information on the auditor’s role in auditing the governance processes. Here is the link to this position paper: www.theiia.org/download.cfm?file=76050

If you have ever conducted audits of various university/agency processes such as financial management services, IT, HR, Student Financial Aid, Physical Plant, etc., that identify few significant control weaknesses or problems, but overall organizational performance is deteriorating, and your intuition tells you there are problems, it may be time to take another approach. A high level review of the organization’s governance processes provides the opportunity to step back and look at what is happening at the institutional level. At this level it is easier to view and assess how processes provide for overall direction/guidance, performance management, accountability, communication and transparency in the conduct of work to achieve the organization’s goals and objectives. Sometimes it is difficult to get this broad view when the audit scope and focus are on a smaller segment of the organization.

Over the last several years Texas A&M University – Kingsville had experienced decreased student enrollment, under performing programs, low faculty/staff morale, declining buildings and infrastructure, and a leadership void due to turnover and the relatively large number of interim management positions. For the most part, the audits conducted during this time were Code 3, meaning they identified a few significant issues, but mostly low level noncompliance types of issues. This is at a time when our other South Texas schools were experiencing growth in enrollment.

Rating System for Audit Reports

REPORT CODE

WHAT DOES IT MEAN

Code 1 No observations.

Code 2 Notable observations. Minor violations of controls, laws, policies, and regulations.

Code 3 Many notable and/or some significant observations. Controls were weak in one or more areas. Noncompliance with laws, policies and regulations put the department/college/component at risk. Opportunities for significant efficiencies were identified within a limited area, such as a department’s revenue handling processes.

Code 4 Many significant observations. Controls were weak in multiple areas. Significant risk for noncompliance with laws, regulations and policies. Opportunities for significant efficiencies were identified within processes that are component-wide, such as central purchasing processes.

Code 5 One or more major observations. Significant risk for loss of financial assets, legal consequences, or damage of the organization’s reputation.

There are three levels of audit findings as defined by the A&M System Internal Audit Department. They are as defined below:

Rating What does it mean?

Notable An error, weakness, or condition disclosed during an audit which can, and should be, corrected at the department or supervisor level. These are minor to moderate violations of controls, laws, and policies.

Significant An error, deficiency or condition which is a significant violation of controls, laws or policies. These are items in which a CEO, Dean, Director or Vice President need to be involved in the problem resolution.

Major

A condition which is very serious and has a high probability for legal or financial consequences or embarrassing the organization. These are items in which the Chancellor and/or member(s) of the Board need to be involved in the problem resolution.

Procedures used to gather information and perform analysis to develop findings/emerging themes.

System personnel Members of the President’s Council College Deans Student representatives Information Technology Human Resources Office of Institutional Research University employees

Who makes the university’s key decisions?

Committee Structure Organization Charts

How are university resources allocated?

Compact with the A&M System Programmatic Review Strategic Plan Enterprise Risk Management Plan Enrollment Plan

How are units held accountable?

Divisional accountability Plans Enrollment statistics Retention statistics Student satisfaction surveys Other customer satisfaction surveys

How does the university ensure compliance with requirements?

Regulatory Framework

A&M System policies and regulations University rules Faculty handbook Administrative procedures Employee training Compliance monitoring program

Does the university have the expertise necessary to carry out its mission in an effective manner, and the ability to recruit/retain quality faculty and staff?

Human resources planExperience/expertise at key positions Employee turnover reportList of vacanciesSalary competitivenessQuality of city life/amenitiesEmployee training

Does the university have processes in places to attract and retain high quality students?

Enrollment statisticsRetention statisticsGraduation statisticsACT/SAT scoresState’s top ten percent studentsStudent accommodation

Do employees have the tools necessary to be effective and efficient?

CommunicationInformation systemsStaff developmentEmployee evaluationsEmployee goal setting

Independent Reports

Salary Comparative Study The Coordinating Board System Employee Turnover Vacancies – System Payroll System Overdue Mandatory Training – System Training

Database

Testing

Collaborative interviews Secret shoppers Program reviews New hire starting salaries Review of Institutional Effectiveness Plans

