Audit Committee
Date Recipient
04/23/2013 Conflict of Interest Contacts

The points of contact for disclosure, review and management conflicts of interest at each campus and university affiliated entity are identified below.

Campuses

UNK This email address is being protected from spambots. You need JavaScript enabled to view it. (308) 865-8843 
UNL This email address is being protected from spambots. You need JavaScript enabled to view it. (Research COIs)
This email address is being protected from spambots. You need JavaScript enabled to view it. (Purchasing COIs)
This email address is being protected from spambots. You need JavaScript enabled to view it. (Outside Activity)
(402) 472-4491 
(402) 472-8611 
(402) 472-8800
UNMC This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 559-6767 
UNO This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 554-2286 

 

University Affiliated Entities

University Technology Development Corporation Jim Linder  
UNeMed Corporation This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 559-2172 
NUtech Ventures This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 472-1782
Peter Kiewit Institute This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 472-1201 
Nebraska Innovation Campus Development Corporation This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 472-5535 
National Strategic Research Institute This email address is being protected from spambots. You need JavaScript enabled to view it. http://nsri.nebraska.edu
University/Community Facility Development Corporation This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 554-3513
Cancer Center Development Corporation This email address is being protected from spambots. You need JavaScript enabled to view it. (402) 559-6300
UNMC Physicians Stephanie Sharp  
University Dental Associates Stephanie Sharp  
01/31/2013 Internal Audit and Advisory Services

Welcome! The Internal Audit and Advisory Services Department independently examines and evaluates the ongoing control processes of the University and provides counsel and recommendations for improvement. The office is located on the second floor of Varner Hall.
01/31/2013 University of Nebraska Internal Audit Charter
Mission/Scope of Work

The mission of the internal audit activity is to provide independent, objective assurance and consulting services designed to add value and improve the University’s operations. It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The scope of work of the internal audit activity is to determine whether the University’s network of risk management, control and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:
  • Risks are appropriately identified and managed.
  • Interaction with the various governance groups occurs as needed.
  • Significant financial, managerial and operating information is accurate, reliable, and timely.
  • Employees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently and adequately protected.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in the University’s control process.
  • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

Opportunities for improving management control, profitability, and the University’s image may be identified during audits. They will be communicated to the appropriate level of management.

Accountability

The chief audit executive, in the discharge of his/her duties, shall be accountable to management, the President and the audit committee to:
  • Provide annually an assessment on the adequacy and effectiveness of the University’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for controlling the activities of the University and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of activity resources.
  • Coordinate with other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit) to conduct risk assessments and develop or recommend monitoring activities to evaluate the adequacy and effectiveness of internal controls.
  • Summarize reports and issues identified to him or her by each campus.

Each campus director, in the discharge of his/her duties, shall be accountable to their campus Chancellor and provide information, on request for the chief audit executive, to be presented at the Audit Committee including:
  • Provide annually an assessment on the adequacy and effectiveness of the campus processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
  • Report significant issues related to the processes for controlling the activities of the campus and its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
  • Periodically provide information on the status and results of the annual audit plan and the sufficiency of activity resources.
  • Coordinate with other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit) to conduct risk assessments and develop or recommend monitoring activities to evaluate the adequacy and effectiveness of internal controls.
  • Supply all work products issued to the chief audit executive, including an annual report.

Independence

To provide for the independence of the internal auditing activity, administration’s personnel report to the chief audit executive, who reports functionally to the audit committee and administratively to the President in a manner outlined in the above section on Accountability. The chief audit executive will include as part of the annual report to the audit committee a section on internal audit personnel.

The campus directors will report to their campus Chancellor and provide information to the chief audit executive as outlined in the above section on Accountability.

Responsibility

The chief audit executive and staff of the central internal audit activity have responsibility to:
  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the audit committee for review and approval as well as periodic updates.
  • Implement the annual audit plan, as approved, including as appropriate, any special tasks or projects requested by management and the audit committee.
  • Maintain a professional administration audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
  • Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
  • Issue periodic reports to the audit committee and management summarizing results of audit activities.
  • Keep the audit committee informed of emerging trends and successful practices in internal auditing.
  • Provide a list of significant measurement goals and results to the audit committee.
  • Assist in the investigation of significant suspected fraudulent activities within the University, which is not accomplished by the campus internal audit functions, and notify management and the audit committee of the results.
  • Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.
  • Summarize information from the campuses on each item of responsibility below and provide it to the audit committee.

Each campus director and staff of the internal audit activity has responsibility to:
  • Develop a flexible annual audit plan using an appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the Chancellor for review and approval as well as periodic updates. The Plan shall be presented to the audit committee annually.
  • Implement the annual audit plan, as approved, including as appropriate, any special tasks or projects requested by management and the audit committee.
  • Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter.
  • Evaluate and assess significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion.
  • Issue periodic reports to the chief audit executive and management summarizing results of audit activities.
  • Keep the chief audit executive informed of emerging trends and significant issues, as it relates to their campus.
  • Provide a list of significant measurement goals and results to the chief audit executive.
  • Assist in the investigation of significant suspected fraudulent activities within their campus and notify management and the chief audit executive of the results.
  • Consider the scope of work of the University-selected external auditors for the purpose of providing optimal audit coverage to the University at a reasonable overall cost.

Authority

The chief audit executive and staff of the internal audit activity are authorized to:
  • Have unrestricted access to all functions, records, property and personnel.
  • Have full and free access to the audit committee (for campus directors and staff this should be accomplished through the chief audit executive).
  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
  • Obtain the necessary assistance of personnel in units of the University where they perform audits, as well as other specialized services from within or outside the University.

The chief audit executive and staff of the internal audit activity are not authorized to:
  • Perform any operational duties for the University or its affiliates.
  • Initiate or approve accounting transactions external to the internal auditing activity.
  • Direct the activities of any University employee not employed by the internal auditing activity, except to the extent such employees have been appropriately assigned to auditing teams or otherwise assist the internal auditors.

Standards of Audit Practice

The internal audit activity will meet or exceed the International Standards for the Professional Practice of Internal Auditing and "Code of Ethics" of The Institute of Internal Auditors.

Management's Responsibilities

Management is responsible for ensuring that systems of internal control are in place, good business practices are implemented and followed in all areas, compliance is maintained, fraud risks are identified and mitigated, and effective governance is established. This provides assurance that financial information and other management information are reliable, that University resources are used efficiently and effectively and that the potential for fraud is minimized.

Management provides a written response to report recommendations issued within time frames requested by internal audit. Management is responsible to address issues identified by implementing recommendations or agreed-upon corrective action plans.

Access to the Audit Committee

Each campus director and staff of the internal audit activity has the ability to:
Access the Audit Committee by requesting they be added to the next Audit Committee agenda.

Approved by Audit Committee on October 27, 2011 and amended June 6, 2013

01/31/2013 Code of Ethics
Internal Audit and Advisory Services are responsible for conducting themselves so that their good faith and integrity should not be open to question. The profession of auditing is founded on the trust placed in its objective assurance about risk management, control, and governance.

Institute of Internal Auditors' Code of Ethics
(adopted by Internal Audit and Advisory Services)

Principles
Internal auditors are expected to apply and uphold the following principles:

  1. Integrity
    The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment.

    Internal auditors:
    1. Shall perform their work with honesty, diligence, and responsibility.
    2. Shall observe the law and make disclosures expected by the law and the profession.
    3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
    4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

  2. Objectivity
    Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.

    Internal auditors:
    1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
    2. Shall not accept anything that may impair or be presumed to impair their professional judgment.
    3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

  3. Confidentiality
    Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

    Internal auditors:
    1. Shall be prudent in the use and protection of information acquired in the course of their duties.
    2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

  4. Competency
    Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

    Internal auditors:
    1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
    2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.
    3. Shall continually improve their proficiency and the effectiveness and quality of their services.

