Internal Audit

• Audits
  • Benefits
  • Selection Process
  • Categories
  • Audit Process
  • Client Responsibilities
  • Reporting
• Compliance Calendar
• Common Audit Findings
• Exit Survey
• Fraud and Abuse Reporting
• Resources
• About Us
• Ask the Auditor

Categories

The Office of Internal Audit completes many different types of engagements, and some engagements are hybrids with elements from multiple types.

Audits

The majority of our time is spent on audits which fall into several different categories.

Departmental Reviews

The bulk of our office's time is spent completing departmental reviews. During departmental reviews, the complete operations of an area are assessed to ensure compliance with internal policies and external regulations, operations are effective and efficient, and internal controls are in place and functioning well. The scope of each review varies and is tailored to the department based on a risk assessment and management's requests. Topics typically included in a departmental review are:

• Revenue
• Expenditures
• Cash handling
• Fixed assets and computer inventories
• Payroll and personnel
• Policies
• General controls and access rights
• Academic areas including admission procedures and the awarding of scholarships
• Tax issues including unrelated business income taxes and fringe benefits
• Grant compliance

Compliance Reviews

During a compliance review, operations are compared to external regulations such as those of a Federal, State, or accrediting agency. Our recommendations are intended to help management fully comply with the established regulations.

Information System Reviews

Information system reviews include many different topics such as:

• System, software, and document access
• Document storage and retention
• Credit card compliance
• Business continuity and disaster recovery planning
• Online presence
• Physical security of computer assets

Follow Up Reviews

Following a review, corrective actions are monitored on a quarterly basis, and we complete a follow up review approximately 12 to 18 months following the issuance of a final report or memo. Follow ups are intended to evaluate implemented changes.

Consultations

Consultations are completed at the request of management and are intended to provide advice and information on internal controls, risk management, and sound business practices. They may be designed to evaluate processes for efficiency or to help in designing controls to ensure new systems operate effectively.

Investigations

Investigations are conducted in response to suspected fraud, waste, or abuse of university resources. We evaluate the actions and intent of the individuals and offices involved.