Inadequate planning/Lack of focus

Lack of candid assessment of strengths, opportunities, weaknesses, threats

Lack of strategies on mission accomplishment

Lack of focus on strengths – Engineering, Music, and Wildlife

No academic plan No master plan

BA in Pre-Medical Technology, 2000 BA in Pre-Dentistry, 2000 BA in Anthropology, 2001 Emphasis in Production Agriculture/Ornamental Horticulture, 2002 BS in Restaurant and Foodservice Management, 2002 BBA in Economics, 2002 MS in Gerontology, 2002 MA/MS in Supervision, 2002 BS in Industrial Engineering, 2006 BS in Natural Gas Engineering, 2006 MA/MS in Elementary Education, 2006 MA in Kinesiology, 2006 BA in Geology, 2007 BA in Geography, 2007 MS in Geology, 2007 BS in School Health, 2007

Lack of performance monitoring/compliance monitoring framework

Inadequate regulatory framework Overdue program reviews Overdue tenure track reviews Learning effectiveness reviews (pre-& post-class) Overdue mandatory training Lack of goal/performance gap analysis Decentralized survey administration – integrity of results A large number of divisional goals not met No “closing-the-loop” between planning and assessment Resource allocation not tied to assessment. Do employees

have the tools necessary to perform their duties effectively and efficiently?

Customer Service

No priority placed on good customer service. Most support services – customer complaints. Employees had not been provided with the tools

necessary to succeed. Some hiring decisions had been based on financial

resources rather than on expertise. Student information system had not been

implemented in an efficient manner. Employees had not been adequately trained on a new

email management software. Management did not track complaints.

Leadership Style

Four Presidents in ten years Non-participative non-

cohesive style High turnover in middle

management – department chairmen, etc.

Leadership waits for under-performers to retire.

Underperformers are moved around the campus and not terminated.

Limited cross departmental communication

Departments operate in silos

Too Many Interims

Provost Vice President for Finance &

Administration Dean of Engineering Dean of Business Executive Director of

University Facilities Director of Physical Plant Director of Admissions

Frugal Fiscal Management

Substandard accommodation Inexperienced management and staff

Organizational Culture

Small community Not much external experience

High vacancy rate attributed to:

Uncompetitive salaries Advertising positions at salary ranges the

University did not intend to offer; Many leave after a few months A comparative salary study – resulted in a

raise for 80% of the faculty Entire original Banner implementation team

had left three years after implementation

The University has not adequately invested in technology for improved competitiveness.

IT function had not been pro-active in providing campus community with guidance.

Duplicative efforts at department level. IT function is decentralized,

uncoordinated, duplicative and wasteful.

The student information system had not been implemented in the most effective and efficient manner.

System not set up to perform automatic admissions.Transcripts still loaded manually.Transfer articulation performed manually.Original implementation did not include CAPP –student advising still cumbersome, inefficient and prone to error.No ongoing employee training.

The University’s governance processes do not adequately define expectations or ensure achievement of expected performance for a competitive higher education institution.

The University lacks a strong accountability framework that provides management with the status of key University activities and responsive solutions to problems.

The weak governance processes have contributed to the University experiencing a significant decrease in student enrollment; freshmen retention and on-time graduation rates that are below state goals; faculty salaries that are some of the lowest among the state’s doctoral and south Texas universities; and research funding declining to its lowest level since 2003.

With four presidents in ten years, the University has not seen consistent leadership to help it address the complex challenges facing today’s universities. The University has operated in what has been described as “frugal” fiscal culture which has led to a sense of mediocrity. The University has not adequately invested in its human capital and information technology operations, thus hindering its ability to provide its students, faculty and staff with an environment that fosters success and excellence. See full report at http://www.tamus.edu/offices/iaudit/Reports

University President The new president called the report “an invaluable tool”

for him going forward. Thought the team had “asked the right questions.” Recommended that a governance audit should be

performed every time there was a new president coming into a university.

Made the report open to everyone on campus by posting on their intranet.

Called a university-wide meeting the same week he received the report .

Faculty said “it was good and that it should just be the beginning.”

Created committees responsible for implementing initiatives to address issues identified in the report. All committee work was driven by timelines, deliverables, and due dates for implementation of corrective actions. Status meetings are held bi-weekly to monitor progress.

Audit Committee Chair

Thought the audit report would be a useful tool to the new President.

Applauded the President’s response to the audit report during the committee meeting.

Indicated that the audit was the first of its kind and “intended to do more of these.”

Team:Dick Dinan, ddinan@tamu.edu , (979) 458-7144Amanda Jenami, ajenami@tamu.edu , (979) 458-

7135

Address: Texas A&M University System

System Internal Audit Department1200 TAMUCollege Station, Texas 77843Phone: (979) 458-7100 Fax: (979) 458-7111