Back to Top
Skip To Top Navigation Skip To Section Navigation Skip To Content Skip To Left Navigation Skip To Search Skip To Footer

Internal Audit Process

How Are Audits Selected?

The Director of Internal Audit creates an annual audit plan which is developed based on a risk assessment with input from the University's management team and Board of Governors, and in response to audit requests. A risk assessment consists of an analysis of all University operating units and control functions to identify areas of potential high institutional risk. The plan is reviewed and approved by the Audit Committee of the Board of Governors.

In addition to planned audits, the Internal Auditing Department responds to reports of fraudulent activities, irregularities, or mishandling of University funds. Internal audit also responds to special requests by the Board of Governors, the University's President and Senior Management.

Department Responsibilities During an Audit

Successful audits require active participation between Internal Audit and the University department. As in any special project, an audit results in a certain amount of time being diverted from a department's usual routine. All attempts are made by the auditor to be unobtrusive and not interfere with department operations.

Each audit has a defined scope and objectives. An auditor requesting information from a University department will explain the audit's purpose and objectives so the department representative can understand the reasons for the questions being asked or requests being made.

The University department representative assists during the entire audit process by providing for the auditor's requests in a timely manner. If it is determined that the office representative is not the best source for the information requested, the auditor should be directed to the responsible person.

It is appropriate to discuss audit concerns with the auditor or the Director of Internal Audit.

Types of Audits

  •  

    Operational Audits

    Operational audits, also known as performance or management audits are aimed at assessing an operation's effectiveness. An operational audit measures and evaluates administrative control against standards set by management including long range plans, budgets, and operating policies and procedures. Although financial data continues to be the base of reference, we look beyond the figures to provide assistance toward improving operations.

  •  

    Financial Audits

    These audits are designed to validate the accuracy, completeness and authorization of financial transactions, records, and account balances of the audited area. These audits also include analyses of internal controls of the area and system being audited.

  •  

    Compliance Audits

    These audits are designed to review and evaluate compliance with the institution's policies and procedures as well as any other applicable external rules, regulations and laws. This would include Federal and State entities.

  •  

    Information Technology (IT) Audits

    IT audits are designed to address the internal control environment of automated information processing systems and how people use those systems. IT audits typically evaluate system input, output, and processing controls; backup and recovery plans; system security; and computing facilities. These audits consist of specific IT audit techniques to ensure the adequacy and reliability of controls and to ensure the integrity of data processing.

  •  

    Investigative Audits

    These audits are done to investigate incidents of possible fraud or misappropriation of University funds and/or assets. These types of audits often call for the coordination of effort with department/division heads from the area where the incident may have occurred, Finance & Administration, Provost, the Office of General Counsel and law enforcement.

Internal Audit

Candice Bridgers, Audit Manager

Staff

Back to Top