Why Audit?
Internal audits provide insight into the university’s culture, policies, procedures, and aids Board and management oversight by verifying internal controls such as operating effectiveness, risk mitigation controls, and compliance with any relevant laws or regulations.
What is Internal Audit?
Internal Auditing is an independent, objective, risk-based assurance and advisory service activity, designed to add value and improve the university’s operations.
Audit Process – A Collaborative Effort
While every audit is unique, we employ a three phase process to plan and conduct our audit engagements:
- Planning – gathering information to obtain an understanding of the area being audited
- Evaluating – interviews, and examination of documents and transactions
- Reporting – communicating audit results, recommendations and management actions; and verify completion of management’s actions
This process works best when university management and our office have a solid and constructive working relationship based on clear and continuing communication throughout the audit engagement.
Audit Services Provided for the University Community
The Office of University Audit provides the following services:
- University process audits (e.g., Admissions, Student Financial Aid, Conflict of Interest)
- Information technology audits (various information security processes)
- Fraud, Waste and Abuse Investigations from the Office of State Inspector General Hotline, Mason’s Hotline, and Employee’s
- Ongoing monitoring activities to identify and evaluate potential factors which might impact our assessments of risk and potential audit work
Audit Risk Assessment and Planning
Audit priorities are determined in a dynamic, flexible, risk-based manner using a frequently refreshed audit risk assessment. Audit uses a “top-down” and a “bottom-up” approach to developing its independent risk assessment used for determining priorities for providing assurance services and selecting audit engagements to be performed. The “top-down” approach seeks to identify macrolevel areas of current and/or potentially emerging interest to stakeholders. The “bottom-up” approach is used to develop a risk-based prioritized frequency of audit coverage across the university through the evaluation of Audit Risk Factors applied to Auditable Units.