Internal Audit

Audit Services We Provide

IA provides independent and objective services to assist in the identification, evaluation, and mitigation of risk. We conduct audits and reviews to assess the effectiveness and efficiency of the existing controls across the University. Our audits engagements range from audits of small departments to large colleges, as well as audits of University-wide processes. Most audits and reviews are chosen based on an annual risk assessment. IA seeks to add value to the University community by conducting the following assurance services:

Departmental Reviews

Departmental reviews are comprehensive examinations of an operating unit or a complete organization to evaluate its performance, as measured by management’s objectives. A departmental review focuses on the efficiency, effectiveness, and economy of operations.

Compliance Reviews

Compliance audits determine whether, and to what degree, there is conformance to certain specific requirements of policy, procedures, standards, or laws and governmental regulations. The auditor must know what policies, procedures, standards, etc., are required. Compliance audits require little preliminary survey work or review of internal controls, except to outline precisely what requirements are being audited. The audit focuses almost exclusively upon detailed testing of conditions.

Information Systems/Technology Review

Information Technology audits evaluate the accuracy, effectiveness, efficiency and security of electronic and information processing systems that are in production or under development.

Advisory Services, also called Consulting Engagements, are generally performed at the request of a department or University management. Advisory Services are intended to assist management in solving specific problems, improving control systems, and designing control systems. The scope of the engagement is established through collaboration of IA, University management, and/or process owners. When performing Advisory Services, IA maintains objectivity and does not assume management responsibility.

IA conducts planned and unplanned engagements known as special reviews. Special review engagements may differ from typical assurance engagements in scope and reporting procedures. Special reviews may include the following:

Special requests by University management
Special requests by the BOR/USG and/or BOR/USG Office of Internal Audit
BOR/USG system-wide assurance engagements
Assurance engagements focused on new or emerging risks that were not identified in the annual risk assessment
Transition audits
Forensic investigations based on allegations of fraud, waste, and/or abuse

IA provides campus training on the following topics:

Internal Controls
Fraud Awareness, Red Flags, and Prevention
Best Practices for Management
Ethics and Compliance

How can your department benefit from an audit?

Provide an objective assessment of areas of interest to management.
Identify business strengths and opportunities for improvement of efficiency and effectiveness in the department’s daily operations.
Facilitate discussions with departmental employees to develop solutions to problems and promote operational efficiency.
Identify deviations from management’s performance standards and expectations.
Recommend improvements to internal controls to prevent and detect problems.
Positive change within the department that improve the overall results of operations.

Risk Assessment

In developing an audit plan for each fiscal year, IA utilizes an instrument known as a Risk Assessment Model. This Risk Assessment Model is a survey designed to determine, through quantitative means, those auditable entities within the University that pose the highest degree of relative risk.

With the assistance of the University’s Vice Presidents and their staffs, values are subjectively assigned to the entities’ operations using such weighted ranking criteria as:

Prior audit history
Regulatory compliance and public scrutiny
Reliance upon information technology
Dollar value and liquidity of assets
Organizational change and economic transition within the unit

Using this survey, auditable areas are scored and ranked from those perceived to pose the greatest risk to those representing a lower degree of risk exposure. In addition, IA will perform special audits, projects, and investigations as warranted by the needs of the University community.

A tentative audit plan is developed by the IA, taking into consideration coverage provided by the Georgia Department of Audits and Accounts, and the Board of Regents Office of Internal Audit. The finalized audit plan for the fiscal year incorporates the results of the survey with special requests and recommendations from the University President. This final audit plan is then approved by the University President and submitted to the Board of Regents Vice Chancellor for Internal Audit.

Audit Process

Each engagement consists of three phases. The three major phases and subsequent steps of the audit process are as follows:

Planning

Perform campus engagement risk assessment.
Assign resources and staff to engagement.
Notify executive leadership of engagement.
Perform engagement risk assessment with input from the client, management, and audit team members.
Develop audit scope and objectives
Prepare audit program
Hold entrance conference

Field Work

Develop and perform detailed testing
Document and evaluate processes and controls
Interview client staff members
Perform other audit procedures to meet audit objectives
Review work papers for completeness and accuracy
Evaluate audit evidence and develop conclusions
Communicate with client on an ongoing basis

Reporting

Document strengths and opportunities for improvement
Communicate with client management regarding audit results
Develop recommendations
Prepare draft report
Obtain management’s plan of action to address issues (if necessary)
Prepare final report
Evaluate audit performance
Obtain engagement feedback from audit client
Follow up on implementation of action plans (if necessary)

Contact Info