The Office of Internal Audit executes several different types of audits.
Designed to add value to the area audited, they often consist of analyses of a) procedural and document flow for efficiency and necessity, b) opportunities for revenue enhancement or expense reduction, c) adequacy of operating risk management, and d) logic and efficiency of organizational status.
Most audits performed by Internal Audit are combinations of operational, financial and policy compliance audits.
Designed to validate the accuracy, completeness, and authorization of financial transactions, records and account balances of the audited area, as well as to evaluate adequacy and effectiveness of internal controls.
Designed to review and evaluate compliance with the institution’s policies and procedures, and/or any applicable external (e.g., governmental) rules and regulations. The audits performed by the University Compliance Office fall into this category.
Information Technology Audits
Designed to evaluate controls surrounding data centers, computer hardware, networks, applications, databases, web sites, etc. These audits consist of audit tests to ensure the adequacy and reliability of controls and the integrity and security of data and technology assets.
Designed to evaluate contracts and compliance with contract terms, identify potential cost recoveries and evaluate adequacy of controls over construction project management.
System Development Audits
Designed to review and evaluate the adequacy and reliability of controls of an application while in the development phase. These reviews often last throughout the system’s development life cycle and may include evaluation of any of the following: development methodology, needs analysis, systems design and development, testing procedures, implementation procedures, data migration controls, maintenance of applications, access controls, controls over system software and documentation standards.
Designed to ascertain whether corrective actions have been satisfactorily implemented to address previous audit recommendations.
Designed to determine whether such acts as bribery, forgery, theft, embezzlement, misappropriation of assets or other inappropriate activity occurred. The department follows a separate internal policy addressing the roles of Internal Audit, Office of General Counsel and others for these projects. See additional details for Employee Misconduct.
Consultative or Ad Hoc projects
These audits are often initiated through collaboration with management on a particular issue or management request. Examples may include projects designed to identify improvement opportunities for specific areas, process design reviews, facilitation, serving on committees or providing training or advisory services in any area of auditor expertise. These may also be investigative in nature.