Home / resources / Audit Reports and Areas of Coverage

Audit Reports and Areas of Coverage

Chart showing historical audit coverage

UCSC Audit Reports Database/Areas of Coverage

Project Number/ Year

Project Name

Campus Departments/Programs/Student Affairs

SC-13-14

Educational Partnership Center Operations

Internal Audit & Advisory Services (IAS) has completed an audit of the Educational Partnership Center (EPC) at the request of the Vice Provost and Dean, Undergraduate Education and Summer Session. The purpose of the audit was to evaluate the adequacy of controls over EPC operations, including; general compliance with contracts and grants; campus policies and practices for establishing partnership agreements; and financial policies including procurement, invoicing, travel, and entertainment.

Overall, controls over operations we reviewed were adequate in the areas of outreach program management and grant management. Gear UP and Cal‐SOAP program personnel obtained necessary cost sharing/matching funds from partners and documentation supported required effort reporting certifications in the time period reviewed.

However, opportunities for improvements were identified in the area of service agreement contracting and delegation of authority, engagement of available expertise in purchasing approvals, cash handling and travel processing. In addition, suggestions were made to address the complex nature of time and effort reporting to help simplify the process.

SC-13-11

Student Record Security

Internal Audit & Advisory Services (IAS) has completed an audit of student records security to determine the level of awareness and adequacy of controls within the colleges, divisions, and academic departments for ensuring campus compliance with the Family Educational Rights and Privacy Act (FERPA) and university policy.

Overall, campus staff who worked with students were knowledgeable and trained on FERPA. Student records maintained by staff were generally managed in compliance with FERPA and university policy.

In addition, controls over electronic and paper student records maintained by staff and faculty that we reviewed, were in compliance with FERPA with the exception of the exchange and disposition of student coursework as described below.

Opportunities existed for strengthening an awareness of FERPA within the faculty and of appropriate access to FERPA data to help ensure the privacy of student’s records and campus compliance with FERPA requirements.

SC-13-06

Chancellors Expenses (G-45)See more.

Internal Audit & Advisory Services (IAS) has completed an audit of the G‐45 Chancellor's Expenses. This UC systemwide audit was conducted to determine the adequacy of financial reporting and key financial controls as identified in UC Business Finance Bulletin (BFB) G45 Implementing Requirements on Expenses Incurred in Support of Official Responsibilities of the President and Chancellors.

Overall, we found both G‐45 reports to be complete, accurate, and in general compliance with policy. Processes were in place to ensure proper approval and accurate recording of expenses incurred by the chancellor.

SC-13-05

UNEX Deficit Management (Confidential)

SC-12-10

Student Health Center - Electronic Medical Records Systemmore.

Internal Audit & Advisory Services (IAS) has completed an audit of the Student Health Services’ electronic medical records (EMR) system to determine the effectiveness of controls over the access, protection, and management of student medical information and compliance with applicable federal and university regulations.

Overall, the EMR system was effectively implemented. This is a notable achievement, as the transition from a paper-based medical record to an electronic medical record must be addressed and managed on many different and complex levels: administratively, financially, culturally, technologically, and institutionally. Student Health Services (SHS) management and users we spoke to were in agreement that the system was worth the effort and expense to acquire, and provides operational efficiencies and effectiveness that surpass the paper medical records it replaced.

However, an EMR is an evolving system requiring many change-management dynamics that challenge users and management to ensure the system meets operational needs and regulatory compliance. SHS has management programs to help ensure these challenges are met.

SC-12-05

Visa Processing

Internal Audit & Advisory Services (IAS) has completed an audit of the International Scholar & Student Services (ISSS) Office to evaluate the effectiveness of controls and compliance with federal immigration laws and university policies in the processing and maintenance of international visas held by scholars and student foreign nationals studying or working at the University of California – Santa Cruz (UCSC).

Overall, ISSS has established effective controls over the acquisition and maintenance of international scholar and student visas, and provided reasonable assurance that visa processing was in compliance with immigration laws and university policy.  All enrolled F-1 students reviewed were reported in the federal Student & Exchange Visitor Information System (SEVIS) as required and their academic enrollment met federal requirements. In addition, F-1, J-1 and H-1B type international scholar and student files were reviewed and found to contain documentation required federal regulations without exception. 

However, the effectiveness of the ISSS Office in assuring campus compliance with federal immigration laws could be improved by reinforcing the authority and reporting protocol of the office when addressing areas determined to have a potential or real conflict; ensuring that ISSS staff are adequately trained and have access to subject area experts; and ensuring that principal investigator awareness of deemed export control regulation is adequate.

SC-11-07

Student Fee Usage

Internal Audit & Advisory Services (IAS) has completed a review of the overall effectiveness and assessed controls assuring that fee assessments are accurate, correctly recorded, and used in accordance with their intended purpose.
                       
