Skip to header Skip to Content Skip to Footer

Common Audit Findings

Office of Internal Audit

During engagements, we compare a department's processes and transactions to:

  • Federal and state regulations
  • UNCW policies, handbooks, and catalogues
  • UNC System policies
  • Accreditation standards
  • Best practices as defined by professional organizations, industry standards, and other relevant sources.

These benchmarks allow us to evaluate operations in terms of internal controls, compliance, effectiveness, and efficiency. In doing so, we have noted areas where departments may have a need to strengthen controls. Some examples are listed below.

Common Audit Findings 

1. Policies and Procedures

Policies:  

All employees should be familiar with applicable policies, procedures and laws, etc., and should strive to conduct University business in accordance with them.

 

Written Departmental Procedures:  

All aspects of a department's operations should be clearly documented in an up-to-date procedures manual.  Documented procedures provide guidelines for day-to-day operations to ensure compliance with university policies and guidelines, and consistency in internal processes. Written procedures are also beneficial for the training of current and new employees and are a valuable resource in the event that an employee leaves the department.  The procedures should include sufficient information to permit an individual who is unfamiliar with the operations to perform the necessary operational activities.

2. Internal Controls 

Approval of Transactions: 

Transactions should be approved by someone who:
  • Is listed as the budget authority on the fund
  • Has been delegated signatory authority (for items such as contracts)
  • Is required to sign based on UNCW policy, the instructions on the form, or other guidance
Delegated approvers are responsible for the review of transactions submitted to them and making informed judgments about the reasonableness of those transactions such as:
  • Are revenues and expenditures recorded appropriately? 
  • Are funds being used for the intended purpose?
  • Are all expenses allowable?
All transactions should be supported by adequate documentation.  This documentation should include proper authorization and enough detail to provide a trail for future reviews/audits.

 

Segregation of Duties and Reconciliation:

Does one person complete a process from beginning to end? If so, is there oversight? For instance, if one person is purchasing supplies is a different person reconciling the transactions? If not, is someone else reviewing the process or reconciliation? Are reconciliations occurring regularly? Are they documented?

 

Physical and Logical Security:

  • Are hard copies of documents containing sensitive or personally identifiable information (PII) adequately secured?
  • Do all users of systems have unique login information? (No shared usernames or passwords)
  • Have all administrative usernames and passwords been changed from the default? (No user named "administrator") 

3. Governance

  • Is the department organized in a way to maximize operations?
  • Are operations working as effectively and efficiently as possible?
  • Is information communicated in a clear and timely fashion to all impacted parties?

4. Business Continuity

  • Are employees cross-trained?
  • Does the department have a formal continuity of operations (COOP) plan?
  • Are there written desktop procedures for major functions?

5. Compliance

We regularly review departmental operations for compliance with federal regulations, compliance with North Carolina General Statutes  and the rules of the North Carolina Office of State Budget and Management and the North Carolina Office of State Human Resources. Our operations are also subject to the policies of the University of North Carolina system as well as internal UNCW Policies.

  • Understand the compliance landscape specific to your department
  • Seek out relevant training to stay up to date on laws, regulations, and policies
  • Educate employees on the importance of compliance 

6. Computer Inventory Tracking

  • Departments must complete a physical inventory of fixed assets at least annually and changes to the assets list, including transfers to other departments, must be communicated to the Fixed Asset department.
  • University equipment including software that is no longer needed must be sent to surplus. It cannot be thrown away or discarded.
  • Departments must maintain an accurate listing of all computer assets that includes the items' serial numbers and locations. This list should be reconciled to the centrally managed inventory list maintained by ITS.

We are here to help your department in improving your operations to strengthen controls in these areas! Please contact us for assistance or questions.