Internal Audit

FAQ

The Office of Internal Audit exists to ensure the university is fulfilling its vision and mission in an effective and efficient manner. We do this by providing the University with independent and objective reviews of operations and activities.

By definition internal auditing is an independent, objective, assurance and advisory services (consulting) activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

While most have the perception that internal audit only conducts financial reviews, this is only a small portion of what we do.

Feel free to view the Institute of Internal Auditors website to learn more.

  • What are some typical services our office provides?
    • Consult with management and provide methodologies, facilitation, focus, knowledge, technology, best practices, and independence that help solve problems.
    • Verify the existence of university assets and ensure proper safeguards for their protection.
    • Evaluate the reliability and integrity of data produced by information systems.
    • Assess the extent of compliance of each area with applicable laws, regulations, accreditation standards, policies, and procedures.
    • Evaluate the adequacy of the internal control structure within a department or unit.
    • Investigate concerns relating to fraud, embezzlement, and theft.
  • How is an area selected to be audited?

    Internal Audit develops an annual audit plan (work plan) to identify the engagement projects to be conducted during the upcoming fiscal year. Throughout the year the audit plan may be amended to include requested reviews, special projects, or changes in priority.

    Some of the things we consider when developing our audit plan include:

    • To what extent is the process or area required to comply with state or federal regulations?
    • Is this area subject to a great deal of public scrutiny?
    • Has recent organizational change occurred?
    • What is the volume of activity?
    • How reliant is the area on technology?
    • When was the last time Internal Audit reviewed it?
    • Have concerns about conduct resulted in a requested review?
    • Does management have concerns that they'd like us to look into? Concerns can be about the internal structure, regulations, complexity of operations, or any prior audit findings

    The annual audit plan is reviewed and approved by the Audit Committee of the UNCW Board of Trustees and the Chancellor.

  • What role will I play in the audit?

    Refer to the What to Expect section under Types of Engagements for detailed information regarding the audit process. The audit will begin with an entrance meeting to review the audit process and discuss potential scope areas. After that we typically have a few one-on-one meetings to learn more about the operations of the department and related risks.

    Once we know the exact areas that will be audited, we will typically have additional conversations with process owners to understand a process in depth and request policies/procedures regarding the area. Most of the review is conducted in our office and we will come to you with any questions or to gain additional information.

    How long does a typical audit take?

    Most audits take anywhere from 6-12 weeks to complete, although audits can vary in length depending on the nature of the engagement and the size of the department.

    If I call you with a question, are you going to audit me?

    Typically, no. One service we provide is help answering questions when you aren't sure the responsible office or would like assistance interpreting external policies or regulations. If we can't answer the question for you, we'll help you find the right person to ask.

  • Can UNCW personnel seek advice or request consulting reviews from Internal Audit?

    Yes, and we welcome your questions. The Office of Internal Audit is your in-house consultant for all internal control matters and will provide guidance on controls over new or existing systems and processes.

    Typically, consulting work does not follow the same reporting process as formal audits. Management may request a review and results of the review can either be verbal or in a written memo to the requestor. Examples of advisory services include:

    • Participation of internal audit staff on system implementation teams
    • Reviews of processes
    • Providing guidance to management regarding control concerns
  • Do you hire student workers?

    Yes!  We typically have one Cameron School of Business student as an intern in our office throughout the year. If you have interest in this opportunity feel free to stop by our office or give us a call for more information.

  • What do I do if I suspect fraud, waste, or abuse?

    If you suspect fraud, waste, or abuse, you should report the information to your supervisor, the Office of Internal Audit, or the Office of the State Auditor’s Hotline (1-800-730-TIPS). Refer to Fraud and Abuse Reporting for additional information.

  • How long do I need to hold on to a document?

    Check out the following link for details on how long each type of document should be retained:

    http://archives.ncdcr.gov/For-Government/Retention-Schedules