Go to USC home page USC Logo Insert page title here
UNIVERSITY OF SOUTH CAROLINA
Internal Audit Homepage
 |
Audit Charter
Audit Staff
Audit Reports
Conflict of Interest
Flowcharts
  Brochure
 
  Links
 
  Internal Audit Policies
University Policies
 

MISUSE INVESTIGATIONS

Introduction

The Internal Audit Department is responsible for reviewing and investigating allegations of misuse involving University employees or property. We share this responsibility with entities such as USC’s Office of Human Resources and Public Safety Department, the Office of the State Auditor, and the State Law Enforcement Division.

University Policy requires management to notify the University Police and the Internal Audit Department if they have reason to believe that public property or funds may have been stolen damaged, lost, or misused. Suspected misuse can be reported anonymously to Internal Audit, the University Police, or the State Auditor’s Hotline.

Response to Reports of Misuse

Our response to allegations of misuse will depend on how the information is communicated to us.

  • If we are notified by management, Human Resources, Campus Police, Office of the State Auditor, or SLED, we should obtain basic information about the situation and, if necessary, arrange a time to meet to discuss the situation. If the notice comes from a member of management, we should advise the individual of the need to report the situation to other offices as deemed appropriate.
  • If we are notified anonymously or by someone other than a member of University management, we should obtain as much information as possible from the individual making the complaint. At minimum, we need to identify the nature of the caller’s concerns, the area where the potential misuse has occurred or the names of individuals believed to be involved, and obtain copies of any documentation that may be available.
  • The Director reviews each report and determines whether or not Internal Audit needs to investigate the issues identified in the report. We will generally limit our investigations to situations involving loss or misuse of funds or other types of misuse that may have occurred due to breakdown in controls.

Regardless of the source of the complaint, we will conduct an initial review to determine whether the allegations have merit and what steps are needed to investigate and resolve the issues raised in the complaint. While all allegations should be given careful consideration and treated seriously, it is important to remember these claims are unsubstantiated unless, and until, corroborating evidence is obtained.

Investigative Procedures

The goals of investigations of potential misuse are to determine if the allegations of misuse are valid, then to identify control weaknesses or breakdowns in procedure that allowed the situation and any related problems to occur, determine the extent of any loss and recommend corrective action to prevent the situation from recurring. The type of investigative procedures used will depend on the nature of the potential misuse and the results of the preliminary review. The investigation may stop with the preliminary review if that shows the allegations are not valid or if the issues are minor and can be resolved through meetings with management of the area involved. It the allegations are found to be valid, the investigation may involve complex analyses of processes, reviews of access capabilities, and extensive tests of records. There may be a need to extend the review into areas and activities not identified in the initial complaint. An auditor performing a misuse investigation must exercise considerable judgment in selecting the type and extent of procedures to be performed.

The two most important steps in the investigative process are determining where the allegations are likely to be valid and identifying control weaknesses that allowed any misuse to occur. If allegations are clearly invalid, there is no need to perform extensive work to investigate them. We need to understand how a loss occurred and what weaknesses are involved in order to know what we should investigate and how.

Investigations of potential misuse must be conducted in a confidential manner and with respect for the rights of the individual involved. Whenever possible, Internal Audit will notify appropriate members of management prior to beginning an investigation. Advance notice may not be possible in rare situations when even a small delay could allow additional funds to be lost or records destroyed. In these situations, Internal Audit will notify management as soon as possible after the investigation begins. If allegations involve possible misuse by management of an area, Internal Audit will coordinate any investigation through an organizational level to which this area reports.

If an investigation reveals a potential violation of any federal, state, or local law, we will consult with the Legal Office for guidance. If appropriate, we will also obtain guidance from the Campus Police or SLED.

Working Paper Documentation and Communicating Results

The process of conducting and reporting the results of a misuse investigation is similar to the process followed for a routine audit. However, the working papers will follow a different format as will correspondence used to communicate the results of investigation. The working paper format for misuse investigations will depend upon the eventual use of the workpapers and may be different for each investigation.

Extreme care must be taken to ensure that information in any documents prepared in connection with misuse investigation is presented neutrally and objectively. We cannot assume allegations are true unless we have obtained evidence that proves them; the language and tone of our working papers should reflect this concept. Our working papers may end up as evidence in a criminal trial; keep in mind how a defense attorney might respond to a choice of words or presentation of information as you document the results of a review. Never put anything in the workingpapers that you wouldn’t want to have read back to you and challenged if testifying in trial. For example, instead of referring to something as "duplicate payment" use the term "possible overpayment." When presenting information from a complaint or misuse report, use qualifiers such as "according to the complainant" or "caller alleged." Simply stating the claims may imply a presumption of guilt.

As a general rule, avoid identifying by name an individual who may be the target of the investigation or who made the complaint.

Background

Briefly describe the nature of the complaint and whatever information has been provided or obtained in the early stages of the review.

Summary

Conclude regarding whether or not any further investigation by Internal Audit will be needed.

Audit Program

List the specific procedures that will be used to investigate the issue raised in the complaint, preferably in the order they will be performed.

Procedures will often need to be presented as a contingency. For example, "if any payments to XYZ, Inc. are found, obtain copies of documents supporting these transactions.

Close-out Letter
or Report

Should identify the source and general nature of the complaint broadly describe the procedures used to conduct the investigation, and state whether or not we discussed these issues with management and whether they agreed to correct any weaknesses noted.

Significant findings should be reported individually and accompanied by recommendations and responses by management.

In general, close-out letters or reports should contain only enough information to allow the reader to identify the nature of the allegations and the outcome of Internal Audit’s investigation.

Never include names of individuals in these letters or reports.

These letters or reports should be addressed to the President, with copies to Senior University officials and the Secretary of the Board of Trustees.

[Back to Table of Contents]
RETURN TO TOP
USC LINKS: DIRECTORY MAP EVENTS VIP
SITE INFORMATION
Columbia, SC 29208 • 803-777-2752• Webmaster © University of South Carolina Board of Trustees