Types of Audits
Internal Auditing uses a variety of tools, all of which are focused on improving internal control by reducing risk, improving efficiency and effectiveness and/or insuring compliance with the law. Below are the types of audits we perform. Below is a list of audits and services we provide to the university:
Business Process Improvement - Internal Auditing may initiate or participate in internal control related business process improvement activities. This product is used to identify and minimize control deficiencies in business processes and is designed to assist organizations in making process changes that result in strengthened internal control and optimal performance.
Compliance audits - These determine the adequacy of a department’s system(s) designed to ensure compliance with University policies and procedures, legislative mandates and external requirements. Examples of external requirements include donor intent, federal and state laws and regulations and the National Collegiate Athletic Association legislation Audit recommendations typically address the need for improvements in procedures and controls intended to ensure compliance with applicable regulations.
Consulting -This is an Internal Auditing activity normally provided in response to a request from management. Consulting projects may range from formal enagagements, defined by written agreements, to advisory activities, such as participating in standing or temporary management committees or project teams. It is deesigned to provide expertise in the resolution of internal control issues. Consulting may involve answering questions, developing solutions to problems, recommending courses of action and/or formulating an opinion. Consulting may also involve the review of proposed procedures for internal control content.
Financial audits - These address the accounting for, and reporting of, financial transactions, including commitments, authorizations and receipt and disbursement of funds. The purpose of this type of audit is to verify that sufficient controls exist over assets, liabilities, revenues and expenditures and that there are adequate controls over the acquisition and use of resources.
Information technology (IT) audits - These address the internal control environment of automated information processing systems and how individuals use those systems. IT audits typically evaluate system input, output and processing controls; backup and recovery plans; system security; and computer facilities.
Internal Control Assessment -This product provides the client with an overall opinion or assessment of the current state of internal control and future risks. Internal control audits determine whether the department is conducting its financial business processes under an adequate system of internal control, as required by University policy, guidelines and good business practice.
Internal Control Education - This offering assists the client organization to reduce risk through an enhanced understanding of the business value of internal control and business ethics. Instructional sessions may be conducted by Internal Auditing or by the client with Internal Auditing support.
Investigative audits - These focus on alleged civil or criminal violations of state or federal laws or violations of University policies and procedures that may result in prosecution or disciplinary action. Allegations of theft or misuse of University assets, white-collar crime and conflicts of interest are examples of issues addressed by investigative audits.
Operational audits - these examine the use of unit resources to evaluate whether those resources are being used in the most efficient and effective manner to fulfill the department’s and CSU’s mission and objectives. An operational audit can include elements of a compliance audit, a financial audit and an IT audit.
Process Audits - Internal Auditing undertakes comprehensive analyses and appraisals of all phases of business activities and provides management appropriate recommendations concerning the activities reviewed. The product includes business process audits which appraise the adequacy and efficiency of accounting, financial and operating controls; information system audits which focus on technical IS audit activities, system development and application reviews, reviews of emerging technology; and, new site reviews which occur in the early stages of start-up operations, joint ventures or acquisiitons to ensure that cost-effective internal control is in place.
Self Assessment - Self assessments are performed by the client based upon a framework to be provided by Internal Auditing. Internal Auditing will be an active participant in self assessment activities which involve an assessment of risk and control activities within the business and/or function under review.
Special Investigation -This service provides clients with an independent review of facts and circumstances surrounding an event or series of events and presents recommendations to management for appropriate resolution/action. Investigations are often associated with known or suspected wrong doing, waste, fraud, abuse of University assets, other business ethics violations and/or serious mismanagement.
System Development Review (SDR) - System Development reviews are conducted as part of the prevention quadrant of Internal Auditing’s process. The System Development Review promotes the inclusion of cost effective controls into systems prior to implementation and assures that the controls will operate as intended when implemented.