Skip to header Skip to Content Skip to Footer


Frequently Asked Questions

The Office of Internal Audit exists to ensure the university is fulfilling its vision and mission in an effective and efficient manner. We do this by providing the University with independent and objective reviews of operations and activities. Through consulting and performing independent audits, reviews, and investigations, the office seeks to provide reasonable assurance to management that effective stewardship is maintained over the University’s resources. Internal Audit also serves as a liaison between management and all external auditors.

In general, the objectives of Internal Audit are to:

  • Evaluate the adequacy of the internal control structure within a department or unit.
  • Assess the extent of compliance of each area with applicable laws, regulations, policies, and procedures.
  • Verify the existence of University assets and ensure proper safeguards for their protection.
  • Evaluate the reliability and integrity of data produced by information systems.
  • Investigate concerns relating to fraud, embezzlement, and theft.
  • Consult with management and provide methodologies, facilitation, focus, knowledge, technology, best practices, and independence that help solve management’s problems.

UNCW is required by NCGS §143-746 to maintain an internal audit function. In accordance with the UNCW Internal Audit charter, Internal Audit operates as an independent appraisal function within UNCW and reports functionally to the Audit, Risk and Compliance Committee of the Board of Trustees and administratively to the Chancellor.

Internal auditors are employees of the University. Our scope of work serves the University by helping it accomplish its goals, enhance operations, improve risk management and internal controls. Internal auditors focus on both financial and non-financial risks and controls. Internal auditors provide University leadership and the Board with assurance on the University’s risk management and control processes.

Internal Audit follows the standards and guidelines of the Institute of Internal Auditors (IIA). Internal Audit roles include monitoring, analyzing, and assessing risks and controls; reviewing and confirming compliance with policies, procedures, regulations, and laws; reviews to ensure accuracy of data; and assessing current operations and procedures against best practices.

External auditors are often thought of as the independent accounting firm hired by the University to render an opinion on the financial statements each year. Other external auditors could include government auditors who perform audit work related to determine compliance with regulations/laws, or non-University auditors hired to perform a specialized audit or review of a specific process or area.

Internal Audit performs an annual risk assessment which helps to develop an audit plan (work plan) of engagement projects to be conducted during the upcoming fiscal year. The Audit Plan, prepared after seeking input from leadership regarding key areas of risk, is presented to and approved by the Audit, Risk and Compliance Committee of the UNCW Board of Trustees and the Chancellor. Throughout the year the audit plan may be amended to include requested reviews, special projects, or changes in priority.

Some of the things we consider when developing our audit plan include:

  • To what extent is the process or area required to comply with state or federal regulations?
  • Is this area subject to a great deal of public scrutiny?
  • Has recent organizational change occurred?
  • What is the volume of activity?
  • How reliant is the area on technology?
  • When was the last time Internal Audit reviewed it?
  • Have concerns about conduct resulted in a requested review?
  • Does management have concerns that they'd like us to look into? Concerns can be about the internal structure, regulations, complexity of operations, or any prior audit findings.

Engagements and reviews vary in length. The amount of time required depends on the objectives of the engagement, the cooperation and availability of the client, and the complexity of the operation. Limited scope reviews may only take a few weeks, while a broad-based engagement may take months. A positive working relationship between the client and the auditors is an important factor in the accuracy of information gathered and the timely completion of the engagement.

Also, noted that the majority of this time is spent by the auditor in our office performing reviews and analyses of data and information.  While we will request meetings and make requests for data and documentation during the audit, we take your schedules into consideration as we strive to minimize interference with your day-to-day work.

Refer to the What to Expect section under Audits/Assurance for detailed information regarding the audit process. The audit will begin with an entrance meeting to review the audit process and discuss potential scope areas. After that we typically have a few one-on-one meetings to learn more about the operations of the department and related risks.

Once we know the exact areas that will be audited, we will typically have additional conversations with process owners to understand a process in depth and request policies/procedures regarding the area. Most of the review is conducted in our office and we will come to you with any questions or to gain additional information.

The scope of the engagement and/or review is determined from one or more of the following:

  • Information collected during a preliminary survey, which includes interviews with the appropriate client personnel
  • Assessment of risk associated with the client’s functions
  • Evaluation of answers received on internal control questionnaires tailored for the assignment
  • Client requests concerning topics, functions and/or time frames

Sometimes discoveries or events that occur during a project can change the scope of an engagement. If this should happen, the client is notified if the scope changes significantly.

You can expect the auditor to discuss the concern with you to ensure the auditor has a thorough, accurate, and appropriate understanding of the issue. Internal Audit will partner with task owners and leadership within the department/unit being reviewed to develop an appropriate recommendation to enhance processes and mitigate risk.

Yes, and we welcome your questions. The Office of Internal Audit is your in-house consultant for all internal control matters and will provide guidance on controls over new or existing systems and processes.

Typically, consulting work does not follow the same reporting process as formal audits. Management may request a review and results of the review can either be verbal or in a written memo to the requestor. Examples of advisory services include:

  • Participation of internal audit staff on system implementation teams
  • Reviews of processes
  • Providing guidance to management regarding control concerns

Yes.  Internal Audit will consider all requests for inclusion on the audit plan. Please note that our ability to accept project requests depends on several factors including but not limited to staff workload, and the level of risk and/or urgency associated with the requested engagement.

As a member of the UNCW community, you are encouraged to raise questions or concerns. If you suspect fraud, waste, or abuse, you should report the information to your supervisor, the Office of Internal Audit, or the Office of the State Auditor’s Hotline (1-800-730-TIPS). Refer to Fraud and Abuse Reporting for additional information.

Internal controls are processes, systems, and/or policies and procedures put in place to provide reasonable assurance regarding the achievement of reliable financial reporting, effective and efficient operations, and compliance with laws and regulations. Internal controls are anything we do or put in place to help us achieve our objective(s). Examples of internal controls include locking your desk or office space to ensure your belongings and other items are safeguarded and using strong passwords to reduce the risk of your accounts being accessed by external parties.

Management is responsible for establishing and maintaining the control environment. Auditors play a role in a system of internal controls by performing evaluations, testing the effectiveness of controls, and making recommendations for improved controls.

In general, controls can be categorized as preventive or detective.  Preventive controls are aimed at preventing errors or irregularities from occurring. Detective controls are designed to identify errors or irregularities after they have occurred.

Yes, we are audited every five years under guidelines set forth by the International Standards for the Professional Practice of Internal Auditing.

The most recent external assessment of our office occurred in June 2021, and we received the highest possible rating overall and in each separately assessed category.

There are many resources available to learn more about being an internal auditor. The UNCW internal audit website has a lot of information. You can also go to the Institute of Internal Auditors website to learn more.

Also - feel free to stop by our offices in Alderman Hall on the second floor. Any auditor would be glad to sit with you and answer your questions.

Yes. We typically work with Cameron School of Business to identify potential student interns when we have a need. If you have interest in this opportunity, feel free to stop by our office or give us a call for more information.

Check out the following link for details on how long each type of document should be retained: