Audit Reports and Areas of Coverage
UCSC Audit Reports Database/Areas of Coverage |
|
Project Number/ Year |
Project Name |
SC-13-14 |
Educational Partnership Center Operations Internal Audit & Advisory Services (IAS) has completed an audit of the Educational Partnership Center (EPC) at the request of the Vice Provost and Dean, Undergraduate Education and Summer Session. The purpose of the audit was to evaluate the adequacy of controls over EPC operations, including; general compliance with contracts and grants; campus policies and practices for establishing partnership agreements; and financial policies including procurement, invoicing, travel, and entertainment. Overall, controls over operations we reviewed were adequate in the areas of outreach program management and grant management. Gear UP and Cal‐SOAP program personnel obtained necessary cost sharing/matching funds from partners and documentation supported required effort reporting certifications in the time period reviewed. However, opportunities for improvements were identified in the area of service agreement contracting and delegation of authority, engagement of available expertise in purchasing approvals, cash handling and travel processing. In addition, suggestions were made to address the complex nature of time and effort reporting to help simplify the process. |
SC-13-11 |
Student Record Security Internal Audit & Advisory Services (IAS) has completed an audit of student records security to determine the level of awareness and adequacy of controls within the colleges, divisions, and academic departments for ensuring campus compliance with the Family Educational Rights and Privacy Act (FERPA) and university policy. Overall, campus staff who worked with students were knowledgeable and trained on FERPA. Student records maintained by staff were generally managed in compliance with FERPA and university policy. In addition, controls over electronic and paper student records maintained by staff and faculty that we reviewed, were in compliance with FERPA with the exception of the exchange and disposition of student coursework as described below. Opportunities existed for strengthening an awareness of FERPA within the faculty and of appropriate access to FERPA data to help ensure the privacy of student’s records and campus compliance with FERPA requirements. |
SC-13-06 |
Chancellors Expenses (G-45)See more. Internal Audit & Advisory Services (IAS) has completed an audit of the G‐45 Chancellor's Expenses. This UC systemwide audit was conducted to determine the adequacy of financial reporting and key financial controls as identified in UC Business Finance Bulletin (BFB) G45 Implementing Requirements on Expenses Incurred in Support of Official Responsibilities of the President and Chancellors. Overall, we found both G‐45 reports to be complete, accurate, and in general compliance with policy. Processes were in place to ensure proper approval and accurate recording of expenses incurred by the chancellor. |
SC-13-05 |
UNEX Deficit Management (Confidential) |
SC-12-10 |
Student Health Center - Electronic Medical Records Systemmore. Internal Audit & Advisory Services (IAS) has completed an audit of the Student Health Services’ electronic medical records (EMR) system to determine the effectiveness of controls over the access, protection, and management of student medical information and compliance with applicable federal and university regulations. Overall, the EMR system was effectively implemented. This is a notable achievement, as the transition from a paper-based medical record to an electronic medical record must be addressed and managed on many different and complex levels: administratively, financially, culturally, technologically, and institutionally. Student Health Services (SHS) management and users we spoke to were in agreement that the system was worth the effort and expense to acquire, and provides operational efficiencies and effectiveness that surpass the paper medical records it replaced. However, an EMR is an evolving system requiring many change-management dynamics that challenge users and management to ensure the system meets operational needs and regulatory compliance. SHS has management programs to help ensure these challenges are met. |
SC-12-05 |
Visa Processing Internal Audit & Advisory Services (IAS) has completed an audit of the International Scholar & Student Services (ISSS) Office to evaluate the effectiveness of controls and compliance with federal immigration laws and university policies in the processing and maintenance of international visas held by scholars and student foreign nationals studying or working at the University of California – Santa Cruz (UCSC). Overall, ISSS has established effective controls over the acquisition and maintenance of international scholar and student visas, and provided reasonable assurance that visa processing was in compliance with immigration laws and university policy. All enrolled F-1 students reviewed were reported in the federal Student & Exchange Visitor Information System (SEVIS) as required and their academic enrollment met federal requirements. In addition, F-1, J-1 and H-1B type international scholar and student files were reviewed and found to contain documentation required federal regulations without exception. However, the effectiveness of the ISSS Office in assuring campus compliance with federal immigration laws could be improved by reinforcing the authority and reporting protocol of the office when addressing areas determined to have a potential or real conflict; ensuring that ISSS staff are adequately trained and have access to subject area experts; and ensuring that principal investigator awareness of deemed export control regulation is adequate. |