01/31/2013 Organizational Chart
Internal Audit Organizational Chart

01/31/2013 Our Services
Frequency
  • Annual Work - Each fiscal year an annual audit plan is developed and submitted to the Audit Committee for review. The audit plan is based on a risk assessment methodology.
  • Management Request -These audits occur when there is a request by management. If you would like to request an audit, please call the Director of Internal Audit and Advisory Services at 402-472-7109.
  • Fraud/Special Projects - These projects are the result of a complaint by an individual who knows or suspects an act of fraud or financial misconduct. Complaints may be made by phone or anonymously by email. Visit http://nebraska.edu/board/internal-audit-and-advisory-services/reporting-fraud.html for more information.
Types
  • Compliance – A compliance audit measures the compliance of the University with an established law, regulation and/or policy.
  • Financial – A financial audit is a review intended to serve as the basis for expressing an opinion regarding the fairness, consistency and conformity of financial information with generally accepted accounting principles.
  • Investigation – These audits are normally requested by management and/or anonymous tips and focus on alleged, irregular conduct. 
  • Operational – Operational audits are concerned with the effectiveness and efficiency of operational units within the University. 
  • Information Technology – Information technology audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources of the University.
  • Risk/Control Assessment – Risk/Control Assessments are used to develop the annual audit plan. It allows all areas of the University to be evaluated using uniform criteria to identify and appraise significant risks associated with the University.
  • Consulting/Advisory Services - Internal Audit and Advisory Services also provides routine consultation and advisory services to the University. This may include, but is not limited to, interpreting policies and procedures, non-voting participation on standing committees, ad-hoc meetings, and routine information exchange. If you have a question please give us a call. 
Audit Processes
  • Preliminary Review – The preliminary review consists of an entrance conference and a preliminary survey and internal control review. The entrance conference is the very first meeting of the audit process involving the internal auditor, management and other members of the department being reviewed. Objectives of the review and completion dates are discussed as well as any concerns management may have. The preliminary survey and internal control review includes gathering information about the processes in place and reviewing and evaluating the existing internal control structure.
  • Fieldwork – Fieldwork involves performing tests and examining transactions, documents, and records.
  • Reporting – The reporting process includes a closing conference at the end of the fieldwork phase, a draft report, obtaining management’s plan, evaluating management’s response and issuing a final audit report to the Audit Committee.
  • The Collaboration and Communication Process – Internal Audit and Advisory Services is continually developing internal control processes that enables the campuses to work together and communicate through open lines of communication.
  • Audit Follow-up – Follow-up audits are designed to determine whether corrective action has been taken on previous audit recommendations.
  • Audit Tracking System – All significant auditor recommendations are input on an audit tracking system. This system tracks the University personnel responsible for the resolution of the recommendation and the date the issue will be resolved. The audit tracking system is reviewed by the Audit Committee.
  • Annual Report to Regents – On an annual basis, each campus prepares an Annual Report and presents the report to the Audit Committee. The Annual Report includes a campus risk assessment, audit plan and calendar, organization chart, summary of prior year activity and other relevant information.
01/31/2013 Frequently Asked Questions
The Internal Audit and Advisory Services Department adds value by responding to internal control questions. You may call the Internal Audit and Advisory Services Department direct at (402) 472-7109 if you have a specific question and we will either answer your question or refer you to the proper department to answer your question.

1.What is Internal Audit and Advisory Services?
2.What is the authority of Internal Audit and Advisory Services?
3.How are areas selected for an audit?
4.What can be expected when an audit is scheduled?
5.How long does it usually take to complete an audit?
6.Who will receive the audit report?
7.Who is responsible for taking corrective actions as outlined in the audit report?
8.How long should I keep accounting records?
9.What is meant by segregation of duties?
10.Should I contact Internal Audit and Advisory Services if an external party (i.e. state, federal, grant and contract, or accrediting agency) has scheduled an audit, program review or evaluation in my department or on the campus?
11.How do I report suspected improper or illegal acts affecting the University?

1. What is Internal Audit and Advisory Services?
Internal Audit and Advisory Services provides an independent, objective assurance and consulting activity that adds value and improves the University’s operations. Internal Audit and Advisory Services assists the Board of Regents, the Audit Committee, and the President in accomplishing their objectives in bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and the governance process.

Return to the questions

2. What is the authority of Internal Audit and Advisory Services?
Internal Audit and Advisory Services reports directly to the Audit Committee of the Board of Regents. This reporting relationship promotes independence and assures adequate consideration of audit findings and recommendation. Internal Audit and Advisory Services has the authority to audit all parts of the University and has full and complete access to any of the organization’s records, physical properties, information systems and personnel relevant to the performance of an audit or investigation.

Return to the questions

3. How are areas selected for an audit?
Areas are selected for an audit based on many factors, including risk analysis, management request and time elapsed since last audit.

Return to the questions

4. What can be expected when an audit is scheduled?
Management of the area to be audited will be notified when an audit is scheduled. Internal Audit and Advisory Services will contact the appropriate personnel to schedule a meeting to discuss the audit. At this opening conference, the scope and objectives of the audit will be discussed. The audit process will be explained and any concerns or questions regarding the audit will also be discussed.

Return to the questions

5. How long does it usually take to complete an audit?
Audits can take from a few days to several weeks depending upon the complexity of the operation and the condition of the records. During the opening conference, the estimated length of the audit will be discussed. Internal Audit and Advisory Services will keep you informed about the progress throughout the audit.

Return to the questions

6. Who will receive the audit report?
Management of the area being audited will receive the draft audit report and have an opportunity to prepare a written response to each finding and recommendation noted during the audit. After reviewing management’s responses to the draft audit report, Audit Advisory Services will make any changes deemed necessary to the report. Any remaining differences are worked out with management prior to the issuance of the final audit report.

