Quality Assurance Reviews
A Quality Assurance Review (QAR) verifies the accuracy of the Department Manager's responses to the Fiscal Management Sub-Certification and help ensure that responses are in accordance with UTS 142 — Financial Accounting and Reporting financial accountability mandates. The annual Sub-Certification process includes the acknowledgment of responsibility for establishing and monitoring internal controls which includes each department manager providing an opinion as to whether:
- Their department’s system of internal control is adequately designed, properly executed, and effective.
- There are no misstatements or omissions in the financial information provided.
- All frauds known to them have been reported and appropriately addressed.
The Sub-Certification process is in conjunction to Financial Affairs Monitoring plan. In addition, QAR’s evaluates the procedures a department has in place to mitigate the risk of fraud or error.
QAR - Frequently Asked Questions
Why and how were we chosen to be reviewed?
A sample of department managers from each vice president’s area is selected annually to undergo a QAR. This sampling means approximately 20% of department managers are selected annually for a QAR, with a goal of every department manager receiving a QAR at least once every five years. Department managers are selected based on a risk assessment including several criteria:
- Budget and expense amounts
- Audit review/concern
- Organizational change/turnover
- QAR history
- Fiscal Management Sub-Certification responses
- Requests by vice presidents
How are we notified if we have been selected for a QAR?
You will receive an email from the Office of Institutional Compliance and Risk Services stating that you have been selected for a QAR, the email request you to complete a QAR Questionnaire to begin the review. To access a sample questionnaire, please click here.
How does our department prepare for a QAR?
Department Managers should review the policies and suggestions found in the Management Assessment Tool and the Financial Guidelines. In addition, the initial email request will include the areas that will be reviewed. The following is a sample of items that may be reviewed:
- Timeliness of monthly reconciliations and reviews
- Quality of reconciliation process as guided by the requirements (see Financial Guideline — Department Financial Reviews
- Department manager's review process
- Fiscal management of purchasing, cash handling, and gifts
- Receiving of goods and services
- Capital asset management (i.e. Inventory Records)
- Information security
- Conflict(s) of interest
How long will the review last?
We do our best to ensure minimal disruption of the day-to-day activities of the department. This will be an electronic review, all information will be collected via email or similar form. The review period depends on the department’s response. If the department does not provide a response or evidence by the assigned deadline, QAR will be closed and the risk level will be assigned based on the information available at the time of the review.
What kind of report will I receive?
Each Department Manager (and their immediate supervisor) will receive a report that assigns a code to the various areas reviewed. The code is as follows:
- Significant risk, R -red dot - significant departure from university policy, procedures and/or best practices;
- Moderate risk, Y -yellow dot - moderate departure from university policy, procedures and/or best practices;
- Low risk, G -green dot - compliant with or non-significant departure from university policy, procedures and/or best practices.
The report is then quantified into an overall ranking of the risk in that department (i.e. significant risk, moderate risk or low risk). Click here for a sample report.
QAR results are provided to the department manager and immediate supervisor. Vice presidents are provided a final summary of the results from all QARs performed in their areas.
Institutional Compliance and Risk Services performs follow-ups for QARs with a significant overall risk level “Significant/Red Dot” 90 days after the respective vice president is notified.
- 90-day follow-ups area less extensive than the initial QAR by only reviewing progress made on the matters which contributed mainly to a fiscal management “Significant/Red Dot”.
- If the 90-day follow-up shows that controls have not been implemented and the “Significant/Red Dot” remains applicable, OICRS will conduct a consultative visit to collaborate with you in the enhancement of the department processes. Subsequent to the consultation, a follow-up review will be scheduled in 30 days to ensure corrective actions are implemented to mitigate these risks.
- OICRS contacts the Office of Auditing and Consulting Services for further action if issues of concern are not corrected.
Reports of all significant findings and related follow-up activities are given to the relevant supervisor, vice president (or delegate), the institutional fraud officer (the senior vice president for Business Affairs) and the financial reporting officer.
How is this different from an audit?
This is not an audit, nor does it substitute for an audit. The purpose of this review is to provide, in a consultative manner, an objective evaluation of internal controls in the area and to alert the Department Manager to potential risks. A QAR is a “proactive” approach to monitoring internal controls so that Department Managers are aware of risks and can ensure they are adequately mitigated before weaknesses are identified in an audit.
Resources