DAR File No. 39584

Education, Administration

Rule R277-116

Utah State Board of Education Internal Audit Procedure

Notice of Proposed Rule

(Repeal and Reenact)

DAR File No.: 39584
Filed: 08/13/2015 01:38:09 PM

RULE ANALYSIS

Purpose of the rule or reason for the change:

This rule is repealed and reenacted to add, delete, and change language to ensure consistency with the Utah Internal Audit Act, Utah State Board of Education intent, and internal auditing standards. Technical and conforming changes are also provided.

Summary of the rule or change:

Changes to the reenacted rule include providing additional definitions and sections to better articulate the role of the audit director, superintendent, and the agency in the audit process. New definitions are included and outdated definitions are removed; more detailed language describing the authority and responsibilities of the audit director are added; new sections describing the authority and responsibilities of the superintendent and agency, the audit process and audit reports are provided.

State statutory or constitutional authorization for this rule:

• Article X, Section 3
• Subsection 63I-5-201(4)
• Subsection 53A-1-401(3)
• Subsection 53A-1-402(1)(e)

Anticipated cost or savings to:

the state budget:

The reenacted rule provides procedural, technical, and conforming changes that will likely not result in a cost or savings to the state budget.

local governments:

The reenacted rule provides procedural, technical, and conforming changes that will likely not result in a cost or savings to local government.

small businesses:

The reenacted rule provides procedural, technical, and conforming changes that will likely not result in a cost or savings to small businesses.

persons other than small businesses, businesses, or local governmental entities:

The reenacted rule provides procedural, technical, and conforming changes that will likely not result in a cost or savings to persons other than small businesses, businesses, or local government entities.

Compliance costs for affected persons:

The reenacted rule provides procedural, technical, and conforming changes that will likely not result in any compliance costs for affected persons.

Comments by the department head on the fiscal impact the rule may have on businesses:

I have reviewed this rule and I believe that there is likely no fiscal impact on businesses.

Brad C. Smith, State Superintendent

The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:

Education
Administration
250 E 500 S
SALT LAKE CITY, UT 84111-3272

Direct questions regarding this rule to:

• Angela Stallings at the above address, by phone at 801-538-7656, by FAX at 801-538-7768, or by Internet E-mail at [email protected]

Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:

10/01/2015

This rule may become effective on:

10/08/2015

Authorized by:

Benjamin Rasmussen, UPPAC Director and Special Counsel

R277. Education, Administration.

[ R277-116. Utah State Board of Education Internal Audit Procedure.

R277-116-1. Definitions.

A. "Appointing authority" means the Board.

B. "Audit" means internal reviews or analyses or a combination of both of Utah State Board of Education programs, activities and functions that may address one or more of the following objectives:

(1) to verify the accuracy and reliability of USOE or Board records;

(2) to assess compliance with management policies, plans, procedures, and regulations;

(3) to assess compliance with applicable laws, rules and regulations;

(4) to evaluate the efficient and effective use and protection of Board, state, or federal resources; or

(5) to verify the appropriate protection of USOE assets;

(6) to review and evaluate internal controls over LEA and USOE accounting systems, administrative systems, electronic data processing systems, and all other major systems necessary to ensure the fiscal and administrative accountability of LEAs and the USOE.

C. "Audit Committee" means a standing committee appointed by the Board Chair.

D. "Board" means the Utah State Board of Education.

E. "Internal Auditor" means person or persons appointed by the Board to direct the internal audit function for the Board and USOE.

F. "LEA," for purposes of this rule, means any local education agency under the supervision of the Board including any sub unit of school districts, Utah Schools for the Deaf and the Blind, and charter schools.

G. "Subrecipient," for purposes of this rule, means any entity awarded funds through a sub-award, contract, or designated to receive an appropriation for programs supervised by the Board.

H. "Superintendent" means the State Superintendent of Public Instruction, who is the Agency Head within the meaning of the Utah Internal Audit Act.

I. "Survey work" means an internal review of Board rules, statutes, federal requirements and a limited sample of an LEA's programs, activities or documentation that may give rise to or refute the need for a more comprehensive audit. The preliminary or limited information derived from survey work is a part of the ongoing audit process and may be provided as a draft to the Audit Committee, to the Board or to the Superintendent upon request.

