DAR File No. 40789
This rule was published in the October 1, 2016, issue (Vol. 2016, No. 19) of the Utah State Bulletin.
Education, Administration
Rule R277-116
Audit Procedure
Notice of Proposed Rule
(Amendment)
DAR File No.: 40789
Filed: 09/15/2016 04:42:30 PM
RULE ANALYSIS
Purpose of the rule or reason for the change:
Rule R277-116 is amended to incorporate authority and procedures resulting from S.B. 91 from the 2016 General Session. Minor terminology and technical changes are also provided, and unnecessary procedures are removed from the rule.
Summary of the rule or change:
The amendments to Rule R277-116 provide two new authorizing statutes that: 1) give the Board authority to audit the use of state funds; and 2) allow the Board to contract with a local education agency (LEA) or other education entity to provide internal audit services to the LEA if approved by the audit committee. Minor technical and conforming changes are also provided, including renumbering as appropriate.
Statutory or constitutional authorization for this rule:
- Subsection 63I-5-201(4)
- Subsection 53A-1-402(1)(e)
- Section 53A-1-401
Anticipated cost or savings to:
the state budget:
The amendments to this rule provide authorizing statutes and technical and conforming changes, which likely will not result in a cost or savings to the state budget.
local governments:
The amendments to this rule provide authorizing statutes and technical and conforming changes, which likely will not result in a cost or savings to local government.
small businesses:
The amendments to this rule provide authorizing statutes and technical and conforming changes, which likely will not result in a cost or savings to small businesses.
persons other than small businesses, businesses, or local governmental entities:
The amendments to this rule provide authorizing statutes and technical and conforming changes, which likely will not result in a cost or savings to persons other than small businesses, businesses, or local government entities.
Compliance costs for affected persons:
The amendments to this rule provide authorizing statutes and technical and conforming changes, which likely will not result in any compliance costs for affected persons.
Comments by the department head on the fiscal impact the rule may have on businesses:
To the best of my knowledge, there should be no fiscal impact on businesses as a result of the amendments to this rule.
Sydnee Dickson, State Superintendent
The full text of this rule may be inspected, during regular business hours, at the Office of Administrative Rules, or at:
EducationAdministration
250 E 500 S
SALT LAKE CITY, UT 84111-3272
Direct questions regarding this rule to:
- Angela Stallings at the above address, by phone at 801-538-7656, by FAX at 801-538-7768, or by Internet E-mail at [email protected]
Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:
10/31/2016
This rule may become effective on:
11/07/2016
Authorized by:
Angela Stallings, Associate Superintendent, Policy and Communication
RULE TEXT
R277. Education, Administration.
R277-116. Audit Procedure.
R277-116-1. Authority and Purpose.
(1) This rule is authorized by:
(a) Utah Constitution Article X, Section 3 which vests general control and supervision of public education in the Board;
(b) Subsection 63I-5-201(4) which requires the Board to direct the establishment of an internal audit department for programs administered by the entities it governs;
(c) S[ubs]ection 53A-1-401[(3)], which allows the Board to [adopt]make rules [in accordance with its responsibilities]to execute the Boards duties and responsibilities under the Utah
Constitution and state law;
(d) Subsection 53A-1-402(1)(e) which directs the Board to develop rules and minimum standards regarding school productivity and cost effectiveness measures, school budget formats, and financial, statistical, and student accounting requirements for the local school districts;
(e) Section 53A-1-404 which allows the Board to approve auditing standards for school boards;
(f) Section 53A-1-405 which makes the
Board responsible for verifying audits of local school districts;[ and]
(g) Subsection 53A-17a-147(2) which
directs the Board to assess the progress and effectiveness of all
programs funded under the State System of Public Education[.]; and
(h) Section 53A-1-401, which gives the Board authority to audit the use of state funds by an education entity that receives state funds as a distribution from the Board.
(2) The purpose of this rule is to:
(a) outline the role of the Audit Director, Superintendent, and agency in the audit process; and
(b) outline the Board's procedures for audits of agencies.
R277-116-2. Definitions.
(1) "Agency" means:
(a) an entity governed by the Board;
(b) an LEA; or
(c) a sub-recipient.
(2) "Audit committee" means a standing committee of members appointed by the Board.
(3) "Audit Director" means the person who:
(a) directs the audit program of the Board;
(b) is appointed by and reports to the audit committee; and
(c) is independent of the agencies subject to Board audit.
(4) "Audit plan" means a prioritized list of audits to be performed in the audit program within a specified period of time that is reviewed, approved, and adopted at least annually.
(5) "Audit program" means a department that provides internal audit services for the Board that is directed by the Audit Director.
(6) "An entity governed by the
Board" means the
Board, SCSB,
or USDB[, USOE, or USOR].
(7) "Draft audit report" means a draft audit report compiled by the Audit Director that is classified as protected under Title 63G, Chapter 2, Part 3, Section 305, Protected records.
(8) "Education entity" means the same as that term is defined in Section 53A-1-401.
([8]9) "Final audit report" means a draft audit report
that is approved by the audit committee and the Board as a final
audit report that is classified as public under Title 63G, Chapter
2, Part 3, Section 301, Public records.
