Office of Risk Management > Internal Audit > FAQs

FAQs

IA conducts an annual risk assessment, which includes identifying the audit universe (i.e., auditable entities, which takes into consideration financial, operational, and compliance risks to the University). Based on the risk assessment and other risk factors (e.g., use of technology, prior audit observations), the annual audit plan is developed and approved by the Audit Committee. 

Per our Internal Audit Charter, the Audit Committee authorizes the Internal Audit Department to have full, free and unrestricted direct access to all university activities, books, records, property and personnel relevant to the subject of review. Internal Auditors will request documentation (e.g., policies, procedures, manuals, system reports, transaction records) as needed. Documentation should not be created or maintained for the sole purposes of the audit; instead, it should support and actively be part of a unit’s internal control practices. 

Any office or department at the university may request Internal Audit services or reach out for assistance. We may or may not be able to immediately accommodate your request, but will certainly discuss your needs and expectations, and can offer initial thoughts for your consideration.

Internal Auditors are employees of the university. The purpose of Internal Audit is to evaluate the adequacy and effectiveness of internal controls to manage risk and to serve in a consultative capacity regarding controls, processes, operations and systems.  

The Institute of Internal Auditors defines internal auditing as, "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."   

External auditors include the university's independent accounting firm, which is primarily concerned with the completeness, accuracy, and fair presentation of the university's financial statements and the financial condition of the institution. Additionally, government auditors are concerned with the university's compliance with government regulations and sponsored research grants. 

Internal Audit reports functionally to the Audit Committee and administratively to the Associate Vice President for Risk Management who reports to the Executive Vice President and Chief Financial Officer.

Copies of audit reports will be shared with the auditees (relevant members of the area under review), executive management and members of the Board of Trustees Audit Committee. Any sensitive information provided to Internal Audit related to an audit, ranging from hardcopy documentation to verbal discussions will be kept strictly confidential and will only be shared with key members of management who receive the final audit report.

Internal Audit is subject to a quality assurance review, which includes an external assessment conducted at least once every five years by a qualified and independent review team as required by the “International Standards for the Professional Practice of Internal Auditing” set forth by the Institute of Internal Auditors, which Internal Audit follows.

​​​​