J. "USOE" means the Utah State Office of Education.

K. "USOR" means the Utah State Office of Rehabilitation.

 

R277-116-2. Authority and Purpose.

A. This rule is authorized by Utah Constitution Article X, Section 3 which vests general control and supervision of public education in the Board, Section 53A-1-401(3) which allows the Board to adopt rules in accordance with its responsibilities, Section 53A-1-405 which makes the Board responsible for verifying audits of local school districts, Section 53A-1-402(1)(e) which directs the Board to develop rules and minimum standards regarding cost effectiveness measures, school budget formats and financial accounting requirements for the local school districts, Section 53A-17a-147(2) which directs the Board to assess the progress and effectiveness of local school districts and programs funded under the Minimum School Program and report its findings to the Legislature, and by Section 63I-5-101 through 401 which provides standards and procedures for the Board, as the appointing authority for the USOE, to establish an internal audit program.

B. The purpose of this rule is to outline the Board's criteria and procedures for internal audits of programs under its supervision.

 

R277-116-3. Audit Committee Responsibilities.

The Audit Committee shall:

A. determine the priority for survey work or audits to be performed based on recommendations from the Internal Auditor, Audit Committee requests or correspondence, other Board member requests, or USOE staff recommendations;

B. consent to the appointment or removal of the Internal Auditor.

C. review and approve the annual internal audit plan and budget;

D. review internal and external audit reports, survey work, follow-up reports, and quality assurance reviews of the Internal Auditor;

E. meet at each regularly scheduled Board meeting with the Internal Auditor to discuss ongoing audits, audit priorities and progress, and other issues;

F. distribute drafts or preliminary versions of audits only to Board members, as requested, or auditees. Internal audits that have not been reviewed in final form by the Audit Committee, the auditee, and the Board are drafts and, as such, are not public records;

G. determine the distribution of audit findings in any or all stages or reports to other Board members as well as to other interested parties;

H. review the findings and recommendations of the Internal Auditor and make recommendations for action on the findings to the Board; and

I. evaluate the Internal Auditor at least annually in a formal evaluation process.

 

R277-116-4. Internal Auditor Authority and Responsibilities.

A. The Internal Auditor shall work closely with and receive regular supervision from the Superintendent.

B. The Internal Auditor shall report initially to the Superintendent. Following the Superintendent's response, the Internal Auditor reports to the Audit Committee and ultimately to the Board.

C. The Internal Auditor's work shall be determined primarily by a risk assessment developed by the Internal Auditor and approved by the Audit Committee at least annually. The risk assessment shall:

(1) consider public education programs for which the Board has responsibility;

(2) consider and evaluate which public education programs, activities or responsibilities are most critical to:

(a) student safety;

(b) student achievement;

(c) efficient management of public education resources;

(d) the priorities of public education as determined by the Board; and

(e) USOR risks and efficient management of USOR programs supervised by the Board.

D. The Internal Auditor shall meet with the Audit Committee or the Board, at the direction of either, to inform both the Audit Committee and the Board of progress on assigned audits and any additional information or assignments requested by the Audit Committee or the Board.

E. The Internal Auditor shall conduct audits as recommended by the Audit Committee, and as directed by the Board, including economy and efficiency audits, program audits, and financial-related audits of any function, LEA, or program under the Board's supervision, or as otherwise directed by the Board.

F. The Internal Auditor is authorized to manage a statewide hotline to receive and investigate allegations of fraud, waste and abuse over programs and entities supervised by the Board.

G. The Internal Auditor shall immediately notify the Audit Committee and the Board of any irregularity or serious deficiency discovered in the audit process or of any impediment or conflict to accomplishing an audit as directed by the Board.

H. The Internal Auditor shall submit a written report to the Audit Committee and the Board of each authorized audit within a reasonable time after completion of the audit.

I. The Internal Auditor shall maintain the classification of any public records consistent with Title 63G, Chapter 2, Government Records Access and Management Act.

J. Audit Committee members, Board members and USOE employees shall maintain information acquired in the audit process in the strictest confidence consistent with the Public Employees Ethics Act, Section 67-16-4.

K. The Internal Auditor shall have access to all records, personnel, and physical materials relevant and necessary to conduct audits of all programs and agencies supervised by the Board. All public education entities shall cooperate fully with Internal Auditor requests; The Internal Auditor is not required to issue subpoenas or make GRAMA requests under Section 63G-2-202 to receive requested information from public education entities.

