Audits and assurance engagements are planned engagements in which reviews of departments, processes, and systems are completed. Audits result in a formal report that includes an overall opinion of the area under review and any findings and recommendations that were identified.
In order to fulfill our mission and responsibilities, the Office of Internal Audit creates an audit plan each year. Engagements are typically added based on an annual comprehensive risk assessment that assesses areas based on the degree of regulatory compliance, reliance on technology, transaction complexity and volume, organizational change, and other factors. Engagements are also added for divisions and departments that have not been recently reviewed or if there are specific requests by management or other governing bodies. The audit plan also designates time to allow our office to complete investigations and consultations.
Operational reviews begin with an assessment to determine the areas of focus based on risk and management requests. The scope of the engagement is then identified and outlined to management in a formal Audit Engagement Notification. The scope of operational reviews typically include assessments of items such as:
During a compliance review, operations are compared to external regulations such as those of a Federal, State, or accrediting agency. Our recommendations are intended to help management fully comply with the established regulations.
Information system reviews typically include review of areas such as:
During a financial review, specific transactional cycles or processes are reviewed such as cash handling, fixed assets, purchasing, payroll, receivables, and payables. These reviews are typically limited in scope as the full financial audit for the university is performed by the State of North Carolina Office of the State Auditor.
Although a lot of the audit work is done behind the scenes, we will require assistance throughout the process. For each phase of the audit, this would include the following:
Planning – During the planning phase, we will hold an entrance meeting with key leaders to discuss the audit process and scope. In addition, we will conduct risk assessments through discussions and surveys to gain an understanding of the department/division’s operations and related risks.
Fieldwork – Fieldwork is the phase in which we conduct testing. We may need to meet with staff to obtain supporting documentation, to better understand processes, or to discuss potential areas of concern.
Reporting – During the reporting phase, auditees will have a chance to review draft copies of the report and provide comments prior to final issuance. In addition, an exit meeting will be held with key leaders to discuss the results of the audit.
Follow-Up – Auditees are contacted three to six months following the issuance of the report to begin the follow-up process on audit findings, if any. Once all findings have been considered closed, a formal memo is issued. A formal memo will also be issued if audit findings have not been resolved within one year of the issuance of the audit report.
Please take a few minutes to complete our survey.