The final audit report will be distributed to the Audit Committee of the Board of Regents, the President and other members of senior management and/or department management as may be appropriate.

Return to the questions

7. Who is responsible for taking corrective actions as outlined in the audit report?
Management is primarily responsible for corrective actions. Prior to final issuance of the audit report, management will have an opportunity to review a preliminary draft of the audit report and include a response and action plan. Senior and department management of the area audited share overall responsibility for ensuring adherence with laws, regulations, policies and procedures. The audit results should be communicated to project staff and other administrative personnel. Corrective action plans should be implemented in a timely manner along with cooperating with Internal Audit and Advisory Services regarding follow-up procedures.

Return to the questions

8. How long shall I keep accounting records?
Internal Audit and Advisory Services does not make accounting record retention decisions. We refer you to the University website at http://nebraska.edu/bylaws-and-policies/records-retention-schedules.html.

Return to the questions

9. What is meant by segregation of duties?
In order to protect the University from fraudulent activities, an appropriate level of segregation of duties should be instituted. This means separating the responsibility for key processes between multiple individuals to maintain checks and balances.

Return to the questions

10. Should I contact Internal Audit and Advisory Services if an external party (i.e. state, federal, grant and contract, or accrediting agency) has scheduled an audit, program review or evaluation in my department or on the campus?
Yes, we need to be informed of all audits conducted by external parties. Please call Mike Justus, Director of Internal Audit and Advisory Services at (402) 472-7109 or send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. to tell us about the scheduled review.

Return to the questions

11. How do I report suspected improper or illegal acts affecting the University?
Any University faculty, staff or student who has a reasonable basis for believing fraud, waste or financial misconduct has occurred is responsible for reporting such incidents. You may do so by completing and submitting the Disclosure Form on-line.

Any such complaint or concern may be reported anonymously, but since we are not elected officials you may not be covered by the protections described in the "State Government Effectiveness Act." Your identity may also be reported to the Audit Committee of the Board of Regents, the President or other senior members of University management as well as other Internal Audit and Advisory Service personnel who are or become responsible for investigating, evaluating, addressing or resolving the complaint or concern. Under certain circumstances, the complaint or concern may be required to be reported to State governmental or law enforcement officials. Any University employee who violates the confidentiality of a person filing a report may be subject to appropriate personnel action.

Return to the questions

01/31/2013 Web Links
01/31/2013 Internal Audit and Advisory Service Contacts
If you have suggestions, concerns or questions about the department, or need help in finding specific information about internal audit, please feel free to contact us. We value your feedback.

Mike Justus
Director of Internal Audit and Advisory Services
3835 Holdrege Street
Lincoln, NE 68583-0742
(402) 472-7109
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

UNK
Kayla James
Internal Auditor
Founders Hall 2140
2504 9th Avenue
Kearney, NE 68849
(308) 865-8222
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

UNL
Deb Dahlke
Director Operations Analysis
314 Canfield Administration
Lincoln, NE 68588-0428
(402) 472-6285
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

UNMC
Sheila Wrobel
Compliance Officer/Privacy Officer
University of Nebraska Medical Center
984205 Nebraska Medical Center
Omaha, NE 68198-4205
(402) 559-6767
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

UNO
Shari Thompson
Chief Audit Officer
Eppley Administrative Building Suite 209
6001 Dodge Street
Omaha, NE 68182-0047
(402) 554-2322
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
01/31/2013 University of Nebraska Risk Appetite
In identifying the University of Nebraska risk appetite, the following risk principles were adopted by the Audit Committee October 27, 2011 to provide an initial contextual framework:
  1. High tolerance for risks in the pursuit of innovative, breakthrough research, scholarship and public engagement.
  2. High tolerance for strategic risk-taking that enhances instructional quality.
  3. High tolerance for strategic risk-taking that promotes productivity, creativity and reputation.
  4. Moderate risk tolerance for rewarded financial risk.
  5. Low tolerance for risks arising from inappropriate discharge of fiduciary responsibilities.
  6. Low tolerance for risks that undermine the actual safety, or the perception of safety, of our students, faculty, staff or visitors.
  7. Low tolerance for intentional non-compliance with laws or regulations.
University of Nebraska 3835 Holdrege Street, Lincoln, Nebraska 68583 | 402.472.2111 | Comments?Follow the University of Nebraska on Twitter
© 2014 University of Nebraska Board of Regents