In general, the University Student Services Fee and the campus-based fees reviewed were used according to their intended purpose.  Student Affairs and Planning & Budget were implementing new restrictions recently voted on by the Regents and were working closely with the Student Fee Advisory Committee (SFAC).  The SFAC, primarily composed of students, was actively involved in its advisory capacity to the administration and in monitoring fee usage on behalf of their fellow students. 

Four issues requiring management corrective action were identified, including the setting of Summer Student Fees, transfers of expenses charged to student fees bypassing official campus guidelines, extending the campus election timeline to allow for a more thorough review of referendum language, and improvements over entertainment and travel expense approvals for some units.

SC-10-05

G-45 Chancellor Allocations - Systemwide
SC-09-18 G-45 Annual Reports Review

SC-09-07

Shakespeare Santa Cruz Internal Controls

SC-09-04

Childcare Services IT Security and Misc. Internal Controls

Research Compliance/Contracts & Grants

SC-13-15

Export Controls

SC-11-10

Research Center Survey

SC-11-08

Intellectual Property - Technology Transfer

SC-11-06

Silicon Valley Initiatives

SC-11-02

Conflict of Interest & Conflict of Commitment (COI & COC)

SC-10-11

HIPAA Review

SC-09-17

Post Award Review-Post Consolidation Extramural Accounting Offices

SC-09-14

Systemwide - Direct Costing/Federal Indirect Cost Waivers

SC-09-02

Systemwide - Effort Reporting Review

Budget/Planning

SC-09-05

Budget Information and Monitoring 

IT Communications

SC-13-08

Network Management

SC-12-06

Logical Security

SC-11-11

ITS Change Management Process

SC-11-05

IS-3 Compliance

SC-10-07

Desktop Support Security

Financial Management/Payroll/Procurement/Property/3rd Party Recharges

SC-13-12

Analytical Fraud Review

SC-12-12

Purchase Order Invoice and Direct Payments

SC-11-12

Automated Invoice Payment - IT

SC-11-09

Main Cashier's Office

SC-10-03

SAS 112 Controls - Sub Ledger Systems

SC-10-01

Cost Transfers - Systemwide

SC-09-08

IT Audit-EFT Controls

Risk Management/EH&S/Public Safety/Emergency

SC-10-10

Lab Safety Programs

Human Resources/Benefits

SC-13-07

Executive Travel and Expenses

SC-13-04

Annual Report on Executive Compensation (AREC)

Internal Audit & Advisory Services (IAS) has reviewed UCSC’s Annual Report on Executive Compensation for 2012. This biennial review was requested by the UC President to be conducted before finalization of the report by each UC campus internal audit organization. Overall, the AREC report was found to be complete, accurate, and in compliance with policy. Processes were in place to ensure the accurate recording of the AREC members’ compensation and proper certification of accompanying documents.

A summary of the detailed results is described in Section III of this report. There are no Management Corrective Actions identified or required as a result of our review.

SC-13-01

Outside Professional Activities (Systemwide)
SC-11-03 Annual Report on Executive Compensation & G-45 Chancellor's Allocations
SC-10-13 Temporary Staffing Services Program (TSSP)

SC-10-04

Senior Management Group (SMG) - Systemwide

Facilities, Construction & Maintenance

SC-13-03

Construction ID Funded Projects (Systemwide)

Internal Audit & Advisory Services (IAS) has completed a limited scope audit of campus compliance with Prop 1D Bond Fund requirements for construction projects at UCSC. Specifically, we conducted this review at the request of the UC Ethics, Compliance and Audit Services Office to determine whether Proposition 1D bond funds were expended only for approved projects; that projects were adequately managed to ensure our fiduciary responsibilities for these funds; and to verify that the campus had adequate project monitoring and reporting processes in place.

Overall, we verified that Prop 1D funding was used exclusively for projects approved for that funding. Further, we verified that quarterly reporting occurred timely in accordance with OP procedures. Our review of construction last year verified that the campus has adequate project management and has procedures to reasonably ensure funding for capital projects comply with funding restrictions and requirements.

During this review, we did not observe issues that required management corrective action. Refer to section III. Results of Work Performed and Results, for a more detailed account of work performed and conclusions reach for this limited scope audit engagement.

SC-12-04

Systemwide Construction Audit

Development & External Relations

SC-13-09

Volunteers/Volunteer Support Groups (Year 2)

SC-09-13

UC Gift Administration, University Relations Fund Raising and Gift Processing Controls

SC-09-12

Alumni Relations Controls

Auxiliary, Business & Employee Support Services

SC-12-09

Print Services

SC-12-08

Conference Services

SC-10-02

Records Management

Emerging Risk

SC-12-14

Mobile Device Security