​​Up to the Challenge

Jacob Flournoy, internal audit director at the University of Arkansas System, was recently honored by the American Institute of Certified Professional Accountants for building an internal audit function that has made a major impact on state government.

Comments Views

​What were the biggest challenges you faced in starting the internal audit function at your organization?

The first challenge was addressing a backlog of requests for internal audit services. The board and senior management initially had a long list of areas in need of independent reviews and audits. It took a while to work through the audit issues disclosed in these areas. Other challenges included getting the right audit policies in place, obtaining sufficient resources for developing an internal audit function that could meet the International Standards for the Professional Practice of Internal Auditing, and staffing up with Certified Internal Auditors.

What impact has internal audit had on the organization since it launched?

We serve as direct staff support to the board’s Audit and Fiscal Responsibility Committee and strive to write concise reports that will be read, understood, and acted upon for the benefit of the stakeholders and citizens that our organization serves. We bring the concepts of transparency, accountability, accuracy, efficiency, effectiveness, independence, and integrity into the forefront for assisting the university’s leadership in resolving the diverse and complex issues that come through the audit process.

What are your risk priorities?

We continuously work on and update the risk assessment for new or changing risks as they occur. We monitor global, national, and state/local risks and follow a systematic approach to align these risks with our audit universe and subsequent testing. Our risk priorities are developed to support the board's and senior management's governance and leadership responsibilities.  

Are there specific challenges when working in the public sector?

In general, we have far more records that need to be accessible to the public. However, in the age of cybersecurity, thieves now have an enormous ability to use publicly available information for committing crimes against individuals and government organizations. Other challenges include an ever increasing number of compliance requirements over the use of public funds with each passing year, and a generally lower threshold for materiality when auditing and reporting on these funds.

You were involved in setting up UA's fraud hotline. Has it been helpful?

A hotline provides concerned citizens and our organization's hardworking and best employees a mechanism for anonymously reporting areas where they believe waste, fraud, or abuse are occurring. It doesn't happen every day, nor with every phone call. But every so often, a call comes in that provides information about criminal activities you and senior management didn't know were occurring. In those cases, you are grateful the caller recognized the fraud and utilized the hotline to file a report.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.



Comment on this article

comments powered by Disqus
  • Galvanize-September-2020-Premium-1
  • FSE-September-2020-Premium-2
  • Auditboard-September-2020-Premium-3