L. The Internal Auditor shall meet at least semi-annually with the Audit Committee Chair to review the performance of the Internal Audit Division and discuss matters of concern, resources, and other issues.

 

R277-116-5. Audit Plans.

A. An audit plan shall be prepared by the Internal Auditor and shall:

(1) be reviewed regularly by both the Superintendent and the Audit Committee;

(2) identify the individual audits to be conducted during each year;

(3) determine the adequacy and efficiency of the USOE's internal monitoring and control of programs and personnel;

(4) identify the related resources to be devoted to each of the respective audits; and

(5) ensure that audits that evaluate the efficient and effective use of public education resources are adequately represented in the plan.

B. The Internal Auditor shall submit the audit plan first to the Superintendent for review, next to the Audit Committee for review, modification, update, and approval. Each audit plan shall expressly state an anticipated completion date.

C. The Internal Auditor shall:

(1) ensure that audits are conducted in accordance with professional auditing standards such as those published by the Institute of Internal Auditors, Inc., the American Institute of Certified Public Accountants, and, when required by other law, regulation, agreement, contract, or policy, in accordance with Government Auditing Standards, issued by the Comptroller General of the United States;

(a) all reports of audit findings issued by internal audit staff shall include a statement that the audit was conducted according to the appropriate standards;

(b) public release of reports of audit findings shall comply with the conditions specified by state laws and rules governing the USOE.

(2) report concerns to the Audit Committee or the Board that arise as the result of survey work or audits that necessitate a direct review of the Superintendent's activities or actions;

(3) report significant audit matters that cannot be appropriately addressed by the Audit Committee and the Board to either the Office of Legislative Auditor General or the Office of the State Auditor;

(4) report quarterly to the full Board those issues which have the potential of opening up the Board, Superintendent, or USOE to liability or litigation;

(5) conduct at least annually a risk assessment of the entire public education system and report the findings to the Audit Committee; and

(6) regularly attend all Board meetings.]

R277-116. Audit Procedure.

R277-116-1. Authority and Purpose.

(1) This rule is authorized by:

(a) Utah Constitution Article X, Section 3 which vests general control and supervision of public education in the Board;

(b) Subsection 63I-5-201(4) which requires the Board to direct the establishment of an internal audit department for programs administered by the entities it governs;

(c) Subsection 53A-1-401(3) which allows the Board to adopt rules in accordance with its responsibilities;

(d) Subsection 53A-1-402(1)(e) which directs the Board to develop rules and minimum standards regarding school productivity and cost effectiveness measures, school budget formats, and financial, statistical, and student accounting requirements for the local school districts;

(e) Section 53A-1-404 which allows the Board to approve auditing standards for school boards;

(f) Section 53A-1-405 which makes the Board responsible for verifying audits of local school districts; and

(g) Subsection 53A-17a-147(2) which directs the Board to assess the progress and effectiveness of all programs funded under the State System of Public Education.

(2) The purpose of this rule is to:

(a) outline the role of the Audit Director, Superintendent, and agency in the audit process; and

(b) outline the Board's procedures for audits of agencies.

 

R277-116-2. Definitions.

(1) "Agency" means:

(a) an entity governed by the Board;

(b) an LEA; or

(c) a sub-recipient.

(2) "Audit committee" means a standing committee of members appointed by the Board.

(3) "Audit Director" means the person who:

(a) directs the audit program of the Board;

(b) is appointed by and reports to the audit committee; and

(c) is independent of the agencies subject to Board audit.

(4) "Audit plan" means a prioritized list of audits to be performed in the audit program within a specified period of time that is reviewed, approved, and adopted at least annually.

(5) "Audit program" means a department that provides internal audit services for the Board that is directed by the Audit Director.

(6) "An entity governed by the Board" means the SCSB, USDB, USOE, or USOR.

(7) "Draft audit report" means a draft audit report compiled by the Audit Director that is classified as protected under Title 63G, Chapter 2, Part 3, Section 305, Protected records.

(8) "Final audit report" means a draft audit report that is approved by the audit committee and the Board as a final audit report that is classified as public under Title 63G, Chapter 2, Part 3, Section 301, Public records.

(9) "Sub-recipient" means any entity that receives funds from an entity governed by the Board.

 

R277-116-3. Audit Director Authority and Responsibilities.

