The Director of Internal Audit reports administratively to the Financial Vice President and Treasurer, and functionally to the Chair of the Finance and Audit Committee of the Board of Trustees. The Director is responsible for developing and monitoring University internal audit activities. The Audit Plan and Risk Analysis details specific goals/objectives and scheduled audit engagements and is submitted annually to the Finance and Audit Committee and University Management.
The Finance and Audit Committee:
- Reviews and approves the Annual Audit Plan and Risk Analysis.
- Reviews the independent auditor's proposed audit scope, results of the annual financial audit and management recommendations.
- Oversees internal audit activities, including review of selected audit reports and evaluation of staff quality.
- Reviews and approves costs and budgets of the internal audit function and independent public accountants.
- Recommends to the Board of Trustees the selection/retention of the independent external audit firm.
Internal Audit staff comprise a blend of experience that results in a highly qualified and professional internal audit function.
The Manager, IT Audit provides technical audit skills for University computerized operations including:
- evaluation of procedures in the Information Technology Organization comprising controls over program security, computer operations, data file security, system software, and network configurations.
- application reviews, which increasingly require an integrated audit approach using both financial and IT audit staff to ensure: (1) accuracy and completeness of data; (2) proper maintenance of programs and data; (3) continuing reliability of processing; and (4) proper authorization for processing.
- pre-implementation system reviews to ensure appropriate security standards, documentation, conversion testing, and access controls.
The Manager, Compliance Audits is responsible for auditing specific areas within the University that must adhere to (1) federal, state, and local regulatory requirements, and (2) internal policy. This activity includes conducting on-going monitoring and internal control assessments of compliance within departments, labs, and centers to identify non-compliance and control weaknesses and developing risk mitigation strategies.
The IT Auditor performs audits of assigned organizations by reviewing and evaluating the soundness, adequacy, effectiveness, and proper application of accounting, financial, and other operating controls for complex business operations within the University.