Posted May 24, 2010 Atlanta, GA
Office of Internal Auditing
Q&A with Internal Auditing
In light of the just-announced investigation into alleged intentional misappropriation of funds at a Georgia Tech research center, Communications & Marketing sat down with several members of the Office of Internal Auditing.
Phillip Hurd, director of Internal Auditing; Terry Nolan, associate director for Information Systems Assessment; and Patrick Jenkins, senior Information Systems auditor, spoke with The Whistle about the role of Internal Auditing and what other researchers can do if they have any questions or concerns about their accounting processes.
What usually starts an audit process?
Nolan: Our primary job is to identify risk for Institute management, develop internal controls to mitigate that risk and see that those controls are applied. In short, we want to help our researchers do things the correct way.
Hurd: We look into anything that has to do with misuse of a p-card, computer trespass (in coordination with OIT Information Security) and the misuse of outside funding resources. There is usually a trigger in the center’s or department’s accounting.
According to the PriceWaterhouseCoopers Global Crime Survey conducted in 2009, economic crime has tripled since 2003—for everyone. We’re facing what every organization is facing. One of the key factors leading to this kind of crime is an increase in rationalization and sense of entitlement.
Nolan: Anything determined to be a willful intent to defraud the Institute or funding source must be turned over to the Board of Regents (BOR), which then turns the case over to the Attorney General.
Hurd: When there is not an intentional act to defraud the Institute or funding sources, then we most certainly will work with researchers and faculty and help them follow appropriate procedures.
Jenkins: And it’s important to note that someone with intent to defraud the Institute is the exception, not the rule. If there is a breakdown in procedures, we want to identify what went wrong, and what we can do to fix it.
What should researchers do if they have questions about budget procedures?
Hurd: The Institute has resources available on managing research budgets the right way. The Georgia Tech Research Corporation (GTRC) has numerous tools for researchers. And they offer classes [through the Office of Sponsored Programs], such as Budgeting, Budget Justification and Templates, and Public Responsibility and Research, for example. Really, GTRC needs to be involved with all aspects of research administration.
Nolan: And if researchers or administrators don’t know what the rules are, then we encourage people to ask us for assistance.
They should ask Internal Auditing?
Nolan: We have experts here to answer any questions researchers or administrators may have. We’ll work with the departmental financial officers to help out.
Jenkins: Just don’t make assumptions—especially those that tend to come out in your favor. If people have questions, it’s much easier for everyone to answer them than to carry out an audit.
So this advising is part of what the Department of Internal Auditing does?
Hurd: We budget about 25 percent of our time and resources to be allocated to advisory services.
Jenkins: It’s important to remember that it’s a very small minority involved in questionable activity. I mean, look at how many faculty and staff members we have on campus. The problems we run across are easily .01 percent or less of what we look at, overall.
We spend a lot of time fixing things where nothing was wrong. The government has so many rules that it’s easy to mess it up—but messing up is not a crime.
How much of your time is spent chasing down procedural errors?
Hurd: About 60 percent. We understand the overwhelming majority are trying to do things right. We also understand there are a lot of complicated rules and regulations. If anyone has any questions about how to do something, call us.
What else does Internal Auditing work on?
Jenkins: The Board of Regents occasionally will ask us to look into things for other institutions that don’t have in-house auditing.
Our office coordinates the Comprehensive Loss Control Program at Tech working with the BOR. We also teach risk management classes for the Office of Organizational Development, and occasionally provide workshops and presentations for professional associations such as ACUA [Association of College and University Auditors].