Internal Auditing uses a variety of tools, all of which are focused on improving internal
control by reducing risk, improving efficiency and effectiveness and/or insuring compliance
with the law. Below are the types of audits we perform. Below is a list of audits and services we provide to the university:
Business Process Improvement - Internal Auditing may initiate or participate in internal control related business
process improvement activities. This product is used to identify and minimize control
deficiencies in business processes and is designed to assist organizations in making
process changes that result in strengthened internal control and optimal performance.
Compliance audits - These determine the adequacy of a department’s system(s) designed to ensure compliance
with University policies and procedures, legislative mandates and external requirements.
Examples of external requirements include donor intent, federal and state laws and
regulations and the National Collegiate Athletic Association legislation Audit recommendations
typically address the need for improvements in procedures and controls intended to
ensure compliance with applicable regulations.
Consulting -This is an Internal Auditing activity normally provided in response to a request
from management. Consulting projects may range from formal enagagements, defined by
written agreements, to advisory activities, such as participating in standing or temporary
management committees or project teams. It is deesigned to provide expertise in the
resolution of internal control issues. Consulting may involve answering questions,
developing solutions to problems, recommending courses of action and/or formulating
an opinion. Consulting may also involve the review of proposed procedures for internal
Financial audits - These address the accounting for, and reporting of, financial transactions, including
commitments, authorizations and receipt and disbursement of funds. The purpose of
this type of audit is to verify that sufficient controls exist over assets, liabilities,
revenues and expenditures and that there are adequate controls over the acquisition
and use of resources.
Information technology (IT) audits - These address the internal control environment of automated information processing
systems and how individuals use those systems. IT audits typically evaluate system
input, output and processing controls; backup and recovery plans; system security;
and computer facilities.
Internal Control Assessment -This product provides the client with an overall opinion or assessment of the current
state of internal control and future risks. Internal control audits determine whether
the department is conducting its financial business processes under an adequate system
of internal control, as required by University policy, guidelines and good business
Internal Control Education - This offering assists the client organization to reduce risk through an enhanced
understanding of the business value of internal control and business ethics. Instructional
sessions may be conducted by Internal Auditing or by the client with Internal Auditing
Investigative audits - These focus on alleged civil or criminal violations of state or federal laws or
violations of University policies and procedures that may result in prosecution or
disciplinary action. Allegations of theft or misuse of University assets, white-collar
crime and conflicts of interest are examples of issues addressed by investigative
Operational audits - these examine the use of unit resources to evaluate whether those resources are
being used in the most efficient and effective manner to fulfill the department’s
and CSU’s mission and objectives. An operational audit can include elements of a compliance
audit, a financial audit and an IT audit.
Process Audits - Internal Auditing undertakes comprehensive analyses and appraisals of all phases
of business activities and provides management appropriate recommendations concerning
the activities reviewed. The product includes business process audits which appraise
the adequacy and efficiency of accounting, financial and operating controls; information
system audits which focus on technical IS audit activities, system development and
application reviews, reviews of emerging technology; and, new site reviews which occur
in the early stages of start-up operations, joint ventures or acquisiitons to ensure
that cost-effective internal control is in place.
Self Assessment - Self assessments are performed by the client based upon a framework to be provided
by Internal Auditing. Internal Auditing will be an active participant in self assessment
activities which involve an assessment of risk and control activities within the business
and/or function under review.
Special Investigation -This service provides clients with an independent review of facts and circumstances
surrounding an event or series of events and presents recommendations to management
for appropriate resolution/action. Investigations are often associated with known
or suspected wrong doing, waste, fraud, abuse of University assets, other business
ethics violations and/or serious mismanagement.
System Development Review (SDR) - System Development reviews are conducted as part of the prevention quadrant of Internal
Auditing’s process. The System Development Review promotes the inclusion of cost effective
controls into systems prior to implementation and assures that the controls will operate
as intended when implemented.