Below are some frequently asked questions regarding the QAR process:
Why and how were we chosen to be reviewed?
Managers from each Vice President's area are selected based on a risk assessment that considers several variables, e.g., funding levels, complexity of transactions, Management Certification responses, etc. Given the large scope of this initiative and our available resources, a limited number of managers are selected for each Vice President's area each fiscal year. Each Vice President approves the selection of managers. All managers will eventually be selected for a QAR.
How are we notified if we have been selected for a QAR?
You will receive an email and/or a call from the Compliance Specialist in the Office of Institutional Compliance and Risk Services stating that you have been selected for a QAR and a request to schedule a time for the QAR to be performed.
How does our department prepare for a QAR?
The reviews are based on the Management Certifications. Managers should review the policies and suggestions found in the Management Assessment Tool. In addition, approximately a week prior to the QAR you will be provided with a checklist of the items that will be reviewed. To access the checklist, please click here.
How long will the review last?
We do our best to ensure minimal disruption of the day to day activities of the department. The interview with the manager will take approximately an hour.
What kind of report will I receive?
Each manager (and their immediate supervisor) will receive a report that assigns a code to the various areas reviewed. The code is as follows:
- a red dot - significant departure from university policy, procedures and/or best practices;
- a yellow dot - moderate departure from university policy, procedures and/or best practices;
- a green dot - compliant with or non-significant departure from university policy, procedures and/or best practices.
The report is then quantified into an overall ranking of the risk of fraud in that department
(i.e. significant risk, moderate risk or low risk). Click here for a sample report.
How is this different from an audit?
This is not an audit, nor does is substitute for an audit. The purpose of this review is to provide, in a consultative manner, an objective evaluation of internal controls in the area and to alert the manager to potential risks. A QAR is a “proactive” approach to monitoring internal controls so that managers are aware of risks and can ensure they are adequately mitigated before weaknesses are identified in an audit.
|
