Operations, Audit and Risk Committee Meeting June 8, 2022
Present from the Committee
- Ms. Terri M. McKnight, CPA
- Mr. William R. Ermatinger
Absent from the Committee
- The Hon. Gabriel A. Morgan, Sr
- Dr. Ella P. Ward
Present from the University
- Ms. Ashleigh Andrews, Assistant Vice President for Finance and Planning
- Ms. Faith Belote, Director of Internal Audit
- Ms. Wendy Corrice, Information Security Officer
- Mr. Andrew Crawford, Chief Information Officer
- Mr. Robert R. Hatten, Esq., Rector
- Ms. Stephanie Hautz, Director of Human Resources
- Ms. Sarah Herzog, Director of Planning and Budget
- Ms. Jennifer Latour, Vice President for Finance and Planning and Chief Financial Officer
- Ms. Christine Ledford, Vice President for Administration and Auxiliary Services
- Ms. Diane Reed, University Comptroller
- Ms. Tatiana Rizova, Faculty Senate Representative
- Ms. Vanessa Sims, Manager of Financial Reporting and Analysis
- Ms. Adelia Thompson, Chief of Staff
- The Honorable Paul S. Trible, Jr., President
- Ms. Julianna Wait, Assistant Vice President for Enrollment Services and University Registrar
- Ms. Rhonda Wissinger, Executive Administrative Assistant
Public in Attendance
- Linda Wade, Audit Director
- Ryan Carter, Audit Supervisor
- Danese Seabourne, Audit Manager
At 10:15 a.m. Chair McKnight called the meeting to order and welcomed everyone in attendance. She made a special welcome to Ms. Linda Wade and her team from the APA (Auditor of Public Accounts).
Approval of Minutes
Chair McKnight stated that there were not enough committee members in attendance for a quorum; therefore the minutes would need to be approved at the September meeting.
Report from the Auditor of Public Accounts on the FY21 Financial Statements
Ms. Linda Wade presented the findings of the FY 2021 Financial Audit which reviewed the Financial Statements and Revenues and Expenditures for the year, as well as internal controls and compliance. Ms. Wade was very complimentary of staff and stated they were issuing an unmodified (clean) opinion and the opinion will be included in the annual report. There was a discussion among the committee regarding the internal control findings. In accordance with committee responsibilities, University staff were excused for further audit discussions. Upon returning to the room, Chair McKnight commended Diane Reed’s (University Comptroller’s) staff on a job well done and said it was a terrific report and to have no adjustments to the Financial Summary was outstanding.
Internal Audit Report
Ms. Faith Belote, Director of University Audit, reported on the annual audit plan which was developed based on a documented risk assessment. The proposed audits for July 1, 2022 through June 30, 2023 are a review of Faculty Recruitment and Succession Planning, Student Accounts, Endowed Scholarships-Faculty and Student, Trible Library-Records Management, and University Events-Contract Administration. The IT Audits will be the Maxient Software Application, StarRez Software Application, Firewalls and Network Infrastructure, and Desktop/Endpoint Management. The Annual Audit Plan Proposal also includes audit follow up activities, special projects, training, risk assessment and IT risk assessment.
Ms. Belote stated that for FY24 plan, they have identified preliminarily Alumni Engagement, Torggler/Fine Arts Center, Catering-Receivables, Billing and Contracts, and Registrar-Awarded Degrees and Grade Changes. The IT Audits for FY24 will be Maxient Application Software (ongoing), Visual Zen Software Application, Vulnerability Management, Active Directory, and Emergency Management Rave and/or Alertus systems.
The Audit Plan will be approved at the September meeting since we did not have a quorum present for the Committee.
Ms. Belote reported the Status of the Audit Plan for FY21-22 and stated that planning for the Faculty Recruitment and Succession Planning Audit has been completed. The Maxient Software Audit fieldwork is underway, the IT Disaster Recovery Audit is complete and the Laboratory Safety Audit follow-up is going well.
A Fraud, Waste and Abuse Hotline call has been investigated, found to be unsubstantiated, and is now closed. There was also an incident where an internet attacker tried to run credit cards through our Advancement third-party hosted donation system. IT Services was able to catch this and shut it down before damage occurred.
Ms. Belote said for the Disaster Recovery Planning Audit, her team outsourced with IT consultants that performed the planning and field work and went over their points with our IT Services department. The points centered on improving documentation and performing risk assessments. Also, performing proper testing and exercise of these plans. The Disaster Recovery Plans include senior management responsibilities and require the Chief of Staff and the Vice President of Finance and Planning/CFO to authorize with signature.
There being no further business the meeting adjourned at 11:15 a.m.