SC-11-07 |
Student Fee Usage Internal Audit & Advisory Services (IAS) has completed a review of the overall effectiveness and assessed controls assuring that fee assessments are accurate, correctly recorded, and used in accordance with their intended purpose. Four issues requiring management corrective action were identified, including the setting of Summer Student Fees, transfers of expenses charged to student fees bypassing official campus guidelines, extending the campus election timeline to allow for a more thorough review of referendum language, and improvements over entertainment and travel expense approvals for some units. |
SC-10-05 |
G-45 Chancellor Allocations - Systemwide |
SC-09-18 | G-45 Annual Reports Review |
SC-09-07 |
Shakespeare Santa Cruz Internal Controls |
SC-09-04 |
Childcare Services IT Security and Misc. Internal Controls |
SC-13-15 |
Export Controls |
SC-11-10 |
Research Center Survey |
SC-11-08 |
Intellectual Property - Technology Transfer |
SC-11-06 |
Silicon Valley Initiatives |
SC-11-02 |
Conflict of Interest & Conflict of Commitment (COI & COC) |
SC-10-11 |
HIPAA Review |
SC-09-17 |
Post Award Review-Post Consolidation Extramural Accounting Offices |
SC-09-14 |
Systemwide - Direct Costing/Federal Indirect Cost Waivers |
SC-09-02 |
Systemwide - Effort Reporting Review |
SC-09-05 |
Budget Information and Monitoring |
SC-13-08 |
Network Management |
SC-12-06 |
Logical Security |
SC-11-11 |
ITS Change Management Process |
SC-11-05 |
IS-3 Compliance |
SC-10-07 |
Desktop Support Security |
SC-13-12 |
Analytical Fraud Review |
SC-12-12 |
Purchase Order Invoice and Direct Payments |
SC-11-12 |
Automated Invoice Payment - IT |
SC-11-09 |
Main Cashier's Office |
SC-10-03 |
SAS 112 Controls - Sub Ledger Systems |
SC-10-01 |
Cost Transfers - Systemwide |
SC-09-08 |
IT Audit-EFT Controls |
SC-10-10 |
Lab Safety Programs |
SC-13-07 |
Executive Travel and Expenses |
SC-13-04 |
Annual Report on Executive Compensation (AREC) Internal Audit & Advisory Services (IAS) has reviewed UCSC’s Annual Report on Executive Compensation for 2012. This biennial review was requested by the UC President to be conducted before finalization of the report by each UC campus internal audit organization. Overall, the AREC report was found to be complete, accurate, and in compliance with policy. Processes were in place to ensure the accurate recording of the AREC members’ compensation and proper certification of accompanying documents. A summary of the detailed results is described in Section III of this report. There are no Management Corrective Actions identified or required as a result of our review. |
SC-13-01 |
Outside Professional Activities (Systemwide) |
SC-11-03 | Annual Report on Executive Compensation & G-45 Chancellor's Allocations |
SC-10-13 | Temporary Staffing Services Program (TSSP) |
SC-10-04 |
Senior Management Group (SMG) - Systemwide |
SC-13-03 |
Construction ID Funded Projects (Systemwide) Internal Audit & Advisory Services (IAS) has completed a limited scope audit of campus compliance with Prop 1D Bond Fund requirements for construction projects at UCSC. Specifically, we conducted this review at the request of the UC Ethics, Compliance and Audit Services Office to determine whether Proposition 1D bond funds were expended only for approved projects; that projects were adequately managed to ensure our fiduciary responsibilities for these funds; and to verify that the campus had adequate project monitoring and reporting processes in place. Overall, we verified that Prop 1D funding was used exclusively for projects approved for that funding. Further, we verified that quarterly reporting occurred timely in accordance with OP procedures. Our review of construction last year verified that the campus has adequate project management and has procedures to reasonably ensure funding for capital projects comply with funding restrictions and requirements. During this review, we did not observe issues that required management corrective action. Refer to section III. Results of Work Performed and Results, for a more detailed account of work performed and conclusions reach for this limited scope audit engagement. |
SC-12-04 |
Systemwide Construction Audit |
SC-13-09 |
Volunteers/Volunteer Support Groups (Year 2) |
SC-09-13 |
UC Gift Administration, University Relations Fund Raising and Gift Processing Controls |
SC-09-12 |
Alumni Relations Controls |
SC-12-09 |
Print Services |
SC-12-08 |
Conference Services |
SC-10-02 |
Records Management |
SC-12-14 |
Mobile Device Security |