Audit reveals shortcomings in USF CAMLS

A University Audit and Compliance audit of USF Health Professions Conferencing Corporation (HPCC) showed multiple issues in HPCC’s inner workings, including possible risks of fraud.   SPECIAL TO THE ORACLE

In an audit of the USF Health Professions Conferencing Corporation (HPCC) released Thursday, University Audit and Compliance (UAC) concluded that HPCC did not have a sufficient system of internal controls, identifying three high priority and 14 medium priority risks. 

HPCC is a Florida non-profit established in 2005 to support the USF Health Office of Continuing Professional Development. HPCC is also in charge of operations for the Center for Advanced Medical Learning and Simulation (CAMLS), a 90,000 square-foot, multi-purpose facility for professional health training. 

All three of the high priority risks mentioned in the audit were resolved. These included inadequate controls over procurement and credit card use to prevent fraudulent expenditures, as well as inadequate controls in place to prevent fraudulent travel and expense reimbursements from being made.

Of the 14 medium priority risks pointed out in the audit, only three were resolved. The resolved issues included the advance approval process for airline tickets and gift cards given to employees not reported to USF for the Medical Services Support Corporation for inclusion in employees’ taxable income. Additionally, the issue of payroll approval without verifying data entered into the certification system being accurate was resolved. 

Some of the unresolved issues were the inadequate securing of credit card information, inadequate monitoring of corporate reward programs to ensure effective utilization, policies and procedures that were out-of-date and not adhered to and contractual agreements not properly supported by legally binding agreements. 

According to the document, these risks must be resolved within 60 days.

“The primary objectives of our audit were to provide management with an objective assessment of whether systems and controls, if functioning as described and consistently applied, were adequate to ensure proper accountability and reporting of financial activities and to prevent and detect fraud and to assist management in identifying and implementing improvements where weaknesses are identified,” the UAC wrote in the audit. 

The audit stretched the period from July 1, 2014 to June 30, 2015 and covered administrative and financial controls. The UAC also provided an assessment of fraud risk in addition to its evaluation.

In the audit, the UAC wrote, “while our audit did not identify any fraudulent activities, material unmitigated fraud risks were identified in the areas of procurement, including expenditures incurred using the corporate credit cards and travel and expense costs.”

The UAC’s auditing services are not ongoing, as HPCC has its own Finance and Audit Committee, which experienced some repeat findings in its own evaluations.

“On November 21, 2014, the internal auditor presented the results of the calendar year 2014 projects to the HPCC Finance and Audit Committee which included 16 recommendations to improve internal controls, 13 of which were repeat findings,” the audit stated. “As of June 30, 2015, 14 of these recommendations had not been implemented.”