([9]10) "Sub-recipient" means any entity that receives
funds from an entity governed by the Board.
R277-116-3. Audit Director Authority and Responsibilities.
(1) The Audit Director shall:
([1]a) direct the audit program:
([a]i) as approved by the Board and audit committee by
objectively evaluating the effectiveness and efficiency of the
operations of the agency being audited;
([b]ii) in accordance with the current International Standards
for the Professional Practice of Internal Auditing; and
([c]iii) as otherwise required by the Board;
([2]b) ensure that collectively the audit department possesses
the knowledge, skills, and experience essential to the practices of
the profession and are proficient in applying internal auditing
standards, procedures, and techniques;
([3]c) employ:
([a]i) a sufficient number of professional and support staff to
implement an effective internal audit program; and
([b]ii) audit staff who are qualified in disciplines that
include:
([i]A) accounting;
([ii]B) business management;
([iii]C) public administration;
([iv]D) human resource management;
([v]E) economics;
([vi]F) finance;
([vii]G) statistics;
([viii]H) electronic data processing; or
([ix]I) engineering;
([4]d) inform the audit committee if additional professional and
support staff are necessary to implement an effective internal
audit program;
([5]e) base compensation, training, job tenure, and advancement
of internal auditing staff on job performance;
([6]f) propose audit rules, policies, and amendments, for
approval and adoption by the Board that maintain staff independence
from operational and management responsibilities that would impair
staff's ability to make independent audits of an agency;
([7]g) develop and recommend an audit plan to the Board and the
audit committee based on the findings of periodic risk assessments,
audits, and budget;
([8]h) perform an audit of a special program, activity,
function, or organizational unit of an agency at the direction of
the Board or the audit committee with one or more objectives,
including:
([a]i) to verify the accuracy and reliability of agency
records;
([b]ii) to assess compliance with management policies, plans,
procedures, and regulations;
([c]iii) to assess compliance with applicable laws, rules, and
regulations;
([d]iv) to evaluate the efficient and effective use of agency
resources;
([e]v) to verify the appropriate protection of agency assets;
and
([f]vi) review and evaluate internal controls over the
agency's accounting systems, administrative systems, electronic
data processing systems, and all other major systems necessary to
ensure the fiscal and administrative accountability of the state
agency;
([9]i) determine the assignment and scope of the audits;
([10]j) periodically discuss relevant matters with the audit
committee including whether there are any restrictions on the scope
of the audits;
([11]k) submit draft audit reports directly to the Board and to
the audit committee;
([12]l) receive comments from the Board and responses from the
Superintendent on the draft audit report;
([13]m) edit draft audit report based upon the comments and
responses received;
([14]n) resubmit a draft audit report to the Board and audit
committee:
([a]i) after receipt of comments from the Board and responses
from the Superintendent; and
([b]ii) until a draft audit report is approved and adopted as a
final audit report by the Board;
([15]o) report monthly to the audit committee, or as otherwise
directed by the audit committee, including:
([a]i) reviewing current audits being performed both internally
and externally;
([b]ii) the scope of the internal and external audits;
([c]iii) status of internal and external audits;
([d]iv) follow up draft audit reports; and
([e]v) draft audit reports for final review and
recommendation;
([16]p) conduct an annual quality assurance review of the audit
program with the audit committee;
([17]q) personally or through a designee, report quarterly to the
Board, or as otherwise directed by the Board;
([18]r) personally or through a designee, attend all Board
meetings;
([19]s) report to the Board, within a reasonable time of
discovering, issues that have the potential of exposing the Board,
Superintendent, or an agency to liability or litigation;
([20]t) maintain the classification of any public record
consistent with GRAMA;
([21]u) be subject to the same penalties under GRAMA as the
custodian of a public record; and
([22]v) ensure that significant audit matters that cannot be
appropriately addressed by the audit program are referred to either
the Office of Legislative Auditor General or the Office of the
State Auditor.
(2) The Audit Director may contract with an LEA or other education entity to provide internal audit services to the LEA or other education entity if the contract is approved by the audit committee in accordance with Board contract policies.
R277-116-4. Superintendent Authority and Responsibilities.
The Superintendent shall[establish the audit program by]:
(1) provid[ing]e resources necessary to conduct the audit program including
adequate funds, staff, tools, and space to support the audit
program;
(2) facilitat[ing]e communications with those charged with governance,
management, and staff as requested by the Audit Director or the
audit committee to ensure the access necessary to perform an
audit;
(3) ensur[ing]e access to all personnel, records, data, and other agency
information that the Audit Director or staff consider necessary to
carry out their assigned duties;
(4) notify[ing] the Audit Director of external audits of
entities governed by the Board;
(5) notify[ing] the agency that the Audit Director shall be
the liaison for an external audit; and
(6) support[ing] the audit program as otherwise requested by
the audit committee or Audit Director.
R277-116-5. Agency Authority and Responsibilities.
The agency shall wholly cooperate and provide the Audit Director and the internal audit staff all:
(1) necessary access to those charged with governance, management, and staff; and
(2) personnel, records, data, and other agency information that the Audit Director or staff consider necessary to carry out their assigned duties.
