Internal Audit Overview

The Internal Audit function provides the University community with objective and independent assurance and consultative services. We work to support the University in its mission, and our goal is to help departments achieve their objectives and make informed decisions through proactive risk management. To provide this support Internal Audit intends to treat members of the University community as customers. Internal Audit will collaborate with you, our customers, to diagnose the root cause of challenges that may impede achievement of departmental / University objectives or impact our compliance obligations.

We encourage you to engage Internal Audit to assist with proactively managing risks before a particular challenge becomes significant. In addition, utilize Internal Audit as a training resource to improve internal controls and raise awareness of fraud prevention programs.

Sources of the Annual Plan

Internal Audit’s primary means of serving our customers is the annual audit plan. Each fiscal year the Chief Audit Executive prepares an audit plan for approval by the Audit Committee of the Board of Directors. The sources used to prepare the annual plan include, but are not limited to the following:

  1. University and departmental risk assessments
  2. Requests from the Audit Committee and management
  3. Prior audits and / or historical trends regarding governance, risk, and compliance management issues and goals
  4. Information from external sources, e.g., Deloitte, the University’s external auditor for its financial statements
  5. Federal and local oversight or regulatory trends
  6. University business cycles, e.g., student accounts, IT systems, and grant management
  7. New or significant University initiatives
  8. Feedback or information from Faculty, Staff, or other persons highlighting compliance concerns
  9. Known or suspected high risk financial, legal, compliance, or reputation issues

Risk Exposure and Audit Coverage

The sources described above create an audit universe. The number and significance of events captured in the audit universe could be numerous. Events are prioritized and matched against audit resources. In addition, a certain amount of audit resources are reserved for special projects or emerging issues, e.g., investigations. However, in any one fiscal year and over a three year planning cycle, audits attempt to address the University’s significant risk exposures. Broadly, risk exposure areas may include: asset protection, liability management, legal/regulatory compliance, data integrity and security, process improvement, financial reporting, and business continuity.

Audit Operations

See Chronology of an Audit for a description of how an audit is implemented and audit reports issued.

External Resources

Best practices for risk management and strengthening internal controls:

Internal Resources

Important University links for compliance, anti-fraud / whistleblower programs, and financial policies:

The University’s Internal Audit Service Partner