| Home | |
| About Us | |
| Audit Services | |
| Investigations | |
| Compliance: | |
| - | Compliance |
| - | Compliance Oversight Council (COC) |
| - | Compliance Matrix |
| - |
|
| - | COC Documents (password required) |
| Ask Us | |
| Organization Chart | |
| Quick Links | |
| - |  FERPA Primer |
| - | HIPAA FAQs |
| - | MCG HIPAA Training |
| - | Privacy of Health Information |
| - | Ethics Policy |
| - | HIPAA Law Summary |
| Additional Links | |
| Office of Institutional Audit and Compliance Medical College of Georgia 1120 15th Street HS-3135 Augusta, Georgia 30912 Phone (706) 721-2661 Fax (706) 721-9094 |
|
Audit Services . . .
The Office of Institutional Audit and Compliance schedules audits, advisory services, and departmental reviews in several ways. Most audits and departmental reviews are chosen based on an annual risk assessment which uses such factors as audit sensitivity, internal control structure, last audit performed, public disclosure implications, etc. The Board of Regents or institution management may also request specific audits and reviews.
Because the institution is subject to more and more regulation in every facet of our work, the scope of the audit and compliance function has expanded beyond financial aspects to cover all areas of the college operations. Accordingly, the scopes of our audits may include one or more of the following:
- Examination of financial transactions for accuracy and compliance with institutional policies;
- Evaluation of institutional policies and procedures for adequate internal controls;
- Determination of the level of compliance with required institutional policies and procedures, state and federal laws, and government regulations;
- Verification of assets and the controls that protect them; and
- Operational and cost-efficiency evaluations.
Regarding
departmental reviews, the Office of Institutional Audit and Compliance has
developed a review template that encompasses eight major components consisting
of: fiscal, human resources, legal and regulatory, health and safety,
information systems, public relations, students, and general risks. These eight
major components are subdivided into approximately 42 categories depending on
the area being reviewed. The objectives of the departmental reviews are as
follows:
- To meet with the management and staff of the area being reviewed to determine the level of controls;
- To determine the level of communication provided by divisional management to employees regarding policies, procedures, and business practices;
- To determine the accuracy of financial records, the effectiveness of divisional processes and compliance with policies and procedures; and
- To make recommendations in areas that may need minor or significant improvement.
The Office also performs advisory services to institution management. These services are usually requested by a department and are intended to assist management in solving specific problems, designing control systems, or in implementing prior audit recommendations.
What To
Expect In The Audit or Review Process . . .
The audit and review processes are a professionally
conducted activity that relies on open communication between MCG management and
the auditor for its success. The purpose of an audit/review is not to produce
surprises or to unload “bombshells.” The auditor and the auditee are not
adversaries; they are mutually concerned entities, working toward efficient and
effective campus operations.
At the initiation of an audit/review, an entrance conference is conducted with the department involved. This meeting is conducted to advise management of the scope of the audit, the expected amount of time the audit may take, and answer any questions. Next a preliminary interview is held with the supervisor of the department to acquaint the auditor with operations. The auditor then begins the fieldwork necessary to complete the audit.
Audits
normally take one to three months (Departmental Reviews are usually two months),
depending on the size of the operation, and the scope of the audit. Your
day-to-day activities should incur only minimal interruption during this time.
Much of the test work is done in the auditor’s office; therefore, direct contact
with employees is not necessary throughout the entire course of the audit.
Field exit discussions are held with department personnel at the conclusion of the fieldwork, to ensure that any potential audit/review findings and recommendations are factual and understood.
The Audit Report . . .
A draft audit report is prepared and transmitted to the vice president and department director for review and comments. Included with the draft report is a request for management to respond in writing to the draft audit findings and recommendations. The draft report will be provided to management at an exit conference or by mail if an exit conference is not deemed necessary. The exit conference provides management an opportunity to discuss their comments and/or concerns relative to the findings and recommendations in the audit report.
A copy of the final audit report is transmitted to the president, the vice president(s), the auditee, and a copy is also transmitted to the Board of Regent’s associate vice chancellor for Internal Audit. Approximately, six months after the final audit report has been issued, the Office of Institutional Audit and Compliance conducts a follow-up review and reports whether or not corrective actions(s) have been taken.
The Future .
. .
As with other departments on campus, the Office of Institutional Audit and
Compliance continuously reviews and assesses its programs and objectives in
order to help the institution meet its mission and goals. Any suggestions on
how to improve the audit process are always welcome.
|
©
Medical College of Georgia |
Office of Institutional
Audit and Compliance October 06, 2006 |