In order to meet the responsibilities and objectives as set forth in the Internal Audit Charter, it is necessary for Internal Audit to perform reviews and audits of varying types and scopes depending on the circumstances and requests from management.
Each fiscal year an annual audit plan is developed and submitted to the Chancellor and the Board of Trustees’ Finance, Audit, and Human Resources Committee (the audit committee) for review and approval. The audit plan is based on a risk assessment methodology, but also considers requests from members of the NCSSM community.
The following types of audit services may be provided by Internal Audit:
Audits / Assurance Services
Operational audits review the effectiveness and efficiency of operational units. Effectiveness measures how successfully an organization or unit achieves its goals and objectives. Efficiency measures how well an entity or unit uses its resources to achieve its goals.
Compliance audits measure the compliance with established University, NCSSM, federal or state laws, regulations, and/or policies.
Information technology (IT) audits are conducted to evaluate the quality of the controls and safeguards over the information technology resources and critical data of the organization. These audits may consist of reviewing the effective use of information technology resources, adherence to management’s policies, and assessing the design and implementation of internal controls over computer applications and the computing environments in which they are used.
A financial audit is a review intended to serve as a basis for expressing an opinion on the fairness, consistency, and conformity of financial information with generally accepted accounting principles. Financial audits can be full or limited in scope, depending on the objectives and needs.
Follow Up Reports
For internal or external audit work that results in recommended improvements, Internal Audit conducts follow-up reviews to assess if corrective action has been implemented.
Consulting and Advisory Services
Internal Audit often provides consultation and advisory services to all levels of management. These services are typically done in collaboration with management as they work on specific projects. These are frequently undertaken when a significant process change is being planned or implemented, and may include but are not limited to: interpreting policies, revising specific processes and controls, and offering feedback on how internal controls and/or operations might be strengthened. We strongly encourage departments to contact us for advice when starting a new business process or making significant changes to the way day-to-day activities are conducted. We believe that it is easier to “get it right” from the beginning rather than having to “fix it” later!
These audits are normally requested on an as-needed basis by management or by anonymous tips or requests. Investigative audits typically cover topics such as alleged irregular conduct, non-compliance with established policies or laws, misuse of NCSSM resources, false time reporting, internal theft, and/or conflicts of interest.
Any dishonest or improper act by an employee such as those that violate the law, waste money, or endanger public health and safety, are a concern. In addition, North Carolina General Statute § 143B-920 requires all state employees, including employees of NCSSM, to report theft or misuse of state property.
To report concerns or suspected fraud, waste, or misuse, use the Internal Audit Hotline.
When Internal Audit receives information regarding potential misuse, fraud or abuse, we will conduct an initial review to determine if the allegations have merit and if further investigation is necessary. While all reports will be given careful consideration and treated seriously, it is important to remember that allegations are unsubstantiated until corroborating evidence is obtained. The initial review and subsequent investigation will be conducted in a confidential manner and with respect for the rights of the individuals involved.
The goals of investigations are to:
- Determine if allegations are valid;
- Identify control weaknesses or breakdowns in procedure that allowed the situation and any related problems to occur;
- Determine the extent of any loss; and
- Recommend corrective action to prevent the situation form recurring.
When possible, Internal Audit will notify appropriate members of management prior to beginning an investigation. Advance notice may not be possible in rare situations when even a small delay could allow additional funds to be lost or records destroyed. In these situations, Internal Audit will notify management as soon as possible after the investigation begins. If allegations involve possible misuse by management, Internal Audit will coordinate the investigation through the organizational level to which the area reports.
The processes of conducting and reporting the results of a misuse investigation will be similar to the process followed for a routine audit. However, if the investigation reveals a potential violation of any federal, state, or local law, Internal Audit will refer the matter to Campus Resources and Legal Affairs for further review and action. Internal Audit will assist these entities with their reviews as needed. In addition, Internal Audit will use professional judgment in identifying situations that warrant disclosure to the NC Office of the State Auditor.
External Audit / Review Coordination
NCSSM is subject to external audits, compliance reviews, and similar activities by various external agencies and other organizations. The Chief Audit Officer can serve as a liaison to the process, especially since internal audit is responsible for following up on all findings and recommendations made by external auditors. Determining whether or not such recommendations have been satisfactorily addressed is a requirement mandated by UNC policy.
If your department is contacted by an external entity regarding any type of pending review, audit, or investigation, please contact Internal Audit. This notification serves a dual purpose:
- To prevent the duplication of audit effort and
- To ensure the duties of internal audit are fulfilled
A representative from internal audit will typically accompany department representatives to any entrance and exit meetings with external reviewers.
Copies of all findings and recommendations issued by external auditors / investigators, along with management’s response to any recommendations, should be forwarded to the Chief Audit Officer in a timely manner. Upon implementation of the recommendations or other alternative action by management, Internal Audit will perform verification procedures to ensure the stated plan of action has been implemented and will issue a status report to the Chancellor and the Board of Trustees audit committee.