The Audit Director shall:

(1) direct the audit program:

(a) as approved by the Board and audit committee by objectively evaluating the effectiveness and efficiency of the operations of the agency being audited;

(b) in accordance with the current International Standards for the Professional Practice of Internal Auditing; and

(c) as otherwise required by the Board;

(2) ensure that collectively the audit department possesses the knowledge, skills, and experience essential to the practices of the profession and are proficient in applying internal auditing standards, procedures, and techniques;

(3) employ:

(a) a sufficient number of professional and support staff to implement an effective internal audit program; and

(b) audit staff who are qualified in disciplines that include:

(i) accounting;

(ii) business management;

(iii) public administration;

(iv) human resource management;

(v) economics;

(vi) finance;

(vii) statistics;

(viii) electronic data processing; or

(ix) engineering;

(4) inform the audit committee if additional professional and support staff are necessary to implement an effective internal audit program;

(5) base compensation, training, job tenure, and advancement of internal auditing staff on job performance;

(6) propose audit rules, policies, and amendments, for approval and adoption by the Board that maintain staff independence from operational and management responsibilities that would impair staff's ability to make independent audits of an agency;

(7) develop and recommend an audit plan to the Board and the audit committee based on the findings of periodic risk assessments, audits, and budget;

(8) perform an audit of a special program, activity, function, or organizational unit of an agency at the direction of the Board or the audit committee with one or more objectives, including:

(a) to verify the accuracy and reliability of agency records;

(b) to assess compliance with management policies, plans, procedures, and regulations;

(c) to assess compliance with applicable laws, rules, and regulations;

(d) to evaluate the efficient and effective use of agency resources;

(e) to verify the appropriate protection of agency assets; and

(f) review and evaluate internal controls over the agency's accounting systems, administrative systems, electronic data processing systems, and all other major systems necessary to ensure the fiscal and administrative accountability of the state agency;

(9) determine the assignment and scope of the audits;

(10) periodically discuss relevant matters with the audit committee including whether there are any restrictions on the scope of the audits;

(11) submit draft audit reports directly to the Board and to the audit committee;

(12) receive comments from the Board and responses from the Superintendent on the draft audit report;

(13) edit draft audit report based upon the comments and responses received;

(14) resubmit a draft audit report to the Board and audit committee:

(a) after receipt of comments from the Board and responses from the Superintendent; and

(b) until a draft audit report is approved and adopted as a final audit report by the Board;

(15) report monthly to the audit committee, or as otherwise directed by the audit committee, including:

(a) reviewing current audits being performed both internally and externally;

(b) the scope of the internal and external audits;

(c) status of internal and external audits;

(d) follow up draft audit reports; and

(e) draft audit reports for final review and recommendation;

(16) conduct an annual quality assurance review of the audit program with the audit committee;

(17) personally or through a designee, report quarterly to the Board, or as otherwise directed by the Board;

(18) personally or through a designee, attend all Board meetings;

(19) report to the Board, within a reasonable time of discovering, issues that have the potential of exposing the Board, Superintendent, or an agency to liability or litigation;

(20) maintain the classification of any public record consistent with GRAMA;

(21) be subject to the same penalties under GRAMA as the custodian of a public record; and

(22) ensure that significant audit matters that cannot be appropriately addressed by the audit program are referred to either the Office of Legislative Auditor General or the Office of the State Auditor.

 

R277-116-4. Superintendent Authority and Responsibilities.

The Superintendent shall establish the audit program by:

(1) providing resources necessary to conduct the audit program including adequate funds, staff, tools, and space to support the audit program;

(2) facilitating communications with those charged with governance, management, and staff as requested by the Audit Director or the audit committee to ensure the access necessary to perform an audit;

(3) ensuring access to all personnel, records, data, and other agency information that the Audit Director or staff consider necessary to carry out their assigned duties;

(4) notifying the Audit Director of external audits of entities governed by the Board;

(5) notifying the agency that the Audit Director shall be the liaison for an external audit; and

(6) supporting the audit program as otherwise requested by the audit committee or Audit Director.

 

R277-116-5. Agency Authority and Responsibilities.

The agency shall wholly cooperate and provide the Audit Director and the internal audit staff all:

(1) necessary access to those charged with governance, management, and staff; and

(2) personnel, records, data, and other agency information that the Audit Director or staff consider necessary to carry out their assigned duties.