R277-116-6. Audit Plans.
(1) The audit plan prepared by the Audit Director shall:
(a) identify the individual audits to be conducted during each year;
(b) identify the related resources to be devoted to each of the respective audits;
(c) ensure that internal controls are reviewed periodically as determined by the Board or by the audit committee; and
(d) ensure that audits that evaluate the efficient and effective use of agency resources are adequately represented in the audit plan.
(2) Upon request, the Audit Director shall make a copy of the approved and adopted audit plan available to the state auditor, legislative auditor, or other appropriate external auditors to assist in planning and coordination of any external financial, compliance, electronic data processing, or performance audit.
R277-116-7. Audit Process.
(1) The Audit Director shall develop and recommend an audit plan to the Board and the audit committee based on the findings of periodic risk assessments and audits.
(2) Once approved and adopted by the Board, the Audit Director shall implement the audit plan.
(3) As requested by the audit committee or Audit Director, the Superintendent shall establish the audit program.
(4) The agency shall provide all information to the Audit Director and audit staff for the audit to be timely conducted.
(5) After conducting an audit, the Audit Director shall submit a draft audit report to:
(a) the audit committee;
(b) the Board; and
(c) the Superintendent for response or comment.
(6) Within fourteen days of the Audit Director's submission of the draft audit report to the Board and audit committee, the Superintendent shall either:
(a) provide a written response or comment to the Board, audit committee, and Audit Director to the draft audit report; or
(b) file a written request for an extension to the audit committee setting forth:
(i) the steps necessary to investigate and prepare a response to the draft audit report;
(ii) the time necessary to perform each step; and
(iii) the latest date that the Superintendent's written response or comment will be given to the Board, audit committee and Audit Director.
(7) Upon receiving written response and comment from the Superintendent, the Audit Director shall:
(a) incorporate into the draft audit report the written responses and comments, if any, received from the Board, the audit committee, and the Superintendent; and
(b) submit the amended draft audit report to the audit committee for recommendation.
(8) The audit committee may:
(a) recommend an amended draft audit report for approval and adoption; or
(b) send the amended draft audit report back to the Audit Director with instructions for additional review.
(9) Upon recommendation from the audit committee on the amended draft audit report, the Board may:
(a) approve and adopt an amended draft audit report as the final audit report; or
(b) send the amended draft audit report back to the audit committee with instructions for additional review.
R277-116-8. Audit Reports.
(1) An audit report prepared by the Audit Director and staff shall be based upon audits of agency programs, activities, and functions that include:
(a) findings based upon the audit scope; and
(b) one or more of the following objectives:
(i) verification of the accuracy and reliability of agency records;
(ii) assessment of an agency's compliance with management policies, plans, procedures, and regulations;
(iii) assessment of an agency's compliance with applicable laws, rules, and regulations;
(iv) evaluation of the efficient and effective use of agency resources;
(v) verification of the appropriate protection of agency assets;
(vi) furnishing independent analyses, appraisals, and recommendations that may, depending upon the audit scope, identify:
(A) the adequacy of an agency's systems of internal control;
(B) the efficiency and effectiveness of agency management in carrying out assigned responsibilities; and
(C) the agency's compliance with applicable laws, rules, and regulations;
(vii) review and evaluation of internal controls over the agency's accounting systems, administrative systems, electronic data processing systems, and all other major systems necessary to ensure the fiscal and administrative accountability of the agency; and
(viii) identification of abuse, illegal acts, errors, omissions, or conflicts of interest.
(2) An audit report prepared by the Audit Director and staff shall include a statement that the audit was conducted according to International Standards for the Professional Practice of Internal Auditing.
(3) The Audit Director shall provide, upon written request, a copy of an audit report to the Office of Legislative Auditor General or the Office of the State Auditor.
(4) The Audit Director shall ensure that public release of a final audit report complies with the conditions specified by the state laws and rules governing the audited agency.
KEY: educational administration
Date of Enactment or Last Substantive Amendment: [October 8, 2015]2016
Authorizing, and Implemented or Interpreted Law: Art X Sec 3;
53A-1-401[(3); 53A-1-405]; 53A-1-402(1)(e);
53A-1-405;
53A-17a-147(2); 63I-5-101 through 401
Additional Information
More information about a Notice of Proposed Rule is available online.
The Portable Document Format (PDF) version of the Bulletin is the official version. The PDF version of this issue is available at https://rules.utah.gov/publicat/bull-pdf/2016/b20161001.pdf. The HTML edition of the Bulletin is a convenience copy. Any discrepancy between the PDF version and HTML version is resolved in favor of the PDF version.
Text to be deleted is struck through and surrounded by brackets ([example]). Text to be added is underlined (example). Older browsers may not depict some or any of these attributes on the screen or when the document is printed.
For questions regarding the content or application of this rule, please contact Angela Stallings at the above address, by phone at 801-538-7656, by FAX at 801-538-7768, or by Internet E-mail at [email protected]. For questions about the rulemaking process, please contact the Office of Administrative Rules.