University of Kentucky Internal Audit (UKIA) has many resources that units and departments can use to aid them. These services can be provided through UKIA itself, or from other areas. Click here for more resources.
Guidance for Divisions, Units and Departments
Hierarchy of Regulations and Policies
Last updated: 9/10/2024
UKIA systematically evaluates UK regulations, policies and procedures at all levels of the enterprise through a hierarchical lens. This ensures that each not only aligns with other related internal policies but also complies with all federal regulations, state statutes and industry standards to which the institution — and its divisions — must adhere. Click here to learn more.
Lessons Learned
Last updated: 10/3/2023
Each quarter, UKIA hosts Lessons Learned, a virtual roundtable event that allows UK Internal Audit to share information about actual incidents or activities that have occurred here at UK (but not unit-identified) or at other institutions across the nation and the risks associated with these "hot topics." Faculty and staff who attended these events will come away with insights to improve their operations to prevent similar activities from occurring in their units.
Academic Risk Template
Last updated: 10/3/2023
To assist colleges with risk assessments that may be required as part of the accreditation process, UKIA has created a risk assessment template for your use. There are three tabs at the bottom of the template to help sort risks into the three main areas of the college’s activities: administrative, research and instruction
Each tab has a form where you can add the process, risk activity being rated, the policies and regulations, standard and criteria for each risk being assessed, as well as the responsible entity and the controls that are in place to monitor the activity. At the far right, there is a place to rank both the likelihood of the event actually happening and the impact such an event would have on the college/university on a scale of 1-3, with three representing a high likelihood or impact and one representing a low likelihood or impact. The Risk Rating is an average of those two numbers. There are several examples on each tab to help you get started.
Download the Academics Risk Template here.
Please contact internalaudit@uky.edu or call 857-257-3126
Policies Related to Vendor Payments
Last updated: 10/3/2023
The BPM Section B-2 General Purchasing and Contracting Authority prohibits purchases and contracts from being “made with an employee of the University of Kentucky for any item of supply, equipment, or service.” These situations clearly indicate this policy is not being followed. While certain exceptions may be made in the event of sole source providers and, in health care, when it is a medication or therapy deemed to be best approach for a patient, in general, using a company owned by a UK employee is unallowable. UKIA attributes use of employees as vendors to a lack of communication regarding the policy noted above and the ability to bypass the established processes for engaging and vetting vendors:
- Supplies: Units should always verify that the vendor they want to use is listed in the SAP vendor database. If the vendor is not listed, the unit should follow the steps to onboard a new vendor in the PaymentWorks system found here.
- Services: Units should verify whether a university unit or personnel can provide the desired service. If it cannot be provided, the unit should complete a Standard Contract for Personal Services and submit it to Purchasing for approval (see BPM B-3-1 Use of Existing Contracts).
Procurement
Last updated: 10/3/2023
Recently, UKIA completed several reviews across the university during which similar concerns pertaining to inappropriate payments to employees were noted. Each of these cases involved a UK employee being paid as a vendor to perform work or provide a service. UK policies were not being followed in any of these cases.