 

R277-116-6. Audit Plans.

(1) The audit plan prepared by the Audit Director shall:

(a) identify the individual audits to be conducted during each year;

(b) identify the related resources to be devoted to each of the respective audits;

(c) ensure that internal controls are reviewed periodically as determined by the Board or by the audit committee; and

(d) ensure that audits that evaluate the efficient and effective use of agency resources are adequately represented in the audit plan.

(2) Upon request, the Audit Director shall make a copy of the approved and adopted audit plan available to the state auditor, legislative auditor, or other appropriate external auditors to assist in planning and coordination of any external financial, compliance, electronic data processing, or performance audit.

 

R277-116-7. Audit Process.

(1) The Audit Director shall develop and recommend an audit plan to the Board and the audit committee based on the findings of periodic risk assessments and audits.

(2) Once approved and adopted by the Board, the Audit Director shall implement the audit plan.

(3) As requested by the audit committee or Audit Director, the Superintendent shall establish the audit program.

(4) The agency shall provide all information to the Audit Director and audit staff for the audit to be timely conducted.

(5) After conducting an audit, the Audit Director shall submit a draft audit report to:

(a) the audit committee;

(b) the Board; and

(c) the Superintendent for response or comment.

(6) Within fourteen days of the Audit Director's submission of the draft audit report to the Board and audit committee, the Superintendent shall either:

(a) provide a written response or comment to the Board, audit committee, and Audit Director to the draft audit report; or

(b) file a written request for an extension to the audit committee setting forth:

(i) the steps necessary to investigate and prepare a response to the draft audit report;

(ii) the time necessary to perform each step; and

(iii) the latest date that the Superintendent's written response or comment will be given to the Board, audit committee and Audit Director.

(7) Upon receiving written response and comment from the Superintendent, the Audit Director shall:

(a) incorporate into the draft audit report the written responses and comments, if any, received from the Board, the audit committee, and the Superintendent; and

(b) submit the amended draft audit report to the audit committee for recommendation.

(8) The audit committee may:

(a) recommend an amended draft audit report for approval and adoption; or

(b) send the amended draft audit report back to the Audit Director with instructions for additional review.

(9) Upon recommendation from the audit committee on the amended draft audit report, the Board may:

(a) approve and adopt an amended draft audit report as the final audit report; or

(b) send the amended draft audit report back to the audit committee with instructions for additional review.

 

R277-116-8. Audit Reports.

(1) An audit report prepared by the Audit Director and staff shall be based upon audits of agency programs, activities, and functions that include:

(a) findings based upon the audit scope; and

(b) one or more of the following objectives:

(i) verification of the accuracy and reliability of agency records;

(ii) assessment of an agency's compliance with management policies, plans, procedures, and regulations;

(iii) assessment of an agency's compliance with applicable laws, rules, and regulations;

(iv) evaluation of the efficient and effective use of agency resources;

(v) verification of the appropriate protection of agency assets;

(vi) furnishing independent analyses, appraisals, and recommendations that may, depending upon the audit scope, identify:

(A) the adequacy of an agency's systems of internal control;

(B) the efficiency and effectiveness of agency management in carrying out assigned responsibilities; and

(C) the agency's compliance with applicable laws, rules, and regulations;

(vii) review and evaluation of internal controls over the agency's accounting systems, administrative systems, electronic data processing systems, and all other major systems necessary to ensure the fiscal and administrative accountability of the agency; and

(viii) identification of abuse, illegal acts, errors, omissions, or conflicts of interest.

(2) An audit report prepared by the Audit Director and staff shall include a statement that the audit was conducted according to International Standards for the Professional Practice of Internal Auditing.

(3) The Audit Director shall provide, upon written request, a copy of an audit report to the Office of Legislative Auditor General or the Office of the State Auditor.

(4) The Audit Director shall ensure that public release of a final audit report complies with the conditions specified by the state laws and rules governing the audited agency.

 

KEY: educational administration

Date of Enactment or Last Substantive Amendment: [ May 8, ] 2015

Notice of Continuation: December 16, 2013

Authorizing, and Implemented or Interpreted Law: Art X Sec 3; 53A-1-401(3); 53A-1-405; 53A-1-402(1)(e); 53A-17a-147(2); 63I-5-101 through 401